• InterlockedExchange
  • IoCsqInsertIrp
  • SetFileShortName
  • Base Kernel Changes and New APIs




    Download 124 Kb.
    bet4/9
    Sana22.07.2021
    Hajmi124 Kb.
    #15612
    1   2   3   4   5   6   7   8   9

    Base Kernel Changes and New APIs


    Item

    Description

    Kernel Enhancements for Windows XP

    The Windows XP DDK and IFS Kit documentation sets include a new section, "Kernel Enhancements for Windows XP," which summarizes new and changed kernel features. This section can be found in the "OS Version-Specific Information" portion of the Windows DDK Appendix.

    Cancel-Safe Queue Routines

    Rather than having drivers perform device queuing and handling the IRP cancellation race, Windows XP I/O automates this process. In Windows XP, drivers handle IRP queuing and do not have to handle IRP cancellations. Intelligence in the queuing process lets the I/O routines handle requests rather than drivers in cases where the I/O is canceled. A common problem with cancellation of IRPs in a driver is synchronization between the cancel lock and the InterlockedExchange in the I/O Manager with the driver's queue lock.
    Windows XP abstracts the cancel logic in the routines while allowing the driver to implement the queue and associated synchronization. The driver provides routines to insert and remove IRPs from a queue, and it provides a lock to be held while calling these routines. The driver ensures that the memory for the queue comes from the correct pool. When the driver actually wants to insert something into the queue, it does not call its insertion routine, but instead calls IoCsqInsertIrp.
    To remove an IRP from the queue, the driver can either specify an IRP to be retrieved, or pass NULL, and the first IRP in the queue will be retrieved. Once the IRP has been retrieved, it cannot be canceled; it is expected that the driver will process the IRP and complete it quickly.

    Kernel and HAL pages marked read-only

    On many Windows XP systems, the kernel and HAL pages are now marked read-only. This has affected those drivers which were attempting to patch system code, dispatch tables, or data structures.
    The change to read-only kernel and HAL does not happen on all systems:


    • On most systems, this only happens if you have < 128 MB of RAM.

    • If you have >= 128 MB of RAM, Windows XP uses large pages to map the kernel and HAL, so we do not make their code read-only.

    • On all platforms, all driver code is made read-only, as they are never mapped with large pages.

    • Driver Verifier disables large pages so you can enable this on any machine of any size in order to test your code.

    You should NOT attempt to overcome this page protection. Instead, please work with Microsoft so that we can find an API-based method to make your drivers work without the need to manipulate the kernel or HAL directly.



    SetFileShortName

    There is a new Win32 function, SetFileShortName, to set the short name of a file on NTFS. This function is documented in the Windows XP Platform SDK.

    GetVolumePathNamesForVolumeName

    A new Win32 function, GetVolumePathNamesForVolumeName, allows you to list all volume paths that a VolumeName may be mounted on.
    BOOL

    GetVolumePathNamesForVolumeName(

    LPCWSTR lpszVolumeName,

    LPWSTR lpszVolumePathNames,

    DWORD cchBufferLength,

    PDWORD lpcchReturnLength

    )

    This routine returns a Multi-Sz list of volume path names for the given volume name. The returned 'lpcchReturnLength' will include the extra tailing null characteristic of a Multi-Sz unless ERROR_MORE_DATA is returned, in which case the list returned is as long as possible and may contain a part of a volume path.




    Download 124 Kb.
    1   2   3   4   5   6   7   8   9




    Download 124 Kb.