[prakash502]

Hello All,

I am new to kernel mode programming. I wrote a simple TDI filter driver which sniffs the TDI IRP's , I tracked TDI_SEND IRP which sends the data and logging it. I wanted to send this IRP info (File Name) and show the user for confirmation for sending that file.

How can I achieve this, How can I pend the IRP and How can I verify the IRP status after user confirmation and complete the IRP ?

[EP_X0FF]

Use synchronization objects.

[rkhunter]

personally I used this famous method in my FS filter

1) IrpDispatchFunc -> return STATUS_PENDING (with IoStartPacket http://msdn.microsoft.com/en-us/library ... s.85).aspx)
2) call StartIo func http://msdn.microsoft.com/ru-RU/library ... s.85).aspx
3) Synchronization objects, complete IRP, IoStartNextPacket.

use WorkItem to plan operations with waiting in StartIO.

[izlesa]

personally I used this famous method in my FS filter

1) IrpDispatchFunc -> return STATUS_PENDING (with IoStartPacket http://msdn.microsoft.com/en-us/library ... s.85).aspx)
2) call StartIo func http://msdn.microsoft.com/ru-RU/library ... s.85).aspx
3) Synchronization objects, complete IRP, IoStartNextPacket.

use WorkItem to plan operations with waiting in StartIO.

Why you using this type of queue for higher-level driver if cansel-safe queues exist (IoCsqXXX)? For this type of action csq is common approach to queue.

[prakash502]

Use synchronization objects.

Any links pointing to use of those or sample code are very helpful .

Appreciate ur reply.