Bug 1524574 Comment 11 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Gerald Squelart (he/him) (not at Mozilla since 2022-09-15)

on 2022-04-04 01:46:54 PDT

Oops, I missed this bug, so I opened another one. Here's the info I wrote there:

Intercepting [`NtClose`](https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntclose) is possible, and would be very useful, because it is a suspected to sometimes have a heavy cost: See "Closing File Handles on Windows" in [this article about surprisingly-slow things](https://gregoryszorc.com/blog/2021/04/06/surprisingly-slow/).
But it presents some technical difficulties:
- `NtClose` may be used on any type of object, so we'd need to filter out non-file objects.
- Also because `NtClose` may be called with any object, once in the interception routine, the interceptor could too easily be recursively called! In particular it makes stack-walking impossible (TBD), making the interception less useful.

I'm attaching an old WIP patch that may give some ideas.

Revision 1 by

Gerald Squelart (he/him) (not at Mozilla since 2022-09-15)

on 2022-04-04 01:48:45 PDT

(Adding mention of `NtClose` in bug title.)

Bugzilla

Quick Search

Bug 1524574 Comment 11 Edit History