Error With TDI Driver

TheMSsForum.com: The Microsoft Software Forum

Hey There,
I have the following code, and it gives me the BSOD when it tries to
unload the driver.

The windbg output of the error is:

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f88db0c8, The address that the exception occurred at
Arg3: f8988b90, Exception Record Address
Arg4: f898888c, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
TDIDriver+20c8
f88db0c8 ?? ???

EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
Cannot read Exception record @ f8988b90

CONTEXT: f898888c -- (.cxr fffffffff898888c)
Unable to read context, Win32 error 30

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may
be wrong.
f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
f8988d74 804e426b 00000a08 00000000 823c8b30
nt!IopLoadUnloadDriver+0x45
f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
f8988ddc 804fa4da 804e4196 00000001 00000000
nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
TDIDriver+20c8
f88db0c8 ?? ???

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: TDIDriver+20c8

MODULE_NAME: TDIDriver

IMAGE_NAME: TDIDriver.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac

FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8

BUCKET_ID: 0x7E_TDIDriver+20c8

Followup: MachineOwner
---------



The code I have executing is:
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
pRegistryPath)
{
NTSTATUS NtStatus = STATUS_SUCCESS;
UINT uiIndex = 0;
PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;

RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
RtlInitUnicodeString(&usDosDeviceName,
L"\\DosDevices\\TdiDosDriver");

NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);

for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;


pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
TDIIoControlInternal;
pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;

pDriverObject->DriverUnload = TDIUnload;
pFilterDeviceContext =
(PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
&pFilterDeviceContext->pNextDeviceInChain);

if(!NT_SUCCESS(NtStatus))
{
IoDeleteDevice(pDeviceObject);
}
else
{
// pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
//pDeviceObject->Flags |= pFilteredDevice->Flags &
(DO_BUFFERED_IO | DO_DIRECT_IO);
//pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
// pDeviceObject->Characteristics =
pFilteredDevice->Characteristics;
pDeviceObject->Flags |= DO_BUFFERED_IO;
pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);

}
IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);

return NtStatus;
}

VOID TDIUnload(PDRIVER_OBJECT pDriverObject)
{
UNICODE_STRING usDosDeviceName;
PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext =
(PEXAMPLE_FILTER_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;


RtlInitUnicodeString(&usDosDeviceName,
L"\\DosDevices\\TdiDosDriver");
IoDeleteSymbolicLink(&usDosDeviceName);
ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
IoDetachDevice(pFilterDeviceContext->pNextDeviceInChain);


ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
IoDeleteDevice(pDriverObject->DeviceObject);

}

It is a very simple driver. Any ideas?

-Jay
(patelj27b at gmail dot com)
Top

RE: Error With TDI Driver by pavel_a

pavel_a
Wed Aug 02 11:03:01 CDT 2006

"Jay" wrote:
> Hey There,
> I have the following code, and it gives me the BSOD when it tries to
> unload the driver.

<snip>

> It is a very simple driver. Any ideas?

Get a debugger... debug... it's yours.

--PA

Top

Re: Error With TDI Driver by Code

Code
Wed Aug 02 13:37:31 CDT 2006

"Jay" <patelj27b@gmail.com> wrote in message
news:1154529792.107913.187790@b28g2000cwb.googlegroups.com...
> Hey There,
<snip>
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG.

> This is not supposed to happen as developers should never
> have
> hardcoded breakpoints in retail code, but ...
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.

Modify BOOT.INI or whatever and add the /DEBUG line, which will allow windbg
to catch the error, rather than just report it.



Top

Re: Error With TDI Driver by patelj27b

patelj27b
Wed Aug 02 13:51:50 CDT 2006


Code Jockey wrote:
> "Jay" <patelj27b@gmail.com> wrote in message
> news:1154529792.107913.187790@b28g2000cwb.googlegroups.com...
> > Hey There,
> <snip>
> > Some common problems are exception code 0x80000003. This means a hard
> > coded breakpoint or assertion was hit, but this system was booted
> > /NODEBUG.
>
> > This is not supposed to happen as developers should never
> > have
> > hardcoded breakpoints in retail code, but ...
> > If this happens, make sure a debugger gets connected, and the
> > system is booted /DEBUG. This will let us see why this breakpoint is
> > happening.
>
> Modify BOOT.INI or whatever and add the /DEBUG line, which will allow windbg
> to catch the error, rather than just report it.


I already have the /DEBUG option included in the makefile. Anything
else I can do?

Thanks for your help,
Jay
(patelj27b at gmail dot com)

Top

Re: Error With TDI Driver by anton

anton
Wed Aug 02 15:20:13 CDT 2006

Hi mate

In fact, it is bizzare that you haven't crashed right in
DriverEntry()....

You have specified 0 as size of DEVICE_EXTENSION in a call to
IoCreateDevice(), so that device extension does not get allocated, and
then try to save a pointer to the lower device in device extension -
you have specified this address in IoAttachDevice() In fact, you
should have creashed right on the spot.....

In Unload() routine, you try to acess device extension that has not
been allocated, due to the fact that you have specified 0 as size of
DEVICE_EXTENSION in a call to IoCreateDevice(). BANG!!!!!!!



Anton Bassov


Jay wrote:
> Hey There,
> I have the following code, and it gives me the BSOD when it tries to
> unload the driver.
>
> The windbg output of the error is:
>
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
> This is a very common bugcheck. Usually the exception address
> pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this
> address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never
> have
> hardcoded breakpoints in retail code, but ...
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: f88db0c8, The address that the exception occurred at
> Arg3: f8988b90, Exception Record Address
> Arg4: f898888c, Context Record Address
>
> Debugging Details:
> ------------------
>
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> referenced memory at "0x%08lx". The memory could not be "%s".
>
> FAULTING_IP:
> TDIDriver+20c8
> f88db0c8 ?? ???
>
> EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
> Cannot read Exception record @ f8988b90
>
> CONTEXT: f898888c -- (.cxr fffffffff898888c)
> Unable to read context, Win32 error 30
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x7E
>
> LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8
>
> STACK_TEXT:
> WARNING: Stack unwind information not available. Following frames may
> be wrong.
> f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
> f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
> f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
> f8988d74 804e426b 00000a08 00000000 823c8b30
> nt!IopLoadUnloadDriver+0x45
> f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
> f8988ddc 804fa4da 804e4196 00000001 00000000
> nt!PspSystemThreadStartup+0x34
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> STACK_COMMAND: .bugcheck ; kb
>
> FOLLOWUP_IP:
> TDIDriver+20c8
> f88db0c8 ?? ???
>
> FAULTING_SOURCE_CODE:
>
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: TDIDriver+20c8
>
> MODULE_NAME: TDIDriver
>
> IMAGE_NAME: TDIDriver.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac
>
> FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8
>
> BUCKET_ID: 0x7E_TDIDriver+20c8
>
> Followup: MachineOwner
> ---------
>
>
>
> The code I have executing is:
> NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
> pRegistryPath)
> {
> NTSTATUS NtStatus = STATUS_SUCCESS;
> UINT uiIndex = 0;
> PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
> UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
> PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;
>
> RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
> RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
> RtlInitUnicodeString(&usDosDeviceName,
> L"\\DosDevices\\TdiDosDriver");
>
> NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
> FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
>
> for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
> pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;
>
>
> pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
> pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
> pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
> pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
> pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
> TDIIoControlInternal;
> pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
> pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;
>
> pDriverObject->DriverUnload = TDIUnload;
> pFilterDeviceContext =
> (PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
> NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
> &pFilterDeviceContext->pNextDeviceInChain);
>
> if(!NT_SUCCESS(NtStatus))
> {
> IoDeleteDevice(pDeviceObject);
> }
> else
> {
> // pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
> //pDeviceObject->Flags |= pFilteredDevice->Flags &
> (DO_BUFFERED_IO | DO_DIRECT_IO);
> //pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
> // pDeviceObject->Characteristics =
> pFilteredDevice->Characteristics;
> pDeviceObject->Flags |= DO_BUFFERED_IO;
> pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
>
> }
> IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
>
> return NtStatus;
> }
>
> VOID TDIUnload(PDRIVER_OBJECT pDriverObject)
> {
> UNICODE_STRING usDosDeviceName;
> PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext =
> (PEXAMPLE_FILTER_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
>
>
> RtlInitUnicodeString(&usDosDeviceName,
> L"\\DosDevices\\TdiDosDriver");
> IoDeleteSymbolicLink(&usDosDeviceName);
> ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
> IoDetachDevice(pFilterDeviceContext->pNextDeviceInChain);
>
>
> ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
> IoDeleteDevice(pDriverObject->DeviceObject);
>
> }
>
> It is a very simple driver. Any ideas?
>
> -Jay
> (patelj27b at gmail dot com)

Top

Re: Error With TDI Driver by Tarundeep

Tarundeep
Wed Aug 02 15:30:28 CDT 2006

see kernel debugging -
http://www.tarunsadhana.com/index.php?entry=entry060724-132424

HTH and give u some hints...:)

--
Regards
Tarundeep Singh Kalra
www.tarunsadhana.com

<patelj27b@gmail.com> wrote in message
news:1154544710.357278.97050@h48g2000cwc.googlegroups.com...
>
> Code Jockey wrote:
>> "Jay" <patelj27b@gmail.com> wrote in message
>> news:1154529792.107913.187790@b28g2000cwb.googlegroups.com...
>> > Hey There,
>> <snip>
>> > Some common problems are exception code 0x80000003. This means a hard
>> > coded breakpoint or assertion was hit, but this system was booted
>> > /NODEBUG.
>>
>> > This is not supposed to happen as developers should never
>> > have
>> > hardcoded breakpoints in retail code, but ...
>> > If this happens, make sure a debugger gets connected, and the
>> > system is booted /DEBUG. This will let us see why this breakpoint is
>> > happening.
>>
>> Modify BOOT.INI or whatever and add the /DEBUG line, which will allow
>> windbg
>> to catch the error, rather than just report it.
>
>
> I already have the /DEBUG option included in the makefile. Anything
> else I can do?
>
> Thanks for your help,
> Jay
> (patelj27b at gmail dot com)
>


Top

Re: Error With TDI Driver by patelj27b

patelj27b
Wed Aug 02 15:54:10 CDT 2006


anton bassov wrote:
> Hi mate
>
> In fact, it is bizzare that you haven't crashed right in
> DriverEntry()....
>
> You have specified 0 as size of DEVICE_EXTENSION in a call to
> IoCreateDevice(), so that device extension does not get allocated, and
> then try to save a pointer to the lower device in device extension -
> you have specified this address in IoAttachDevice() In fact, you
> should have creashed right on the spot.....
>
> In Unload() routine, you try to acess device extension that has not
> been allocated, due to the fact that you have specified 0 as size of
> DEVICE_EXTENSION in a call to IoCreateDevice(). BANG!!!!!!!
>
>
>
> Anton Bassov
>
>
> Jay wrote:
> > Hey There,
> > I have the following code, and it gives me the BSOD when it tries to
> > unload the driver.
> >
> > The windbg output of the error is:
> >
> > *******************************************************************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > *******************************************************************************
> >
> > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
> > This is a very common bugcheck. Usually the exception address
> > pinpoints
> > the driver/function that caused the problem. Always note this address
> > as well as the link date of the driver/image that contains this
> > address.
> > Some common problems are exception code 0x80000003. This means a hard
> > coded breakpoint or assertion was hit, but this system was booted
> > /NODEBUG. This is not supposed to happen as developers should never
> > have
> > hardcoded breakpoints in retail code, but ...
> > If this happens, make sure a debugger gets connected, and the
> > system is booted /DEBUG. This will let us see why this breakpoint is
> > happening.
> > Arguments:
> > Arg1: c0000005, The exception code that was not handled
> > Arg2: f88db0c8, The address that the exception occurred at
> > Arg3: f8988b90, Exception Record Address
> > Arg4: f898888c, Context Record Address
> >
> > Debugging Details:
> > ------------------
> >
> >
> > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> > referenced memory at "0x%08lx". The memory could not be "%s".
> >
> > FAULTING_IP:
> > TDIDriver+20c8
> > f88db0c8 ?? ???
> >
> > EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
> > Cannot read Exception record @ f8988b90
> >
> > CONTEXT: f898888c -- (.cxr fffffffff898888c)
> > Unable to read context, Win32 error 30
> >
> > CUSTOMER_CRASH_COUNT: 1
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x7E
> >
> > LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8
> >
> > STACK_TEXT:
> > WARNING: Stack unwind information not available. Following frames may
> > be wrong.
> > f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
> > f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
> > f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
> > f8988d74 804e426b 00000a08 00000000 823c8b30
> > nt!IopLoadUnloadDriver+0x45
> > f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
> > f8988ddc 804fa4da 804e4196 00000001 00000000
> > nt!PspSystemThreadStartup+0x34
> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> >
> >
> > STACK_COMMAND: .bugcheck ; kb
> >
> > FOLLOWUP_IP:
> > TDIDriver+20c8
> > f88db0c8 ?? ???
> >
> > FAULTING_SOURCE_CODE:
> >
> >
> > SYMBOL_STACK_INDEX: 0
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > SYMBOL_NAME: TDIDriver+20c8
> >
> > MODULE_NAME: TDIDriver
> >
> > IMAGE_NAME: TDIDriver.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac
> >
> > FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8
> >
> > BUCKET_ID: 0x7E_TDIDriver+20c8
> >
> > Followup: MachineOwner
> > ---------
> >
> >
> >
> > The code I have executing is:
> > NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
> > pRegistryPath)
> > {
> > NTSTATUS NtStatus = STATUS_SUCCESS;
> > UINT uiIndex = 0;
> > PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
> > UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
> > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;
> >
> > RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
> > RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
> > RtlInitUnicodeString(&usDosDeviceName,
> > L"\\DosDevices\\TdiDosDriver");
> >
> > NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
> > FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
> >
> > for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
> > pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;
> >
> >
> > pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
> > pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
> > pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
> > pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
> > pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
> > TDIIoControlInternal;
> > pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
> > pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;
> >
> > pDriverObject->DriverUnload = TDIUnload;
> > pFilterDeviceContext =
> > (PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
> > NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
> > &pFilterDeviceContext->pNextDeviceInChain);
> >
> > if(!NT_SUCCESS(NtStatus))
> > {
> > IoDeleteDevice(pDeviceObject);
> > }
> > else
> > {
> > // pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
> > //pDeviceObject->Flags |= pFilteredDevice->Flags &
> > (DO_BUFFERED_IO | DO_DIRECT_IO);
> > //pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
> > // pDeviceObject->Characteristics =
> > pFilteredDevice->Characteristics;
> > pDeviceObject->Flags |= DO_BUFFERED_IO;
> > pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
> >
> > }
> > IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
> >
> > return NtStatus;
> > }
> >
> > VOID TDIUnload(PDRIVER_OBJECT pDriverObject)
> > {
> > UNICODE_STRING usDosDeviceName;
> > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext =
> > (PEXAMPLE_FILTER_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
> >
> >
> > RtlInitUnicodeString(&usDosDeviceName,
> > L"\\DosDevices\\TdiDosDriver");
> > IoDeleteSymbolicLink(&usDosDeviceName);
> > ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
> > IoDetachDevice(pFilterDeviceContext->pNextDeviceInChain);
> >
> >
> > ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
> > IoDeleteDevice(pDriverObject->DeviceObject);
> >
> > }
> >
> > It is a very simple driver. Any ideas?
> >
> > -Jay
> > (patelj27b at gmail dot com)

Mr. Bassov,
Fixing that did the trick. Thanks alot! I need to pay more
attention to my code. BTW, is the best way to debug a driver using
windbg remotely using IEEE or USB? I have tried to use windbg locally,
but there seems to be limited functionality on that end.

-Jay

Top

Re: Error With TDI Driver by Skywing

Skywing
Wed Aug 02 16:11:06 CDT 2006

1394 is probably the best speed-wise for xp/2003 if you have 1394
controllers that work properly with the debugger. USB debugging is only
supported if your target is Vista and requires a special USB cable.

--
Ken Johnson (Skywing)
Windows SDK MVP

<patelj27b@gmail.com> wrote in message
news:1154552050.528846.121660@m79g2000cwm.googlegroups.com...
>
> anton bassov wrote:
>> Hi mate
>>
>> In fact, it is bizzare that you haven't crashed right in
>> DriverEntry()....
>>
>> You have specified 0 as size of DEVICE_EXTENSION in a call to
>> IoCreateDevice(), so that device extension does not get allocated, and
>> then try to save a pointer to the lower device in device extension -
>> you have specified this address in IoAttachDevice() In fact, you
>> should have creashed right on the spot.....
>>
>> In Unload() routine, you try to acess device extension that has not
>> been allocated, due to the fact that you have specified 0 as size of
>> DEVICE_EXTENSION in a call to IoCreateDevice(). BANG!!!!!!!
>>
>>
>>
>> Anton Bassov
>>
>>
>> Jay wrote:
>> > Hey There,
>> > I have the following code, and it gives me the BSOD when it tries to
>> > unload the driver.
>> >
>> > The windbg output of the error is:
>> >
>> > *******************************************************************************
>> > *
>> > *
>> > * Bugcheck Analysis
>> > *
>> > *
>> > *
>> > *******************************************************************************
>> >
>> > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
>> > This is a very common bugcheck. Usually the exception address
>> > pinpoints
>> > the driver/function that caused the problem. Always note this address
>> > as well as the link date of the driver/image that contains this
>> > address.
>> > Some common problems are exception code 0x80000003. This means a hard
>> > coded breakpoint or assertion was hit, but this system was booted
>> > /NODEBUG. This is not supposed to happen as developers should never
>> > have
>> > hardcoded breakpoints in retail code, but ...
>> > If this happens, make sure a debugger gets connected, and the
>> > system is booted /DEBUG. This will let us see why this breakpoint is
>> > happening.
>> > Arguments:
>> > Arg1: c0000005, The exception code that was not handled
>> > Arg2: f88db0c8, The address that the exception occurred at
>> > Arg3: f8988b90, Exception Record Address
>> > Arg4: f898888c, Context Record Address
>> >
>> > Debugging Details:
>> > ------------------
>> >
>> >
>> > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
>> > referenced memory at "0x%08lx". The memory could not be "%s".
>> >
>> > FAULTING_IP:
>> > TDIDriver+20c8
>> > f88db0c8 ?? ???
>> >
>> > EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
>> > Cannot read Exception record @ f8988b90
>> >
>> > CONTEXT: f898888c -- (.cxr fffffffff898888c)
>> > Unable to read context, Win32 error 30
>> >
>> > CUSTOMER_CRASH_COUNT: 1
>> >
>> > DEFAULT_BUCKET_ID: DRIVER_FAULT
>> >
>> > BUGCHECK_STR: 0x7E
>> >
>> > LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8
>> >
>> > STACK_TEXT:
>> > WARNING: Stack unwind information not available. Following frames may
>> > be wrong.
>> > f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
>> > f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
>> > f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
>> > f8988d74 804e426b 00000a08 00000000 823c8b30
>> > nt!IopLoadUnloadDriver+0x45
>> > f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
>> > f8988ddc 804fa4da 804e4196 00000001 00000000
>> > nt!PspSystemThreadStartup+0x34
>> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>> >
>> >
>> > STACK_COMMAND: .bugcheck ; kb
>> >
>> > FOLLOWUP_IP:
>> > TDIDriver+20c8
>> > f88db0c8 ?? ???
>> >
>> > FAULTING_SOURCE_CODE:
>> >
>> >
>> > SYMBOL_STACK_INDEX: 0
>> >
>> > FOLLOWUP_NAME: MachineOwner
>> >
>> > SYMBOL_NAME: TDIDriver+20c8
>> >
>> > MODULE_NAME: TDIDriver
>> >
>> > IMAGE_NAME: TDIDriver.sys
>> >
>> > DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac
>> >
>> > FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8
>> >
>> > BUCKET_ID: 0x7E_TDIDriver+20c8
>> >
>> > Followup: MachineOwner
>> > ---------
>> >
>> >
>> >
>> > The code I have executing is:
>> > NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
>> > pRegistryPath)
>> > {
>> > NTSTATUS NtStatus = STATUS_SUCCESS;
>> > UINT uiIndex = 0;
>> > PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
>> > UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
>> > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;
>> >
>> > RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
>> > RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
>> > RtlInitUnicodeString(&usDosDeviceName,
>> > L"\\DosDevices\\TdiDosDriver");
>> >
>> > NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
>> > FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
>> >
>> > for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
>> > pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;
>> >
>> >
>> > pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
>> > pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
>> > pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
>> > pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
>> > pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
>> > TDIIoControlInternal;
>> > pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
>> > pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;
>> >
>> > pDriverObject->DriverUnload = TDIUnload;
>> > pFilterDeviceContext =
>> > (PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
>> > NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
>> > &pFilterDeviceContext->pNextDeviceInChain);
>> >
>> > if(!NT_SUCCESS(NtStatus))
>> > {
>> > IoDeleteDevice(pDeviceObject);
>> > }
>> > else
>> > {
>> > // pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
>> > //pDeviceObject->Flags |= pFilteredDevice->Flags &
>> > (DO_BUFFERED_IO | DO_DIRECT_IO);
>> > //pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
>> > // pDeviceObject->Characteristics =
>> > pFilteredDevice->Characteristics;
>> > pDeviceObject->Flags |= DO_BUFFERED_IO;
>> > pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
>> >
>> > }
>> > IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
>> >
>> > return NtStatus;
>> > }
>> >
>> > VOID TDIUnload(PDRIVER_OBJECT pDriverObject)
>> > {
>> > UNICODE_STRING usDosDeviceName;
>> > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext =
>> > (PEXAMPLE_FILTER_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
>> >
>> >
>> > RtlInitUnicodeString(&usDosDeviceName,
>> > L"\\DosDevices\\TdiDosDriver");
>> > IoDeleteSymbolicLink(&usDosDeviceName);
>> > ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
>> > IoDetachDevice(pFilterDeviceContext->pNextDeviceInChain);
>> >
>> >
>> > ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
>> > IoDeleteDevice(pDriverObject->DeviceObject);
>> >
>> > }
>> >
>> > It is a very simple driver. Any ideas?
>> >
>> > -Jay
>> > (patelj27b at gmail dot com)
>
> Mr. Bassov,
> Fixing that did the trick. Thanks alot! I need to pay more
> attention to my code. BTW, is the best way to debug a driver using
> windbg remotely using IEEE or USB? I have tried to use windbg locally,
> but there seems to be limited functionality on that end.
>
> -Jay
>


Top

Re: Error With TDI Driver by pavel_a

pavel_a
Wed Aug 02 16:45:03 CDT 2006

"patelj27b@gmail.com" wrote:

> Code Jockey wrote:
> > Modify BOOT.INI or whatever and add the /DEBUG line, which will allow windbg

> I already have the /DEBUG option included in the makefile. Anything
> else I can do?

Does anybody collect "techincal support" jokes?
This one must be saved for the history! (sorry, Jay... )

--PA

Top

Re: Error With TDI Driver by soviet_bloke

soviet_bloke
Wed Aug 02 17:19:09 CDT 2006

Hi Pavel

> > Code Jockey wrote:
> > > Modify BOOT.INI or whatever and add the /DEBUG line, which will allow windbg
>
> > I already have the /DEBUG option included in the makefile. Anything
> > else I can do?
>
> Does anybody collect "techincal support" jokes?
> This one must be saved for the history! (sorry, Jay... )

How "clever" you are......

It is obvious to everyone that the OP is very new to the kernel-mode
development.
What is the point of laughing at the beginners???? Do you really think
you are guru yourself??????

Anton Bassov

Pavel A. wrote:
> "patelj27b@gmail.com" wrote:
>
> > Code Jockey wrote:
> > > Modify BOOT.INI or whatever and add the /DEBUG line, which will allow windbg
>
> > I already have the /DEBUG option included in the makefile. Anything
> > else I can do?
>
> Does anybody collect "techincal support" jokes?
> This one must be saved for the history! (sorry, Jay... )
>
> --PA

Top

Re: Error With TDI Driver by pavel_a

pavel_a
Thu Aug 03 07:21:01 CDT 2006

"soviet_bloke@hotmail.com" wrote:
> Hi Pavel
> How "clever" you are......
>
> It is obvious to everyone that the OP is very new to the kernel-mode
> development.
> What is the point of laughing at the beginners???? Do you really think
> you are guru yourself??????
>
> Anton Bassov

Dearest Mr. Bassov,

You've made an excellent hit on this one. Congratulations.
So I won't start with you this time.

Regards,
--PA

Top

Re: Error With TDI Driver by Jay

Jay
Thu Aug 03 08:22:13 CDT 2006


anton bassov wrote:
> Hi mate
>
> In fact, it is bizzare that you haven't crashed right in
> DriverEntry()....
>
> You have specified 0 as size of DEVICE_EXTENSION in a call to
> IoCreateDevice(), so that device extension does not get allocated, and
> then try to save a pointer to the lower device in device extension -
> you have specified this address in IoAttachDevice() In fact, you
> should have creashed right on the spot.....
>
> In Unload() routine, you try to acess device extension that has not
> been allocated, due to the fact that you have specified 0 as size of
> DEVICE_EXTENSION in a call to IoCreateDevice(). BANG!!!!!!!
>
>
>
> Anton Bassov
>
>
> Jay wrote:
> > Hey There,
> > I have the following code, and it gives me the BSOD when it tries to
> > unload the driver.
> >
> > The windbg output of the error is:
> >
> > *******************************************************************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > *******************************************************************************
> >
> > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
> > This is a very common bugcheck. Usually the exception address
> > pinpoints
> > the driver/function that caused the problem. Always note this address
> > as well as the link date of the driver/image that contains this
> > address.
> > Some common problems are exception code 0x80000003. This means a hard
> > coded breakpoint or assertion was hit, but this system was booted
> > /NODEBUG. This is not supposed to happen as developers should never
> > have
> > hardcoded breakpoints in retail code, but ...
> > If this happens, make sure a debugger gets connected, and the
> > system is booted /DEBUG. This will let us see why this breakpoint is
> > happening.
> > Arguments:
> > Arg1: c0000005, The exception code that was not handled
> > Arg2: f88db0c8, The address that the exception occurred at
> > Arg3: f8988b90, Exception Record Address
> > Arg4: f898888c, Context Record Address
> >
> > Debugging Details:
> > ------------------
> >
> >
> > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> > referenced memory at "0x%08lx". The memory could not be "%s".
> >
> > FAULTING_IP:
> > TDIDriver+20c8
> > f88db0c8 ?? ???
> >
> > EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
> > Cannot read Exception record @ f8988b90
> >
> > CONTEXT: f898888c -- (.cxr fffffffff898888c)
> > Unable to read context, Win32 error 30
> >
> > CUSTOMER_CRASH_COUNT: 1
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x7E
> >
> > LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8
> >
> > STACK_TEXT:
> > WARNING: Stack unwind information not available. Following frames may
> > be wrong.
> > f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
> > f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
> > f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
> > f8988d74 804e426b 00000a08 00000000 823c8b30
> > nt!IopLoadUnloadDriver+0x45
> > f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
> > f8988ddc 804fa4da 804e4196 00000001 00000000
> > nt!PspSystemThreadStartup+0x34
> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> >
> >
> > STACK_COMMAND: .bugcheck ; kb
> >
> > FOLLOWUP_IP:
> > TDIDriver+20c8
> > f88db0c8 ?? ???
> >
> > FAULTING_SOURCE_CODE:
> >
> >
> > SYMBOL_STACK_INDEX: 0
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > SYMBOL_NAME: TDIDriver+20c8
> >
> > MODULE_NAME: TDIDriver
> >
> > IMAGE_NAME: TDIDriver.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac
> >
> > FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8
> >
> > BUCKET_ID: 0x7E_TDIDriver+20c8
> >
> > Followup: MachineOwner
> > ---------
> >
> >
> >
> > The code I have executing is:
> > NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
> > pRegistryPath)
> > {
> > NTSTATUS NtStatus = STATUS_SUCCESS;
> > UINT uiIndex = 0;
> > PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
> > UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
> > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;
> >
> > RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
> > RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
> > RtlInitUnicodeString(&usDosDeviceName,
> > L"\\DosDevices\\TdiDosDriver");
> >
> > NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
> > FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
> >
> > for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
> > pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;
> >
> >
> > pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
> > pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
> > pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
> > pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
> > pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
> > TDIIoControlInternal;
> > pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
> > pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;
> >
> > pDriverObject->DriverUnload = TDIUnload;
> > pFilterDeviceContext =
> > (PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
> > NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
> > &pFilterDeviceContext->pNextDeviceInChain);
> >
> > if(!NT_SUCCESS(NtStatus))
> > {
> > IoDeleteDevice(pDeviceObject);
> > }
> > else
> > {
> > // pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
> > //pDeviceObject->Flags |= pFilteredDevice->Flags &
> > (DO_BUFFERED_IO | DO_DIRECT_IO);
> > //pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
> > // pDeviceObject->Characteristics =
> > pFilteredDevice->Characteristics;
> > pDeviceObject->Flags |= DO_BUFFERED_IO;
> > pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
> >
> > }
> > IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
> >
> > return NtStatus;
> > }
> >
> > VOID TDIUnload(PDRIVER_OBJECT pDriverObject)
> > {
> > UNICODE_STRING usDosDeviceName;
> > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext =
> > (PEXAMPLE_FILTER_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
> >
> >
> > RtlInitUnicodeString(&usDosDeviceName,
> > L"\\DosDevices\\TdiDosDriver");
> > IoDeleteSymbolicLink(&usDosDeviceName);
> > ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
> > IoDetachDevice(pFilterDeviceContext->pNextDeviceInChain);
> >
> >
> > ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
> > IoDeleteDevice(pDriverObject->DeviceObject);
> >
> > }
> >
> > It is a very simple driver. Any ideas?
> >
> > -Jay
> > (patelj27b at gmail dot com)


Hey All,
Thanks for all the help. I have a situation that occurs that I'm
not sure how to resolve. When the driver runs, and I try to launch
Outlook Express, it will bring up the splash screen, but stays there.
When I unload the driver, then it continues the normal flow of
execution. Also, once I run the driver, even after it unloads, if I try
to restart or shut down the machine, it looks like it closes
explorer.exe and just stays stuck there. I'm forced to physically power
down the machine in order to turn it off. Any ideas as to what would
cause this to occur?


Thanks!
Jay
(patelj27b at gmail dot com)

Top

Re: Error With TDI Driver by PCAUSA

PCAUSA
Thu Aug 03 09:03:21 CDT 2006

If this is a TDI filter driver, then the simple fact is that it cannot
be unloaded safely.

Thomas F. Divine, Windows DDK MVP

Jay wrote:
> anton bassov wrote:
> > Hi mate
> >
> > In fact, it is bizzare that you haven't crashed right in
> > DriverEntry()....
> >
> > You have specified 0 as size of DEVICE_EXTENSION in a call to
> > IoCreateDevice(), so that device extension does not get allocated, and
> > then try to save a pointer to the lower device in device extension -
> > you have specified this address in IoAttachDevice() In fact, you
> > should have creashed right on the spot.....
> >
> > In Unload() routine, you try to acess device extension that has not
> > been allocated, due to the fact that you have specified 0 as size of
> > DEVICE_EXTENSION in a call to IoCreateDevice(). BANG!!!!!!!
> >
> >
> >
> > Anton Bassov
> >
> >
> > Jay wrote:
> > > Hey There,
> > > I have the following code, and it gives me the BSOD when it tries to
> > > unload the driver.
> > >
> > > The windbg output of the error is:
> > >
> > > *******************************************************************************
> > > *
> > > *
> > > * Bugcheck Analysis
> > > *
> > > *
> > > *
> > > *******************************************************************************
> > >
> > > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
> > > This is a very common bugcheck. Usually the exception address
> > > pinpoints
> > > the driver/function that caused the problem. Always note this address
> > > as well as the link date of the driver/image that contains this
> > > address.
> > > Some common problems are exception code 0x80000003. This means a hard
> > > coded breakpoint or assertion was hit, but this system was booted
> > > /NODEBUG. This is not supposed to happen as developers should never
> > > have
> > > hardcoded breakpoints in retail code, but ...
> > > If this happens, make sure a debugger gets connected, and the
> > > system is booted /DEBUG. This will let us see why this breakpoint is
> > > happening.
> > > Arguments:
> > > Arg1: c0000005, The exception code that was not handled
> > > Arg2: f88db0c8, The address that the exception occurred at
> > > Arg3: f8988b90, Exception Record Address
> > > Arg4: f898888c, Context Record Address
> > >
> > > Debugging Details:
> > > ------------------
> > >
> > >
> > > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> > > referenced memory at "0x%08lx". The memory could not be "%s".
> > >
> > > FAULTING_IP:
> > > TDIDriver+20c8
> > > f88db0c8 ?? ???
> > >
> > > EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
> > > Cannot read Exception record @ f8988b90
> > >
> > > CONTEXT: f898888c -- (.cxr fffffffff898888c)
> > > Unable to read context, Win32 error 30
> > >
> > > CUSTOMER_CRASH_COUNT: 1
> > >
> > > DEFAULT_BUCKET_ID: DRIVER_FAULT
> > >
> > > BUGCHECK_STR: 0x7E
> > >
> > > LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8
> > >
> > > STACK_TEXT:
> > > WARNING: Stack unwind information not available. Following frames may
> > > be wrong.
> > > f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
> > > f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
> > > f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
> > > f8988d74 804e426b 00000a08 00000000 823c8b30
> > > nt!IopLoadUnloadDriver+0x45
> > > f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
> > > f8988ddc 804fa4da 804e4196 00000001 00000000
> > > nt!PspSystemThreadStartup+0x34
> > > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> > >
> > >
> > > STACK_COMMAND: .bugcheck ; kb
> > >
> > > FOLLOWUP_IP:
> > > TDIDriver+20c8
> > > f88db0c8 ?? ???
> > >
> > > FAULTING_SOURCE_CODE:
> > >
> > >
> > > SYMBOL_STACK_INDEX: 0
> > >
> > > FOLLOWUP_NAME: MachineOwner
> > >
> > > SYMBOL_NAME: TDIDriver+20c8
> > >
> > > MODULE_NAME: TDIDriver
> > >
> > > IMAGE_NAME: TDIDriver.sys
> > >
> > > DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac
> > >
> > > FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8
> > >
> > > BUCKET_ID: 0x7E_TDIDriver+20c8
> > >
> > > Followup: MachineOwner
> > > ---------
> > >
> > >
> > >
> > > The code I have executing is:
> > > NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
> > > pRegistryPath)
> > > {
> > > NTSTATUS NtStatus = STATUS_SUCCESS;
> > > UINT uiIndex = 0;
> > > PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
> > > UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
> > > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;
> > >
> > > RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
> > > RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
> > > RtlInitUnicodeString(&usDosDeviceName,
> > > L"\\DosDevices\\TdiDosDriver");
> > >
> > > NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
> > > FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
> > >
> > > for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
> > > pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;
> > >
> > >
> > > pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
> > > pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
> > > pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
> > > pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
> > > pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
> > > TDIIoControlInternal;
> > > pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
> > > pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;
> > >
> > > pDriverObject->DriverUnload = TDIUnload;
> > > pFilterDeviceContext =
> > > (PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
> > > NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
> > > &pFilterDeviceContext->pNextDeviceInChain);
> > >
> > > if(!NT_SUCCESS(NtStatus))
> > > {
> > > IoDeleteDevice(pDeviceObject);
> > > }
> > > else
> > > {
> > > // pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
> > > //pDeviceObject->Flags |= pFilteredDevice->Flags &
> > > (DO_BUFFERED_IO | DO_DIRECT_IO);
> > > //pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
> > > // pDeviceObject->Characteristics =
> > > pFilteredDevice->Characteristics;
> > > pDeviceObject->Flags |= DO_BUFFERED_IO;
> > > pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
> > >
> > > }
> > > IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
> > >
> > > return NtStatus;
> > > }
> > >
> > > VOID TDIUnload(PDRIVER_OBJECT pDriverObject)
> > > {
> > > UNICODE_STRING usDosDeviceName;
> > > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext =
> > > (PEXAMPLE_FILTER_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
> > >
> > >
> > > RtlInitUnicodeString(&usDosDeviceName,
> > > L"\\DosDevices\\TdiDosDriver");
> > > IoDeleteSymbolicLink(&usDosDeviceName);
> > > ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
> > > IoDetachDevice(pFilterDeviceContext->pNextDeviceInChain);
> > >
> > >
> > > ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
> > > IoDeleteDevice(pDriverObject->DeviceObject);
> > >
> > > }
> > >
> > > It is a very simple driver. Any ideas?
> > >
> > > -Jay
> > > (patelj27b at gmail dot com)
>
>
> Hey All,
> Thanks for all the help. I have a situation that occurs that I'm
> not sure how to resolve. When the driver runs, and I try to launch
> Outlook Express, it will bring up the splash screen, but stays there.
> When I unload the driver, then it continues the normal flow of
> execution. Also, once I run the driver, even after it unloads, if I try
> to restart or shut down the machine, it looks like it closes
> explorer.exe and just stays stuck there. I'm forced to physically power
> down the machine in order to turn it off. Any ideas as to what would
> cause this to occur?
>
>
> Thanks!
> Jay
> (patelj27b at gmail dot com)

Top

Re: Error With TDI Driver by Jay

Jay
Thu Aug 03 09:27:36 CDT 2006


PCAUSA wrote:
> If this is a TDI filter driver, then the simple fact is that it cannot
> be unloaded safely.
>
> Thomas F. Divine, Windows DDK MVP
>
> Jay wrote:
> > anton bassov wrote:
> > > Hi mate
> > >
> > > In fact, it is bizzare that you haven't crashed right in
> > > DriverEntry()....
> > >
> > > You have specified 0 as size of DEVICE_EXTENSION in a call to
> > > IoCreateDevice(), so that device extension does not get allocated, and
> > > then try to save a pointer to the lower device in device extension -
> > > you have specified this address in IoAttachDevice() In fact, you
> > > should have creashed right on the spot.....
> > >
> > > In Unload() routine, you try to acess device extension that has not
> > > been allocated, due to the fact that you have specified 0 as size of
> > > DEVICE_EXTENSION in a call to IoCreateDevice(). BANG!!!!!!!
> > >
> > >
> > >
> > > Anton Bassov
> > >
> > >
> > > Jay wrote:
> > > > Hey There,
> > > > I have the following code, and it gives me the BSOD when it tries to
> > > > unload the driver.
> > > >
> > > > The windbg output of the error is:
> > > >
> > > > *******************************************************************************
> > > > *
> > > > *
> > > > * Bugcheck Analysis
> > > > *
> > > > *
> > > > *
> > > > *******************************************************************************
> > > >
> > > > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
> > > > This is a very common bugcheck. Usually the exception address
> > > > pinpoints
> > > > the driver/function that caused the problem. Always note this address
> > > > as well as the link date of the driver/image that contains this
> > > > address.
> > > > Some common problems are exception code 0x80000003. This means a hard
> > > > coded breakpoint or assertion was hit, but this system was booted
> > > > /NODEBUG. This is not supposed to happen as developers should never
> > > > have
> > > > hardcoded breakpoints in retail code, but ...
> > > > If this happens, make sure a debugger gets connected, and the
> > > > system is booted /DEBUG. This will let us see why this breakpoint is
> > > > happening.
> > > > Arguments:
> > > > Arg1: c0000005, The exception code that was not handled
> > > > Arg2: f88db0c8, The address that the exception occurred at
> > > > Arg3: f8988b90, Exception Record Address
> > > > Arg4: f898888c, Context Record Address
> > > >
> > > > Debugging Details:
> > > > ------------------
> > > >
> > > >
> > > > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
> > > > referenced memory at "0x%08lx". The memory could not be "%s".
> > > >
> > > > FAULTING_IP:
> > > > TDIDriver+20c8
> > > > f88db0c8 ?? ???
> > > >
> > > > EXCEPTION_RECORD: f8988b90 -- (.exr fffffffff8988b90)
> > > > Cannot read Exception record @ f8988b90
> > > >
> > > > CONTEXT: f898888c -- (.cxr fffffffff898888c)
> > > > Unable to read context, Win32 error 30
> > > >
> > > > CUSTOMER_CRASH_COUNT: 1
> > > >
> > > > DEFAULT_BUCKET_ID: DRIVER_FAULT
> > > >
> > > > BUGCHECK_STR: 0x7E
> > > >
> > > > LAST_CONTROL_TRANSFER: from 81ea3550 to f88db0c8
> > > >
> > > > STACK_TEXT:
> > > > WARNING: Stack unwind information not available. Following frames may
> > > > be wrong.
> > > > f8988c54 81ea3550 e291c264 00320030 f88de078 TDIDriver+0x20c8
> > > > f8988c7c 805a0799 81ea3550 82199000 00000000 0x81ea3550
> > > > f8988d4c 805a0a6e 00000a08 00000001 00000000 nt!IopLoadDriver+0x66c
> > > > f8988d74 804e426b 00000a08 00000000 823c8b30
> > > > nt!IopLoadUnloadDriver+0x45
> > > > f8988dac 8057be15 f8a1ccf4 00000000 00000000 nt!ExpWorkerThread+0x100
> > > > f8988ddc 804fa4da 804e4196 00000001 00000000
> > > > nt!PspSystemThreadStartup+0x34
> > > > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> > > >
> > > >
> > > > STACK_COMMAND: .bugcheck ; kb
> > > >
> > > > FOLLOWUP_IP:
> > > > TDIDriver+20c8
> > > > f88db0c8 ?? ???
> > > >
> > > > FAULTING_SOURCE_CODE:
> > > >
> > > >
> > > > SYMBOL_STACK_INDEX: 0
> > > >
> > > > FOLLOWUP_NAME: MachineOwner
> > > >
> > > > SYMBOL_NAME: TDIDriver+20c8
> > > >
> > > > MODULE_NAME: TDIDriver
> > > >
> > > > IMAGE_NAME: TDIDriver.sys
> > > >
> > > > DEBUG_FLR_IMAGE_TIMESTAMP: 44d0a5ac
> > > >
> > > > FAILURE_BUCKET_ID: 0x7E_TDIDriver+20c8
> > > >
> > > > BUCKET_ID: 0x7E_TDIDriver+20c8
> > > >
> > > > Followup: MachineOwner
> > > > ---------
> > > >
> > > >
> > > >
> > > > The code I have executing is:
> > > > NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
> > > > pRegistryPath)
> > > > {
> > > > NTSTATUS NtStatus = STATUS_SUCCESS;
> > > > UINT uiIndex = 0;
> > > > PDEVICE_OBJECT pDeviceObject = NULL, pFilteredDevice = NULL;
> > > > UNICODE_STRING usDriverName, usDosDeviceName, usDeviceToFilter;
> > > > PEXAMPLE_FILTER_EXTENSION pFilterDeviceContext;
> > > >
> > > > RtlInitUnicodeString(&usDeviceToFilter, L"\\Device\\Tcp");
> > > > RtlInitUnicodeString(&usDriverName, L"\\Device\\TdiDriver");
> > > > RtlInitUnicodeString(&usDosDeviceName,
> > > > L"\\DosDevices\\TdiDosDriver");
> > > >
> > > > NtStatus = IoCreateDevice(pDriverObject, 0, &usDriverName,
> > > > FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
> > > >
> > > > for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
> > > > pDriverObject->MajorFunction[uiIndex] = TDIInvalidFunction;
> > > >
> > > >
> > > > pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = TDICleanUp;
> > > > pDriverObject->MajorFunction[IRP_MJ_CLOSE] = TDIClose;
> > > > pDriverObject->MajorFunction[IRP_MJ_CREATE] = TDICreate;
> > > > pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = TDIIoControl;
> > > > pDriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] =
> > > > TDIIoControlInternal;
> > > > pDriverObject->MajorFunction[IRP_MJ_READ] = TDIRead;
> > > > pDriverObject->MajorFunction[IRP_MJ_WRITE] = TDIWrite;
> > > >
> > > > pDriverObject->DriverUnload = TDIUnload;
> > > > pFilterDeviceContext =
> > > > (PEXAMPLE_FILTER_EXTENSION)pDeviceObject->DeviceExtension;
> > > > NtStatus = IoAttachDevice(pDeviceObject, &usDeviceToFilter,
> > > > &pFilterDeviceContext->pNextDeviceInChain);
> > > >
> > > > if(!NT_SUCCESS(NtStatus))
> > > > {
> > > > IoDeleteDevice(pDeviceObject);
> > > > }
> > > > else
> > > > {
> > > > // pFilteredDevice = pFilterDeviceContext->pNextDeviceInChain;
> > > > //pDeviceObject->Flags |= pFilteredDevice->Flags &
> > > > (DO_BUFFERED_IO | DO_DIRECT_IO);
> > > > //pDeviceObject->DeviceType = pFilteredDevice->DeviceType;
> > > > // pDeviceObject->Characteristics =
> > > > pFilteredDevice->Characteristics;
> > > > pDeviceObject->Flags |= DO_BUFFERED_IO;
> > > > pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
> > > >
> > > > }
> > > > IoCreateSymbolicLink(&am