Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

System crash - IRQL_NOT_LESS_OR_EQUAL - Keyboard driver

Ray_MikeRay_Mike Member - All Emails Posts: 5
Microsoft (R) Windows Debugger Version 10.0.17134.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\King\Desktop\090918-18109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 8.1 Kernel Version 9600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.17415.x86fre.winblue_r4.141028-1500
Machine Name:
Kernel base = 0x81209000 PsLoadedModuleList = 0x81408418
Debug session time: Sun Sep 9 13:50:30.037 2018 (UTC + 6:00)
System Uptime: 0 days 1:17:13.573
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 2, 1, 81308cf4}

Probably caused by : kbdclass.sys ( kbdclass!KeyboardClassServiceCallback+e8 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81308cf4, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1


TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 9600.17415.x86fre.winblue_r4.141028-1500

DUMP_TYPE: 2

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_P1: 0

BUGCHECK_P2: 2

BUGCHECK_P3: 1

BUGCHECK_P4: ffffffff81308cf4

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 814376f4
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from 81437f38
GetUlongPtrFromAddress: unable to read from 81437a90
Unable to get NonPagedPoolStart
Unable to get PagedPoolStart
00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!memmove+124
81308cf4 89448ff4 mov dword ptr [edi+ecx*4-0Ch],eax

CPU_COUNT: 1

CPU_MHZ: 899

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3d

CPU_STEPPING: 4

CPU_MICROCODE: 6,3d,4,0 (F,M,S,R) SIG: 1F'00000000 (cache) 0'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: System

ANALYSIS_SESSION_HOST: DESKTOP-NDA48UI

ANALYSIS_SESSION_TIME: 09-09-2018 13:55:29.0502

ANALYSIS_VERSION: 10.0.17134.1 x86fre

LAST_CONTROL_TRANSFER: from 8fefea65 to 81308cf4

STACK_TEXT:
82743988 8fefea65 00000000 9b13fe2c 0000000c nt!memmove+0x124
827439c4 8fee91d5 953a5240 9b13fe2c 8f916e28 kbdclass!KeyboardClassServiceCallback+0xe8
82743a28 812579a6 91f0cc64 01f0ca00 00000000 i8042prt!I8042KeyboardIsrDpc+0x197
82743ae0 812575c6 82743b28 00000000 89bfabc0 nt!KiExecuteAllDpcs+0x216
82743c04 8131a3d0 00000000 00000000 00000000 nt!KiRetireDpcList+0xf6
82743c08 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x38


THREAD_SHA1_HASH_MOD_FUNC: 558f74cd3a91bcbe19983f1b7c0528b4b6e14e68

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 161173af8eb4dad35d375cfca10e81c430366625

THREAD_SHA1_HASH_MOD: 96f30bfb09b4cbb871d97a7ed1a187f4d9e602f3

FOLLOWUP_IP:
kbdclass!KeyboardClassServiceCallback+e8
8fefea65 8b4510 mov eax,dword ptr [ebp+10h]

FAULT_INSTR_CODE: 3310458b

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: kbdclass!KeyboardClassServiceCallback+e8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: kbdclass

IMAGE_NAME: kbdclass.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 543353ac

IMAGE_VERSION: 6.3.9600.17393

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: e8

FAILURE_BUCKET_ID: AV_kbdclass!KeyboardClassServiceCallback

BUCKET_ID: AV_kbdclass!KeyboardClassServiceCallback

PRIMARY_PROBLEM_CLASS: AV_kbdclass!KeyboardClassServiceCallback

TARGET_TIME: 2018-09-09T07:50:30.000Z

OSBUILD: 9600

OSSERVICEPACK: 17415

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x86

OSNAME: Windows 8.1

OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2014-10-29 06:32:39

BUILDDATESTAMP_STR: 141028-1500

BUILDLAB_STR: winblue_r4

BUILDOSVER_STR: 6.3.9600.17415.x86fre.winblue_r4.141028-1500

ANALYSIS_SESSION_ELAPSED_TIME: d87

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_kbdclass!keyboardclassservicecallback

FAILURE_ID_HASH: {2397e1a0-177a-792e-7553-d9653a04afd0}

Followup: MachineOwner
---------

Source code:

#include "ntddk.h""


typedef struct {
PDEVICE_OBJECT LowerKbdDevice;
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;

typedef struct _KEYBOARD_INPUT_DATA {
USHORT UnitId;
USHORT MakeCode;
USHORT Flags;
USHORT Reserved;
ULONG ExtraInformation;
} KEYBOARD_INPUT_DATA, *PKEYBOARD_INPUT_DATA;

PDEVICE_OBJECT MyKbdDevice = NULL;
//ULONG pendingkey = 0;

void Unload(IN PDRIVER_OBJECT DriverObject) {

LARGE_INTEGER interval = { 0 };

PDEVICE_OBJECT DeviceObject = DriverObject->DeviceObject;
interval.QuadPart = -10 * 1000 * 1000;
IoDetachDevice(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice);
/*while (pendingkey) {
KeDelayExecutionThread(KernelMode, FALSE, &interval);
}*/
IoDeleteDevice(MyKbdDevice);
DbgPrint("driver Unload \r\n");


}

NTSTATUS DispatchPass(PDEVICE_OBJECT DeviceObject, PIRP Irp) {

IoCopyCurrentIrpStackLocationToNext(Irp);
return IoCallDriver((((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice), Irp);

}

NTSTATUS ReadComplete(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context) {

PKEYBOARD_INPUT_DATA Keys = (PKEYBOARD_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;
int structnum = Irp->IoStatus.Information / sizeof(PKEYBOARD_INPUT_DATA);
int i;
if (Irp->IoStatus.Status == STATUS_SUCCESS) {
for (i = 0; i < structnum; i++) {
DbgPrint("The Key Is %x\n", Keys[i].MakeCode);
}
}
if(Irp->PendingReturned) {
IoMarkIrpPending(Irp);
}

//pendingkey--;
return Irp->IoStatus.Status;
}

NTSTATUS DispatchRead(PDEVICE_OBJECT DeviceObject, PIRP Irp) {

IoCopyCurrentIrpStackLocationToNext(Irp);

IoSetCompletionRoutine(Irp, ReadComplete, NULL, TRUE, TRUE, TRUE);

//pendingkey++;
return IoCallDriver((((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice), Irp);

}

NTSTATUS MyAttachDevice(PDRIVER_OBJECT DriverObject) {
NTSTATUS status;


UNICODE_STRING TargetDevice = RTL_CONSTANT_STRING(L"\\Device\\KeyboardClass0");
status = IoCreateDevice(DriverObject,
sizeof(DEVICE_EXTENSION),
NULL, FILE_DEVICE_KEYBOARD,
0, FALSE, &MyKbdDevice);

if (!NT_SUCCESS(status)) {
return status;
}

MyKbdDevice->Flags |= DO_BUFFERED_IO;
MyKbdDevice->Flags &= DO_DEVICE_INITIALIZING;

RtlZeroMemory(MyKbdDevice->DeviceExtension, sizeof(DEVICE_EXTENSION));

status = IoAttachDevice(MyKbdDevice, &TargetDevice, &((PDEVICE_EXTENSION)MyKbdDevice->DeviceExtension)->LowerKbdDevice);

if (!NT_SUCCESS(status)) {
IoDeleteDevice(MyKbdDevice);
return status;
}
return STATUS_SUCCESS;
}

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) {

UNREFERENCED_PARAMETER(RegistryPath);
UNREFERENCED_PARAMETER(DriverObject);

NTSTATUS status;
int i;
DriverObject->DriverUnload = Unload;

for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++) {

DriverObject->MajorFunction[i] = DispatchPass;
}

DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;



DbgPrint("Hello Driver\r\n");
status = MyAttachDevice(DriverObject);

if (!NT_SUCCESS(status)) {
DbgPrint("attaching is failing");
return status;
}
else {
KdPrint(("Attaching Succeeds \r\n"));
}

return status;
}

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,139
    Very nice.

    Did you have a question associated with this, or were you merely posting this as some sort of abstract art? I can appreciate all sorts of art...

    Peter
    OSR
    @OSRDrivers

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 25 Feb 2019 OSR Seminar Space
Developing Minifilters 8 April 2019 OSR Seminar Space