Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Windows driver freezes sever

bharatgadebharatgade Member Posts: 2
There is a kernel level driver installed on a terminal server.It works fine for certain period of time on that terminal sever. later on
that terminal server itself getting into freezed state where noboday can RDP & web console to connect with server. In my case,
CPU is always hitting to 100% in freezed state. After unstalling that driver the terminal server works fine or even responds properly always.Even if it is 100% CPU usage and gets slow but still reponds to the RDP & web console.

That scenario is kind of hard to reproduce it. but still i got successful to fetch complete memory dump out of that machine in that scenario then i analyzed full memory dump using microsoft WinDbg tool. WinDbg tool displayed faulty driver module name and call stack as below

Module Name: MMTEProxy (Installed Driver)

[0x0] nt!KxWaitForLockOwnerShip + 0x27
[0x1] MMTEProxy!LutTranslatePort + 0x2c2
[0x2] MMTEProxy!PerformSocketRedirection + 0xba7
[0x3] MMTEProxy!TriggerPrByALERedirectInline + 0x244
[0x4] MMTEProxy!DDProxyBindRedirectClassify + 0x537
[0x5] tcpip!AlePostProcessClassify + 0x105
[0x6] NETIO!ProcessCallout + 0x1579f
[0x7] NETIO!ArbitrateAndEnforce + 0x2c3
[0x8] NETIO!KfdClassify + 0x879
[0x9] tcpip!AleInspectBindRequest + 0xa0d71
[0xa] tcpip!UdpIoControlEndpoint + 0x2b6
[0xb] afd!AfdTLIoControl + 0x50
[0xc] afd!AfdTLBindSecurityComplete + 0xbd
[0xd] afd!AfdTLIoControl + 0x9e
[0xe] afd!AfdTLBindSecurity + 0xaf
[0xf] afd!AfdBind + 0x394
[0x10] afd!AfdDispatchDeviceControl + 0x66
[0x11] nt!IopXxxControlFile + 0xa4f
[0x12] nt!NtDeviceIoControlFile + 0x56
[0x13] nt!KiSystemServiceCopyEnd + 0x13
[0x14] ntdll!NtDeviceIoControlFile + 0xa
[0x15] mswsock!WSPBind + 0x251
[0x16] WS2_32!bind + 0x77

Since i am not expert in kernel level driver development,But i tried to google about driver. Internally it uses the following lock to perform any operation at process table or session table

KeAcquireInStackQueuedSpinLock (
_Inout_ PKSPIN_LOCK SpinLock,
_Out_ PKLOCK_QUEUE_HANDLE LockHandle
);

With help of WinDbg tool, I also checked that there is no any deadlock condition or curretnly held lock by any thread. still i am not getting what causing this issue. whether its lock is not handled properly at code level or some particular situation, the above kernel level
method doesn't work and it never releases lock.

Please can you help me with this if you know about it.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 25 Feb 2019 OSR Seminar Space
Developing Minifilters 8 April 2019 OSR Seminar Space