I have enabled NDIS/WIFI verification flag for my driver in Driver Verifier. This resulted in BSOD for hitting the ndistimeddatahang rule. When I analyzed the dump, I got -
DRIVER_VERIFIER_DETECTED_VIOLATION (c4) Arguments: Arg1: 000000000009200f, ID of the 'NdisTimedDataHang' rule that was violated. Arg2: fffff806cd819200, A pointer to the string describing the violated rule condition. Arg3: ffff87862606b110, Address of internal rule state (second argument to !ruleinfo). Arg4: ffff87862606b240, Address of supplemental states (third argument to !ruleinfo).
When I did !ndiskd.pendingnbls, I got the list of NBLs that are currently pending while the dump was taken. To figure out, which NBL has caused the violation, I tried to use !ruleinfo command with the arguments received in analyzing.
!ruleinfo 0x9200f 0xffff87862606b110 0xffff87862606b240
but Windbg reported the error -
Failed to read the rule state (check the second argument).
There are pending NBLs currently held by not my driver. I just want to make sure that violation is not caused by my driver. Can someone please suggest what am I doing wrong ? Is there any way to figure out which NBL failed to complete in 22 seconds which is a requirement for ndistimeddatahang rule ?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|