The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
My driver sometimes needs to defines current stack begging and receives it via KeGetCurrentThread(). For Win10 it is:
PKTHREAD pCurrentThread = KeGetCurrentThread();
pEnvironmentPointer = (PVOID) * (PUINT64)((PCHAR)pCurrentThread + 0x038);
The problem occurs with DPC. As written kernel always switches to the DPC stack from the current thread stack when handling DPCs.
The stack example may be found here": https://social.msdn.microsoft.com/Forums/en-US/ac41bbe8-39d4-4739-a009-7532d22b2cd4/dpc-stack-size-and-switch?forum=wdk
DpcStack : 0xfffff800`03c31fb0 Void from PCRB
Current thread Stack - Base fffff8800 2261000 Limit fffff880 0225b000
Child-SP RetAddr : Call Site
03c31fa8 fffff800026d2905 : nt!KiRetireDpcList
03c31fb0 fffff800026d271c : nt!KxRetireDpcList+0x5 (TrapFrame @ // switch is here!!!!
0225fd80 fffff8000271545c : nt!KiDispatchInterruptContinue
0225fdb0 fffff8800183627b : nt!KiDpcInterrupt+0xcc (TrapFrame @
0225ff40 fffff88001835ef5 : tcpip!UdpSendMessages+0x36b
02260330 fffff800026dbefa : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
02260360 fffff880018364b8 : nt!KeExpandKernelStackAndCalloutEx+0xda
The problem: on DPC KeGetCurrentThread() reports pointer on base, not DPC stack!?!
Question: How to find DPC Stack begging?
Other source is WinDBG which reports inside "analize -v":
Where is this address is?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|