How to communicate from kernel mode to user mod app

nayan kumar wrote:

Hi All,
First of all thnaks to all people for their valuable
suggesion. I started implementing your suggesion. In between i googled
about this and found some stuff with the help of that i tried to
implement callback function for sending data from kernel to user mode
application.I am facing some problem with it and want to discuss it
with you people just for my knowledge. For the first time callback
function gets called properly no issue at all.but when i get interrupt
for the second time that time i am getting BSOD .due to lack of
resources i am not able to use windbg but i am writting down the text
which appears on my computer screen.it is as follows

STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
KMODE_EXCEPTION_NOT_HANDLED

This is a general protection fault, meaning that you accessed an invalid
address. In this case, the address is 0x023210BE, which is a user-mode
address. When you say you “implement callback function”, you don’t
literally mean that you called from kernel mode into user mode, do you?
When you get an interrupt, the original process is almost certainly no
longer in memory, so none of the user-mode addresses will have any meaning.

You cannot possibly hope to debug this without WinDBG. “Lack of
resources” is not a good enough reason. I have a laptop I bought in
1999 with a 233MHz Pentium-II running Windows 2000 that works perfectly
well as a WinDBG host. Surely you can borrow a 5-year-old laptop that
is no longer being used.

Why don’t you show us what your interrupt code looks like. Maybe
something will stand out.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi Tim,
Thanks for your reply.I certainly accept this that i am a kid
before you expert people in this area .Please dont mind.

here is the code from driver part

//declaration
typedef ULONG (*PCALLBACK_ROUTINE)(UHORT,USHORT);

typedef struct _JIN_SD_DESIGNER_FDO_DATA
{
ULONG CallbackAddress;
PCALLBACK_ROUTINE KernelCallback;

}JIN_SD_DESIGNER_FDO_DATA, *PJIN_SD_DESIGNER_FDO_DATA;

NTSTATUS JinSdDesignerDispatchIoctl(IN PDEVICE_OBJECT pDeviceObject,IN
PIRP pIrp)
{
PIO_STACK_LOCATION pIrpStack;
NTSTATUS ntStatus= STATUS_SUCCESS;
PJIN_SD_DESIGNER_FDO_DATA pFdoData;

pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
pIrpStack = IoGetCurrentIrpStackLocation (pIrp);

switch(pIrpStack->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_SET_EVENT_HANDLE:
DbgPrint (“\nJinSdDesigner:\t IOCTL_SET_EVENT_HANDLE \n”);
pFdoData->CallbackAddress = ((ULONG*)
pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer)[0];

pFdoData->KernelCallback = NULL;
pFdoData->KernelCallback = (PCALLBACK_ROUTINE) pFdoData->CallbackAddress;

if(pFdoData->KernelCallback == NULL)
{
DbgPrint (“\nJinSdDesigner:\t Invalid Function Pointer \n”);
DbgPrint(“\nJinSdDesigner:\t Error at File:- %s,\n Line:-( %d): \n”,
FILE, LINE);
pIrp->IoStatus.Information = 0;
ntStatus = STATUS_INVALID_USER_BUFFER;
goto EXIT;
}

DbgPrint(“\nJinSdDesigner:\t Valid Function Pointer\n”);

pIrp->IoStatus.Information = ntStatus;
break;
default:
ntStatus = STATUS_INVALID_DEVICE_REQUEST;
DbgPrint (“\nJinSdDesigner:\t Inside default case\n”);

}

EXIT:
pIrp->IoStatus.Status = ntStatus;
IoCompleteRequest (pIrp, IO_NO_INCREMENT);
DbgPrint (“\nJinSdDesigner:\t <— %s \n”,FUNCTION);
return ntStatus;
}

BOOLEAN JinSdDesignerInterruptHandler(IN PKINTERRUPT pkInterupt,IN PVOID
pVoidServiceContext)
{
PJIN_SD_DESIGNER_FDO_DATA pFdoData;
BOOLEAN bInterruptRecognized = FALSE;
pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pVoidServiceContext;

DbgPrint (“\nJinSdDesigner:\t %s—> \n”,FUNCTION);

if(bInterruptRecognized = JinSdDesignerAcknowledgeInterrupt(pFdoData))
IoRequestDpc(pFdoData->Self, NULL, pFdoData);

DbgPrint (“\nJinSdDesigner:\t <— %s \n”,FUNCTION);

return bInterruptRecognized;
}

VOID JinSdDesignerDpcForIsr(IN PKDPC pkDpc,IN PDEVICE_OBJECT
pDeviceObject,IN PIRP pIrpSystemArgument1,IN PVOID pVoidSystemArgument2)
{
PJIN_SD_DESIGNER_FDO_DATA pFdoData;
KIRQL CurIrql;
ULONG RetVal=0;

pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;

DbgPrint (“\nJinSdDesigner:\t %s—> \n”,FUNCTION);

RetVal = 777;
DbgPrint(“\nJinSdDesigner:\t Before calling call back function\n”);
DbgPrint (“\nJinSdDesigner:\tCallback Function Return
value:-(%u)\n”,RetVal);

CurIrql = KeGetCurrentIrql();
KeLowerIrql(PASSIVE_LEVEL);

RetVal =
pFdoData->KernelCallback(pFdoData->usNormalInterruptRegisterData,pFdoData->usErrorInterruptRegisterData);

KeRaiseIrql(CurIrql,&CurIrql);

DbgPrint(“\nJinSdDesigner:\t After calling call back function\n”);
DbgPrint (“\nJinSdDesigner:\tCallback Function Return
value:-(%u)\n”,RetVal);

DbgPrint (“\nJinSdDesigner:\t <— %s \n”,FUNCTION);
}

if u need some more clarification please let me know.
i am very much keen to know the reason why i am getting BSOD for the second
time.

Best Regards
Nayan


MSN cricket features ‘Cricketer of the Month’
http://content.msn.co.in/Sports/Cricket/Default.aspx

The short answer is that this is poor practice at best. Your “callback” is to an address that is unknown and unknowable at the time you are making it [that’s what “arbitrary context” means when DPCs are discussed]. You are lucky it even worked once [it means your Dpc happened to run in the context of the process that gave you that address the first time it ran].

Also, we provide a number of fine development aids (PFD, Driver Verifier, SDC, etc), all of which will tell you that lowering Irql to PASSIVE_LEVEL in a Dpc routine is forbidden- period. We do our best to keep code like this out of our operating system, and would really appreciate it if you would extend us the same courtesy.

No slam against them intended [I’ve used it plenty over the years myself], but just because you can google it, it doesn’t mean it’s worth the time it took to read it.

You may get stronger feedback than this [I nearly exploded when I read the code, but I suspected it was what you were doing from the bugchecks you were mentioning, and for the benefit of the doubt, I’m assuming you simply didn’t realize how wrong this approach is].

Nayan,

Bob did a nice general do not go there. I want to explain a few of
the reasons this code is REALLY BAD. These are from simplest to hardest to
fix:

  1. You lower IRQL in the DPC routine, this breaks the locking of the
    kernel. You can never do this, if you are not the one who raised IRQL by a
    KeRaiseIrql call, then do not lower it. On a uniprocessor you have just
    turned off all spin locks, and on a multiprocessor you have mess things up
    well so crashes and deadlocks the likely result.

  2. As Bob mentioned, DPC’s run in arbitrary context, this means you
    cannot rely on the address your IOCTL passed in, since the program with
    that address maybe swapped out, or at least not running and the address you
    get is for another process. So the address can be totally invalid, and
    fail.

  3. Even if you fix the above, you have opened a large security
    hole. The code in the kernel is trusted, now you are allowing any process
    that wants to run at the trusted level. Basically, this code will allow
    any MALWARE writer to completely take over the computer.

As a number of people suggested, you should go to the inverted call.
Instead of having the IOCTL pass a pointer to a routine, pend the IOCTL and
complete it in the DPC routine, to signal the event. Any method trying to
call directly into user code, is going to never be safe and reliable.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“nayan kumar” wrote in message
news:xxxxx@ntdev…
> Hi Tim,
> Thanks for your reply.I certainly accept this that i am a kid
> before you expert people in this area .Please dont mind.
>
> here is the code from driver part
>
>
> //declaration
> typedef ULONG (*PCALLBACK_ROUTINE)(UHORT,USHORT);
>
> typedef struct _JIN_SD_DESIGNER_FDO_DATA
> {
> ULONG CallbackAddress;
> PCALLBACK_ROUTINE KernelCallback;
>
> }JIN_SD_DESIGNER_FDO_DATA, PJIN_SD_DESIGNER_FDO_DATA;
>
> NTSTATUS JinSdDesignerDispatchIoctl(IN PDEVICE_OBJECT pDeviceObject,IN
> PIRP pIrp)
> {
> PIO_STACK_LOCATION pIrpStack;
> NTSTATUS ntStatus= STATUS_SUCCESS;
> PJIN_SD_DESIGNER_FDO_DATA pFdoData;
>
> pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
> pIrpStack = IoGetCurrentIrpStackLocation (pIrp);
>
> switch(pIrpStack->Parameters.DeviceIoControl.IoControlCode)
> {
> case IOCTL_SET_EVENT_HANDLE:
> DbgPrint (“\nJinSdDesigner:\t IOCTL_SET_EVENT_HANDLE \n”);
> pFdoData->CallbackAddress = ((ULONG
)
> pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer)[0];
>
>
> pFdoData->KernelCallback = NULL;
> pFdoData->KernelCallback = (PCALLBACK_ROUTINE) pFdoData->CallbackAddress;
>
> if(pFdoData->KernelCallback == NULL)
> {
> DbgPrint (“\nJinSdDesigner:\t Invalid Function Pointer \n”);
> DbgPrint(“\nJinSdDesigner:\t Error at File:- %s,\n Line:-( %d): \n”,
> FILE , LINE );
> pIrp->IoStatus.Information = 0;
> ntStatus = STATUS_INVALID_USER_BUFFER;
> goto EXIT;
> }
>
> DbgPrint(“\nJinSdDesigner:\t Valid Function Pointer\n”);
>
> pIrp->IoStatus.Information = ntStatus;
> break;
> default:
> ntStatus = STATUS_INVALID_DEVICE_REQUEST;
> DbgPrint (“\nJinSdDesigner:\t Inside default case\n”);
>
>
> }
>
> EXIT:
> pIrp->IoStatus.Status = ntStatus;
> IoCompleteRequest (pIrp, IO_NO_INCREMENT);
> DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> return ntStatus;
> }
>
> BOOLEAN JinSdDesignerInterruptHandler(IN PKINTERRUPT pkInterupt,IN PVOID
> pVoidServiceContext)
> {
> PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> BOOLEAN bInterruptRecognized = FALSE;
> pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pVoidServiceContext;
>
> DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
>
>
> if(bInterruptRecognized = JinSdDesignerAcknowledgeInterrupt(pFdoData))
> IoRequestDpc(pFdoData->Self, NULL, pFdoData);
>
> DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
>
> return bInterruptRecognized;
> }
>
> VOID JinSdDesignerDpcForIsr(IN PKDPC pkDpc,IN PDEVICE_OBJECT
> pDeviceObject,IN PIRP pIrpSystemArgument1,IN PVOID pVoidSystemArgument2)
> {
> PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> KIRQL CurIrql;
> ULONG RetVal=0;
>
> pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
>
> DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
>
> RetVal = 777;
> DbgPrint(“\nJinSdDesigner:\t Before calling call back function\n”);
> DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> value:-(%u)\n”,RetVal);
>
> CurIrql = KeGetCurrentIrql();
> KeLowerIrql(PASSIVE_LEVEL);
>
> RetVal =
> pFdoData->KernelCallback(pFdoData->usNormalInterruptRegisterData,pFdoData->usErrorInterruptRegisterData);
>
> KeRaiseIrql(CurIrql,&CurIrql);
>
> DbgPrint(“\nJinSdDesigner:\t After calling call back function\n”);
> DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> value:-(%u)\n”,RetVal);
>
>
>
>
> DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> }
>
> if u need some more clarification please let me know.
> i am very much keen to know the reason why i am getting BSOD for the
> second time.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> MSN cricket features ‘Cricketer of the Month’
> http://content.msn.co.in/Sports/Cricket/Default.aspx
>
>

Typo- SDV (not SDC), of course.

This may help understand the problem (although it’s a bit abstracted and simplified- hope that doesn’t lead to eventual confusion): all user-mode processes on your system have the same virtual address range- how that maps to physical memory addresses is controlled by “page tables” used by the processor. There are tables for each process, so what an address means depends upon which table is in use on the processor executing your Dpc. Your callback address is probably a different piece of code (or data, or even an invalid address) in each process running on the machine.

An interrupt has to be handled quickly, and Dpcs also need to be fast. Because of this, they get handled ASAP, in the address space of whatever process is executing at the time they get called.

So your callback to a user mode address from a Dpc is a roll of the dice- it could execute anything or nothing. It is just the wrong way to solve your problem.

Please use the inverted call method described earlier. Or at least explain why it doesn’t meet your needs.

Thanks for the summary, Don. Wish I could so as well :).

> -----Original Message-----

From: xxxxx@lists.osr.com [mailto:bounce-275438-
xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Friday, January 12, 2007 9:54 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to communicate from kernel mode to user mod app

Nayan,

Bob did a nice general do not go there. I want to explain a few of
the reasons this code is REALLY BAD. These are from simplest to hardest
to
fix:

  1. You lower IRQL in the DPC routine, this breaks the locking of
    the
    kernel. You can never do this, if you are not the one who raised IRQL by
    a
    KeRaiseIrql call, then do not lower it. On a uniprocessor you have just
    turned off all spin locks, and on a multiprocessor you have mess things up
    well so crashes and deadlocks the likely result.

  2. As Bob mentioned, DPC’s run in arbitrary context, this means you
    cannot rely on the address your IOCTL passed in, since the program with
    that address maybe swapped out, or at least not running and the address
    you
    get is for another process. So the address can be totally invalid, and
    fail.

  3. Even if you fix the above, you have opened a large security
    hole. The code in the kernel is trusted, now you are allowing any process
    that wants to run at the trusted level. Basically, this code will allow
    any MALWARE writer to completely take over the computer.

As a number of people suggested, you should go to the inverted call.
Instead of having the IOCTL pass a pointer to a routine, pend the IOCTL
and
complete it in the DPC routine, to signal the event. Any method trying to
call directly into user code, is going to never be safe and reliable.

[PCAUSA] One additional thought.

If you really like the logic of having a callback to in user-mode when
driver data is available, study the user-mode asynchronous I/O methods. In
particular, look at “asynchronous procedure callbacks” (See ReadFileEx and
friends) as well as I/O completion ports (See CreateIoCompletionPort and
friends).

Both of these user-mode techniques are fairly high performance.

AND, in the driver you still handle the inverted call in the same way that
most folks are recommending.

Good luck,

Thomas F. Divine


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“nayan kumar” wrote in message
> news:xxxxx@ntdev…
> > Hi Tim,
> > Thanks for your reply.I certainly accept this that i am a kid
> > before you expert people in this area .Please dont mind.
> >
> > here is the code from driver part
> >
> >
> > //declaration
> > typedef ULONG (*PCALLBACK_ROUTINE)(UHORT,USHORT);
> >
> > typedef struct _JIN_SD_DESIGNER_FDO_DATA
> > {
> > ULONG CallbackAddress;
> > PCALLBACK_ROUTINE KernelCallback;
> >
> > }JIN_SD_DESIGNER_FDO_DATA, PJIN_SD_DESIGNER_FDO_DATA;
> >
> > NTSTATUS JinSdDesignerDispatchIoctl(IN PDEVICE_OBJECT pDeviceObject,IN
> > PIRP pIrp)
> > {
> > PIO_STACK_LOCATION pIrpStack;
> > NTSTATUS ntStatus= STATUS_SUCCESS;
> > PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> >
> > pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject-
> >DeviceExtension;
> > pIrpStack = IoGetCurrentIrpStackLocation (pIrp);
> >
> > switch(pIrpStack->Parameters.DeviceIoControl.IoControlCode)
> > {
> > case IOCTL_SET_EVENT_HANDLE:
> > DbgPrint (“\nJinSdDesigner:\t IOCTL_SET_EVENT_HANDLE \n”);
> > pFdoData->CallbackAddress = ((ULONG
)
> > pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer)[0];
> >
> >
> > pFdoData->KernelCallback = NULL;
> > pFdoData->KernelCallback = (PCALLBACK_ROUTINE) pFdoData-
> >CallbackAddress;
> >
> > if(pFdoData->KernelCallback == NULL)
> > {
> > DbgPrint (“\nJinSdDesigner:\t Invalid Function Pointer \n”);
> > DbgPrint(“\nJinSdDesigner:\t Error at File:- %s,\n Line:-( %d): \n”,
> > FILE , LINE );
> > pIrp->IoStatus.Information = 0;
> > ntStatus = STATUS_INVALID_USER_BUFFER;
> > goto EXIT;
> > }
> >
> > DbgPrint(“\nJinSdDesigner:\t Valid Function Pointer\n”);
> >
> > pIrp->IoStatus.Information = ntStatus;
> > break;
> > default:
> > ntStatus = STATUS_INVALID_DEVICE_REQUEST;
> > DbgPrint (“\nJinSdDesigner:\t Inside default case\n”);
> >
> >
> > }
> >
> > EXIT:
> > pIrp->IoStatus.Status = ntStatus;
> > IoCompleteRequest (pIrp, IO_NO_INCREMENT);
> > DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> > return ntStatus;
> > }
> >
> > BOOLEAN JinSdDesignerInterruptHandler(IN PKINTERRUPT pkInterupt,IN
> PVOID
> > pVoidServiceContext)
> > {
> > PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> > BOOLEAN bInterruptRecognized = FALSE;
> > pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pVoidServiceContext;
> >
> > DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
> >
> >
> > if(bInterruptRecognized = JinSdDesignerAcknowledgeInterrupt(pFdoData))
> > IoRequestDpc(pFdoData->Self, NULL, pFdoData);
> >
> > DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> >
> > return bInterruptRecognized;
> > }
> >
> > VOID JinSdDesignerDpcForIsr(IN PKDPC pkDpc,IN PDEVICE_OBJECT
> > pDeviceObject,IN PIRP pIrpSystemArgument1,IN PVOID
> pVoidSystemArgument2)
> > {
> > PJIN_SD_DESIGNER_FDO_DATA pFdoData;
> > KIRQL CurIrql;
> > ULONG RetVal=0;
> >
> > pFdoData = (PJIN_SD_DESIGNER_FDO_DATA) pDeviceObject->DeviceExtension;
> >
> > DbgPrint (“\nJinSdDesigner:\t %s—> \n”, FUNCTION );
> >
> > RetVal = 777;
> > DbgPrint(“\nJinSdDesigner:\t Before calling call back function\n”);
> > DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> > value:-(%u)\n”,RetVal);
> >
> > CurIrql = KeGetCurrentIrql();
> > KeLowerIrql(PASSIVE_LEVEL);
> >
> > RetVal =
> > pFdoData->KernelCallback(pFdoData-
> >usNormalInterruptRegisterData,pFdoData->usErrorInterruptRegisterData);
> >
> > KeRaiseIrql(CurIrql,&CurIrql);
> >
> > DbgPrint(“\nJinSdDesigner:\t After calling call back function\n”);
> > DbgPrint (“\nJinSdDesigner:\tCallback Function Return
> > value:-(%u)\n”,RetVal);
> >
> >
> >
> >
> > DbgPrint (“\nJinSdDesigner:\t <— %s \n”, FUNCTION );
> > }
> >
> > if u need some more clarification please let me know.
> > i am very much keen to know the reason why i am getting BSOD for the
> > second time.
> >
> > Best Regards
> > Nayan
> >
> > _________________________________________________________________
> > MSN cricket features ‘Cricketer of the Month’
> > http://content.msn.co.in/Sports/Cricket/Default.aspx
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

How anyone can expect to do kernel development without an effective debug
capability is a mystery.

All we can tell you is, oh yeah, you have a kernel mode exception that is
not handled. Probably you have an access denied (C0000005) and quite
possibly a bogus pointer (23210BE). Now … if you had WinDbg up and running
there is a whole herd of analytical tools available that can be called forth
to find out what went bump in the night. But … you don’t have the
resources for WinDbg, so really, about all that can be done is to scratch
various parts of our anatomy and wonder why a kernel developer doesn’t have
the resources to do their work.


The personal opinion of
Gary G. Little

“nayan kumar” wrote in message news:xxxxx@ntdev…
> Hi All,
> First of all thnaks to all people for their valuable suggesion. I
> started implementing your suggesion. In between i googled about this and
> found some stuff with the help of that i tried to implement callback
> function for sending data from kernel to user mode application.I am facing
> some problem with it and want to discuss it with you people just for my
> knowledge. For the first time callback function gets called properly no
> issue at all.but when i get interrupt for the second time that time i am
> getting BSOD .due to lack of resources i am not able to use windbg but i
> am writting down the text which appears on my computer screen.it is as
> follows
>
> STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
>
> KMODE_EXCEPTION_NOT_HANDLED
>
> Beginning dump of physical memory
>
> when i tried for the second time that time i got the crash again but this
> time the text appears on my computer screen was quite diffrent from the
> previous one which is as follows
>
> STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)
>
> A wait operation attach process or yield was attempt from DPC routine
>
> Beginning dump of physical memory
>
> i appreciate if you expert people can help me to get rid from this BSOD
> and making the driver work properly.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> Always wanted to be a writer? Here’s your chance!
> http://content.msn.co.in/Contribute/Default.aspx
>
>

NAYAN:

I can’t recall if you are developing a driver for actual hardware. If
you are, then disregard what follows, as it will not help you.

You can download Microsoft VirtualPC (I believe that it is still free).
This will allow you to emulate and debug a target operating system all
on your development machine. It is not a ideal solution, but, given
your constraints, it is your only option, as not having no kernel
debugger at all is fatal, SoftICE is not made any more and costs more
than another machine anyway, and local kernel debugging with WinDbg is
basically useless.

In any case:

WinDbg:

http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

VirtualPC:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6D58729D-DFA8-40BF-AFAF-20BCB7F01CD1&displaylang=en

This link tells how to setup WinDbg for use with a VM.

http://support.microsoft.com/kb/871171

The constraints that lack of resources are imposing are indeed totally
untenable. That being said, I seriously doubt it is a choice, so I hope
this helps.

Best of luck,

mm

http://support.microsoft.com/kb/871171

>> xxxxx@seagate.com 2007-01-12 16:52 >>>
How anyone can expect to do kernel development without an effective
debug
capability is a mystery.

All we can tell you is, oh yeah, you have a kernel mode exception that
is
not handled. Probably you have an access denied (C0000005) and quite
possibly a bogus pointer (23210BE). Now … if you had WinDbg up and
running
there is a whole herd of analytical tools available that can be called
forth
to find out what went bump in the night. But … you don’t have the
resources for WinDbg, so really, about all that can be done is to
scratch
various parts of our anatomy and wonder why a kernel developer doesn’t
have
the resources to do their work.


The personal opinion of
Gary G. Little

“nayan kumar” wrote in message
news:xxxxx@ntdev…
> Hi All,
> First of all thnaks to all people for their valuable
suggesion. I
> started implementing your suggesion. In between i googled about this
and
> found some stuff with the help of that i tried to implement callback

> function for sending data from kernel to user mode application.I am
facing
> some problem with it and want to discuss it with you people just for
my
> knowledge. For the first time callback function gets called properly
no
> issue at all.but when i get interrupt for the second time that time i
am
> getting BSOD .due to lack of resources i am not able to use windbg
but i
> am writting down the text which appears on my computer screen.it is
as
> follows
>
> STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
>
> KMODE_EXCEPTION_NOT_HANDLED
>
> Beginning dump of physical memory
>
> when i tried for the second time that time i got the crash again but
this
> time the text appears on my computer screen was quite diffrent from
the
> previous one which is as follows
>
> STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)
>
> A wait operation attach process or yield was attempt from DPC
routine
>
> Beginning dump of physical memory
>
> i appreciate if you expert people can help me to get rid from this
BSOD
> and making the driver work properly.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> Always wanted to be a writer? Here’s your chance!
> http://content.msn.co.in/Contribute/Default.aspx
>
>


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Don,

Bob did a nice general do not go there. I want to explain a few of
the reasons this code is REALLY BAD.

Both you and Bob seem to have overlooked one important detail - on x86 architecture, privileged code cannot call unprivileged one. Period. There are only 3 ways how this transition can get done, i.e. IRETD, SYSEXIT and far RET (irrelevant under Windows). In the OP’s case, the callback that resides in the user address space will be treated as privileged code if it gets invoked from the kernel mode, because CALL does not affect CS register. Under XP and above, user-to kernel mode transition is done as SYSENTER, and this instruction can be executed only by non-privileged code.
Now imagine what is going to happen if this callback tries to make any system call - privileged code
executes SYSENTER and … BANG!!!

Therefore, unless his callback does not make any system calls, the whole thing could not have worked even on *SINGLE* occasion - even if callback gets invoked in context of the right thread and no page faults occur, it is still bound to crash…

Anton Bassov

Hi All,
Thanks to all for your valuable suggesion.

I already mention in my post that while finding some tutorial or stuff about
communicating with user mode app from kernel mode i got that sample and i
just tried for my knowledge purpose weather its working or not .only this is
the reason that i tried that for checking although i started implementing
inverted call for getting my work done i dont have any issue at all with
inverted call.

If this is not the best way to increase our knowledge level then i am really
very sorry that i am heading in wrong direction.if you expert people can
give me right direction for learning anything new about which we are unknown
i would be very thankful to you.

Best Regards
Nayan

From: “Martin O’Brien”
>Reply-To: “Windows System Software Devs Interest List”
>
>To: “Windows System Software Devs Interest List”
>Subject: Re:[ntdev] RE:How to communicate from kernel mode to user mod app
>Date: Fri, 12 Jan 2007 17:33:13 -0500
>
>NAYAN:
>
>I can’t recall if you are developing a driver for actual hardware. If
>you are, then disregard what follows, as it will not help you.
>
>You can download Microsoft VirtualPC (I believe that it is still free).
> This will allow you to emulate and debug a target operating system all
>on your development machine. It is not a ideal solution, but, given
>your constraints, it is your only option, as not having no kernel
>debugger at all is fatal, SoftICE is not made any more and costs more
>than another machine anyway, and local kernel debugging with WinDbg is
>basically useless.
>
>In any case:
>
>WinDbg:
>
>http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
>
>VirtualPC:
>
>http://www.microsoft.com/downloads/details.aspx?FamilyId=6D58729D-DFA8-40BF-AFAF-20BCB7F01CD1&amp;displaylang=en
>
>This link tells how to setup WinDbg for use with a VM.
>
>http://support.microsoft.com/kb/871171
>
>The constraints that lack of resources are imposing are indeed totally
>untenable. That being said, I seriously doubt it is a choice, so I hope
>this helps.
>
>Best of luck,
>
>mm
>
>
>http://support.microsoft.com/kb/871171
> >>> xxxxx@seagate.com 2007-01-12 16:52 >>>
>How anyone can expect to do kernel development without an effective
>debug
>capability is a mystery.
>
>All we can tell you is, oh yeah, you have a kernel mode exception that
>is
>not handled. Probably you have an access denied (C0000005) and quite
>possibly a bogus pointer (23210BE). Now … if you had WinDbg up and
>running
>there is a whole herd of analytical tools available that can be called
>forth
>to find out what went bump in the night. But … you don’t have the
>resources for WinDbg, so really, about all that can be done is to
>scratch
>various parts of our anatomy and wonder why a kernel developer doesn’t
>have
>the resources to do their work.
>
>–
>The personal opinion of
>Gary G. Little
>
>“nayan kumar” wrote in message
>news:xxxxx@ntdev…
> > Hi All,
> > First of all thnaks to all people for their valuable
>suggesion. I
> > started implementing your suggesion. In between i googled about this
>and
> > found some stuff with the help of that i tried to implement callback
>
> > function for sending data from kernel to user mode application.I am
>facing
> > some problem with it and want to discuss it with you people just for
>my
> > knowledge. For the first time callback function gets called properly
>no
> > issue at all.but when i get interrupt for the second time that time i
>am
> > getting BSOD .due to lack of resources i am not able to use windbg
>but i
> > am writting down the text which appears on my computer screen.it is
>as
> > follows
> >
> > STOP : 0x0000001E (0xC0000005,0x023210BE,0x00000000,0x023210BE)
> >
> > KMODE_EXCEPTION_NOT_HANDLED
> >
> > Beginning dump of physical memory
> >
> > when i tried for the second time that time i got the crash again but
>this
> > time the text appears on my computer screen was quite diffrent from
>the
> > previous one which is as follows
> >
> > STOP : 0x000000B8 (0x00000000,0x00000000,0x00000000,0x00000000)
> >
> > A wait operation attach process or yield was attempt from DPC
>routine
> >
> > Beginning dump of physical memory
> >
> > i appreciate if you expert people can help me to get rid from this
>BSOD
> > and making the driver work properly.
> >
> > Best Regards
> > Nayan
> >
> >
> > Always wanted to be a writer? Here’s your chance!
> > http://content.msn.co.in/Contribute/Default.aspx
> >
> >
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer


Get up-to-date with movies, music and TV. Its happening on MSN Entertainment
http://content.msn.co.in/Entertainment/Default

Hi All,
Thanks to all for your valuable suggesion.

I already mention in my post that while finding some tutorial or stuff about
communicating with user mode app from kernel mode i got that sample and i
just tried for my knowledge purpose weather its working or not .only this is
the reason that i tried that for checking although i started implementing
inverted call for getting my work done i dont have any issue at all with
inverted call.I asked about that problem from you expert people just to know
the reason why that was failing because i was unable to find out the reason,
there is no any other intension behind asking that problem from you people
because you are expert in this having years of experience.

Lastly if this is not the best way to increase our knowledge level then i am
really very sorry that i am heading in wrong direction.if you expert people
can give me right direction for learning anything new about which we are
unknown i would be very thankful to you.

Best Regards
Nayan


Spice up your IM conversations. New, colorful and animated emoticons. Get
chatting! http://server1.msn.co.in/SP05/emoticons/

Nayan,

Like everything else on the internet the samples you find for Windows
drivers are everything from outstanding to toxix waste. The samples
Microsoft puts out in the DDK/WDK can be relied on to show good practices,
the code from Osronline.con, Ndis.com, wd-3.com and sysinternals.com is
also quite good. After that you have to have be careful, there is some
excellent code, and some total garbage and in some cases it is on the same
sites. It is reasonable to ask on a group on the quality of a sample, just
provide a link to the original.

For increasing your knowledge, look at the articles on the site I
listed, plus especially http://www.microsoft.com/whdc/default.mspx the
Microsoft site for drivers. Use the archives, for example checking the OSR
archives you would have found lots of discussion of calling user mode over
the years.

Of course, if you can take a class from one of the excellent firms that
offer them, or go to Microsoft’s WinHEC or DDC conferences definitely do
that to increase knowledge and experience.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“nayan kumar” wrote in message
news:xxxxx@ntdev…
> Hi All,
> Thanks to all for your valuable suggesion.
>
> I already mention in my post that while finding some tutorial or stuff
> about communicating with user mode app from kernel mode i got that sample
> and i just tried for my knowledge purpose weather its working or not
> .only this is the reason that i tried that for checking although i
> started implementing inverted call for getting my work done i dont have
> any issue at all with inverted call.I asked about that problem from you
> expert people just to know the reason why that was failing because i was
> unable to find out the reason, there is no any other intension behind
> asking that problem from you people because you are expert in this
> having years of experience.
>
> Lastly if this is not the best way to increase our knowledge level then i
> am really very sorry that i am heading in wrong direction.if you expert
> people can give me right direction for learning anything new about which
> we are unknown i would be very thankful to you.
>
> Best Regards
> Nayan
>
> _________________________________________________________________
> Spice up your IM conversations. New, colorful and animated emoticons. Get
> chatting! http://server1.msn.co.in/SP05/emoticons/
>
>

NAYAN:

You’ve have no reason to apologize. These lists, while very useful,
can at times be significantly populated with a lot of self-serving
criticism for a variety of reasons; I have certainly been guilty of that
at times. There is no reason to feel bad, because, while what you are
attempting is basically impossible and unreasonable, we all started
somewhere, and the bottom line is that no one on this list had a gun to
his or her head and had to respond to your question; he or she could
have just not answered, or, as many did, just give you the facts.

Best of luck,

mm

>> xxxxx@hotmail.com 2007-01-13 09:03 >>>
Hi All,
Thanks to all for your valuable suggesion.

I already mention in my post that while finding some tutorial or stuff
about
communicating with user mode app from kernel mode i got that sample and
i
just tried for my knowledge purpose weather its working or not .only
this is
the reason that i tried that for checking although i started
implementing
inverted call for getting my work done i dont have any issue at all
with
inverted call.I asked about that problem from you expert people just to
know
the reason why that was failing because i was unable to find out the
reason,
there is no any other intension behind asking that problem from you
people
because you are expert in this having years of experience.

Lastly if this is not the best way to increase our knowledge level then
i am
really very sorry that i am heading in wrong direction.if you expert
people
can give me right direction for learning anything new about which we
are
unknown i would be very thankful to you.

Best Regards
Nayan


Spice up your IM conversations. New, colorful and animated emoticons.
Get
chatting! http://server1.msn.co.in/SP05/emoticons/


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Martin O’Brien wrote:

You’ve have no reason to apologize. These lists, while very useful,
can at times be significantly populated with a lot of self-serving
criticism for a variety of reasons; I have certainly been guilty of that
at times. There is no reason to feel bad, because, while what you are
attempting is basically impossible and unreasonable, we all started
somewhere, and the bottom line is that no one on this list had a gun to
his or her head and had to respond to your question; he or she could
have just not answered, or, as many did, just give you the facts.

This may be a point of view thing. When people begin to ask questions
on a forum like this, they tend to think of it as a telephone
conversation with an individual expert, one-on-one. In that situation,
criticism and generalizations can seem daunting and discouraging.

On the other hand, those of us who have been here a while tend to think
of this forum as a panel discussion in a large lecture hall, and I think
that’s a better model. Specific questions very often raise issues of
general concern, and we would be remiss to let the issues go by without
comment. Also, as I’ve said before, these posts now live forever in
various different archives. A year from now, some inexperienced person
will go looking for the answer to a similar question. If they just see
an answer with no cautions, they may get the wrong impression.

So, when someone asks how to use a power drill on a 2x4 that is sitting
on their lap, I’ll explain how to do it, but I’m also going to feel free
to explain why a sawhorse is a much better idea.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Fair enough and agreed. My basic observation about these sorts of
questions and issue with them is that they tend to produce the amazingly
long threads about very little, which wouldn’t really matter, except
that, at least for me, these lists, while invaluable, can take a long
time to get through.

mm

>> xxxxx@probo.com 2007-01-15 13:07 >>>
Martin O’Brien wrote:
You’ve have no reason to apologize. These lists, while very useful,
can at times be significantly populated with a lot of self-serving
criticism for a variety of reasons; I have certainly been guilty of
that
at times. There is no reason to feel bad, because, while what you
are
attempting is basically impossible and unreasonable, we all started
somewhere, and the bottom line is that no one on this list had a gun
to
his or her head and had to respond to your question; he or she could
have just not answered, or, as many did, just give you the facts.

This may be a point of view thing. When people begin to ask questions
on a forum like this, they tend to think of it as a telephone
conversation with an individual expert, one-on-one. In that
situation,
criticism and generalizations can seem daunting and discouraging.

On the other hand, those of us who have been here a while tend to
think
of this forum as a panel discussion in a large lecture hall, and I
think
that’s a better model. Specific questions very often raise issues of
general concern, and we would be remiss to let the issues go by
without
comment. Also, as I’ve said before, these posts now live forever in
various different archives. A year from now, some inexperienced
person
will go looking for the answer to a similar question. If they just
see
an answer with no cautions, they may get the wrong impression.

So, when someone asks how to use a power drill on a 2x4 that is
sitting
on their lap, I’ll explain how to do it, but I’m also going to feel
free
to explain why a sawhorse is a much better idea.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Hi All,
According to your suggession i implemented inverted call for
sending interrupt register val to user mode app, Although its working fine
in normal cases but when i call the that function in which i put the
dequeuing logic from deferred procedure call my system gets restarted.

at this point i am not able to find out the reason why it is hapening so if
any one can help me to solve this problem i would be very thankful to you
people.

i am taking help from ddk sample in my case path is as follow
C:\WINDDK\3790.1830\src\general\pcidrv.

Best Regards
Nayan


Over 200000 Jobs @ naukri.com ! Choose The Best One
http://naukri.com/tieups/tieups.php?othersrcp=4358

> -----Original Message-----

From: xxxxx@lists.osr.com [mailto:bounce-275866-
xxxxx@lists.osr.com] On Behalf Of nayan kumar
Sent: Wednesday, January 17, 2007 6:33 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to communicate from kernel mode to user mod app

Hi All,
According to your suggession i implemented inverted call for
sending interrupt register val to user mode app, Although its working fine
in normal cases but when i call the that function in which i put the
dequeuing logic from deferred procedure call my system gets restarted.

[PCAUSA] All parameters that you pass to the driver during asynchronous I/O
must persist until the call is completed. If you allocate a parameter on the
stack instead of from the heap then the stack variable will not exist when
the call completes. If that happens, the system could crash.

Examine everything that you pass to the driver and make sure it is allocated
properly.

Thomas F. Divine

at this point i am not able to find out the reason why it is hapening so
if
any one can help me to solve this problem i would be very thankful to you
people.

i am taking help from ddk sample in my case path is as follow
C:\WINDDK\3790.1830\src\general\pcidrv.

Best Regards
Nayan


Over 200000 Jobs @ naukri.com ! Choose The Best One
http://naukri.com/tieups/tieups.php?othersrcp=4358


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Hi All,
Thanks to all people for putting me in comfort zone by giving your
valuable suggesion.I got success in acomplishing my work.Its working
properly now.

I again beg a pardon if any of my queries made you feel embrrassed. Whenever
i stuck with any problem i usually try everything whatever comes in my mind
or i get any clue from somewhere else due to my curious nature and the fact
that i just started swimming in this sea.

Hopefully you great people will understand this.

Best Regards
Nayan


Catch all the cricketing action right here. Live score, match reports,
photos et al. http://content.msn.co.in/Sports/Cricket/Default.aspx

Hi All,
Thanks to all people for putting me in comfort zone by giving your
valuable suggesion.I got success in acomplishing my work.Its working
properly now.

I again beg a pardon if any of my queries made you feel embrrassed. Whenever
i stuck with any problem i usually try everything whatever comes in my mind
or i get any clue from somewhere else due to my curious nature and the fact
that i just started swimming in this sea.

Hopefully you great people will understand this.

Best Regards
Nayan


Always wanted to be a writer? Here’s your chance!
http://content.msn.co.in/Contribute/Default.aspx