You have a very limited set of functions available at crashdump time. Technically you are supposed to only use a limited set of Storport/Scsiport calls, plus a very limited set of the native API’s. There is no checking that the OS has crashed on kernel API calls so the results are undefined.
ExAllocatePoolWithTag relies on a lot of complex data structures, at crash dump time you cannot be sure these are consistent.
Microsoft is improving the documentation on this somewhat, especially since the added crash dump filters. Be thankful for what you can get, it used to be a lot worse.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Utkal Sinha
Sent: Thursday, March 09, 2017 7:50 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Call to ExAllocatePoolWithTag() in my crash_dump driver NEVER RETURNS
Thanks for replying Don.
Any specific reason for not able to allocate at crashdump time ? I’m asking this because the code works fine. It is only (7 out of 10 times it hangs).
My second doubt, if I’m unable to allocate memory, then this function should have returned NULL, but this call does not even return at all.
Pardon me if my doubts seem naive as I am new to this area.
Regards,
Utkal.
On 9 March 2017 at 18:11, Don Burn > wrote:
You can’t do allocations at crash dump time, you need to have pre-allocated
all your memory for that.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com mailto:xxxxx
[mailto:xxxxx@lists.osr.com mailto:xxxxx] On Behalf Of
xxxxx@gmail.com mailto:xxxxx
Sent: Thursday, March 09, 2017 7:17 AM
To: Kernel Debugging Interest List >
Subject: [windbg] Call to ExAllocatePoolWithTag() in my crash_dump driver
NEVER RETURNS
Hi all,
I have written my crashdump virtual miniport driver. This crashdump driver
works fine for complete, kernel, and mini dumps. However, OCASSIONALLY, the
BSOD screen hangs with dump at 0% when tested in Windows Server 2016.
When I debugged using WinDbg, it is showing that the call to
ExAllocatePoolWithTag() NEVER RETURNS. It stays there indefinitely. Please
find the below function call:
pDeviceExtension->pcmdbuf=(struct mycmdrsp
*)ExAllocatePoolWithTag(NonPagedPoolCacheAligned,pNum_bytes,‘MTAG’);
After this call, I am checking for NULL as follows:
if(pDeviceExtension->pcmdbuf == NULL)
{
…
}
However, since this call to ExAllocatePoolWithTag() does not returns, I am
not sure what could be the reason, and unable to get some lead to this
problem.
Please help.
Thanks in advance.
—
WINDBG is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at
http: >
—
WINDBG is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http: >
–
Utkal Sinha
M.Tech (CS), NIT Rourkela
Website: www.utkalsinha.com http:
— WINDBG is sponsored by OSR OSR is hiring!! Info at http://www.osr.com/careers MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</http:></http:></http:></http:></http:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>