Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


!verifier 3

Bill_WandelBill_Wandel Member - All Emails Posts: 236
via Email in WINDBG
I am looking into a memory leak using windbg and verifier. Stopping the
driver gives me the C4/62 crash. When I enter "!verifier 3" the debugger
just stays busy after printing out the address/length/tag header.

My windbg version is 1803.



Bill Wandel

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,302

    What's the target O/S version? If you CTRL+ALT+D can you see the debugger chatting with the target or is it just hanging there?

    -scott
    OSR

  • Bill_WandelBill_Wandel Member - All Emails Posts: 236
    via Email
    It is WIN10 RS5. I can stop it with the debug/stop.

    Bill Wandel
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,302

    Just tried it with WinDbg 17763 and OS 17758 and finished just fine:

    Driver Verification List
    ------------------------
    
    nt!_VF_TARGET_DRIVER 0xffffa486435decc0: Nothing.sys (Loaded)
    
        Pool Allocation Statistics: ( NonPagedPool / PagedPool )
    
          Current Pool Allocations: ( 0x00000001 / 0x00000000 )
          Current Pool Bytes:       ( 0x00000064 / 0x00000000 )
          Peak Pool Allocations:    ( 0x00000001 / 0x00000000 )
          Peak Pool Bytes:          ( 0x00000064 / 0x00000000 )
          Contiguous Memory Bytes:       0x00000000
          Peak Contiguous Memory Bytes:  0x00000000
    
        Pool Allocations:
    
          Address             Length      Tag   Caller Address    
          ------------------  ----------  ----  ------------------
          0xffffa48643d02f90  0x00000064  xxxx  0xfffff807676d14f3  Nothing!DriverEntry+0x1d3
    
        Contiguous allocations are not displayed with public symbols.
    

    Does CTRL+ALT+D show traffic? Do you think you have a LOT of leaked allocations?

    -scott
    OSR

  • Bill_WandelBill_Wandel Member - All Emails Posts: 236
    via Email
    Thanks. I can run my tests on WIN8.1. It should work there.

    Bill
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA