I am a developer on the user land since many years and I know for what we need locks
Good for you. Wait… are you taking offense and scolding me, because I spent time answering your question and trying to be sure you understood the underlying concepts?
Jamey_Kirby: Can we see some source around the bugcheck?
That is the problem. I can not say at the moment where in the code the bugcheck occurres exactly. If I can reproduce the bug, I will come back.
I set the symbols path to:
_NT_SYMBOL_PATH=symsrvsymsrv.dllD:\Symbols*http://msdl.microsoft.com/download/symbols
but If I look on the driver the symbols are always loaded to “C:\ProgramData\dbg\sym”.
I checked the environment variable in VS and under System.
The symbols loading summary is:
************* Symbol Loading Error Summary **************
Module name Error
clipsp No error - symbol load deferred
WdFilter The system cannot find the file specified
igdkmd64 The system cannot find the file specified
drmk The system cannot find the file specified
TeeDriverW8x64 The system cannot find the file specified
RtsP2Stor The system cannot find the file specified
Netwtw04 The system cannot find the file specified
iaLPSS2_UART2 The system cannot find the file specified
iaLPSS2_SPI The system cannot find the file specified
IntcDAud The system cannot find the file specified
kbfiltr No error - symbol load deferred
ibtusb The system cannot find the file specified
Ch64USB The system cannot find the file specified
peauth The system cannot find the file specified
WdNisDrv The system cannot find the file specified
Since I use the locks I get the following bugcheck and have no idea where I must look in the code:
* *
* Bugcheck Analysis *
* *
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
…
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff801fbd24c7b, The address that the exception occurred at
Arg3: ffff970dc858e598, Exception Record Address
Arg4: ffff970dc858dde0, Context Record Address
…
Attempt to read from address 00000000b02e6a50
That seems crystal clear. You’re trying to read a user-mode address
within your driver.
I set the symbols path to:
_NT_SYMBOL_PATH=symsrv*symsrv.dll*D:\Symbols*http://msdl.microsoft.com/download/symbols
but If I look on the driver the symbols are always loaded to “C:\ProgramData\dbg\sym”.
Did you copy your own driver’s symbols there? I’m guessing you didn’t.
In that case, you probably want to add the directory containing your
driver’s symbols to the .sympath.
In Mak’s defense, the link did not come through in the email posting. I
looked for it as I always want to read what you recommend
On Tue, Nov 6, 2018 at 4:23 PM Peter_Viscarola_(OSR)
wrote:
> OSR https://community.osr.com/ > Peter_Viscarola_(OSR) commented on Upper filter driver waitlock > > > Is this ok? > > If you examine the kernel stack and it has symbols resolved, then yes. If > not, then no. > > Let me guess: You didn’t read that page I sent you to, or watch that > video… did you. No, I bet you didn’t. > > Seems I’m pretty much wasting my time here. Good luck, OP… > > Peter > > – > Reply to this email directly or follow the link below to check it out: > https://community.osr.com/discussion/comment/291325#Comment_291325 > > Check it out: > https://community.osr.com/discussion/comment/291325#Comment_291325 >
LOL. Well, I surely know how to do my job Others may be better, and I
rarely need the kernel symbols. Usually, my own symbols suffice. I guess it
is a matter of knowing your environment and your code.
On Tue, Nov 6, 2018 at 8:33 PM Peter_Viscarola_(OSR)
wrote:
Peter, I read and watched that article. The search path is set correctly but as I mentioned above the pdb are loaded on the c drive. If I delete the symbols on the c drive they are loaded again. It seems my settings are ignored “d:\Symbols”.
If I open the symbol path in windbg I also see the path to my driver pdb. By the way if the program crashes on other places I see in the stack trace my functions and part of my function code. The things are not totally wrong.
This is from the symbol path dialog:
srvD:\symbolshttps://msdl.microsoft.com/download/symbols;D:\project\sys\x64\Debug
That seems crystal clear. You’re trying to read a user-mode address
within your driver.
What is wrong about that? I communicate with the driver and copy some data to driver string lists.
>> That seems crystal clear. You’re trying to read a user-mode address within your driver.
What is wrong about that? I communicate with the driver and copy some data to driver string lists.
How, exactly, are you doing that? Are you passing addresses in your ioctl data? That is a HUGE mistake. It is tricky to handle user-mode addresses in a driver. You have to be absolutely sure that your process is still in the page tables (which we call “the process context”). If you are using KMDF, then your EvtIoDeviceControl is NOT called in the original process context, so any of that processes addresses will be invalid. Even if you are in the proper process context, the user-mode pages can get freed at any point, causing a blue screen. You have to use “probe and lock” to lock the pages into memory and convert to a kernel mode address.
Pass your data in the ioctl buffers. Don’t ever pass addresses.
IOCTL… to get and set data, the buffer is crc and length checked
all data are copied into NopagedPool unicode string array memory
I have no lock while I am doing this but locks at the moment the data are placed into the lists.