Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Calling KeWaitForSingleObject, KeDelayExecutionThread, etc cause an access violation

ArushArush Member Posts: 3

Hey all,

This is a new problem that hasn't happened to me before. When I call one of the synchronization routines, like KeWaitForSingleObject, KeDelayExecutionThread, while debugging, WinDbg breaks and shows KiSwapContext threw an access violation.

Access violation - code c0000005 (!!! second chance !!!)
nt!KiSwapContext+0xf:

fffff800`021c81ff 0f29742430 movaps  xmmword ptr [rsp+30h],xmm6

The actual driver code goes along something like this:

/*This is DriverEntry */

_disable();
// Do stuff with no interrupts here

_enable();

KIRQL old = KeRaiseIrqlToDpcLevel();
//Do stuff with IRQL DISPATCH_LEVEL

KeLowerIrql(PASSIVE_LEVEL)
KeWaitForSingleObject(threadObject, Executive, KernelMode, FALSE, NULL);

If anyone knows why the last line is causing access violations within KiSwapContext, that'd be great.

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,483

    KeLowerIrql(PASSIVE_LEVEL);

    That's wrong. It should be KeLowerIrql(old); .

    The mere fact that you have _disable() and _enable() in there tells me you're doing some dirty BS in here. No respectable driver would ever use those.
    Without seeing all of the code, none of us will be able to help.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • ArushArush Member Posts: 3

    Hey,

    I'm sorry I wasted your guys' time. I found the problem.

    Thanks.

  • MBond2MBond2 Member Posts: 138

    will you share in case it helps someone else?

  • ArushArush Member Posts: 3

    The problem was some assembly code I had written. I was using assembly because I wasn't aware that intrinsic existed for my purpose.
    Anyways, I did not align the stack on a 16 byte boundary like x64 requires, which is why a fault was caused.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA