TDI-filter, error NO_MORE_IRP_STACK_LOCATION

I have a filter driver(TDI stack), for some of net events. And sometimes, when I tried to copy Irp stack for setting completion routine it failed with this BSOD.
How can I check the left size of this stack, or maybe how can I change logic?
P.s. I need to get some of the information about operation status, so I can’t get it in the pre-operation stage, I need to set a completion routine.

You can check if Irp->CurrentLocation > 0.

Wow… a TDI filter? Haven’t seen one of those in years. I assume this is a WDM driver???

How are you setting DeviceObject->StackSize in the Filter Device Object that you create.

Peter

This is a well-known behavior [ for TDI filter driver developers - :slight_smile: ].

Your driver must be loaded between tdx.sys/tcpip.sys and netbt.sys.
One way to achieve this - register driver in a ‘PNP_TDI’ group and then move it’s tag to the appropriate position.
The tag lists are stored here: SYSTEM\CurrentControlSet\Control\GroupOrderList
Use ‘QueryServiceConfig’ to request tag id of other drivers.
Of course, such driver must have ‘system’ start type. Never try to load it dynamically (due to this bug in netbs.sys).

@Aleh_Kazakevich said:
This is a well-known behavior [ for TDI filter driver developers - :slight_smile: ].

Your driver must be loaded between tdx.sys/tcpip.sys and netbt.sys.
One way to achieve this - register driver in a ‘PNP_TDI’ group and then move it’s tag to the appropriate position.
The tag lists are stored here: SYSTEM\CurrentControlSet\Control\GroupOrderList
Use ‘QueryServiceConfig’ to request tag id of other drivers.
Of course, such driver must have ‘system’ start type. Never try to load it dynamically (due to this bug in netbs.sys).

I setuped TDI driver with this parameters, but… it doesn’t run now…
When I check service status, it’s says that it’s already started. But I don’t see any debug output in the kernel debbuger, so DriverEntry wasn’t called at all.

@“Peter_Viscarola_(OSR)” said:
Wow… a TDI filter? Haven’t seen one of those in years. I assume this is a WDM driver???

How are you setting DeviceObject->StackSize in the Filter Device Object that you create.

Peter

I think… we didn’t set it at all, or just copy from last device in the stack.
I guess it it fault, can you please suggest some article\materials to read, to fully understand this stuff, and how must be DeviceObject be initialized?

@buridan said:

@“Peter_Viscarola_(OSR)” said:
Wow… a TDI filter? Haven’t seen one of those in years. I assume this is a WDM driver???

How are you setting DeviceObject->StackSize in the Filter Device Object that you create.

Peter

I think… we didn’t set it at all, or just copy from last device in the stack.
I guess it it fault, can you please suggest some article\materials to read, to fully understand this stuff, and how must be DeviceObject be initialized?

My fault… We use routine “IoAttachDeviceToDeviceStack”, which sets DeviceObject->StackSize to (TargetDeviceObject->StackSize + 1)

@Aleh_Kazakevich said:
This is a well-known behavior [ for TDI filter driver developers - :slight_smile: ].

Your driver must be loaded between tdx.sys/tcpip.sys and netbt.sys.
One way to achieve this - register driver in a ‘PNP_TDI’ group and then move it’s tag to the appropriate position.
The tag lists are stored here: SYSTEM\CurrentControlSet\Control\GroupOrderList
Use ‘QueryServiceConfig’ to request tag id of other drivers.
Of course, such driver must have ‘system’ start type. Never try to load it dynamically (due to this bug in netbs.sys).

If I check status of tdi service, I will get this error:

ERROR_GEN_FAILURE
31 (0x1F)
A device attached to the system is not functioning.

Also, DriverEntry wasn’t called, I don’t see messages and breakpoint in kernel debugger.

Tdi registry setting:

GroupOrder

@Aleh_Kazakevich said:
This is a well-known behavior [ for TDI filter driver developers - :slight_smile: ].

Your driver must be loaded between tdx.sys/tcpip.sys and netbt.sys.
One way to achieve this - register driver in a ‘PNP_TDI’ group and then move it’s tag to the appropriate position.
The tag lists are stored here: SYSTEM\CurrentControlSet\Control\GroupOrderList
Use ‘QueryServiceConfig’ to request tag id of other drivers.
Of course, such driver must have ‘system’ start type. Never try to load it dynamically (due to this bug in netbs.sys).

Alex, please, can you give me some more prompt, how can I load Tdi driver right. I can’t load it as a service, only with NtLoadDriver function…

@Aleh_Kazakevich said : “Never try to load it dynamically (due to this bug in netbs.sys).”
Which means you MUST load it at BOOT. NtLoadDriver is used to load it at runtime. That wont work.

@ThatsBerkan said:
@Aleh_Kazakevich said : “Never try to load it dynamically (due to this bug in netbs.sys).”
Which means you MUST load it at BOOT. NtLoadDriver is used to load it at runtime. That wont work.

Yes, I understood this. I try to register it with OSR Loader, set TDI_PNP group, and load order after tdx. But it doesn’t start after reboot, when I check the service status, I get an error, which I describe upper, ERROR_GEN_FAILURE

buridan wrote:
Tdi registry setting

‘tdi’ is the name of your driver?
Bad idea because tdi.sys is already exists in ‘system32\drivers’ folder…

@Aleh_Kazakevich said:

buridan wrote:
Tdi registry setting

‘tdi’ is the name of your driver?
Bad idea because tdi.sys is already exists in ‘system32\drivers’ folder…

Ups… Don’t know it… I don’t see this key in registry(in services), so don’t think about collisions, I’l try to change name of it.

I must also warn you that on Windows 8 and higher systems the TDI filtering technology is nearly dead.
It has several problems that can’t be solved, even in theory.
For newer operating systems it is better to use the ‘Windows Filtering Platform’.

@Aleh_Kazakevich said:
I must also warn you that on Windows 8 and higher systems the TDI filtering technology is nearly dead.
It has several problems that can’t be solved, even in theory.
For newer operating systems it is better to use the ‘Windows Filtering Platform’.

Thanks) I know it, but I already have legacy tdi driver, and I need to make it stable…

I need to make it stable…

It may not be possible. It is certainly undesirable to continue with that technology.

Peter