Hi,
In My (do nothing just filter )Tdi Filter driver i am frequently getting
Access Violation during filtering TDI_QUERY_INFORMATION.After sending the
Irp to the target driver using IoCallDriver it generates access violation in
debugger.I could not figure out why it is happening.Any help is
appreciated.below is the stack trace -
kd> kv
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be
wrong.
bfba5688 bfd8004e 81303a48 81303adc 8138f330 tcpip!IPTransmit+0x197e
bfba56d8 f74ce51a 81383900 81303a48 00000000 tcpip!IPGetAddrType+0x1acf
bfba56fc f74cd6ef 81383900 81303a48 81383900
CSTDI!DrvFilterTdiInternalDispatch+0x1e4 (FPO: [Non-Fpo])
[E:\Corporate\CSTDI\TdiDispatch.c @ 638]
bfba5744 f74cc910 81383900 81303a48 c02fee94
CSTDI!DrvTdiDispatchIoControl+0x1c5 (FPO: [Non-Fpo])
[E:\Corporate\CSTDI\TdiDispatch.c @ 139]
bfba5778 8041f54b 81383900 81303a48 00000000 CSTDI!DrvDispatchIoControl+0x32
(FPO: [Non-Fpo]) [E:\Corporate\CSTDI\CSTDI.c @ 291]
bfba57bc bfb5b701 81302d68 bfba5808 00000008
nt!IoBuildSynchronousFsdRequest+0x8f
bfba5814 bfb5a944 81302d68 bfba5830 81314684 afd+0x13701
bfba586c bfb5a6af bfba58e8 bfba58a0 81314684 afd+0x12944
bfba58c8 bfb5aab6 bfba58f8 bfba58e8 00000000 afd+0x126af
bfba58f0 bfb4b35b 813145a8 00000000 81312dd0 afd+0x12ab6
bfba5aa0 8044e27e 81312dd0 00000000 bfba5b4c afd+0x335b
bfba5b0c 804957ae 00000000 bfba5c00 00000042 nt!ObFindHandleForObject+0x5e3
bfba5c1c 804a78b8 00000000 00000000 c0502601 nt!ObOpenObjectByName+0xb3
bfba5cf0 804a0c5b 0042fb6c c0100000 0042fb54 nt!IoCreateFile+0x1ad
bfba5d30 80461691 0042fb6c c0100000 0042fb54 nt!NtCreateFile+0x2e
bfba5d64 00000000 00000000 00000000 00000000
nt!ExReleaseResourceForThread+0xbd5
kd> u
tcpip!IPTransmit+197e:
bfd81de5 8b01 mov eax,[ecx]
bfd81de7 8945e8 mov [ebp-0x18],eax
bfd81dea 85db test ebx,ebx
bfd81dec 0f8c82950000 jl tcpip!IPTransmit+0xaf0d (bfd8b374)
bfd81df2 6a00 push 0x0
bfd81df4 56 push esi
bfd81df5 51 push ecx
bfd81df6 e82be1ffff call tcpip!IPGetAddrType+0x19a7 (bfd7ff26)
Regards
Subodh
It seems like the contents of the ECX register is pointing to something that
isn’t valid memory.
You need to figure out where ECX came from, and figure out why it doesn’t
point to valid memory.
I’m not any kind of expert on TCPIP, so I don’t know what the functions are
supposed to do… But most likely ECX is loaded from some object passed in
from your driver. Just tracing back where ECX came from and you’ll most
likely find that it’s an invalid value for some reason.
–
Mats
-----Original Message-----
From: xxxxx@softhome.net [mailto:xxxxx@softhome.net]
Sent: Thursday, February 19, 2004 1:45 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Access Violation in Tdi Irp…
Hi,
In My (do nothing just filter )Tdi Filter driver i am
frequently getting
Access Violation during filtering TDI_QUERY_INFORMATION.After
sending the
Irp to the target driver using IoCallDriver it generates
access violation in
debugger.I could not figure out why it is happening.Any help is
appreciated.below is the stack trace -
kd> kv
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following
frames may be
wrong.
bfba5688 bfd8004e 81303a48 81303adc 8138f330 tcpip!IPTransmit+0x197e
bfba56d8 f74ce51a 81383900 81303a48 00000000
tcpip!IPGetAddrType+0x1acf
bfba56fc f74cd6ef 81383900 81303a48 81383900
CSTDI!DrvFilterTdiInternalDispatch+0x1e4 (FPO: [Non-Fpo])
[E:\Corporate\CSTDI\TdiDispatch.c @ 638]
bfba5744 f74cc910 81383900 81303a48 c02fee94
CSTDI!DrvTdiDispatchIoControl+0x1c5 (FPO: [Non-Fpo])
[E:\Corporate\CSTDI\TdiDispatch.c @ 139]
bfba5778 8041f54b 81383900 81303a48 00000000
CSTDI!DrvDispatchIoControl+0x32
(FPO: [Non-Fpo]) [E:\Corporate\CSTDI\CSTDI.c @ 291]
bfba57bc bfb5b701 81302d68 bfba5808 00000008
nt!IoBuildSynchronousFsdRequest+0x8f
bfba5814 bfb5a944 81302d68 bfba5830 81314684 afd+0x13701
bfba586c bfb5a6af bfba58e8 bfba58a0 81314684 afd+0x12944
bfba58c8 bfb5aab6 bfba58f8 bfba58e8 00000000 afd+0x126af
bfba58f0 bfb4b35b 813145a8 00000000 81312dd0 afd+0x12ab6
bfba5aa0 8044e27e 81312dd0 00000000 bfba5b4c afd+0x335b
bfba5b0c 804957ae 00000000 bfba5c00 00000042
nt!ObFindHandleForObject+0x5e3
bfba5c1c 804a78b8 00000000 00000000 c0502601
nt!ObOpenObjectByName+0xb3
bfba5cf0 804a0c5b 0042fb6c c0100000 0042fb54 nt!IoCreateFile+0x1ad
bfba5d30 80461691 0042fb6c c0100000 0042fb54 nt!NtCreateFile+0x2e
bfba5d64 00000000 00000000 00000000 00000000
nt!ExReleaseResourceForThread+0xbd5
kd> u
tcpip!IPTransmit+197e:
bfd81de5 8b01 mov eax,[ecx]
bfd81de7 8945e8 mov [ebp-0x18],eax
bfd81dea 85db test ebx,ebx
bfd81dec 0f8c82950000 jl tcpip!IPTransmit+0xaf0d (bfd8b374)
bfd81df2 6a00 push 0x0
bfd81df4 56 push esi
bfd81df5 51 push ecx
bfd81df6 e82be1ffff call tcpip!IPGetAddrType+0x19a7
(bfd7ff26)
Regards
Subodh
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
In your callstack:
tcpip!IPGetAddrType+0x1acf
the '+0x1acf' makes me suspicous that you do not have the correct
symbols loaded. It is quit unusual to have a function that is so big
(~ 6 KByte).
Do a '!sym noisy' and then '.reload'.
Then if it tells you everything is fine look at the callstack again.
Norbert.
"If Yoda so strong in the force is, why words in the right order he
cannot put?"
---- snip ----
---- snip ----