Bluetooth game controller supports XInput

Hi Tim,

That’s actually what I’m going to do that in the event callback EvtInternalDeviceControl of the PDO that I create. The problem is that the callback function doesn’t get called no matter I register it for the PDO of the XUSB or the FDO of the bus. Is it right place to do that?

VOID
Bthxbus_EvtInternalDeviceControl(
IN WDFQUEUE Queue,
IN WDFREQUEST Request,
IN size_t OutputBufferLength,
IN size_t InputBufferLength,
IN ULONG IoControlCode
)
{
NTSTATUS status = STATUS_SUCCESS;
WDFDEVICE hDevice = NULL;

UNREFERENCED_PARAMETER(OutputBufferLength);
UNREFERENCED_PARAMETER(InputBufferLength);

BthxTraceFuncEntry();

hDevice = WdfIoQueueGetDevice(Queue);

switch (IoControlCode)
{
case IOCTL_INTERNAL_USB_SUBMIT_URB:
BthxTrace(TRACE_LEVEL_VERBOSE, BTHX_PDO, “IOCTL_INTERNAL_USB_SUBMIT_URB
arrives”);
break;

default:
BthxTrace(TRACE_LEVEL_VERBOSE, BTHX_PDO, “The internal control code is 0x%x”,
IoControlCode);
break;
}

WdfRequestComplete(Request, status);
BthxTraceFuncExit();
}

Marshall

Hi Doron,

Where should I add the IO handlers for all major types? The PDO of the XUSB or the FDO of the bus driver? The IO handler you mentioned here is for EvtIoDefault, isn’t it? Are the major types as below:

IRP_MJ_CREATE
IRP_MJ_CLOSE
IRP_MJ_PNP
IRP_MJ_POWER
IRP_MJ_DEVICE_CONTROL
IRP_MJ_INTERNAL_DEVICE_CONTROL

Marshall

I would be on the pdo. Read and write too

d

Bent from my phone

From: xxxxx@hotmail.commailto:xxxxx
Sent: ?12/?9/?2014 5:33 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] Bluetooth game controller supports XInput

Hi Doron,

Where should I add the IO handlers for all major types? The PDO of the XUSB or the FDO of the bus driver? The IO handler you mentioned here is for EvtIoDefault, isn’t it? Are the major types as below:

IRP_MJ_CREATE
IRP_MJ_CLOSE
IRP_MJ_PNP
IRP_MJ_POWER
IRP_MJ_DEVICE_CONTROL
IRP_MJ_INTERNAL_DEVICE_CONTROL

Marshall

—
NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>

Hi Doron,

I set the interface query as following which can be wrong:

//
// Create a custom interface so that other drivers can
// query (IRP_MN_QUERY_INTERFACE) and use our callbacks directly.
//
RtlZeroMemory(&xusbInterface, sizeof(xusbInterface));
xusbInterface.header.Size = sizeof(xusbInterface);
xusbInterface.header.Version = 1;
xusbInterface.header.Context = (PVOID)hChild;

//
// Let the framework handle reference counting.
//
xusbInterface.header.InterfaceReference =
WdfDeviceInterfaceReferenceNoOp;
xusbInterface.header.InterfaceDereference =
WdfDeviceInterfaceDereferenceNoOp;

xusbInterface.pfnGetCrispinessLevel = Bthxusb_GetCrispinessLevel;
xusbInterface.pfnSetCrispinessLevel = Bthxusb_SetCrispinessLevel;
xusbInterface.pfnIsSafetyLockEnabled = Bthxusb_IsSafetyLockEnabled;

WDF_QUERY_INTERFACE_CONFIG_INIT(
&qiConfig,
(PINTERFACE)&xusbInterface,
&GUID_DEVCLASS_X360WIRED,
NULL
);

status = WdfDeviceAddQueryInterface(hChild, &qiConfig);
IfFailGoToExit(status, BTHX_PDO, “WdfDeviceAddQueryInterface failed”);

Do you know how I should set the correct USB specific interface for that? How should I define the INTERFACE structure here?

Thanks,
Marshall

Hi,

I can receive the IRP_MJ_INTERNAL_DEVICE_CONTROL from the PDO of xusb after I changed the code to set the query interface as below. Next, I will respond the GET_DESCRIPTOR from the event callback function.

RtlZeroMemory(&xusbInterface, sizeof(xusbInterface));
xusbInterface.Size = sizeof(xusbInterface);
xusbInterface.Version = USB_BUSIF_USBDI_VERSION_1;
xusbInterface.BusContext = (PVOID)hChild;
xusbInterface.InterfaceDereference = WdfDeviceInterfaceReferenceNoOp;
xusbInterface.InterfaceDereference = WdfDeviceInterfaceDereferenceNoOp;
xusbInterface.SubmitIsoOutUrb = Bthxusb_SubmitIsoOutUrb;
xusbInterface.GetUSBDIVersion = Bthxusb_GetUSBDIVersion;
xusbInterface.QueryBusTime = Bthxusb_QueryBusTime;
xusbInterface.QueryBusInformation = Bthxusb_QueryBusInformation;
xusbInterface.IsDeviceHighSpeed = Bthxusb_IsDeviceHighSpeed;

WDF_QUERY_INTERFACE_CONFIG_INIT(
&qiConfig,
(PINTERFACE)&xusbInterface,
&USB_BUS_INTERFACE_USBDI_GUID,
NULL
);

status = WdfDeviceAddQueryInterface(hChild, &qiConfig);
IfFailGoToExit(status, BTHX_PDO, “WdfDeviceAddQueryInterface failed”);

VOID
USB_BUSIFFN
Bthxusb_GetUSBDIVersion(
IN PVOID BusContext,
IN OUT PUSBD_VERSION_INFORMATION VersionInformation,
IN OUT PULONG pHcdCapabilities
)
{
UNREFERENCED_PARAMETER(BusContext);

BthxTraceFuncEntry();

if (VersionInformation != NULL)
{
VersionInformation->USBDI_Version = 0x600; /* Usbport */
VersionInformation->Supported_USB_Version = 0x200; /* USB 2.0 */
}

if (pHcdCapabilities != NULL)
{
*pHcdCapabilities = 0;
}

BthxTraceFuncExit();
}

NTSTATUS
USB_BUSIFFN
Bthxusb_QueryBusTime(
IN PVOID BusContext,
IN OUT PULONG pCurrUsbFrame
)
{
UNREFERENCED_PARAMETER(BusContext);
UNREFERENCED_PARAMETER(pCurrUsbFrame);

BthxTraceFuncEntry();
BthxTraceFuncExit();

return STATUS_NOT_IMPLEMENTED;
}

NTSTATUS
USB_BUSIFFN
Bthxusb_SubmitIsoOutUrb(
IN PVOID BusContext,
IN PURB Urb
)
{
UNREFERENCED_PARAMETER(BusContext);
UNREFERENCED_PARAMETER(Urb);

BthxTraceFuncEntry();
BthxTraceFuncExit();

return STATUS_NOT_IMPLEMENTED;
}

NTSTATUS
USB_BUSIFFN
Bthxusb_QueryBusInformation(
IN PVOID BusContext,
IN ULONG Level,
IN OUT PVOID pBusInfoBufr,
IN OUT PULONG pBusInfoBufrLen,
OUT PULONG pBusInfoActlLen
)
{
UNREFERENCED_PARAMETER(BusContext);
UNREFERENCED_PARAMETER(Level);
UNREFERENCED_PARAMETER(pBusInfoBufr);
UNREFERENCED_PARAMETER(pBusInfoBufrLen);
UNREFERENCED_PARAMETER(pBusInfoActlLen);

BthxTraceFuncEntry();
BthxTraceFuncExit();

return STATUS_NOT_IMPLEMENTED;
}

BOOLEAN
USB_BUSIFFN
Bthxusb_IsDeviceHighSpeed(
IN PVOID BusContext
)
{
UNREFERENCED_PARAMETER(BusContext);

BthxTraceFuncEntry();
BthxTraceFuncExit();

return TRUE;
}

Hi All,

Can anyone tell me why opening the wpp trace from the TraceView.exe causes my driver BSOD DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS. The driver doesn’t pend any request. The driver is the bus driver which hardware id is root\bthxbus. It’s not installed correctly yet because I need pass all descriptors to the XUSB FDO. However, the driver has already call WdfRequestComplete with all internal IO control. Any ideas on this? I can’t use the WPP trace now.

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
A driver unloaded without cancelling timers, DPCs, worker threads, etc.
The broken driver’s name is displayed on the screen.
Arguments:
Arg1: fffff80005c5b950, memory referenced
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation
Arg3: fffff80005c5b950, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, Mm internal code.

Debugging Details:

WRITE_ADDRESS: fffff80005c5b950

FAULTING_IP:
bthxbus+1950
fffff800`05c5b950 ?? ???

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xCE

PROCESS_NAME: traceview.exe

CURRENT_IRQL: 0

TRAP_FRAME: ffffd00037c0d5e0 – (.trap 0xffffd00037c0d5e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe00068eb5b78
rdx=ffffc001faca6e01 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80005c5b950 rsp=ffffd00037c0d778 rbp=ffffd00037c0d7f9
r8=ffffd00037c0d7c0 r9=fffff80005c62100 r10=ffffe0006b7c7300
r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
<unloaded_bthxbus.sys>+0x1950:
fffff80005c5b950 ?? ???<br>Resetting default scope<br><br>IP_MODULE_UNLOADED: <br>bthxbus+1950<br>fffff80005c5b950 ?? ???

LAST_CONTROL_TRANSFER: from fffff800243e5f1e to fffff80024359d90

STACK_TEXT:
ffffd00037c0cbd8 fffff800243e5f1e : 0000000000000000 0000000000000000 ffffd00037c0cd40 fffff800242d7de8 : nt!DbgBreakPointWithStatus
ffffd00037c0cbe0 fffff800243e582f : 0000000000000003 ffffd00037c0cd40 fffff800243611d0 ffffd00037c0d290 : nt!KiBugCheckDebugBreak+0x12
ffffd00037c0cc40 fffff800243532a4 : 0000000000000000 0000000000000000 0000000000000000 ffffd00037c0d3b0 : nt!KeBugCheck2+0x8ab
ffffd00037c0d350 fffff8002438cab8 : 0000000000000050 fffff80005c5b950 0000000000000008 ffffd00037c0d5e0 : nt!KeBugCheckEx+0x104
ffffd00037c0d390 fffff80024268e78 : 0000000000000008 ffffe0006ad03900 ffffd00037c0d5e0 ffffd00037c0d640 : nt! ?? ::FNODOBFM::string'+0x29408<br>ffffd00037c0d430 fffff8002435d42f : ffffe00068eb52f0 000000000000e000 0000000000000800 ffffd00037c0d5e0 : nt!MmAccessFault+0x758<br>ffffd00037c0d5e0 fffff80005c5b950 : fffff800245a881b ffffe00068eb5b78 0000000000000001 ffffd00037c0d7c0 : nt!KiPageFault+0x12f<br>ffffd00037c0d778 fffff800245a881b : ffffe00068eb5b78 0000000000000001 ffffd00037c0d7c0 fffff800083a9100 : <unloaded_bthxbus.sys>+0x1950<br>ffffd00037c0d780 fffff800245a9554 : ffffe00068eb5b88 ffffe00068eb52f0 ffffe00068eb52f0 ffffc001fac31940 : nt!EtwpSendDataBlock+0x137<br>ffffd00037c0d860 fffff800245f6810 : 000000b5e6dded05 0000000000000048 0000000000000078 ffffc001fac31940 : nt!EtwpEnableGuid+0x42c<br>ffffd00037c0da20 fffff8002435e9b3 : fffff6fb00000011 ffffe0006b6c6880 0000000000000078 000000b5e6dded40 : nt!NtTraceControl+0x36c<br>ffffd00037c0da90 00007ff9d870306a : 00007ff9d86bd6e4 000000b5c0000225 0000000000000000 0000000001010101 : nt!KiSystemServiceCopyEnd+0x13<br>000000b5e6ddeba8 00007ff9d86bd6e4 : 000000b5c0000225 0000000000000000 0000000001010101 000000000001101c : ntdll!NtTraceControl+0xa<br>000000b5e6ddebb0 00007ff9d7c992b6 : 0000000000000000 0000000000000000 000000000001036c 000000000000101c : ntdll!EtwSendNotification+0x70<br>000000b5e6ddecc0 00007ff9d7847d66 : 00000000000000e0 0000000000000000 00000000000000d0 00007ff9d869dd0e : sechost!EnableTraceEx2+0x1d2<br>000000b5e6ddee20 00007ff9d7847dd9 : 0036006400380000 ffffffff00000000 00005237a3dc63a8 000000b5e7090000 : ADVAPI32!EnableTraceEx+0xb2<br>000000b5e6ddeed0 00007ff6a1ca6d67 : 0000000000000000 0000000000000000 000000b5ea404670 00007ff9d7c9de1f : ADVAPI32!EnableTrace+0x35<br>000000b5e6ddef30 00007ff6a1ca2df9 : 000000b5e6ddf010 000000b5ea4030b0 000000b5000000d0 0000000000000000 : traceview!CLogSession::UpdateOrEnableTracing+0x13f<br>000000b5e6ddefe0 00007ff6a1c941d9 : 000000b5ea4030b0 000000b500000000 000000b50000ffff 0000000000000002 : traceview!CLogSession::BeginTrace+0xa95<br>000000b5e6ddf070 00007ff6a1cad00c : 00007ff9be30f1d4 000000b5ea4030b0 0000000000000083 000000b5ea403ba0 : traceview!CDisplayDlg::BeginTrace+0x121<br>000000b5e6ddf0d0 00007ff9be22d778 : 000000b5e709ab60 000000b5ea4030b0 0000000000000001 00007ff9be30f1d4 : traceview!CMainFrame::AddModifyLogSession+0x310<br>000000b5e6ddf130 00007ff9be22d3e1 : 0000000000000111 ffffffffffffffff ffffffffffffffff 00007ff9d7b123a3 : MFC42u!_AfxDispatchCmdMsg+0x88<br>000000b5e6ddf160 00007ff6a1cacce0 : 000000b5e709c2b0 0000000000000000 0000000000000000 0000000000000000 : MFC42u!CFrameWnd::OnCmdMsg+0x201<br>000000b5e6ddf1f0 00007ff9be22e151 : 000000b5e709ab60 0000000000000111 0000000000000083 0000000000000001 : traceview!CMainFrame::OnCmdMsg+0x14<br>000000b5e6ddf230 00007ff9be22f283 : 0000000000000083 0000000000000000 0000000000000000 0000000000000111 : MFC42u!CFrameWnd::OnCommand+0x331<br>000000b5e6ddf380 00007ff9be22d7ce : 000000b5e709ab60 0000000000000083 0000000000000083 0000000000000000 : MFC42u!CWnd::OnWndMsg+0x1e3<br>000000b5e6ddf490 00007ff9be22ef5c : 0000000000000000 000000b5e6ebedd0 0000000000000003 0000000000000111 : MFC42u!CWnd::WindowProc+0x3e<br>000000b5e6ddf4d0 00007ff9be22e81d : 0000000000040356 0000000000000001 00007ff9be314790 0000000000000000 : MFC42u!AfxCallWndProc+0x16c<br>000000b5e6ddf5c0 00007ff9d7b12434 : 0000000000000001 0000000000000001 0000000000000083 0000000000000000 : MFC42u!AfxWndProcBase+0x1ed<br>000000b5e6ddf650 00007ff9d7b12297 : 000000b5e741cd60 00007ff6a1d25218 00007ff6a168e800 00007ff9be22e630 : USER32!UserCallWinProcCheckWow+0x140<br>000000b5e6ddf710 00007ff9be236724 : 00007ff6a1d251b0 00007ff6a1d251b0 0000000000000000 0000000000000000 : USER32!DispatchMessageWorker+0x1a7<br>000000b5e6ddf790 00007ff9be2364ec : 00007ff6a1d251b0 0000000000000001 0000000000000000 00007ff6a1d251b0 : MFC42u!CWinThread::PumpMessage+0x54<br>000000b5e6ddf7c0 00007ff9be239695 : 0000000000000001 00007ff6a1c20000 0000000000000000 000000b5e6eb1c5c : MFC42u!CWinThread::Run+0x6c<br>000000b5e6ddf800 00007ff6a1cdae92 : 0000000000000001 0000000000000000 0000000000000000 00007ff6a1c210d0 : MFC42u!AfxWinMain+0x89<br>000000b5e6ddf840 00007ff9d85316ad : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : traceview!Mtxunlock+0x2ea<br>000000b5e6ddf900 00007ff9d86c4409 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0xd<br>000000b5e6ddf930 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>STACK_COMMAND: kb<br><br>FOLLOWUP_IP: <br>bthxbus+1950<br>fffff80005c5b950 ?? ???

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: bthxbus+1950

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: bthxbus

IMAGE_NAME: bthxbus.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0xCE_bthxbus+1950

BUCKET_ID: 0xCE_bthxbus+1950

Followup: MachineOwner
---------</unloaded_bthxbus.sys></unloaded_bthxbus.sys>

You have a timer or work item or dpc still active. Why it is unloading is a good question, but regardless, you need to fix your bug.

d

Bent from my phone

From: xxxxx@hotmail.commailto:xxxxx
Sent: ?12/?11/?2014 7:32 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] Bluetooth game controller supports XInput

Hi All,

Can anyone tell me why opening the wpp trace from the TraceView.exe causes my driver BSOD DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS. The driver doesn’t pend any request. The driver is the bus driver which hardware id is root\bthxbus. It’s not installed correctly yet because I need pass all descriptors to the XUSB FDO. However, the driver has already call WdfRequestComplete with all internal IO control. Any ideas on this? I can’t use the WPP trace now.

1: kd> !analyze -v


Bugcheck Analysis



DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
A driver unloaded without cancelling timers, DPCs, worker threads, etc.
The broken driver’s name is displayed on the screen.
Arguments:
Arg1: fffff80005c5b950, memory referenced
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation
Arg3: fffff80005c5b950, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, Mm internal code.

Debugging Details:
------------------

WRITE_ADDRESS: fffff80005c5b950

FAULTING_IP:
bthxbus+1950
fffff80005c5b950 ?? ???<br><br>DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT<br><br>BUGCHECK_STR: 0xCE<br><br>PROCESS_NAME: traceview.exe<br><br>CURRENT_IRQL: 0<br><br>TRAP_FRAME: ffffd00037c0d5e0 -- (.trap 0xffffd00037c0d5e0)<br>NOTE: The trap frame does not contain all registers.<br>Some register values may be zeroed or incorrect.<br>rax=0000000000000000 rbx=0000000000000000 rcx=ffffe00068eb5b78<br>rdx=ffffc001faca6e01 rsi=0000000000000000 rdi=0000000000000000<br>rip=fffff80005c5b950 rsp=ffffd00037c0d778 rbp=ffffd00037c0d7f9<br> r8=ffffd00037c0d7c0 r9=fffff80005c62100 r10=ffffe0006b7c7300<br>r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000<br>r14=0000000000000000 r15=0000000000000000<br>iopl=0 nv up ei pl zr na po nc<br><unloaded_bthxbus.sys>+0x1950:<br>fffff80005c5b950 ?? ???
Resetting default scope

IP_MODULE_UNLOADED:
bthxbus+1950
fffff80005c5b950 ?? ???<br><br>LAST_CONTROL_TRANSFER: from fffff800243e5f1e to fffff80024359d90<br><br>STACK_TEXT:<br>ffffd00037c0cbd8 fffff800243e5f1e : 0000000000000000 0000000000000000 ffffd00037c0cd40 fffff800242d7de8 : nt!DbgBreakPointWithStatus<br>ffffd00037c0cbe0 fffff800243e582f : 0000000000000003 ffffd00037c0cd40 fffff800243611d0 ffffd00037c0d290 : nt!KiBugCheckDebugBreak+0x12<br>ffffd00037c0cc40 fffff800243532a4 : 0000000000000000 0000000000000000 0000000000000000 ffffd00037c0d3b0 : nt!KeBugCheck2+0x8ab<br>ffffd00037c0d350 fffff8002438cab8 : 0000000000000050 fffff80005c5b950 0000000000000008 ffffd00037c0d5e0 : nt!KeBugCheckEx+0x104<br>ffffd00037c0d390 fffff80024268e78 : 0000000000000008 ffffe0006ad03900 ffffd00037c0d5e0 ffffd00037c0d640 : nt! ?? ::FNODOBFM::string’+0x29408
ffffd00037c0d430 fffff8002435d42f : ffffe00068eb52f0 000000000000e000 0000000000000800 ffffd00037c0d5e0 : nt!MmAccessFault+0x758
ffffd00037c0d5e0 fffff80005c5b950 : fffff800245a881b ffffe00068eb5b78 0000000000000001 ffffd00037c0d7c0 : nt!KiPageFault+0x12f
ffffd00037c0d778 fffff800245a881b : ffffe00068eb5b78 0000000000000001 ffffd00037c0d7c0 fffff800083a9100 : <unloaded_bthxbus.sys>+0x1950
ffffd00037c0d780 fffff800245a9554 : ffffe00068eb5b88 ffffe00068eb52f0 ffffe00068eb52f0 ffffc001fac31940 : nt!EtwpSendDataBlock+0x137
ffffd00037c0d860 fffff800245f6810 : 000000b5e6dded05 0000000000000048 0000000000000078 ffffc001fac31940 : nt!EtwpEnableGuid+0x42c
ffffd00037c0da20 fffff8002435e9b3 : fffff6fb00000011 ffffe0006b6c6880 0000000000000078 000000b5e6dded40 : nt!NtTraceControl+0x36c
ffffd00037c0da90 00007ff9d870306a : 00007ff9d86bd6e4 000000b5c0000225 0000000000000000 0000000001010101 : nt!KiSystemServiceCopyEnd+0x13
000000b5e6ddeba8 00007ff9d86bd6e4 : 000000b5c0000225 0000000000000000 0000000001010101 000000000001101c : ntdll!NtTraceControl+0xa
000000b5e6ddebb0 00007ff9d7c992b6 : 0000000000000000 0000000000000000 000000000001036c 000000000000101c : ntdll!EtwSendNotification+0x70
000000b5e6ddecc0 00007ff9d7847d66 : 00000000000000e0 0000000000000000 00000000000000d0 00007ff9d869dd0e : sechost!EnableTraceEx2+0x1d2
000000b5e6ddee20 00007ff9d7847dd9 : 0036006400380000 ffffffff00000000 00005237a3dc63a8 000000b5e7090000 : ADVAPI32!EnableTraceEx+0xb2
000000b5e6ddeed0 00007ff6a1ca6d67 : 0000000000000000 0000000000000000 000000b5ea404670 00007ff9d7c9de1f : ADVAPI32!EnableTrace+0x35
000000b5e6ddef30 00007ff6a1ca2df9 : 000000b5e6ddf010 000000b5ea4030b0 000000b5000000d0 0000000000000000 : traceview!CLogSession::UpdateOrEnableTracing+0x13f
000000b5e6ddefe0 00007ff6a1c941d9 : 000000b5ea4030b0 000000b500000000 000000b50000ffff 0000000000000002 : traceview!CLogSession::BeginTrace+0xa95
000000b5e6ddf070 00007ff6a1cad00c : 00007ff9be30f1d4 000000b5ea4030b0 0000000000000083 000000b5ea403ba0 : traceview!CDisplayDlg::BeginTrace+0x121
000000b5e6ddf0d0 00007ff9be22d778 : 000000b5e709ab60 000000b5ea4030b0 0000000000000001 00007ff9be30f1d4 : traceview!CMainFrame::AddModifyLogSession+0x310
000000b5e6ddf130 00007ff9be22d3e1 : 0000000000000111 ffffffffffffffff ffffffffffffffff 00007ff9d7b123a3 : MFC42u!_AfxDispatchCmdMsg+0x88
000000b5e6ddf160 00007ff6a1cacce0 : 000000b5e709c2b0 0000000000000000 0000000000000000 0000000000000000 : MFC42u!CFrameWnd::OnCmdMsg+0x201
000000b5e6ddf1f0 00007ff9be22e151 : 000000b5e709ab60 0000000000000111 0000000000000083 0000000000000001 : traceview!CMainFrame::OnCmdMsg+0x14
000000b5e6ddf230 00007ff9be22f283 : 0000000000000083 0000000000000000 0000000000000000 0000000000000111 : MFC42u!CFrameWnd::OnCommand+0x331
000000b5e6ddf380 00007ff9be22d7ce : 000000b5e709ab60 0000000000000083 0000000000000083 0000000000000000 : MFC42u!CWnd::OnWndMsg+0x1e3
000000b5e6ddf490 00007ff9be22ef5c : 0000000000000000 000000b5e6ebedd0 0000000000000003 0000000000000111 : MFC42u!CWnd::WindowProc+0x3e
000000b5e6ddf4d0 00007ff9be22e81d : 0000000000040356 0000000000000001 00007ff9be314790 0000000000000000 : MFC42u!AfxCallWndProc+0x16c
000000b5e6ddf5c0 00007ff9d7b12434 : 0000000000000001 0000000000000001 0000000000000083 0000000000000000 : MFC42u!AfxWndProcBase+0x1ed
000000b5e6ddf650 00007ff9d7b12297 : 000000b5e741cd60 00007ff6a1d25218 00007ff6a168e800 00007ff9be22e630 : USER32!UserCallWinProcCheckWow+0x140
000000b5e6ddf710 00007ff9be236724 : 00007ff6a1d251b0 00007ff6a1d251b0 0000000000000000 0000000000000000 : USER32!DispatchMessageWorker+0x1a7
000000b5e6ddf790 00007ff9be2364ec : 00007ff6a1d251b0 0000000000000001 0000000000000000 00007ff6a1d251b0 : MFC42u!CWinThread::PumpMessage+0x54
000000b5e6ddf7c0 00007ff9be239695 : 0000000000000001 00007ff6a1c20000 0000000000000000 000000b5e6eb1c5c : MFC42u!CWinThread::Run+0x6c
000000b5e6ddf800 00007ff6a1cdae92 : 0000000000000001 0000000000000000 0000000000000000 00007ff6a1c210d0 : MFC42u!AfxWinMain+0x89
000000b5e6ddf840 00007ff9d85316ad : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : traceview!Mtxunlock+0x2ea
000000b5e6ddf900 00007ff9d86c4409 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0xd
000000b5e6ddf930 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d

STACK_COMMAND: kb

FOLLOWUP_IP:
bthxbus+1950
fffff800`05c5b950 ?? ???

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: bthxbus+1950

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: bthxbus

IMAGE_NAME: bthxbus.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0xCE_bthxbus+1950

BUCKET_ID: 0xCE_bthxbus+1950

Followup: MachineOwner
---------

—
NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</unloaded_bthxbus.sys></unloaded_bthxbus.sys></mailto:xxxxx></mailto:xxxxx>

On Dec 11, 2014, at 7:32 PM, xxxxx@hotmail.com wrote:

Can anyone tell me why opening the wpp trace from the TraceView.exe causes my driver BSOD DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS. The driver doesn’t pend any request. The driver is the bus driver which hardware id is root\bthxbus. It’s not installed correctly yet because I need pass all descriptors to the XUSB FDO. However, the driver has already call WdfRequestComplete with all internal IO control. Any ideas on this? I can’t use the WPP trace now.

Did you read the stack? It crashed trying to enable tracing in bthxbus.sys, but bthxbus has been unloaded. Are you using WPP? Are you turning off your tracing in DriverUnload?
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi,

yes, I’m using WPP and turning off the tracing in the EvtCleanupCallback. The driver is not loaded successfully that’s why I wanted to enable WPP tracing to do debugging. I don’t have any TIMER/WORKITEM/DPC in the driver yet.

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS status = STATUS_SUCCESS;
WDF_DRIVER_CONFIG config = {0};
WDF_OBJECT_ATTRIBUTES attributes = {0};

//
// Initialize WPP Tracing
//
WPP_INIT_TRACING(DriverObject, RegistryPath);

BthxTraceFuncEntry();
BthxTrace(TRACE_LEVEL_VERBOSE, BTHX_INIT, “Bthxbus Driver is built %s %s”, DATE, TIME);

WDF_DRIVER_CONFIG_INIT(
&config,
Bthxbus_EvtDeviceAdd
);

//
// Register a cleanup callback so that we can call WPP_CLEANUP when
// the framework driver object is deleted during driver unload.
//
WDF_OBJECT_ATTRIBUTES_INIT(&attributes);
attributes.EvtCleanupCallback = Bthxbus_EvtDriverContextCleanup;

status = WdfDriverCreate(
DriverObject,
RegistryPath,
WDF_NO_OBJECT_ATTRIBUTES,
&config,
WDF_NO_HANDLE
);
IfFailGoToExit(status, BTHX_INIT, “WdfDriverCreate failed”);

Exit:
if (status != STATUS_SUCCESS)
{
WPP_CLEANUP(DriverObject);
}

BthxTraceFuncExit();
return status;
}

VOID
Bthxbus_EvtDriverContextCleanup(
IN WDFDRIVER Driver
)
{
PAGED_CODE ();

BthxTraceFuncEntry();
BthxTrace(TRACE_LEVEL_VERBOSE, BTHX_INIT, “Clean up WPP”);

BthxTraceFuncExit();

WPP_CLEANUP(WdfDriverWdmGetDriverObject(Driver));
}

xxxxx@hotmail.com wrote:

yes, I’m using WPP and turning off the tracing in the EvtCleanupCallback. The driver is not loaded successfully that’s why I wanted to enable WPP tracing to do debugging.

But that’s not true, right? You ARE getting loaded. You just don’t
STAY loaded.

I don’t have any TIMER/WORKITEM/DPC in the driver yet.

No, that’s not what is causing the crash. The system is trying to send
a WMI message to you, which comes in as IRP_MJ_SYSTEM_CONTROL, but your
driver has already been unloaded.

You may need to use KdPrint and DebugView to get your traces until you
can at least get things loaded.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

On Fri, Dec 12, 2014 at 4:12 AM, wrote:

> WDF_OBJECT_ATTRIBUTES_INIT(&attributes);
> attributes.EvtCleanupCallback = Bthxbus_EvtDriverContextCleanup;
>
> status = WdfDriverCreate(
> DriverObject,
> RegistryPath,
> WDF_NO_OBJECT_ATTRIBUTES,
> &config,
> WDF_NO_HANDLE
> );
> IfFailGoToExit(status, BTHX_INIT, "WdfDriverCreate failed
>

You forgot to supply the attributes in the call to WdfDriverCreate.

Mark Roddy