Hi Experts,
I am observing my global adapter structure is getting corrupted during driver initialization.
From driver there no code which will either write/modify Adapter structure.From dump analysis it is observed that Adapter structure address is stored in @rbx register. During BSOD observed that someone is changing the address stored in this register.
Let me know if there is any windbg command through which we can break the system whenever the register value changes. So that i can easily suspect which part of OS/driver code changing the register value.
Same driver is working fine on windows server 2012/2016 without any issue. But crash is observed in windows 10 rs2/rs3 only on free build driver not on the checked build driver.
xxxxx@gmail.com wrote:
I am observing my global adapter structure is getting corrupted during driver initialization.
From driver there no code which will either write/modify Adapter structure.From dump analysis it is observed that Adapter structure address is stored in @rbx register. During BSOD observed that someone is changing the address stored in this register.
Why do you think so? Is it possible you are putting too much trust in
the debugger? Have you gone through your own compiled code to see if
the compiler is generating code that loses the value in rbx?  Does it
happen every time? Have you single-stepped through your code to figure
out where it could be getting smashed?
Let me know if there is any windbg command through which we can break the system whenever the register value changes. So that i can easily suspect which part of OS/driver code changing the register value.
No. The idea itself is silly; the rbx register is changed millions of
times a second. The kernel APIs you call will change it, although if
they do they are supposed to save and restore the original value.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Hi Tim,
Thanks for the response.
I have tried the step by step debugging but was not able to trace how the value is getting changed.
I have observed that value of the register is getting changed in the middle of executing some driver code where we never change the adapter value. It seems like the value of register is changed by some external process which iam not able to trace.
How can we trace that?
Regards,
Sachin