My driver has been working for a couple of years now. Today I made some changes to my device context and now after calling
KeInitializeEvent(&DevContext->outOfBandPacketDoneEvent, NotificationEvent, TRUE);
pTouchDevice ( a void pointer at offeset 0x84 is corrupted.)
Below I have included my dt dump of the device context and the code causing the crash.
outOfBandPacketDoneEvent is a KEVENT at offset 0x74.
pTouchDevice is a PVOID at offset 0x84.
WHY SHOULD KeInitializeEvent write past 0x10 bytes?
I’m building with default build options.
KeInitializeEvent(&DevContext->TerminateReadThread, NotificationEvent, FALSE);
KeInitializeEvent(&DevContext->outOfBandPacketDoneEvent, NotificationEvent, TRUE);
KeInitializeEvent(&DevContext->SSDoneEvent, NotificationEvent, TRUE);
KeInitializeEvent(&DevContext->PortAvailableEvent, SynchronizationEvent , TRUE);
DevContext->pTouchDevice->InPointer = DevContext->pTouchDevice->Response;
1: kd> dt DevContext
Local var @ 0x8a717630 Type DEVICE_CONTEXT*
0x8582d1c8
+0x000 dwfHPen : 0
+0x004 Device : 0x7a7d2ff8 WDFDEVICE_
+0x008 IoTarget : 0x7a55baa0 WDFIOTARGET__
+0x00c SpinLock : 0x7a55bb88 WDFSPINLOCK__
+0x010 PowerState : 0 ( PowerDeviceUnspecified )
+0x014 PrevSerialSettings : SERIAL_BASIC_SETTINGS
+0x040 wFirmwareVer : 0
+0x044 HidQueue : 0x7a57ffe8 WDFQUEUE_
+0x048 GetPointQueue : 0x7a57f1f8 WDFQUEUE__
+0x04c InputMode : 0 ‘’
+0x04d TimeToTerminateReadThread : 0 ‘’
+0x050 TerminateReadThread : _KEVENT
+0x060 PortAvailableEvent : _KEVENT
+0x070 SerialRequest : (null)
+0x074 outOfBandPacketDoneEvent : _KEVENT
+0x084 pTouchDevice : 0x00000001 _TOUCHSCREENDEVICE
Make sure you do full rebuild. Sometimes BUILD doesn’t rebuild all affected files if a structure definition changes.
Did you do a partial or clean build? Did you change the structure layout at all? Any libs you need to rebuild too?
d
dent from a phpne with no keynoard
-----Original Message-----
From: xxxxx@yahoo.com
Sent: September 10, 2010 11:20 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Buffer overrun after a call to KeInitializeEvent
My driver has been working for a couple of years now. Today I made some changes to my device context and now after calling
KeInitializeEvent(&DevContext->outOfBandPacketDoneEvent, NotificationEvent, TRUE);
pTouchDevice ( a void pointer at offeset 0x84 is corrupted.)
Below I have included my dt dump of the device context and the code causing the crash.
outOfBandPacketDoneEvent is a KEVENT at offset 0x74.
pTouchDevice is a PVOID at offset 0x84.
WHY SHOULD KeInitializeEvent write past 0x10 bytes?
I’m building with default build options.
KeInitializeEvent(&DevContext->TerminateReadThread, NotificationEvent, FALSE);
KeInitializeEvent(&DevContext->outOfBandPacketDoneEvent, NotificationEvent, TRUE);
KeInitializeEvent(&DevContext->SSDoneEvent, NotificationEvent, TRUE);
KeInitializeEvent(&DevContext->PortAvailableEvent, SynchronizationEvent , TRUE);
DevContext->pTouchDevice->InPointer = DevContext->pTouchDevice->Response;
1: kd> dt DevContext
Local var @ 0x8a717630 Type DEVICE_CONTEXT*
0x8582d1c8
+0x000 dwfHPen : 0
+0x004 Device : 0x7a7d2ff8 WDFDEVICE
+0x008 IoTarget : 0x7a55baa0 WDFIOTARGET
+0x00c SpinLock : 0x7a55bb88 WDFSPINLOCK_
+0x010 PowerState : 0 ( PowerDeviceUnspecified )
+0x014 PrevSerialSettings : SERIAL_BASIC_SETTINGS
+0x040 wFirmwareVer : 0
+0x044 HidQueue : 0x7a57ffe8 WDFQUEUE_
+0x048 GetPointQueue : 0x7a57f1f8 WDFQUEUE__
+0x04c InputMode : 0 ‘’
+0x04d TimeToTerminateReadThread : 0 ‘’
+0x050 TerminateReadThread : _KEVENT
+0x060 PortAvailableEvent : _KEVENT
+0x070 SerialRequest : (null)
+0x074 outOfBandPacketDoneEvent : _KEVENT
+0x084 pTouchDevice : 0x00000001 _TOUCHSCREENDEVICE
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer