Correct way to Build MDL for TdiBuildQueryInformation on NT4 ..

OSR_Community_User · April 23, 2004, 7:23am

HI,

The Following Code Works fine on Win 2k xp 2003 but generates a
IRQL_NOT_LESS_OR_EQUAL Bug check on NT4.Can anybody tell me what i am doing
wrong here which is making NT4 angry ?

pQueryIrp =
oAllocateIrp( (pFilterDeviceExtension->pTargetDeviceObject->StackSize),
FALSE );

pBuffer = ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);

RtlZeroMemory(pBuffer,TDI_ADDRESS_INFO_MAX);

MdlAddr = IoAllocateMdl(
pBuffer,
TDI_ADDRESS_INFO_MAX,
FALSE,
FALSE,
NULL
);

__try
{
MmProbeAndLockPages(MdlAddr,
KernelMode ,
IoWriteAccess);

}
__except( EXCEPTION_EXECUTE_HANDLER )
{

IoFreeMdl( MdlAddr );

MdlAddr = NULL;

return STATUS_SUCCESS ;
}

MdlAddr->Next = NULL;

TdiBuildQueryInformation(
pQueryIrp,
pFilterDeviceExtension->pTargetDeviceObject,
pIrpStackLocation->FileObject,
DrvSimpleTdiRequestCompletion,
&kEvent,
TDI_QUERY_ADDRESS_INFO ,
MdlAddr
);

ntStatus = IoCallDriver(pFilterDeviceExtension->pTargetDeviceObject,
pQueryIrp);

if(ntStatus == STATUS_PENDING)
{
KeWaitForSingleObject(&kEvent,
Executive,
KernelMode ,
FALSE,
NULL
);

}

Regards
Subodh

OSR_Community_User · April 23, 2004, 8:22am

Hello!

pBuffer = ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);

…

MmProbeAndLockPages(MdlAddr,
KernelMode ,
IoWriteAccess);

You’re locking pages in nonpaged pool. Change pool type to “Paged”.

Vlad

OSR_Community_User · April 23, 2004, 9:42am

Same results with non paged pool.could you please suggest the correct steps
to do that with paged pool buffer.
Regards
Subodh

----- Original Message -----
From: “Vladislav Goncharov”
To: “Windows System Software Devs Interest List”
Sent: Friday, April 23, 2004 5:51 PM
Subject: Re: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
on NT4 …

> Hello!
>
> >
> > pBuffer =
ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);
> >
> > …
> >
> > MmProbeAndLockPages(MdlAddr,
> > KernelMode ,
> > IoWriteAccess);
>
> You’re locking pages in nonpaged pool. Change pool type to “Paged”.
>
> Vlad
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · April 23, 2004, 10:26am

You can use MmBuildMdlForNonPagedPool rather than doing a ProbeAndLock.

On what line does the crash occur?

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of subodh gupta
Sent: Friday, April 23, 2004 4:30 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
on NT4 …

HI,

The Following Code Works fine on Win 2k xp 2003 but generates a
IRQL_NOT_LESS_OR_EQUAL Bug check on NT4.Can anybody tell me what i am
doing wrong here which is making NT4 angry ?

pQueryIrp =
oAllocateIrp( (pFilterDeviceExtension->pTargetDeviceObject->StackSize),
FALSE );

pBuffer =
ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);

RtlZeroMemory(pBuffer,TDI_ADDRESS_INFO_MAX);

MdlAddr = IoAllocateMdl(
pBuffer,
TDI_ADDRESS_INFO_MAX,
FALSE,
FALSE,
NULL
);

__try
{
MmProbeAndLockPages(MdlAddr,
KernelMode ,
IoWriteAccess);

}
__except( EXCEPTION_EXECUTE_HANDLER )
{

IoFreeMdl( MdlAddr );

MdlAddr = NULL;

return STATUS_SUCCESS ;
}

MdlAddr->Next = NULL;

TdiBuildQueryInformation(
pQueryIrp,
pFilterDeviceExtension->pTargetDeviceObject,
pIrpStackLocation->FileObject,
DrvSimpleTdiRequestCompletion,
&kEvent,
TDI_QUERY_ADDRESS_INFO ,
MdlAddr
);

ntStatus = IoCallDriver(pFilterDeviceExtension->pTargetDeviceObject,
pQueryIrp);

if(ntStatus == STATUS_PENDING)
{
KeWaitForSingleObject(&kEvent,
Executive,
KernelMode ,
FALSE,
NULL
);

}

Regards
Subodh

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · April 24, 2004, 4:49am

Peter,

I replaced Probe and lock with MmBuildMdlForNonPagedPool But still the
results are same.The Crash takes place after IoCallDriver and the stack
Shows that TdiQueryInformation is called.
No matter what i do it generates a crash.I used
TdiBuildInternalDeviceControlIrp earlier ,It didnt worked.then I moved to
IoAllocateIrp.The strange fact here is that this code works fine on win2k
and above.I remeber when i was working on this code using verifirer on win2k
checked build if i **dont** use Probe and lock then it asserts.Here i dont
have a checked build for NT4 so it is getting difficult to dignose the real
problem with MDL.I suppose there is something changed in the code of tcp
stack from NT to 2k which might be the causing the problem.

for your convenience i am putting the analyse output here -
IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pagable (or completely invalid) address at
an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 00000036, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000000, value 0 = read operation, 1 = write operation

Arg4: fcc2f392, address which referenced memory

Debugging Details:

READ_ADDRESS: unable to get nt!MmPoolCodeEnd

unable to get nt!MmPoolCodeStart

00000036

CURRENT_IRQL: 2

FAULTING_IP:

tcpip!TdiQueryInformation_44+1b4

fcc2f392 f6473680 test byte ptr [edi+0x36],0x80

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: A

TRAP_FRAME: fccf46e8 – (.trap fffffffffccf46e8)

ErrCode = 00000000

eax=00000000 ebx=8080c19c ecx=00000004 edx=00000000 esi=00000004
edi=00000000

eip=fcc2f392 esp=fccf475c ebp=fccf486c iopl=0 nv up ei pl zr na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

tcpip!TdiQueryInformation_44+1b4:

fcc2f392 f6473680 test byte ptr [edi+0x36],0x80

Resetting default context

LAST_CONTROL_TRANSFER: from fcc2d334 to fcc2f392

STACK_TEXT:

fccf486c fcc2d334 fccf4894 00000003 8078b1a8
tcpip!TdiQueryInformation_44+0x1b4

fccf48ac fcc29f9a 8080c128 8080c198 8080c128 tcpip!TCPQueryInformation+0x89

fccf48c0 80111b3f 807b6c10 8080c128 807bddbd
tcpip!TCPDispatchInternalDeviceControl+0x8d

fccf48d4 f70c5a7b fccf49e0 fccf4a74 801a0c26 nt!IofCallDriver+0x37

fccf498c f70c3829 807be5a8 00000028 00000006
netfilter!DrvGetAddresInfo+0x55b

fccf4a74 f70c2f32 807a6b40 807be5a8 807be5a8
netfilter!DrvFilterCreateIrpOnTransport+0x2f7

fccf4abc f70c1fd1 807a6b40 807be5a8 00000000
netfilter!DrvFilterDispatch+0x7f

fccf4b20 80111b3f 807a6b40 807be5a8 fccf4e10 netfilter!DrvDispatch+0x8f

fccf4b34 80172f82 801727b6 807b6bf8 00000000 nt!IofCallDriver+0x37

fccf4c40 80191ca7 807b6c10 00000000 fccf4d08 nt!IopParseDevice+0x7cc

fccf4cc8 8018d9c9 00000000 fccf4dc4 00000040 nt!ObpLookupObjectName+0x283

fccf4ddc 80164b42 01357d9c 00000000 cf4e0001 nt!ObOpenObjectByName+0xbb

fccf4e90 801698d0 0135fe64 00100003 01357d9c nt!IoCreateFile+0x436

fccf4ed0 8013e394 0135fe64 00100003 01357d9c nt!NtCreateFile+0x2e

fccf4ed0 77f6781f 0135fe64 00100003 01357d9c nt!KiSystemService+0xc4

01357db4 76fc3d5f 0135fe64 76fc7808 00000000 0x77f6781f

0135fe6c 76fc3418 00000001 0135fee8 0135ff3b 0x76fc3d5f

0135ff3c 76fc355c 00147898 00147888 00000000 0x76fc3418

0135ff60 76fc224a 00148ba0 022ac764 022a5863 0x76fc355c

0135ff8c 022a57f2 022ac460 00000001 001488a8 0x76fc224a

0135ffec 00000000 77dd8be4 001488a0 00000000 0x22a57f2

FOLLOWUP_IP:

tcpip!TdiQueryInformation_44+1b4

fcc2f392 f6473680 test byte ptr [edi+0x36],0x80

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: tcpip!TdiQueryInformation_44+1b4

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 37c57064

STACK_COMMAND: .trap fffffffffccf46e8 ; kb

BUCKET_ID: 0xA_tcpip!TdiQueryInformation_44+1b4

Followup: MachineOwner

kd> .trap fffffffffccf46e8

ErrCode = 00000000

eax=00000000 ebx=8080c19c ecx=00000004 edx=00000000 esi=00000004
edi=00000000

eip=fcc2f392 esp=fccf475c ebp=fccf486c iopl=0 nv up ei pl zr na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

tcpip!TdiQueryInformation_44+1b4:

fcc2f392 f6473680 test byte ptr [edi+0x36],0x80

kd> kb

*** Stack trace for last set context - .thread/.cxr resets it

ChildEBP RetAddr Args to Child

fccf486c fcc2d334 fccf4894 00000003 8078b1a8
tcpip!TdiQueryInformation_44+0x1b4

fccf48ac fcc29f9a 8080c128 8080c198 8080c128 tcpip!TCPQueryInformation+0x89

fccf48c0 80111b3f 807b6c10 8080c128 807bddbd
tcpip!TCPDispatchInternalDeviceControl+0x8d

fccf48d4 f70c5a7b fccf49e0 fccf4a74 801a0c26 nt!IofCallDriver+0x37

fccf498c f70c3829 807be5a8 00000028 00000006
netfilter!DrvGetAddresInfo+0x55b [\subodhg\e$\NetFilter
Verified\NT\NetFilter\Queues.c @ 1594]

fccf4a74 f70c2f32 807a6b40 807be5a8 807be5a8
netfilter!DrvFilterCreateIrpOnTransport+0x2f7 [\subodhg\e$\NetFilter
Verified\NT\NetFilter\NetFilter.c @ 1829]

fccf4abc f70c1fd1 807a6b40 807be5a8 00000000
netfilter!DrvFilterDispatch+0x7f [\subodhg\e$\NetFilter
Verified\NT\NetFilter\NetFilter.c @ 1180]

fccf4b20 80111b3f 807a6b40 807be5a8 fccf4e10 netfilter!DrvDispatch+0x8f
[\subodhg\e$\NetFilter Verified\NT\NetFilter\NetFilter.c @ 262]

fccf4b34 80172f82 801727b6 807b6bf8 00000000 nt!IofCallDriver+0x37

fccf4c40 80191ca7 807b6c10 00000000 fccf4d08 nt!IopParseDevice+0x7cc

fccf4cc8 8018d9c9 00000000 fccf4dc4 00000040 nt!ObpLookupObjectName+0x283

fccf4ddc 80164b42 01357d9c 00000000 cf4e0001 nt!ObOpenObjectByName+0xbb

fccf4e90 801698d0 0135fe64 00100003 01357d9c nt!IoCreateFile+0x436

fccf4ed0 8013e394 0135fe64 00100003 01357d9c nt!NtCreateFile+0x2e

fccf4ed0 77f6781f 0135fe64 00100003 01357d9c nt!KiSystemService+0xc4

01357db4 76fc3d5f 0135fe64 76fc7808 00000000 0x77f6781f

0135fe6c 76fc3418 00000001 0135fee8 0135ff3b 0x76fc3d5f

0135ff3c 76fc355c 00147898 00147888 00000000 0x76fc3418

0135ff60 76fc224a 00148ba0 022ac764 022a5863 0x76fc355c

0135ff8c 022a57f2 022ac460 00000001 001488a8 0x76fc224a

----- Original Message -----
From: “Peter Wieland”
To: “Windows System Software Devs Interest List”
Sent: Friday, April 23, 2004 7:55 PM
Subject: RE: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
on NT4 …

You can use MmBuildMdlForNonPagedPool rather than doing a ProbeAndLock.

On what line does the crash occur?

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of subodh gupta
Sent: Friday, April 23, 2004 4:30 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
on NT4 …

HI,

The Following Code Works fine on Win 2k xp 2003 but generates a
IRQL_NOT_LESS_OR_EQUAL Bug check on NT4.Can anybody tell me what i am
doing wrong here which is making NT4 angry ?

pQueryIrp =
oAllocateIrp( (pFilterDeviceExtension->pTargetDeviceObject->StackSize),
FALSE );

pBuffer =
ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);

RtlZeroMemory(pBuffer,TDI_ADDRESS_INFO_MAX);

MdlAddr = IoAllocateMdl(
pBuffer,
TDI_ADDRESS_INFO_MAX,
FALSE,
FALSE,
NULL
);

__try
{
MmProbeAndLockPages(MdlAddr,
KernelMode ,
IoWriteAccess);

}
__except( EXCEPTION_EXECUTE_HANDLER )
{

IoFreeMdl( MdlAddr );

MdlAddr = NULL;

return STATUS_SUCCESS ;
}

MdlAddr->Next = NULL;

TdiBuildQueryInformation(
pQueryIrp,
pFilterDeviceExtension->pTargetDeviceObject,
pIrpStackLocation->FileObject,
DrvSimpleTdiRequestCompletion,
&kEvent,
TDI_QUERY_ADDRESS_INFO ,
MdlAddr
);

ntStatus = IoCallDriver(pFilterDeviceExtension->pTargetDeviceObject,
pQueryIrp);

if(ntStatus == STATUS_PENDING)
{
KeWaitForSingleObject(&kEvent,
Executive,
KernelMode ,
FALSE,
NULL
);

}

Regards
Subodh

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@softhome.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · April 24, 2004, 5:52am

Actually Here my prime suspect is MDL because that is the only things which
i can think of is going wrong(because i have double checked all other things
in IRP and target /filter device objects).I think i need to do some
reversing on it.All this Mdl Related Functions Probe and
Lock,MmBuildMdlForNonPaged pool do modify the MDL Flags(along with other
values in MDL struct).So i think i should put a break point in the client
supplied TDIQUERY_INFORMATION internal io control and see that what they
send to make it work.then go other way round and play with Mm functions to
see what combination they are generating.if some how i could generate the
same combination of flags then i think it could work.
No other solution i can think of currently.
Regards
Subodh

----- Original Message -----
From: “subodh gupta”
To: “Windows System Software Devs Interest List”
Sent: Saturday, April 24, 2004 2:25 PM
Subject: Re: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
on NT4 …

> Peter,
>
> I replaced Probe and lock with MmBuildMdlForNonPagedPool But still the
> results are same.The Crash takes place after IoCallDriver and the stack
> Shows that TdiQueryInformation is called.
> No matter what i do it generates a crash.I used
> TdiBuildInternalDeviceControlIrp earlier ,It didnt worked.then I moved to
> IoAllocateIrp.The strange fact here is that this code works fine on win2k
> and above.I remeber when i was working on this code using verifirer on
win2k
> checked build if i dont use Probe and lock then it asserts.Here i dont
> have a checked build for NT4 so it is getting difficult to dignose the
real
> problem with MDL.I suppose there is something changed in the code of tcp
> stack from NT to 2k which might be the causing the problem.
>
> for your convenience i am putting the analyse output here -
> IRQL_NOT_LESS_OR_EQUAL (a)
>
> An attempt was made to access a pagable (or completely invalid) address at
> an
>
> interrupt request level (IRQL) that is too high. This is usually
>
> caused by drivers using improper addresses.
>
> If a kernel debugger is available get the stack backtrace.
>
> Arguments:
>
> Arg1: 00000036, memory referenced
>
> Arg2: 00000002, IRQL
>
> Arg3: 00000000, value 0 = read operation, 1 = write operation
>
> Arg4: fcc2f392, address which referenced memory
>
> Debugging Details:
>
> ------------------
>
>
>
> READ_ADDRESS: unable to get nt!MmPoolCodeEnd
>
> unable to get nt!MmPoolCodeStart
>
> 00000036
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
>
> tcpip!TdiQueryInformation_44+1b4
>
> fcc2f392 f6473680 test byte ptr [edi+0x36],0x80
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: A
>
> TRAP_FRAME: fccf46e8 – (.trap fffffffffccf46e8)
>
> ErrCode = 00000000
>
> eax=00000000 ebx=8080c19c ecx=00000004 edx=00000000 esi=00000004
> edi=00000000
>
> eip=fcc2f392 esp=fccf475c ebp=fccf486c iopl=0 nv up ei pl zr na po nc
>
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
>
> tcpip!TdiQueryInformation_44+1b4:
>
> fcc2f392 f6473680 test byte ptr [edi+0x36],0x80
>
> Resetting default context
>
> LAST_CONTROL_TRANSFER: from fcc2d334 to fcc2f392
>
> STACK_TEXT:
>
> fccf486c fcc2d334 fccf4894 00000003 8078b1a8
> tcpip!TdiQueryInformation_44+0x1b4
>
> fccf48ac fcc29f9a 8080c128 8080c198 8080c128
tcpip!TCPQueryInformation+0x89
>
> fccf48c0 80111b3f 807b6c10 8080c128 807bddbd
> tcpip!TCPDispatchInternalDeviceControl+0x8d
>
> fccf48d4 f70c5a7b fccf49e0 fccf4a74 801a0c26 nt!IofCallDriver+0x37
>
> fccf498c f70c3829 807be5a8 00000028 00000006
> netfilter!DrvGetAddresInfo+0x55b
>
> fccf4a74 f70c2f32 807a6b40 807be5a8 807be5a8
> netfilter!DrvFilterCreateIrpOnTransport+0x2f7
>
> fccf4abc f70c1fd1 807a6b40 807be5a8 00000000
> netfilter!DrvFilterDispatch+0x7f
>
> fccf4b20 80111b3f 807a6b40 807be5a8 fccf4e10 netfilter!DrvDispatch+0x8f
>
> fccf4b34 80172f82 801727b6 807b6bf8 00000000 nt!IofCallDriver+0x37
>
> fccf4c40 80191ca7 807b6c10 00000000 fccf4d08 nt!IopParseDevice+0x7cc
>
> fccf4cc8 8018d9c9 00000000 fccf4dc4 00000040 nt!ObpLookupObjectName+0x283
>
> fccf4ddc 80164b42 01357d9c 00000000 cf4e0001 nt!ObOpenObjectByName+0xbb
>
> fccf4e90 801698d0 0135fe64 00100003 01357d9c nt!IoCreateFile+0x436
>
> fccf4ed0 8013e394 0135fe64 00100003 01357d9c nt!NtCreateFile+0x2e
>
> fccf4ed0 77f6781f 0135fe64 00100003 01357d9c nt!KiSystemService+0xc4
>
> 01357db4 76fc3d5f 0135fe64 76fc7808 00000000 0x77f6781f
>
> 0135fe6c 76fc3418 00000001 0135fee8 0135ff3b 0x76fc3d5f
>
> 0135ff3c 76fc355c 00147898 00147888 00000000 0x76fc3418
>
> 0135ff60 76fc224a 00148ba0 022ac764 022a5863 0x76fc355c
>
> 0135ff8c 022a57f2 022ac460 00000001 001488a8 0x76fc224a
>
> 0135ffec 00000000 77dd8be4 001488a0 00000000 0x22a57f2
>
>
>
> FOLLOWUP_IP:
>
> tcpip!TdiQueryInformation_44+1b4
>
> fcc2f392 f6473680 test byte ptr [edi+0x36],0x80
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: tcpip!TdiQueryInformation_44+1b4
>
> MODULE_NAME: tcpip
>
> IMAGE_NAME: tcpip.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 37c57064
>
> STACK_COMMAND: .trap fffffffffccf46e8 ; kb
>
> BUCKET_ID: 0xA_tcpip!TdiQueryInformation_44+1b4
>
> Followup: MachineOwner
>
> ---------
>
> kd> .trap fffffffffccf46e8
>
> ErrCode = 00000000
>
> eax=00000000 ebx=8080c19c ecx=00000004 edx=00000000 esi=00000004
> edi=00000000
>
> eip=fcc2f392 esp=fccf475c ebp=fccf486c iopl=0 nv up ei pl zr na po nc
>
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
>
> tcpip!TdiQueryInformation_44+1b4:
>
> fcc2f392 f6473680 test byte ptr [edi+0x36],0x80
>
> kd> kb
>
> *** Stack trace for last set context - .thread/.cxr resets it
>
> ChildEBP RetAddr Args to Child
>
> fccf486c fcc2d334 fccf4894 00000003 8078b1a8
> tcpip!TdiQueryInformation_44+0x1b4
>
> fccf48ac fcc29f9a 8080c128 8080c198 8080c128
tcpip!TCPQueryInformation+0x89
>
> fccf48c0 80111b3f 807b6c10 8080c128 807bddbd
> tcpip!TCPDispatchInternalDeviceControl+0x8d
>
> fccf48d4 f70c5a7b fccf49e0 fccf4a74 801a0c26 nt!IofCallDriver+0x37
>
> fccf498c f70c3829 807be5a8 00000028 00000006
> netfilter!DrvGetAddresInfo+0x55b [\subodhg\e$\NetFilter
> Verified\NT\NetFilter\Queues.c @ 1594]
>
> fccf4a74 f70c2f32 807a6b40 807be5a8 807be5a8
> netfilter!DrvFilterCreateIrpOnTransport+0x2f7 [\subodhg\e$\NetFilter
> Verified\NT\NetFilter\NetFilter.c @ 1829]
>
> fccf4abc f70c1fd1 807a6b40 807be5a8 00000000
> netfilter!DrvFilterDispatch+0x7f [\subodhg\e$\NetFilter
> Verified\NT\NetFilter\NetFilter.c @ 1180]
>
> fccf4b20 80111b3f 807a6b40 807be5a8 fccf4e10 netfilter!DrvDispatch+0x8f
> [\subodhg\e$\NetFilter Verified\NT\NetFilter\NetFilter.c @ 262]
>
> fccf4b34 80172f82 801727b6 807b6bf8 00000000 nt!IofCallDriver+0x37
>
> fccf4c40 80191ca7 807b6c10 00000000 fccf4d08 nt!IopParseDevice+0x7cc
>
> fccf4cc8 8018d9c9 00000000 fccf4dc4 00000040 nt!ObpLookupObjectName+0x283
>
> fccf4ddc 80164b42 01357d9c 00000000 cf4e0001 nt!ObOpenObjectByName+0xbb
>
> fccf4e90 801698d0 0135fe64 00100003 01357d9c nt!IoCreateFile+0x436
>
> fccf4ed0 8013e394 0135fe64 00100003 01357d9c nt!NtCreateFile+0x2e
>
> fccf4ed0 77f6781f 0135fe64 00100003 01357d9c nt!KiSystemService+0xc4
>
> 01357db4 76fc3d5f 0135fe64 76fc7808 00000000 0x77f6781f
>
> 0135fe6c 76fc3418 00000001 0135fee8 0135ff3b 0x76fc3d5f
>
> 0135ff3c 76fc355c 00147898 00147888 00000000 0x76fc3418
>
> 0135ff60 76fc224a 00148ba0 022ac764 022a5863 0x76fc355c
>
> 0135ff8c 022a57f2 022ac460 00000001 001488a8 0x76fc224a
>
>
>
> ----- Original Message -----
> From: “Peter Wieland”
> To: “Windows System Software Devs Interest List”
> Sent: Friday, April 23, 2004 7:55 PM
> Subject: RE: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
> on NT4 …
>
>
> You can use MmBuildMdlForNonPagedPool rather than doing a ProbeAndLock.
>
> On what line does the crash occur?
>
> -p
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of subodh gupta
> Sent: Friday, April 23, 2004 4:30 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation
> on NT4 …
>
> HI,
>
> The Following Code Works fine on Win 2k xp 2003 but generates a
> IRQL_NOT_LESS_OR_EQUAL Bug check on NT4.Can anybody tell me what i am
> doing wrong here which is making NT4 angry ?
>
>
> pQueryIrp =
> oAllocateIrp( (pFilterDeviceExtension->pTargetDeviceObject->StackSize),
> FALSE );
>
> pBuffer =
> ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);
>
> RtlZeroMemory(pBuffer,TDI_ADDRESS_INFO_MAX);
>
> MdlAddr = IoAllocateMdl(
> pBuffer,
> TDI_ADDRESS_INFO_MAX,
> FALSE,
> FALSE,
> NULL
> );
>
>
>
> __try
> {
> MmProbeAndLockPages(MdlAddr,
> KernelMode ,
> IoWriteAccess);
>
> }
>__except( EXCEPTION_EXECUTE_HANDLER )
> {
>
>
> IoFreeMdl( MdlAddr );
>
> MdlAddr = NULL;
>
> return STATUS_SUCCESS ;
> }
>
>
> MdlAddr->Next = NULL;
>
>
> TdiBuildQueryInformation(
> pQueryIrp,
> pFilterDeviceExtension->pTargetDeviceObject,
> pIrpStackLocation->FileObject,
> DrvSimpleTdiRequestCompletion,
> &kEvent,
> TDI_QUERY_ADDRESS_INFO ,
> MdlAddr
> );
>
> ntStatus = IoCallDriver(pFilterDeviceExtension->pTargetDeviceObject,
> pQueryIrp);
>
> if(ntStatus == STATUS_PENDING)
> {
> KeWaitForSingleObject(&kEvent,
> Executive,
> KernelMode ,
> FALSE,
> NULL
> );
>
> }
>
>
> Regards
> Subodh
>
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Maxim_S_Shatskih · April 24, 2004, 4:35pm

Use MmBuildMdlForNonPagedPool instead of MmProbeAndLockPages for a MDL
which describes the allocation from the nonpaged pool.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “subodh gupta”
To: “Windows System Software Devs Interest List”
Sent: Friday, April 23, 2004 3:29 PM
Subject: [ntdev] Correct way to Build MDL for TdiBuildQueryInformation on NT4
…

> HI,
>
> The Following Code Works fine on Win 2k xp 2003 but generates a
> IRQL_NOT_LESS_OR_EQUAL Bug check on NT4.Can anybody tell me what i am doing
> wrong here which is making NT4 angry ?
>
>
> pQueryIrp =
> oAllocateIrp( (pFilterDeviceExtension->pTargetDeviceObject->StackSize),
> FALSE );
>
> pBuffer = ExAllocatePoolWithTag(NonPagedPool,TDI_ADDRESS_INFO_MAX,‘NFA’);
>
> RtlZeroMemory(pBuffer,TDI_ADDRESS_INFO_MAX);
>
> MdlAddr = IoAllocateMdl(
> pBuffer,
> TDI_ADDRESS_INFO_MAX,
> FALSE,
> FALSE,
> NULL
> );
>
>
>
> __try
> {
> MmProbeAndLockPages(MdlAddr,
> KernelMode ,
> IoWriteAccess);
>
> }
>__except( EXCEPTION_EXECUTE_HANDLER )
> {
>
>
> IoFreeMdl( MdlAddr );
>
> MdlAddr = NULL;
>
> return STATUS_SUCCESS ;
> }
>
>
> MdlAddr->Next = NULL;
>
>
> TdiBuildQueryInformation(
> pQueryIrp,
> pFilterDeviceExtension->pTargetDeviceObject,
> pIrpStackLocation->FileObject,
> DrvSimpleTdiRequestCompletion,
> &kEvent,
> TDI_QUERY_ADDRESS_INFO ,
> MdlAddr
> );
>
> ntStatus = IoCallDriver(pFilterDeviceExtension->pTargetDeviceObject,
> pQueryIrp);
>
> if(ntStatus == STATUS_PENDING)
> {
> KeWaitForSingleObject(&kEvent,
> Executive,
> KernelMode ,
> FALSE,
> NULL
> );
>
> }
>
>
> Regards
> Subodh
>
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com