Alex,
One interesting note about Verifier and NDIS drivers is that you must turn
on Verifier for NDIS.SYS to get the benefits of the things like special
pool, IRQL checking, etc. Verifier intercepts API calls to certain
functions in kernel mode to implement the instrumentation. A typical NDIS
driver uses the NDIS variants of things like pool allocation
(NdisAllocateMemoryWithTag) and spinlocks (NdisXxxSpinLock). The Verifier
hooks do not intercept the NDIS calls but *do* intercept the calls from NDIS
to NTOSKRNL which are made on behalf of your driver. When you turn on
Verifier for NDIS.SYS, however, allocations and spinlock operations by
*every* NDIS driver will be inspected by Verifier. I don’t believe it is
possible to narrow that to just your IM driver.
I recommend that you install the checked build of Windows to gain the
further benefit of:
-
Better diagnostics in general. Verbose, yes, and sometimes extraneous
but someone new to drivers and NDIS in particular will definitely benefit
from the stringent checking NDIS does in the Checked Build.
-
The Checked version of NDIS.SYS has a feature called “NDIS Verifier”
(search MSDN for more info). It augments the checks made by Verifier with
NDIS specific validations.
-
Optimizations are turned off in the OS code and thus things like stack
back-traces are more clear and complete. This is often helpful
You may also wish to familiarize yourself with the Kernel Debugger extension
for NDIS (see the Windbg docs for more info). It can be very handy when
trying to understand the interactions between your IM driver and other
components like the under-bound miniports or above-bound protocols.
I do not know if Win2K was chosen for a reason or not but I recommend that
you first develop and test your driver in the latest possible checked build
environment (Windows Server 2003 SP1 x86 Checked) since the OS debug &
diagnosis support as well as the Verifier support is richest on later
versions of Windows. You can always go back to Win2K after you have a solid
driver.
Since you are using VMWare I will go a bit OT and mention that when you
install the VMWare tools in the Checked Build of Windows 2K/XP/2K3, you are
likely to hit an ASSERT() in NTOSKRNL, specifically in the I/O manager
complaining that a FSD driver dispatch routine is NULL in the VMWare ‘shared
folders’ driver. The ASSERT() occurs only once each boot and is easily
addressed by having Windbg attached (you would anyway, right!) all of the
time. Setup your BOOT.INI to enable the kernel debugger *before* installing
the VMWare tools so that when the reboot occurs and the FSD loads, you can
continue from the ASSERT().
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alex Jordan
Sent: Thursday, August 25, 2005 4:10 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Debugging an NDIS IM Driver
Hello all,
I am a total newcomer to driver development and I have a couple of
questions about debugging. I’ve been working on an NDIS Intermediate
driver based on the PassThru driver from the DDK (build 2600), as
extended by the folks at wd-3.com (thanks for the awesome examples!).
I’m trying to add some features to the driver, and I’ve started
getting “Detected Memory leaks!” errors in the debugger. I’ve been
trying to use the Driver Verifier to figure out what’s going on, but
when I set my driver to be verified, all the values on the Pool
Tracking tag stay at 0. Other drivers (like NDIS.sys) have values,
but not my driver. I’m using NdisAllocateMemoryWithTag, and my tags
don’t show up in PoolTag either. Do I need to compile my driver with
any special flags or something to get it to work with the Verifier or
Pool Tags?
I am using a free build of Windows 2000 via VMware as my test host,
and I’m doing my development on a WinXP-SP2 system. I’ve been
building my driver with the “Win 2K checked build environment” from
the DDK, copying the driver and INF files to the Win2k machine, and
then running the debugger on the WinXP host, connected with a serial
port hooked through a named pipe. I used the gflags utility and
checked “Enable Pool Tagging”, as well.
Any pointers would be much appreciated. Thanks!
Alex Jordan
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com