my driver cause DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS bugcheck. It doesnt happen every time i unload it. but it happens after a few time i start and stop it.
this is the crashdump analysis
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
A driver unloaded without cancelling timers, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
Arguments:
Arg1: 9fe08071, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 9fe08071, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, Mm internal code.
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from 81fa9718
Unable to read MiSystemVaType memory at 81f89160
9fe08071
FAULTING_IP:
GWDogProc+1071
9fe08071 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xCE
PROCESS_NAME: SSWatcher.exe
CURRENT_IRQL: 0
TRAP_FRAME: 9ee1fc4c -- (.trap 0xffffffff9ee1fc4c)
ErrCode = 00000000
eax=c0000004 ebx=9fe08010 ecx=82077284 edx=00000002 esi=02e2d488 edi=00000010
eip=9fe08071 esp=9ee1fcc0 ebp=9ee1fd1c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
<unloaded_gwdogproc.sy>+0x1071:
9fe08071 ?? ???
Resetting default scope
IP_MODULE_UNLOADED:
GWDogProc+1071
9fe08071 ?? ???
LAST_CONTROL_TRANSFER: from 81e87628 to 81ec69eb
FAILED_INSTRUCTION_ADDRESS:
GWDogProc+1071
9fe08071 ?? ???
STACK_TEXT:
9ee1fc34 81e87628 00000000 9fe08071 00000000 nt!MmAccessFault+0x106
9ee1fc34 9fe08071 00000000 9fe08071 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
9ee1fcbc 00000000 02e2d488 00000000 00000111 <unloaded_gwdogproc.sy>+0x1071
STACK_COMMAND: kb
FOLLOWUP_IP:
GWDogProc+1071
9fe08071 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: GWDogProc+1071
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GWDogProc
IMAGE_NAME: GWDogProc.sy
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
Followup: MachineOwner
---------
please point me to a right direction on how to debug this.
how can i know which operation i forgot to cancel?
thanks</unloaded_gwdogproc.sy></unloaded_gwdogproc.sy>
Do you use any work items, timers, or DPCs? What kind of driver is this?
-scott
--
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
wrote in message news:xxxxx@ntfsd...
my driver cause DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
bugcheck. It doesnt happen every time i unload it. but it happens after a
few time i start and stop it.
this is the crashdump analysis
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
A driver unloaded without cancelling timers, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
Arguments:
Arg1: 9fe08071, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 9fe08071, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000000, Mm internal code.
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from 81fa9718
Unable to read MiSystemVaType memory at 81f89160
9fe08071
FAULTING_IP:
GWDogProc+1071
9fe08071 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xCE
PROCESS_NAME: SSWatcher.exe
CURRENT_IRQL: 0
TRAP_FRAME: 9ee1fc4c -- (.trap 0xffffffff9ee1fc4c)
ErrCode = 00000000
eax=c0000004 ebx=9fe08010 ecx=82077284 edx=00000002 esi=02e2d488
edi=00000010
eip=9fe08071 esp=9ee1fcc0 ebp=9ee1fd1c iopl=0 nv up ei pl zr na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
<unloaded_gwdogproc.sy>+0x1071:
9fe08071 ?? ???
Resetting default scope
IP_MODULE_UNLOADED:
GWDogProc+1071
9fe08071 ?? ???
LAST_CONTROL_TRANSFER: from 81e87628 to 81ec69eb
FAILED_INSTRUCTION_ADDRESS:
GWDogProc+1071
9fe08071 ?? ???
STACK_TEXT:
9ee1fc34 81e87628 00000000 9fe08071 00000000 nt!MmAccessFault+0x106
9ee1fc34 9fe08071 00000000 9fe08071 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
9ee1fcbc 00000000 02e2d488 00000000 00000111 <unloaded_gwdogproc.sy>+0x1071
STACK_COMMAND: kb
FOLLOWUP_IP:
GWDogProc+1071
9fe08071 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: GWDogProc+1071
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GWDogProc
IMAGE_NAME: GWDogProc.sy
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
Followup: MachineOwner
---------
please point me to a right direction on how to debug this.
how can i know which operation i forgot to cancel?
thanks</unloaded_gwdogproc.sy></unloaded_gwdogproc.sy>
no , i dont think i use any work items, timers or DPC. This driver hook to
ZWQuerySystemInformation() . It protects certain processed from being
killed.
On Thu, Mar 24, 2011 at 8:43 AM, Scott Noone wrote:
> Do you use any work items, timers, or DPCs? What kind of driver is this?
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> wrote in message news:xxxxx@ntfsd…
>
>
> my driver cause DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
> bugcheck. It doesnt happen every time i unload it. but it happens after a
> few time i start and stop it.
>
> this is the crashdump analysis
> ----------------------------------
> 0: kd> !analyze -v
>
> ***
> *
> * Bugcheck Analysis
> *
>
>
>
> DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
> A driver unloaded without cancelling timers, DPCs, worker threads, etc.
> The broken driver’s name is displayed on the screen.
> Arguments:
> Arg1: 9fe08071, memory referenced
> Arg2: 00000000, value 0 = read operation, 1 = write operation
> Arg3: 9fe08071, If non-zero, the instruction address which referenced the
> bad memory
> address.
> Arg4: 00000000, Mm internal code.
>
> Debugging Details:
> ------------------
>
>
> READ_ADDRESS: GetPointerFromAddress: unable to read from 81fa9718
> Unable to read MiSystemVaType memory at 81f89160
> 9fe08071
>
> FAULTING_IP:
> GWDogProc+1071
> 9fe08071 ?? ???
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>
> BUGCHECK_STR: 0xCE
>
> PROCESS_NAME: SSWatcher.exe
>
> CURRENT_IRQL: 0
>
> TRAP_FRAME: 9ee1fc4c – (.trap 0xffffffff9ee1fc4c)
> ErrCode = 00000000
> eax=c0000004 ebx=9fe08010 ecx=82077284 edx=00000002 esi=02e2d488
> edi=00000010
> eip=9fe08071 esp=9ee1fcc0 ebp=9ee1fd1c iopl=0 nv up ei pl zr na pe
> nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
> <unloaded_gwdogproc.sy>+0x1071:
> 9fe08071 ?? ???
> Resetting default scope
>
> IP_MODULE_UNLOADED:
> GWDogProc+1071
> 9fe08071 ?? ???
>
> LAST_CONTROL_TRANSFER: from 81e87628 to 81ec69eb
>
> FAILED_INSTRUCTION_ADDRESS:
> GWDogProc+1071
> 9fe08071 ?? ???
>
> STACK_TEXT:
> 9ee1fc34 81e87628 00000000 9fe08071 00000000 nt!MmAccessFault+0x106
> 9ee1fc34 9fe08071 00000000 9fe08071 00000000 nt!KiTrap0E+0xdc
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 9ee1fcbc 00000000 02e2d488 00000000 00000111 <unloaded_gwdogproc.sy>+0x1071
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> GWDogProc+1071
> 9fe08071 ?? ???
>
> SYMBOL_STACK_INDEX: 2
>
> SYMBOL_NAME: GWDogProc+1071
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: GWDogProc
>
> IMAGE_NAME: GWDogProc.sy
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 0
>
> FAILURE_BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
>
> BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
>
> Followup: MachineOwner
> ---------
> please point me to a right direction on how to debug this.
> how can i know which operation i forgot to cancel?
> thanks
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></unloaded_gwdogproc.sy></unloaded_gwdogproc.sy>
Hooking drivers can’t unload, search the archives. You need to rewrite your
driver to use the architected support in the O/S to do this sort of thing
(many discussions about this topic are also in the archives).
And I hadn’t realized until later, but do not cross-post on NTDEV and NTFSD.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
“suki minna” wrote in message news:xxxxx@ntfsd…
no , i dont think i use any work items, timers or DPC. This driver hook to
ZWQuerySystemInformation() . It protects certain processed from being
killed.
On Thu, Mar 24, 2011 at 8:43 AM, Scott Noone wrote:
Do you use any work items, timers, or DPCs? What kind of driver is this?
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntfsd…
my driver cause DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
bugcheck. It doesnt happen every time i unload it. but it happens after a
few time i start and stop it.
this is the crashdump analysis
----------------------------------
0: kd> !analyze -v
Bugcheck Analysis
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
A driver unloaded without cancelling timers, DPCs, worker threads, etc.
The broken driver’s name is displayed on the screen.
Arguments:
Arg1: 9fe08071, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 9fe08071, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000000, Mm internal code.
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 81fa9718
Unable to read MiSystemVaType memory at 81f89160
9fe08071
FAULTING_IP:
GWDogProc+1071
9fe08071 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xCE
PROCESS_NAME: SSWatcher.exe
CURRENT_IRQL: 0
TRAP_FRAME: 9ee1fc4c – (.trap 0xffffffff9ee1fc4c)
ErrCode = 00000000
eax=c0000004 ebx=9fe08010 ecx=82077284 edx=00000002 esi=02e2d488
edi=00000010
eip=9fe08071 esp=9ee1fcc0 ebp=9ee1fd1c iopl=0 nv up ei pl zr na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
<unloaded_gwdogproc.sy>+0x1071:
9fe08071 ?? ???
Resetting default scope
IP_MODULE_UNLOADED:
GWDogProc+1071
9fe08071 ?? ???
LAST_CONTROL_TRANSFER: from 81e87628 to 81ec69eb
FAILED_INSTRUCTION_ADDRESS:
GWDogProc+1071
9fe08071 ?? ???
STACK_TEXT:
9ee1fc34 81e87628 00000000 9fe08071 00000000 nt!MmAccessFault+0x106
9ee1fc34 9fe08071 00000000 9fe08071 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
9ee1fcbc 00000000 02e2d488 00000000 00000111 <unloaded_gwdogproc.sy>+0x1071
STACK_COMMAND: kb
FOLLOWUP_IP:
GWDogProc+1071
9fe08071 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: GWDogProc+1071
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GWDogProc
IMAGE_NAME: GWDogProc.sy
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
BUCKET_ID: 0xCE_BAD_IP_GWDogProc+1071
Followup: MachineOwner
---------
please point me to a right direction on how to debug this.
how can i know which operation i forgot to cancel?
thanks
—
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</unloaded_gwdogproc.sy></unloaded_gwdogproc.sy>