DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)

Sudheer_Sood · December 15, 2007, 6:39am

Hi,
I have a softare-only driver. Its a root enumerated function driver(WDM
Driver). It has been written on framework provided by driverworks. My aim is
to apply for WHQL for that I am doing DTM testing for this driver under
unclassified category. This driver is getting failed in “Device Path
Exerciser” test. The system gets crashed while doing “Device Path Exerciser
Test”. Datails of memory dump is:

Loading Dump File [C:\Documents and
settings\Nagesh_Kumar\Desktop\crashdump\12dec\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\WINDOWS\Symbols*
http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16575.x86fre.vista_gdr.071009-1548
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d08ad0
Debug session time: Fri Dec 14 10:34:15.546 2007 (GMT+5)
System Uptime: 0 days 0:00:18.093
Loading Kernel Symbols
…
Loading User Symbols

*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {22f, 89510c10, 87d34f20, 0}

*** ERROR: Module load completed but symbols could not be loaded for
CryptOSD.sys
Probably caused by : CryptOSD.sys ( CryptOSD+9c10 )

Followup: MachineOwner

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000022f, (Non-fatal error) The caller has completed an untouched
IRP_MJ_PNP (instead of
passing the IRP down), or non-PDO has failed the IRP using illegal value of
STATUS_NOT_SUPPORTED. (IRP specified.)
Arg2: 89510c10
Arg3: 87d34f20
Arg4: 00000000

Debugging Details:

ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.

BUGCHECK_STR: 0xc9_22f

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22f

FAULTING_IP:
CryptOSD+9c10
89510c10 55 push ebp

IRP_ADDRESS: 87d34f20

DEVICE_OBJECT: 84cf3030

DRIVER_OBJECT: 84ce2040

IMAGE_NAME: CryptOSD.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4761451e

MODULE_NAME: CryptOSD

FAULTING_MODULE: 89507000 CryptOSD

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LOCK_ADDRESS: 81d24ac0 – (!locks 81d24ac0)

Resource @ nt!PiEngineLock (0x81d24ac0) Exclusively owned
Threads: 832b8020-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0x81d24ac0
Thread Count : 1
Thread address: 0x832b8020
Thread wait : 0x486

LAST_CONTROL_TRANSFER: from 81eca6fb to 81cacf57

STACK_TEXT:
855a80e4 81eca6fb 0000004c 000000c9 855a8104 nt!KeBugCheckEx+0x1e
855a826c 81eca293 00000000 84cbe7e8 87d34f20 nt!ViBugcheckHalt+0xb0
855a8510 81eca1a4 0000022f 855a8520 855a8608
nt!VfBugcheckThrowException+0xd9
855a85f0 81ed2ae8 0000022f 00000009 89510c10
nt!VfBugcheckThrowIoException+0x11b
855a8624 81ecd6cf 84cf3f98 84cf3f98 00000001
nt!VfPnpVerifyIrpStackUpward+0xda
855a863c 81ecb839 84cbe7e8 00000001 00000001
nt!VfMajorVerifyIrpStackUpward+0x3c
855a8678 81ec2c10 87d34f20 855a86f4 87d34fdb nt!IovpCompleteRequest2+0xb2
855a86a8 81c34ae0 00000000 87d34f20 855a8714
nt!IovpLocalCompletionRoutine+0x73
855a86dc 81ec2b53 87d34f20 84cf3030 84b57978 nt!IopfCompleteRequest+0x12d
855a874c 89512d0a 855a8790 84cf30e8 855a8788 nt!IovCompleteRequest+0x11c
WARNING: Stack unwind information not available. Following frames may be
wrong.
855a875c 895115f9 c00000bb 00000000 84cf30e8 CryptOSD+0xbd0a
855a8788 8952102f 87d34f20 ffffffff ffffffff CryptOSD+0xa5f9
855a87e4 8951f93f 87d34f20 ffffffff ffffffff CryptOSD+0x1a02f
855a881c 89510c65 87d34f20 81ecabf6 87d34f20 CryptOSD+0x1893f
855a8830 81ec2681 84cf3030 87d34f20 855a88c8 CryptOSD+0x9c65
855a8854 81c67b80 81d37499 00000000 84cf3030 nt!IovCallDriver+0x252
855a8868 81d37499 00000000 855a8988 8325a5d0 nt!IofCallDriver+0x1b
855a88f4 81ec6ee1 8325a5d0 855a8990 855a8988 nt!IoGetDmaAdapter+0x110
855a8924 8951095e 8325a5d0 855a8990 855a8988 nt!VfGetDmaAdapter+0x78
855a89bc 89510bcb 8325a5d0 0030002e 81f09124 CryptOSD+0x995e
855a89d0 81c0f3e2 84ce2040 8325a5d0 8325a448 CryptOSD+0x9bcb
855a89ec 81d5cab7 84ce2040 89510bb0 00000004 nt!PpvUtilCallAddDevice+0x4a
855a8a14 81d5887b 84ce2040 89510bb0 00000002 nt!PnpCallAddDevice+0x77
855a8af0 81d5dd0e 02000000 00000000 81d23d30 nt!PipCallDriverAddDevice+0x46d
855a8cec 81c0f74a 832519b8 84b86898 855a8d38 nt!PipProcessDevNodeTree+0x157
855a8d44 81c6b7aa 00000000 00000000 832b8020 nt!PnpDeviceActionWorker+0x21b
855a8d7c 81dafbad 00000000 855a3680 00000000 nt!ExpWorkerThread+0xfd
855a8dc0 81c9a346 81c6b6ad 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
CryptOSD+9c10
89510c10 55 push ebp

SYMBOL_NAME: CryptOSD+9c10

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: 0xc9_22f_VRF_CryptOSD+9c10

BUCKET_ID: 0xc9_22f_VRF_CryptOSD+9c10

Followup: MachineOwner

kd> !irp 87d34f20
Irp is active with 3 stacks 4 is current (= 0x87d34ffc)
No Mdl: No System Buffer: Thread 832b8020: Irp is completed.
cmd flg cl Device File Completion-Context
[0, 0] 0 2 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 c00000bb
[0, 0] 0 10 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[1b, 8] 0 2 84cf3030 00000000 00000000-00000000
\Driver\CryptOSD
Args: 81c52088 00010020 855a88a8 00000000
kd> !irp 89510c10
IRP signature does not match, probably not an IRP
kd> !devobj ffffffff84cf3030 f
Device object (84cf3030) is for:
CryptOSDDevice0 \Driver\CryptOSD DriverObject 84ce2040
Current Irp 00000000 RefCount 0 Type 00000022 Flags 000000d0
Dacl 86060830 DevExt 84cf30e8 DevObjExt 84cf3320
ExtensionFlags (0xc0000810) DOE_START_PENDING, DOE_BOTTOM_OF_FDO_STACK,
DOE_DESIGNATED_FDO
Unknown flags 0x00000800
AttachedTo (Lower) 84cef7c8 \DRIVER\VERIFIER_FILTER
Device queue is not busy.

Please suggest me where I am going wrong.

–
Regards,
Nag

Mark_Roddy · December 15, 2007, 9:17am

(The ntdev list bot seems to have eaten my reply. So here it is again
in plaintext.)

1.) it would help if you had the correct symbols for your driver.
2.) get rid of driver studio and driveworks, it is discontinued and
unsupported and known to have issues. Rewrite your driver using KMDF.
3.) your driver appears to be mishandling an IRP_MN_QUERY_INTERFACE request.

[1b, 8] 0 2 84cf3030 00000000 00000000-00000000
\Driver\CryptOSD

1b = IRP_MJ_PNP 8 = IRP_MN_QUERY_INTERFACE

From the WDK:

“If a function or filter driver does not handle this IRP, it calls
IoSkipCurrentIrpStackLocation and passes the IRP down to the next
driver. Such a driver must not modify Irp->IoStatus.Status and must
not complete the IRP.”

You appear to be failing the request here:
855a875c 895115f9 c00000bb 00000000 84cf30e8 CryptOSD+0xbd0a
with STATUS_NOT_SUPPORTED, which is the violation that verifier is
complaining about.

Get rid of driverworks.

Sudheer_Sood · December 18, 2007, 8:02am

Thanks Mark for your reply.
Now I have corrected symbol. At present I need to fix it on Driver studio,
then will move to KMDF. Here is crash dump analysis with correct symbols.

***************************
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and
settings\Nagesh_Kumar\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\WINDOWS\Symbols*
http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16575.x86fre.vista_gdr.071009-1548
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d08ad0
Debug session time: Wed Dec 19 07:30:02.421 2007 (GMT+5)
System Uptime: 0 days 0:00:13.968
Loading Kernel Symbols
…
Loading User Symbols

*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {22f, 895f1c20, 87c44f20, 0}

Probably caused by : CryptOSD.sys ( CryptOSD!KDriver::DriverIrpDispatch+0 )

Followup: MachineOwner

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000022f, (Non-fatal error) The caller has completed an untouched
IRP_MJ_PNP (instead of
passing the IRP down), or non-PDO has failed the IRP using illegal value of
STATUS_NOT_SUPPORTED. (IRP specified.)
Arg2: 895f1c20
Arg3: 87c44f20
Arg4: 00000000

Debugging Details:

ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.

BUGCHECK_STR: 0xc9_22f

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22f

FAULTING_IP:
CryptOSD!KDriver::DriverIrpDispatch+0
[c:\pvcs\phoenixnet_security\common\driverworkslibs\version_2_6\winxp\include\kdriver.h
@ 945]
895f1c20 55 push ebp

IRP_ADDRESS: 87c44f20

DEVICE_OBJECT: 84c17030

DRIVER_OBJECT: 84c168d0

IMAGE_NAME: CryptOSD.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4767ae7b

MODULE_NAME: CryptOSD

FAULTING_MODULE: 895e8000 CryptOSD

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LOCK_ADDRESS: 81d24ac0 – (!locks 81d24ac0)

Resource @ nt!PiEngineLock (0x81d24ac0) Exclusively owned
Threads: 832b8d78-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0x81d24ac0
Thread Count : 1
Thread address: 0x832b8d78
Thread wait : 0x37e

LAST_CONTROL_TRANSFER: from 81eca6fb to 81cacf57

STACK_TEXT:
855a40e4 81eca6fb 0000004c 000000c9 855a4104 nt!KeBugCheckEx+0x1e
855a426c 81eca293 00000000 84c1d1c0 87c44f20 nt!ViBugcheckHalt+0xb0
855a4510 81eca1a4 0000022f 855a4520 855a4608
nt!VfBugcheckThrowException+0xd9
855a45f0 81ed2ae8 0000022f 00000009 895f1c20
nt!VfBugcheckThrowIoException+0x11b
855a4624 81ecd6cf 84c16378 84c16378 00000001
nt!VfPnpVerifyIrpStackUpward+0xda
855a463c 81ecb839 84c1d1c0 00000001 00000001
nt!VfMajorVerifyIrpStackUpward+0x3c
855a4678 81ec2c10 87c44f20 855a46f4 87c44fdb nt!IovpCompleteRequest2+0xb2
855a46a8 81c34ae0 00000000 87c44f20 855a4714
nt!IovpLocalCompletionRoutine+0x73
855a46dc 81ec2b53 87c44f20 84c17030 83660ba8 nt!IopfCompleteRequest+0x12d
855a474c 895f3caa 855a4790 84c170e8 855a4788 nt!IovCompleteRequest+0x11c
855a475c 895f2619 c00000bb 00000000 84c170e8 CryptOSD!KIrp::PnpComplete+0x3a
[c:\pvcs\phoenixnet_security\common\driverworkslibs\version_2_6\winxp\include\kpnpdev.h
@ 552]
855a4788 89601f8f 87c44f20 ffffffff ffffffff
CryptOSD!CryptOSDDevice::OnQueryInterface+0xf9
[c:\pvcs\phoenixnet_security\common\multiplerda\cryptosd\sys\cryptosddevice.cpp
@ 664]
855a47e4 8960089f 87c44f20 ffffffff ffffffff CryptOSD!KPnpDevice::Pnp+0x121c
[e:\program files\numega\driverstudio\driverworks\source\kpnpdev.cpp @ 1021]
855a481c 895f1c75 87c44f20 81ecabf6 87c44f20
CryptOSD!KPnpDevice::DeviceIrpDispatch+0x363 [e:\program
files\numega\driverstudio\driverworks\source\kpnpdev.cpp @ 464]
855a4830 81ec2681 84c17030 87c44f20 855a48c8
CryptOSD!KDriver::DriverIrpDispatch+0x55
[c:\pvcs\phoenixnet_security\common\driverworkslibs\version_2_6\winxp\include\kdriver.h
@ 952]
855a4854 81c67b80 81d37499 00000000 84c17030 nt!IovCallDriver+0x252
855a4868 81d37499 00000000 855a4988 8325a2f8 nt!IofCallDriver+0x1b
855a48f4 81ec6ee1 8325a2f8 855a4990 855a4988 nt!IoGetDmaAdapter+0x110
855a4924 895f195e 8325a2f8 855a4990 855a4988 nt!VfGetDmaAdapter+0x78
855a49bc 895f1bdb 8325a2f8 0030002e 81f09124
CryptOSD!CryptOSD::AddDevice+0x15e
[c:\pvcs\phoenixnet_security\common\multiplerda\cryptosd\sys\cryptosd.cpp @
197]
855a49d0 81c0f3e2 84c168d0 8325a2f8 8325a170
CryptOSD!KDriver::AddDeviceDispatch+0x1b
[c:\pvcs\phoenixnet_security\common\driverworkslibs\version_2_6\winxp\include\kdriver.h
@ 903]
855a49ec 81d5cab7 84c168d0 895f1bc0 00000004 nt!PpvUtilCallAddDevice+0x4a
855a4a14 81d5887b 84c168d0 895f1bc0 00000002 nt!PnpCallAddDevice+0x77
855a4af0 81d5dd0e 02000000 00000000 81d23d30 nt!PipCallDriverAddDevice+0x46d
855a4cec 81c0f74a 83251920 84b46268 855a4d38 nt!PipProcessDevNodeTree+0x157
855a4d44 81c6b7aa 00000000 00000000 832b8d78 nt!PnpDeviceActionWorker+0x21b
855a4d7c 81dafbad 00000000 855af680 00000000 nt!ExpWorkerThread+0xfd
855a4dc0 81c9a346 81c6b6ad 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
CryptOSD!KDriver::DriverIrpDispatch+0
[c:\pvcs\phoenixnet_security\common\driverworkslibs\version_2_6\winxp\include\kdriver.h
@ 945]
895f1c20 55 push ebp

FAULTING_SOURCE_CODE:
941: // Unless filtering is in effect, this routine just passes
942: // the IRP to the device object for further dispatching.
943: //
944: NTSTATUS KDriver::DriverIrpDispatch(PDEVICE_OBJECT pSysDev, PIRP
pIrp)

945: {
946: BOUNDS_CHECKER(IRP_DISPATCH, (m_TheDriver, pIrp ));
947:
948:
949: // If not filtering (common case), pass directly to device
950: if (!m_bFilterDispatch)

SYMBOL_NAME: CryptOSD!KDriver::DriverIrpDispatch+0

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: 0xc9_22f_VRF_CryptOSD!KDriver::DriverIrpDispatch+0

BUCKET_ID: 0xc9_22f_VRF_CryptOSD!KDriver::DriverIrpDispatch+0

Followup: MachineOwner

kd> !irp 87c44f20
Irp is active with 3 stacks 4 is current (= 0x87c44ffc)
No Mdl: No System Buffer: Thread 832b8d78: Irp is completed.
cmd flg cl Device File Completion-Context
[0, 0] 0 2 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 c00000bb
[0, 0] 0 10 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[1b, 8] 0 2 84c17030 00000000 00000000-00000000
\Driver\CryptOSD
Args: 81c52088 00010020 855a48a8 00000000
kd> !devobj ffffffff84c17030 f
Device object (84c17030) is for:
CryptOSDDevice0 \Driver\CryptOSD DriverObject 84c168d0
Current Irp 00000000 RefCount 0 Type 00000022 Flags 000000d0
Dacl 86062800 DevExt 84c170e8 DevObjExt 84c17320
ExtensionFlags (0xc0000810) DOE_START_PENDING, DOE_BOTTOM_OF_FDO_STACK,
DOE_DESIGNATED_FDO
Unknown flags 0x00000800
AttachedTo (Lower) 84c151d8 \DRIVER\VERIFIER_FILTER
Device queue is not busy.
kd> !drvobj ffffffff84c168d0 f
Driver object (84c168d0) is for:
\Driver\CryptOSD
Driver Extension List: (id , addr)

Device Object list:
84c17030

DriverEntry: 89683fc0 CryptOSD!DriverEntry
DriverStartIo: 00000000
DriverUnload: 896822c0 CryptOSD!KDriver::UnloadDispatch
AddDevice: 895f1bc0 CryptOSD!KDriver::AddDeviceDispatch

Dispatch routines:
[00] IRP_MJ_CREATE
895f1c20 CryptOSD!KDriver::DriverIrpDispatch
[01] IRP_MJ_CREATE_NAMED_PIPE 81c9a5c1 nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE
895f1c20 CryptOSD!KDriver::DriverIrpDispatch
[03] IRP_MJ_READ 81c9a5c1 nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE 81c9a5c1 nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION 81c9a5c1 nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION 81c9a5c1 nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA 81c9a5c1 nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA 81c9a5c1 nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS 81c9a5c1 nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION 81c9a5c1 nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION 81c9a5c1 nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL 81c9a5c1 nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL 81c9a5c1 nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL
895f1c20 CryptOSD!KDriver::DriverIrpDispatch
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 81c9a5c1 nt!IopInvalidDeviceRequest
[10] IRP_MJ_SHUTDOWN 81c9a5c1 nt!IopInvalidDeviceRequest
[11] IRP_MJ_LOCK_CONTROL 81c9a5c1 nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP
895f1c20 CryptOSD!KDriver::DriverIrpDispatch
[13] IRP_MJ_CREATE_MAILSLOT 81c9a5c1 nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY 81c9a5c1 nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY 81c9a5c1 nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER
895f1c20 CryptOSD!KDriver::DriverIrpDispatch
[17] IRP_MJ_SYSTEM_CONTROL
895f1c20 CryptOSD!KDriver::DriverIrpDispatch
[18] IRP_MJ_DEVICE_CHANGE 81c9a5c1 nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA 81c9a5c1 nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA 81c9a5c1 nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP
895f1c20 CryptOSD!KDriver::DriverIrpDispatch

Can someone tell me what is wrong?

Thanks,

Nag

Tim_Roberts · December 18, 2007, 1:47pm

à¤¨à¤¾à¤—à¥‡à¤¶ à¤•à¥à¤®à¤¾à¤° wrote:

Thanks Mark for your reply.
Now I have corrected symbol. At present I need to fix it on Driver
studio, then will move to KMDF. Here is crash dump analysis with
correct symbols.

The symbols weren’t really necessary to debug this problem.

Use !analyze -v to get detailed debugging information.

BugCheck C9, {22f, 895f1c20, 87c44f20, 0}

Probably caused by : CryptOSD.sys (
CryptOSD!KDriver::DriverIrpDispatch+0 )

Followup: MachineOwner

kd> !analyze -v
…
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000022f, (Non-fatal error) The caller has completed an
untouched IRP_MJ_PNP (instead of
passing the IRP down), or non-PDO has failed the IRP using illegal
value of
STATUS_NOT_SUPPORTED. (IRP specified.)
Arg2: 895f1c20
Arg3: 87c44f20
Arg4: 00000000

That says it all. You received an IRP_MJ_PNP request, and instead of
passing it to the next lower driver, as you are required to do, you
completed it with STATUS_NOT_SUPPORTED. Don’t do that. PNP IRPs that
you don’t support must be passed down.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Sudheer_Sood · December 19, 2007, 7:21am

I checked out the code of IRP_MJ_PNP,but didnt find couldnt get reason for
that. Implementaion is as (most of the code has been created by driver
wizard):

*//Default handler for IRP_MJ_PNP*

NTSTATUS CryptOSDDevice::DefaultPnp(KIrp I)
{

I.ForceReuseOfCurrentStackLocationInCalldown();
return m_Lower.PnpCall(this, I);
}

*//Default handler for IRP_MJ_POWER*

NTSTATUS CryptOSDDevice::DefaultPower(KIrp I)
{

I.IndicatePowerIrpProcessed();
I.CopyParametersDown();
return m_Lower.PnpPowerCall(this, I);
}

*// Default handler for IRP_MJ_SYSTEM_CONTROL*

NTSTATUS CryptOSDDevice::SystemControl(KIrp I)
{

I.ForceReuseOfCurrentStackLocationInCalldown();
return m_Lower.PnpCall(this, I);
}

*//Handler for IRP_MJ_PNP subfcn IRP_MN_START_DEVICE*

NTSTATUS CryptOSDDevice::OnStartDevice(KIrp I)
{

NTSTATUS status = STATUS_SUCCESS;

I.Information() = 0;

// The default Pnp policy has already cleared the IRP with the lower device
// Initialize the physical device object.

// Get the list of raw resources from the IRP
PCM_RESOURCE_LIST pResListRaw = I.AllocatedResources();
// Get the list of translated resources from the IRP
PCM_RESOURCE_LIST pResListTranslated = I.TranslatedResources();

// The base class will handle completion

return status;
}

*//Handler for IRP_MJ_PNP subfcn IRP_MN_STOP_DEVICE*

NTSTATUS CryptOSDDevice::OnStopDevice(KIrp I)
{
NTSTATUS status = STATUS_SUCCESS;

return status;

}

*//Handler for IRP_MJ_PNP subfcn IRP_MN_REMOVE_DEVICE*

NTSTATUS CryptOSDDevice::OnRemoveDevice(KIrp I)
{
return STATUS_SUCCESS;

}

*//Handler for IRP_MJ_CREATE*

NTSTATUS CryptOSDDevice::Create(KIrp I)
{
NTSTATUS status;

// I.ForceReuseOfCurrentStackLocationInCalldown();
// status = m_Lower.PnpCall(this, I);

status = I.PnpComplete(this, STATUS_SUCCESS, IO_NO_INCREMENT);

return status;
}

*//Handler for IRP_MJ_CLOSE*

NTSTATUS CryptOSDDevice::Close(KIrp I)
{
NTSTATUS status;

// I.ForceReuseOfCurrentStackLocationInCalldown();
// status = m_Lower.PnpCall(this, I);

status = I.PnpComplete(this, STATUS_SUCCESS, IO_NO_INCREMENT);
return status;
}

*// Handler for IRP_MJ_CLEANUP*

NTSTATUS CryptOSDDevice::CleanUp(KIrp I)
{

m_DriverManagedQueue.PnpCleanUp(this, I.FileObject());
return I.PnpComplete(this, STATUS_SUCCESS);
}

*// Handler for IRP_MJ_DEVICE_CONTROL*

NTSTATUS CryptOSDDevice::DeviceControl(KIrp I)
{
NTSTATUS status;

OsdProbeModeSet setProbe(gProbeHelper, OsdProbeHelper::USER_MODE);

if (I.IoctlCode() == IOCTL_OSD_GET_READY)
status = GetOSDReady((unsigned char*)I.IoctlBuffer(),
I.IoctlInputBufferSize());
else
status = CSDEntry(I.IoctlCode(), pParams);

// Clean the buffer pointer before return.
pParams = NULL;
if (status == STATUS_PENDING)
{
return status;
}
else
{
return I.PnpComplete(this, status);
}
}

VOID CryptOSDDevice_DriverManagedQueue::StartIo(KIrp I)
{

CryptOSDDevice *pDev = (CryptOSDDevice *) KDevicePTR(I.DeviceObject());

// Start processing request.

// Switch on the IRP’s function:
switch (I.MajorFunction())
{
case IRP_MJ_DEVICE_CONTROL:
switch (I.IoctlCode())
{
default:
// We queued a request that shouldn’t have been queued
// (should never get here)
ASSERT(FALSE);
break;
}
break;

default:
// Error - unexpected IRP received
// NextIrp completes this IRP and starts processing
// for the next IRP in the queue.
ASSERT(FALSE);
I.Status() = STATUS_INVALID_PARAMETER;
PnpNextIrp(I);
break;
}
}

*// This routine is called when an IRP minor function is Query_Interface*

NTSTATUS CryptOSDDevice::OnQueryInterface(KIrp Irp)
{
LOG_FUNCTION(FUNCTION);

KdPrint((“CryptOSD QueryInterface: count = %d \n”, m_RefCount));

NTSTATUS status = STATUS_SUCCESS;

PIO_STACK_LOCATION stack = Irp.CurrentStackLocation();

GUID* guid = (GUID*)stack->Parameters.QueryInterface.InterfaceType;
if ( IsEqualGUID(*guid, CryptOSD_IFACE_ID) )
{
_IFACE_PTL_CSD_DRIVER* pIface =
reinterpret_cast<_IFACE_PTL_CSD_DRIVER*>(stack->
Parameters.QueryInterface.Interface);

if ( (stack->Parameters.QueryInterface.Size >=
sizeof(_IFACE_PTL_CSD_DRIVER)) &&
(stack->Parameters.QueryInterface.Version == 1) )
{
pIface->Size = sizeof(_IFACE_PTL_CSD_DRIVER);
pIface->Version = 1;
pIface->Context = this;
pIface->InterfaceReference = StAddRef;
pIface->InterfaceDereference= StRelease;
pIface->GetCSDReady = StGetCSDReady;
pIface->CSDEntry = StCSDEntry;
pIface->GetRefCount = StGetRefCount;
// increment a refcount
AddRef();
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
else
{
status = Irp.Status();
}

return Irp.PnpComplete(status);
}

void CryptOSDDevice::StAddRef(PVOID context)
{
reinterpret_cast(context)->AddRef();
}

viod CryptOSDDevice::AddRef()

{

InterlockedIncrement(&m_RefCount);

ASSERT(m_RefCount > 0);

}

******------------------------------

Thanks in advance for your invaluable suggestions.

Thanks,

Tim_Roberts · December 19, 2007, 1:32pm

à¤¨à¤¾à¤—à¥‡à¤¶ à¤•à¥à¤®à¤¾à¤° wrote:

I checked out the code of IRP_MJ_PNP,but didnt find couldnt get reason
for that. Implementaion is as (most of the code has been created by
driver wizard):

Did you look at the stack trace in the dump? The crash is inside your
OnQueryInterface handler, when you call PnpComplete. Quoting:

// This routine is called when an IRP minor function is Query_Interface

NTSTATUS CryptOSDDevice::OnQueryInterface(KIrp Irp)
{
LOG_FUNCTION(FUNCTION);

KdPrint((“CryptOSD QueryInterface: count = %d \n”, m_RefCount));

NTSTATUS status = STATUS_SUCCESS;

PIO_STACK_LOCATION stack = Irp.CurrentStackLocation();

GUID* guid = (GUID*)stack->Parameters.QueryInterface.InterfaceType;
if ( IsEqualGUID(*guid, CryptOSD_IFACE_ID) )
{
_IFACE_PTL_CSD_DRIVER* pIface =
reinterpret_cast<_IFACE_PTL_CSD_DRIVER*>(stack->
Parameters.QueryInterface.Interface);

if ( (stack->Parameters.QueryInterface.Size >=
sizeof(_IFACE_PTL_CSD_DRIVER)) &&
(stack->Parameters.QueryInterface.Version == 1) )
{
pIface->Size = sizeof(_IFACE_PTL_CSD_DRIVER);
pIface->Version = 1;
pIface->Context = this;
pIface->InterfaceReference = StAddRef;
pIface->InterfaceDereference= StRelease;
pIface->GetCSDReady = StGetCSDReady;
pIface->CSDEntry = StCSDEntry;
pIface->GetRefCount = StGetRefCount;
// increment a refcount
AddRef();
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
else
{
status = Irp.Status ();
}

return Irp.PnpComplete(status);
}

The problem is in that final “else” clause. Go read the documentation
for IRP_MN_QUERY_INTERFACE. Quoting:

… A driver must check *Parameters.QueryInterface.InterfaceType* in
its IO_STACK_LOCATION
http: structure. If
the interface is not one the driver supports, the driver must pass
the IRP to the next lower driver in the device stack without blocking.

You are not doing that. If you don’t recognize the GUID, you fetch the
status from the IRP, and complete the IRP with that status. That’s
where the bug comes in. All IRPs start out with STATUS_NOT_SUPPORTED.

Using a driver framework does not relieve you of the burden of knowing
following the rules.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.</http:>

Sudheer_Sood · December 20, 2007, 10:26am

Thanks a lot Tim for pointing out the mistakes.
So i changed the implementation and its like this:

NTSTATUS CryptOSDDevice::OnQueryInterface(KIrp Irp)
{
NTSTATUS status = STATUS_SUCCESS;

PIO_STACK_LOCATION stack = Irp.CurrentStackLocation();

GUID* guid = (GUID*)stack->Parameters.QueryInterface.InterfaceType;
if ( IsEqualGUID(*guid, CryptOSD_IFACE_ID) )
{
_IFACE_PTL_CSD_DRIVER* pIface =
reinterpret_cast<_IFACE_PTL_CSD_DRIVER*>(stack->
Parameters.QueryInterface.Interface);

if ( (stack->Parameters.QueryInterface.Size >=
sizeof(_IFACE_PTL_CSD_DRIVER)) &&
(stack->Parameters.QueryInterface.Version == 1) )
{
pIface->Size = sizeof(_IFACE_PTL_CSD_DRIVER);
pIface->Version = 1;
pIface->Context = this;
pIface->InterfaceReference = StAddRef;
pIface->InterfaceDereference= StRelease;
pIface->GetCSDReady = StGetCSDReady;
pIface->CSDEntry = StCSDEntry;
pIface->GetRefCount = StGetRefCount;
// increment a refcount
AddRef();
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
else
{

IoSkipCurrentIrpStackLocation(Irp);
status = m_Lower.PnpCall(this, Irp);
}

return status;
}

But this too gives me BSOD while doing device path exerciser test.

BugCheck 8E, {c0000005, 89208a49, 8eb8bad8, 0}

Thanks

Nag

Mark_Roddy · December 20, 2007, 12:06pm

That is a completely different issue. As usual, you need to post the output
from windbg’s !analyze -v for this bugcheck.

Have you examined the output from this command to see if you could determine
what the problem in your code might be?

On Dec 20, 2007 10:26 AM, wrote:

> But this too gives me BSOD while doing device path exerciser test.
>
> BugCheck 8E, {c0000005, 89208a49, 8eb8bad8, 0}
>
> Thanks
>
> Nag
>

–
Mark Roddy