Handling IoCallDriver

NTDEV
1

Problem Facing in Bus Driver Testing

Kindly help me in this regard

Thanks in Advance

Problem :

In Plug and Play after the handling the request for Plug and Play
we are passing the Irp to the lower driver by calling IoCallDriver
(Ref: toaster sample of Win 200 DDK)

While using this IoCallDriver function the system gets crashed and
error message appears in the blue screen as

STOP: 0x0000001E (0xC0000005,0x80112BF0,0x00000000,0x0000001D)
KMODE_EXCEPTION_NOT_HANDLED

The PnP Function is :

NTSTATUS
Bus_FDO_PnP (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PIO_STACK_LOCATION IrpStack )
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_EXTENSION pdx;

pdx = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;

/* The Minor function requests are handled properly and Skeleton is given below */

switch (IrpStack->MinorFunction) {
case IRP_MN_START_DEVICE:
case IRP_MN_QUERY_STOP_DEVICE:
case IRP_MN_CANCEL_STOP_DEVICE:
case IRP_MN_STOP_DEVICE:
case IRP_MN_QUERY_REMOVE_DEVICE:
case IRP_MN_CANCEL_REMOVE_DEVICE:
case IRP_MN_SURPRISE_REMOVAL:
case IRP_MN_REMOVE_DEVICE:
case IRP_MN_QUERY_DEVICE_RELATIONS:
default:
break;
}
IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(pdx->LowerDeviceObject,Irp);
return status;
}

Options Attempted are listed below still the system get crashed with the same error message:

  1. Instead of using
    IoSkipCurrentIrpStackLocation(Irp);
    we used
    IoCopyCurrentIrpStackLocationToNext(Irp);

  2. Instead of using

IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(pdx->LowerDeviceObject,Irp);

we used

KEVENT event;

IoSkipCurrentIrpStackLocation(Irp);

IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE) OnRequestComplete, (PVOID) &event, TRUE, TRUE, TRUE );

status = IoCallDriver(pdx->LowerDeviceObject,Irp);

if (status == STATUS_PENDING)
{
/* Wait for completion*/
KeWaitForSingleObject(&event, Executive, KernelMode,FALSE, NULL );
return Irp->IoStatus.Status;
}

NTSTATUS
OnRequestComplete(PDEVICE_OBJECT fdo, PIRP pIrp, PKEVENT pKEvent )
{
KeSetEvent( pKEvent, 0,FALSE );

return STATUS_MORE_PROCESSING_REQUIRED;
}

I have tried using the WinDbg kernel Debugging Tool for this
i gave the command as

kbvs

it displays as

FramePtr RetAddr Param1 Param2 Param3 Function Name
fffffffff083bddc ffffffff80469bb2 ffffffff804190f0 0000000000000001 0000000000000000 NTOSKRNL!0xFFFFFFFF804559BC (No FPO)
0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 NTOSKRNL!0xFFFFFFFF80469BB2 (No FPO)

**************** CAUTION - Disclaimer *****************This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof.
*********** End of Disclaimer ***********DataPatterns ITS Group**********

2

Well anytime you get a blue screen before asking for help, reproduce the
problem in WinDBG and then type !analyze -v as you are prompted to, and look
at the output. Supplying the output in your query is a must, since
otherwise we are mosly guessing at what is happening.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Dinesh” wrote in message news:xxxxx@ntdev…
Problem Facing in Bus Driver Testing

Kindly help me in this regard

Thanks in Advance

Problem :

In Plug and Play after the handling the request for Plug and Play
we are passing the Irp to the lower driver by calling IoCallDriver
(Ref: toaster sample of Win 200 DDK)

While using this IoCallDriver function the system gets crashed and
error message appears in the blue screen as

STOP: 0x0000001E (0xC0000005,0x80112BF0,0x00000000,0x0000001D)
KMODE_EXCEPTION_NOT_HANDLED

The PnP Function is :

NTSTATUS
Bus_FDO_PnP (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN
PIO_STACK_LOCATION IrpStack )
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_EXTENSION pdx;

pdx = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;

/* The Minor function requests are handled properly and Skeleton is
given below /

switch (IrpStack->MinorFunction) {
case IRP_MN_START_DEVICE:
case IRP_MN_QUERY_STOP_DEVICE:
case IRP_MN_CANCEL_STOP_DEVICE:
case IRP_MN_STOP_DEVICE:
case IRP_MN_QUERY_REMOVE_DEVICE:
case IRP_MN_CANCEL_REMOVE_DEVICE:
case IRP_MN_SURPRISE_REMOVAL:
case IRP_MN_REMOVE_DEVICE:
case IRP_MN_QUERY_DEVICE_RELATIONS:
default:
break;
}
IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(pdx->LowerDeviceObject,Irp);
return status;
}

Options Attempted are listed below still the system get crashed with the
same error message:

1. Instead of using
IoSkipCurrentIrpStackLocation(Irp);
we used
IoCopyCurrentIrpStackLocationToNext(Irp);

2. Instead of using

IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(pdx->LowerDeviceObject,Irp);

we used

KEVENT event;

IoSkipCurrentIrpStackLocation(Irp);

IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE) OnRequestComplete,
(PVOID) &event, TRUE, TRUE, TRUE );

status = IoCallDriver(pdx->LowerDeviceObject,Irp);

if (status == STATUS_PENDING)
{
/ Wait for completion*/
KeWaitForSingleObject(&event, Executive, KernelMode,FALSE, NULL );
return Irp->IoStatus.Status;
}

NTSTATUS
OnRequestComplete(PDEVICE_OBJECT fdo, PIRP pIrp, PKEVENT
pKEvent )
{
KeSetEvent( pKEvent, 0,FALSE );

return STATUS_MORE_PROCESSING_REQUIRED;
}

I have tried using the WinDbg kernel Debugging Tool for this
i gave the command as

>kbvs

it displays as

FramePtr RetAddr Param1 Param2 Param3 Function Name
fffffffff083bddc ffffffff80469bb2 ffffffff804190f0 0000000000000001
0000000000000000 NTOSKRNL!0xFFFFFFFF804559BC (No FPO)
0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 NTOSKRNL!0xFFFFFFFF80469BB2 (No FPO)

CAUTION - Disclaimer* This email may
contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you are not
the intended recipient (or authorized to receive for the recipient), please
contact the sender by reply email and delete all copies of this message.
Also, email is susceptible to data corruption, interception, tampering,
unauthorized amendment and viruses. We only send and receive emails on the
basis that we are not liable for any such corruption, interception,
tampering, amendment or viruses or any consequence thereof.
End of Disclaimer DataPatterns ITS Group **********

3

A couple of notes that are not directly related to your crash

  1. you should get a copy of the server2003 sp1 DDK and get the toaster source out of there. The win2k DDK is quite old now and out of date
  2. if you are going to set a completion routine, you cannot skip the current stack location, you must copy to next
  3. you should really look into investigating KMDF for your driver, you don’t have to deal with any of this stuff

You can download KMDF from this link, http://www.microsoft.com/whdc/driver/wdf/KMDF_pkg.mspx . The KMDF download also includes the full server 2003 sp1 DDK as well.

d

– I can spell, I just can’t type.
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Dinesh
Sent: Thursday, July 13, 2006 7:15 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Handling IoCallDriver

Problem Facing in Bus Driver Testing
Kindly help me in this regard
Thanks in Advance
?
Problem :
?
In Plug and Play after the handling the request for Plug and Play
we are passing the Irp to the lower driver by calling IoCallDriver
?(Ref: toaster sample of Win 200 DDK)
?
While using this IoCallDriver function the system gets crashed and
error message appears in the blue screen as
?
STOP: 0x0000001E (0xC0000005,0x80112BF0,0x00000000,0x0000001D)
KMODE_EXCEPTION_NOT_HANDLED
?

The PnP Function is :
?
NTSTATUS
Bus_FDO_PnP (IN PDEVICE_OBJECT?? DeviceObject, IN PIRP Irp, IN PIO_STACK_LOCATION?? IrpStack )
{
?NTSTATUS??? ??status = STATUS_SUCCESS;
?PDEVICE_EXTENSION pdx;
?
?pdx = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
?
??? ?/* The Minor function requests are handled properly and Skeleton is given below */
?
?switch (IrpStack->MinorFunction) {
?case IRP_MN_START_DEVICE:
??? case IRP_MN_QUERY_STOP_DEVICE:
?case IRP_MN_CANCEL_STOP_DEVICE:
?case IRP_MN_STOP_DEVICE:
?case IRP_MN_QUERY_REMOVE_DEVICE:
?case IRP_MN_CANCEL_REMOVE_DEVICE:
?case IRP_MN_SURPRISE_REMOVAL:
?case IRP_MN_REMOVE_DEVICE:
??? case IRP_MN_QUERY_DEVICE_RELATIONS:??
?default: ??
??? ??break;
??? ?}?
?IoSkipCurrentIrpStackLocation(Irp);
?status = IoCallDriver(pdx->LowerDeviceObject,Irp);
?return status;
}
?
Options Attempted are listed below still the system get crashed with the same error message:
?

  1. Instead of using
    ?IoSkipCurrentIrpStackLocation(Irp);
    ??? we used
    ?IoCopyCurrentIrpStackLocationToNext(Irp);
    ?
  2. Instead of using
    ?
    ?IoSkipCurrentIrpStackLocation(Irp);
    ?status = IoCallDriver(pdx->LowerDeviceObject,Irp);
    ?
    ?? we used
    ?
    ??? KEVENT??? event;
    ???
    ??? IoSkipCurrentIrpStackLocation(Irp);
    ?
    ??? IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE) OnRequestComplete, (PVOID) &event, TRUE, TRUE, TRUE );
    ?
    ??? status = IoCallDriver(pdx->LowerDeviceObject,Irp);
    ?
    ??? if (status == STATUS_PENDING)
    ??? {
    ??? /* Wait for completion*/
    ??? KeWaitForSingleObject(&event, Executive, KernelMode,FALSE, NULL );
    ??? return Irp->IoStatus.Status;
    ??? }
    ?
    NTSTATUS
    OnRequestComplete(PDEVICE_OBJECT fdo, PIRP??? pIrp, PKEVENT??? pKEvent )
    {
    ??? KeSetEvent( pKEvent, 0,FALSE );
    ?
    ??? return STATUS_MORE_PROCESSING_REQUIRED;
    }
    ?
    I have tried using the WinDbg kernel Debugging Tool for this
    i gave the command as
    ?

kbvs
?
it displays as
?
FramePtr??? RetAddr??? Param1?? Param2?? Param3?? Function Name
fffffffff083bddc? ffffffff80469bb2? ffffffff804190f0 0000000000000001 0000000000000000 NTOSKRNL!0xFFFFFFFF804559BC (No FPO)
0000000000000000? 0000000000000000? 0000000000000000 0000000000000000 0000000000000000 NTOSKRNL!0xFFFFFFFF80469BB2 (No FPO)
?

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

**************** CAUTION - Disclaimer ***************** This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof.
*********** End of Disclaimer *********** DataPatterns ITS Group**********

4

The Output after giving analyze command in WinDbg :

!analyze -v
Debugger extension library [E:\NTDDK\bin\W2KFre\kdextx86] loaded
E:\NTDDK\bin\W2KFre\kdextx86 uses the old 32 bit extension API and may not be fully
compatible with current systems.
Missing extension: ‘E:\NTDDK\bin\W2KFre\kdextx86.analyze’
Could not find extension: ‘analyze’

5

It looks like your debugger is very very old. Download the latest
debugger from
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
and rerun !analyze under the new version of windbg/kd

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@datapatterns.co.in
Sent: Thursday, July 13, 2006 10:22 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Handling IoCallDriver

The Output after giving analyze command in WinDbg :

!analyze -v
Debugger extension library [E:\NTDDK\bin\W2KFre\kdextx86] loaded
E:\NTDDK\bin\W2KFre\kdextx86 uses the old 32 bit extension API and may
not be fully
compatible with current systems.
Missing extension: ‘E:\NTDDK\bin\W2KFre\kdextx86.analyze’
Could not find extension: ‘analyze’

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer