Hi,
I think this is a old query but i could not decide the best by reading the
web and project is under pressure to complete.
Currently I have scenario where I receive a buffer from a write request
and sending the same to the call WRITE_REGISTER_BUFFER_ULONG. The buffer is
128 kb in size. If I write the whole buffer I get a windows crash with info
“KiPageFault” just after the write register buffer.
nt!RtlpBreakWithStatusInstruction
nt!KiBugCheckDebugBreak+0x12
nt!KeBugCheck2+0x71e
nt!KeBugCheckEx+0x104
nt!KiBugCheckDispatch+0x69
nt!KiPageFault+0x260
mydriver!WRITE_REGISTER_BUFFER_ULONG+0x1f
[c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
FOLLOWUP_IP:
mydriver!WRITE_REGISTER_BUFFER_ULONG+1f
[c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
fffff880`0940267f f3a5 rep movs dword ptr [rdi],dword ptr [rsi]
FAULTING_SOURCE_CODE:
12945: __in ULONG Count
12946: )
12947: {
12948:
12949: __movsd(Register, Buffer, Count);
12950: FastFence();
12951: return;
12952: }
12953:
12954: __forceinline
I tried to write buffer as a 1000 bytes chunk and at the 30,000 bytes I got
a crash. I think it is due to the buffer beyond that is not accessible to
the write_register call.
Can anyone suggest me any ways to proceed.
I have following plans before I get your response.
- Create a buffer in a non-paged memory using WdfMemoryCreate and
copy the received buffer into this and then pass it to the
write_register_buffer call.
Is this way advisable?
Any help is great.
Thanks a lot in advance.
Regards,
Anand.S
When you get the buffer into your driver, the size is in bytes. But for
WRITE_REGISTER_BUFFER_ULONG you specify the size in 32-bit words. So
don’t forget to divide the size in bytes by 4.
– pa
On 15-Apr-2015 14:13, sanand wrote:
Hi,
I think this is a old query but i could not decide the best by reading
the web and project is under pressure to complete.
Currently I have scenario where I receive a buffer from a write
request and sending the same to the call WRITE_REGISTER_BUFFER_ULONG.
The buffer is 128 kb in size. If I write the whole buffer I get a
windows crash with info “KiPageFault†just after the write register buffer.
nt!RtlpBreakWithStatusInstruction
nt!KiBugCheckDebugBreak+0x12
nt!KeBugCheck2+0x71e
nt!KeBugCheckEx+0x104
nt!KiBugCheckDispatch+0x69
nt!KiPageFault+0x260
mydriver!WRITE_REGISTER_BUFFER_ULONG+0x1f
[c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
FOLLOWUP_IP:
mydriver!WRITE_REGISTER_BUFFER_ULONG+1f
[c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
fffff880`0940267f f3a5 rep movs dword ptr [rdi],dword ptr [rsi]
FAULTING_SOURCE_CODE:
12945: __in ULONG Count
12946: )
12947: {
12948:
>12949: __movsd(Register, Buffer, Count);
12950: FastFence();
12951: return;
12952: }
12953:
12954: __forceinline
I tried to write buffer as a 1000 bytes chunk and at the 30,000 bytes I
got a crash. I think it is due to the buffer beyond that is not
accessible to the write_register call.
Can anyone suggest me any ways to proceed.
I have following plans before I get your response.
1.Create a buffer in a non-paged memory using WdfMemoryCreate and copy
the received buffer into this and then pass it to the
write_register_buffer call.
Is this way advisable?
Any help is great.
Thanks a lot in advance.
Regards,
Anand.S
Try the step you mentioned. Check !irql comand output on Windbg. If it is >
2 then then you are trying to access paged out memory above DPC. So step
you m,entioned will help.
On Wed, Apr 15, 2015 at 4:43 PM, sanand wrote:
> Hi,
>
>
> I think this is a old query but i could not decide the best by reading the
> web and project is under pressure to complete.
>
>
> Currently I have scenario where I receive a buffer from a write request
> and sending the same to the call WRITE_REGISTER_BUFFER_ULONG. The buffer is
> 128 kb in size. If I write the whole buffer I get a windows crash with info
> “KiPageFault” just after the write register buffer.
>
>
> nt!RtlpBreakWithStatusInstruction
>
> nt!KiBugCheckDebugBreak+0x12
>
> nt!KeBugCheck2+0x71e
>
> nt!KeBugCheckEx+0x104
>
> nt!KiBugCheckDispatch+0x69
>
> nt!KiPageFault+0x260
>
> mydriver!WRITE_REGISTER_BUFFER_ULONG+0x1f
> [c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
>
>
>
> FOLLOWUP_IP:
>
> mydriver!WRITE_REGISTER_BUFFER_ULONG+1f
> [c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
>
> fffff880`0940267f f3a5 rep movs dword ptr [rdi],dword ptr [rsi]
>
>
> FAULTING_SOURCE_CODE:
>
> 12945: __in ULONG Count
>
> 12946: )
>
> 12947: {
>
> 12948:
>
> >12949:__movsd(Register, Buffer, Count);
>
> 12950: FastFence();
>
> 12951: return;
>
> 12952: }
>
> 12953:
>
> 12954: __forceinline
>
>
>
>
> I tried to write buffer as a 1000 bytes chunk and at the 30,000 bytes I
> got a crash. I think it is due to the buffer beyond that is not accessible
> to the write_register call.
>
>
> Can anyone suggest me any ways to proceed.
>
>
> I have following plans before I get your response.
>
> 1. Create a buffer in a non-paged memory using WdfMemoryCreate and
> copy the received buffer into this and then pass it to the
> write_register_buffer call.
>
> Is this way advisable?
>
>
> Any help is great.
>
>
> Thanks a lot in advance.
>
>
> Regards,
>
> Anand.S
> — NTDEV is sponsored by OSR Visit the list at:
> http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See
> http://www.osr.com/careers For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
You might have an off by one error. the irql value may be a red herring, don’t focus too much on it. Rather, look at the pointer value being dereferenced to see what specifically is going wrong. It could be the user buffer or the register. In this case rdi and rsi and bother being referenced and need to be validated. Double buffering into non paged pool won’t help you…assuming you are not using raw um pointers (method neither buffering).
d
Bent from my phone
From: sanandmailto:xxxxx
Sent: ?4/?15/?2015 4:14 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: [ntdev] Help for write_register_buffer ulong crash
Hi,
I think this is a old query but i could not decide the best by reading the web and project is under pressure to complete.
Currently I have scenario where I receive a buffer from a write request and sending the same to the call WRITE_REGISTER_BUFFER_ULONG. The buffer is 128 kb in size. If I write the whole buffer I get a windows crash with info ?KiPageFault? just after the write register buffer.
nt!RtlpBreakWithStatusInstruction
nt!KiBugCheckDebugBreak+0x12
nt!KeBugCheck2+0x71e
nt!KeBugCheckEx+0x104
nt!KiBugCheckDispatch+0x69
nt!KiPageFault+0x260
mydriver!WRITE_REGISTER_BUFFER_ULONG+0x1f [c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
FOLLOWUP_IP:
mydriver!WRITE_REGISTER_BUFFER_ULONG+1f [c:\winddk\7600.16385.1\inc\ddk\wdm.h @ 12949]
fffff880`0940267f f3a5 rep movs dword ptr [rdi],dword ptr [rsi]
FAULTING_SOURCE_CODE:
12945: __in ULONG Count
12946: )
12947: {
12948:
>12949:__movsd(Register, Buffer, Count);
12950: FastFence();
12951: return;
12952: }
12953:
12954: __forceinline
I tried to write buffer as a 1000 bytes chunk and at the 30,000 bytes I got a crash. I think it is due to the buffer beyond that is not accessible to the write_register call.
Can anyone suggest me any ways to proceed.
I have following plans before I get your response.
1. Create a buffer in a non-paged memory using WdfMemoryCreate and copy the received buffer into this and then pass it to the write_register_buffer call.
Is this way advisable?
Any help is great.
Thanks a lot in advance.
Regards,
Anand.S
— NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>
sanand wrote:
Currently I have scenario where I receive a buffer from a write
request and sending the same to the call WRITE_REGISTER_BUFFER_ULONG.
The buffer is 128 kb in size. If I write the whole buffer I get a
windows crash with info “KiPageFault†just after the write register
buffer.
Sanand wrote me privately, and I responded before I noticed it was also
posted here.
The most common reason for a failure in WRITE_REGISTER_BUFFER_ULONG is
thinking that you need the BUFFER version at all. Many people think
that WRBU can be used to pump 128k bytes of data into a single intake
register. That’s not how it works. WRBU is (essentially) identical to
memcpy. Both the source and the destination addresses increment. So,
if you copy 128kB, you need to have a 128kB region in your hardware
ready to accept the data.
If you want to write 128kB of data to a single intake register, you have
no alternative except to use a loop.
for( i = 0; i < dwordCount; i++ )
WRITE_REGISTER_ULONG( HardwareAddress, Src[i] );
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.