help needed on driver and application communication!!!

OSR_Community_User · August 13, 2002, 4:07pm

Hi all,

I am working on a NDIS IM driver which will communicate with my application.
I used direct IO.

The following code crashed at MmProbeAndLockPages(pMdl, KernelMode,
IoReadAccess). I gave the Irp and pMdl addresses bellow the code,

VOID TCPIP_TransferDataCompleteHandler (
NDIS_HANDLE ProtocolBindingContext,
PNDIS_PACKET Packet,
NDIS_STATUS Status,
UINT BytesTransferred
)
{
PPROTOCOL_ENTRY pProto;
PADAPTER_ENTRY pAdapter;
PNDISHK_PACKET pHKPacket;
PINTERMEDIATE_BUFFER pBuffer;
PLIST_ENTRY pLink;
PNDIS_BUFFER pResidualBuffer;
//////////////////////////////////////////////
// by me following MS packet read.c sample to get the irp.

POPEN_INSTANCE open;
PIO_STACK_LOCATION irpSp;
PIRP irp;
PUCHAR buff;
ULONG sizeToTransfer;
UINT bytesTransfered = 0;
ULONG bufferLength;
PNDIS_PACKET pPacket;
NDIS_STATUS status;
PMDL pMdl;
PVOID ioBuffer;

open = (POPEN_INSTANCE)ProtocolBindingContext;
irp = RESERVED(Packet)->Irp;

DbgPrint(“\n\nIrp Location is: %x\n\n”, &irp);

// ASSERT(irp!=NULL);
irpSp = IoGetCurrentIrpStackLocation(irp);

pMdl = irp->MdlAddress;

DbgPrint(“\n\npMDL address is: %x…\n\n”, &pMdl);

ASSERT( pMdl != NULL);

MmBuildMdlForNonPagedPool(pMdl);

DbgPrint(“\n\nPage Before Locked…\n\n”);

// lock pages
MmProbeAndLockPages(pMdl, KernelMode, IoReadAccess); // system crashed here
Irp address is: fc81fea8
pMDL address is: fc81f884…

the debug information I got from windbg is:
IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pagable (or completely invalid) address at
an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 5f0bdf26, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000000, value 0 = read operation, 1 = write operation

Arg4: 804361ad, address which referenced memory

Debugging Details:

READ_ADDRESS: 5f0bdf26

CURRENT_IRQL: 2

FAULTING_IP:

nt!MmProbeAndLockPages+11d

804361ad 8a11 mov dl,[ecx]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 8042bcb9 to 80452e70

STACK_TEXT:

fc81f374 8042bcb9 00000003 fc81f3bc 5f0bdf26
nt!RtlpBreakWithStatusInstruction

fc81f3a4 8042c068 00000003 5f0bdf26 804361ad nt!KiBugCheckDebugBreak+0x31

fc81f72c 80464b1f 00000000 5f0bdf26 00000002 nt!KeBugCheckEx+0x37b

fc81f72c 804361ad 00000000 5f0bdf26 00000002 nt!KiTrap0E+0x27c

fc81f84c fc6999be ffb6c3e4 00000000 00000000 nt!MmProbeAndLockPages+0x11d

fc81feb0 fc69a225 ff019c68 ffb6c3a8 00000000
ndishk!TCPIP_TransferDataCompleteHandler+0xa9
[C:\NDISPIM\BASE\NTPIMEB\mstcpip.c @ 630]

fc81ff0c fef02008 ff019c68 ff074fa8 ffb95000
ndishk!TCPIP_ReceiveHandler+0x485 [C:\NDISPIM\BASE\NTPIMEB\mstcpip.c @ 1136]

fc81ff78 fc720bc4 ff092101 ff0778c4 00000004
NDIS!ethFilterDprIndicateReceivePacket+0x312

fc81ffc4 feeec28f ff076267 ff073308 ff07356c
pcntn5m!LanceHandleInterrupt+0x41c

fc81ffe0 80460bd4 ff0773d0 ff0773bc 00000000 NDIS!ndisMDpc+0xc8

fc81fff4 80403a82 fc8d3794 00000000 00000000 nt!KiRetireDpcList+0x30

FOLLOWUP_IP:

ndishk!TCPIP_TransferDataCompleteHandler+a9

fc6999be 680c9869fc push 0xfc69980c

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: ndishk!TCPIP_TransferDataCompleteHandler+a9

MODULE_NAME: ndishk

IMAGE_NAME: ndishk.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3d59546e

STACK_COMMAND: kb

BUCKET_ID: 0xA_ndishk!TCPIP_TransferDataCompleteHandler+a9

Followup: MachineOwner

Can any of you give some advice?

Thanks a lot!

OSR_Community_User · August 13, 2002, 4:31pm

Another question, MmProbeAndLockPages can only be called from dispatch
routine or what?

Thanks!

yhz
----- Original Message -----
From: “Yuanhui Zhao”
To: “NT Developers Interest List”
Sent: Tuesday, August 13, 2002 4:15 PM
Subject: [ntdev] help needed on driver and application communication!!!

> Hi all,
>
> I am working on a NDIS IM driver which will communicate with my
application.
> I used direct IO.
>
> The following code crashed at MmProbeAndLockPages(pMdl, KernelMode,
> IoReadAccess). I gave the Irp and pMdl addresses bellow the code,
>
> VOID TCPIP_TransferDataCompleteHandler (
> NDIS_HANDLE ProtocolBindingContext,
> PNDIS_PACKET Packet,
> NDIS_STATUS Status,
> UINT BytesTransferred
> )
> {
> PPROTOCOL_ENTRY pProto;
> PADAPTER_ENTRY pAdapter;
> PNDISHK_PACKET pHKPacket;
> PINTERMEDIATE_BUFFER pBuffer;
> PLIST_ENTRY pLink;
> PNDIS_BUFFER pResidualBuffer;
> //////////////////////////////////////////////
> // by me following MS packet read.c sample to get the irp.
>
> POPEN_INSTANCE open;
> PIO_STACK_LOCATION irpSp;
> PIRP irp;
> PUCHAR buff;
> ULONG sizeToTransfer;
> UINT bytesTransfered = 0;
> ULONG bufferLength;
> PNDIS_PACKET pPacket;
> NDIS_STATUS status;
> PMDL pMdl;
> PVOID ioBuffer;
>
> open = (POPEN_INSTANCE)ProtocolBindingContext;
> irp = RESERVED(Packet)->Irp;
>
> DbgPrint(“\n\nIrp Location is: %x\n\n”, &irp);
>
> // ASSERT(irp!=NULL);
> irpSp = IoGetCurrentIrpStackLocation(irp);
>
> pMdl = irp->MdlAddress;
>
> DbgPrint(“\n\npMDL address is: %x…\n\n”, &pMdl);
>
> ASSERT( pMdl != NULL);
>
> MmBuildMdlForNonPagedPool(pMdl);
>
> DbgPrint(“\n\nPage Before Locked…\n\n”);
>
> // lock pages
> MmProbeAndLockPages(pMdl, KernelMode, IoReadAccess); // system crashed
here
> Irp address is: fc81fea8
> pMDL address is: fc81f884…
>
>
>
> the debug information I got from windbg is:
> IRQL_NOT_LESS_OR_EQUAL (a)
>
> An attempt was made to access a pagable (or completely invalid) address at
> an
>
> interrupt request level (IRQL) that is too high. This is usually
>
> caused by drivers using improper addresses.
>
> If a kernel debugger is available get the stack backtrace.
>
> Arguments:
>
> Arg1: 5f0bdf26, memory referenced
>
> Arg2: 00000002, IRQL
>
> Arg3: 00000000, value 0 = read operation, 1 = write operation
>
> Arg4: 804361ad, address which referenced memory
>
> Debugging Details:
>
> ------------------
>
>
>
> READ_ADDRESS: 5f0bdf26
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
>
> nt!MmProbeAndLockPages+11d
>
> 804361ad 8a11 mov dl,[ecx]
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 8042bcb9 to 80452e70
>
> STACK_TEXT:
>
> fc81f374 8042bcb9 00000003 fc81f3bc 5f0bdf26
> nt!RtlpBreakWithStatusInstruction
>
> fc81f3a4 8042c068 00000003 5f0bdf26 804361ad nt!KiBugCheckDebugBreak+0x31
>
> fc81f72c 80464b1f 00000000 5f0bdf26 00000002 nt!KeBugCheckEx+0x37b
>
> fc81f72c 804361ad 00000000 5f0bdf26 00000002 nt!KiTrap0E+0x27c
>
> fc81f84c fc6999be ffb6c3e4 00000000 00000000 nt!MmProbeAndLockPages+0x11d
>
> fc81feb0 fc69a225 ff019c68 ffb6c3a8 00000000
> ndishk!TCPIP_TransferDataCompleteHandler+0xa9
> [C:\NDISPIM\BASE\NTPIMEB\mstcpip.c @ 630]
>
> fc81ff0c fef02008 ff019c68 ff074fa8 ffb95000
> ndishk!TCPIP_ReceiveHandler+0x485 [C:\NDISPIM\BASE\NTPIMEB\mstcpip.c @
1136]
>
> fc81ff78 fc720bc4 ff092101 ff0778c4 00000004
> NDIS!ethFilterDprIndicateReceivePacket+0x312
>
> fc81ffc4 feeec28f ff076267 ff073308 ff07356c
> pcntn5m!LanceHandleInterrupt+0x41c
>
> fc81ffe0 80460bd4 ff0773d0 ff0773bc 00000000 NDIS!ndisMDpc+0xc8
>
> fc81fff4 80403a82 fc8d3794 00000000 00000000 nt!KiRetireDpcList+0x30
>
>
>
> FOLLOWUP_IP:
>
> ndishk!TCPIP_TransferDataCompleteHandler+a9
>
> fc6999be 680c9869fc push 0xfc69980c
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: ndishk!TCPIP_TransferDataCompleteHandler+a9
>
> MODULE_NAME: ndishk
>
> IMAGE_NAME: ndishk.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3d59546e
>
> STACK_COMMAND: kb
>
> BUCKET_ID: 0xA_ndishk!TCPIP_TransferDataCompleteHandler+a9
>
> Followup: MachineOwner
>
> ---------
>
>
>
> Can any of you give some advice?
>
> Thanks a lot!
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nexland.com
> To unsubscribe send a blank email to %%email.unsub%%
>