Hi

Hi all

I am much fresher in driver development.

I am developing a ndis protocol driver for a network sniffer product.

when i install that .sys file and start the service it starts
sucessfully and some of the control codes excute well but when the
packet capture IRP supplied my system got crashed.
I am unable to find the problem.

Please tell me first what information i have to mail to so that you
all will help me to find out the problem.

Thanks
Niraj Jha

What is the WinDbg !analyze -v output? If you aren’t using WinDbg, or
Softice, then install them. WinDbg is free
for the cost of a download. We need a bit more information than “some of the
control codes execute well but when the packet capture IRP
supplied my system got crashed”.


The personal opinion of
Gary G. Little

“Niraj Jha” wrote in message
news:xxxxx@noutput?tdev…
Hi all

I am much fresher in driver development.

I am developing a ndis protocol driver for a network sniffer product.

when i install that .sys file and start the service it starts
sucessfully and some of the control codes excute well but when the
packet capture IRP supplied my system got crashed.
I am unable to find the problem.

Please tell me first what information i have to mail to so that you
all will help me to find out the problem.

Thanks
Niraj Jha

Thanks sir for your kind responce

This is the detail of the bug check analysis

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

PROCESS_NAME: sample.exe

FAULTING_IP:
proto+87f7
fa0db7f7 0fbf4806 movsx ecx,word ptr [eax+0x6]

EXCEPTION_RECORD: ffffffff – (.exr ffffffffffffffff)
ExceptionAddress: fa0db7f7 (proto+0x000087f7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000006
Attempt to read from address 00000006

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

READ_ADDRESS: 00000006

BUGCHECK_STR: ACCESS_VIOLATION

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

LAST_CONTROL_TRANSFER: from 804ec04f to fa0db7f7

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
fb638c6c 804ec04f 80d6da18 ffb39b38 806b643c proto+0x87f7
fb638c7c 80571c0a ffb39ba8 ffb39b38 80d1e238 nt!IopfCallDriver+0x31
fb638c90 8057c4be 80d6da18 ffb39b38 80d1e238 nt!IopSynchronousServiceTail+0x5e
fb638d38 804d4e91 00000020 00000000 00000000 nt!NtReadFile+0x559
fb638d38 7ffe0304 00000020 00000000 00000000 nt!KiSystemService+0xc4
0006fddc 77f7ef2f 77e78bf1 00000020 00000000 SharedUserData!SystemCallStub+0x4
0006fde0 77e78bf1 00000020 00000000 00000000 ntdll!NtReadFile+0xc
0006fe48 010016b4 00000020 00300020 00062e1c kernel32!ReadFile+0x16c
0006ff44 01001a44 00000001 00263728 00262968 sample!main+0x324
[c:\winddk\2600\src\ is_chk_exe\sample.c @ 114]
0006ffc0 77e7eb69 00000000 00000001 7ffdf000
sample!mainCRTStartup+0x125
[d:\xpclient\base\crts\crtw32\dllstuff\crtexe.c @ 480]
0006fff0 00000000 0100191f 00000000 78746341 kernel32!BaseProcessStart+0x23

FOLLOWUP_IP:
proto+87f7
fa0db7f7 0fbf4806 movsx ecx,word ptr [eax+0x6]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: proto+87f7

MODULE_NAME: proto

IMAGE_NAME: proto.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42cf5857

STACK_COMMAND: kb

FAILURE_BUCKET_ID: ACCESS_VIOLATION_proto+87f7

BUCKET_ID: ACCESS_VIOLATION_proto+87f7

Followup: MachineOwner

******************************************

My service installation details are

[Install.Services]
AddService=Proto,PROTO_Service_Inst

[Proto_Service_Inst]
DisplayName = %PROTO_Desc%
ServiceType = SERVICE_KERNEL_DRIVER
StartType = SERVICE_MANUAL_START
ErrorControl = SERVICE_ERROR_NORMAL
ServiceBinary = %12%\proto.sys
LoadOrderGroup = NDIS
AddReg = AddReg_PROTO_Service_Inst
Description = %PROTO_Desc%

[AddReg_PROTO_Service_Inst]

**********************************************

I have writen that my few of controls are executing…

In my driver program i have designed 50 control of
FILE_DEVICE_PROTOCOL type defined with 0x8000

In my user mode program"sample.exe"i have firstly intereped for QUERY
OID with the control code CTL_CODE(8000, 1 , METHOD_BUFFERED,
FILE_ANY_ACCESS) which is working and i have seen this by using
IrpTracker. but as my pacture capture code which is 6TH number of its
series start system got failed.

Any more information i have to mail

Again thanks for your responce.

Niraj Jha

On 7/29/05, Gary G. Little wrote:
> What is the WinDbg !analyze -v output? If you aren’t using WinDbg, or
> Softice, then install them. WinDbg is free
> for the cost of a download. We need a bit more information than “some of the
> control codes execute well but when the packet capture IRP
> supplied my system got crashed”.
>
> –
> The personal opinion of
> Gary G. Little
>
> “Niraj Jha” wrote in message
> news:xxxxx@noutput?tdev…
> Hi all
>
> I am much fresher in driver development.
>
> I am developing a ndis protocol driver for a network sniffer product.
>
> when i install that .sys file and start the service it starts
> sucessfully and some of the control codes excute well but when the
> packet capture IRP supplied my system got crashed.
> I am unable to find the problem.
>
>
> Please tell me first what information i have to mail to so that you
> all will help me to find out the problem.
>
> Thanks
> Niraj Jha
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Well I’ve never seen bugcheck zero before, nor it seems has windbg.

Here are a few next step suggestions. First, if you are not skilled in
windbg or softice, you need to learn how to use the debugger. Second you
need to step through your ‘packet capture code’ and learn where exactly it
is going very wrong. Third you need to add lots of debug print trace output
to the checked version of your driver. Runtime trace execution is vital for
problem analysis. Fourth you need to run against the checked build of the OS
and you need to use driver verifier.

If you are working with a team, and you are still stuck after a week or so
of debugging, it might be a good idea to have a peer code review. New eyes
frequently find obvious errors.

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Niraj Jha
Sent: Saturday, July 30, 2005 3:21 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Hi

Thanks sir for your kind responce

This is the detail of the bug check analysis

**************************************************************
*****************
*
*
* Bugcheck Analysis
*
*
*
**************************************************************
*****************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

PROCESS_NAME: sample.exe

FAULTING_IP:
proto+87f7
fa0db7f7 0fbf4806 movsx ecx,word ptr [eax+0x6]

EXCEPTION_RECORD: ffffffff – (.exr ffffffffffffffff)
ExceptionAddress: fa0db7f7 (proto+0x000087f7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000006
Attempt to read from address 00000006

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

READ_ADDRESS: 00000006

BUGCHECK_STR: ACCESS_VIOLATION

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

LAST_CONTROL_TRANSFER: from 804ec04f to fa0db7f7

STACK_TEXT:
WARNING: Stack unwind information not available. Following
frames may be wrong.
fb638c6c 804ec04f 80d6da18 ffb39b38 806b643c proto+0x87f7
fb638c7c 80571c0a ffb39ba8 ffb39b38 80d1e238
nt!IopfCallDriver+0x31 fb638c90 8057c4be 80d6da18 ffb39b38
80d1e238 nt!IopSynchronousServiceTail+0x5e
fb638d38 804d4e91 00000020 00000000 00000000 nt!NtReadFile+0x559
fb638d38 7ffe0304 00000020 00000000 00000000
nt!KiSystemService+0xc4 0006fddc 77f7ef2f 77e78bf1 00000020
00000000 SharedUserData!SystemCallStub+0x4 0006fde0 77e78bf1
00000020 00000000 00000000 ntdll!NtReadFile+0xc
0006fe48 010016b4 00000020 00300020 00062e1c kernel32!ReadFile+0x16c
0006ff44 01001a44 00000001 00263728 00262968
sample!main+0x324 [c:\winddk\2600\src\ is_chk_exe\sample.c @
114] 0006ffc0 77e7eb69 00000000 00000001 7ffdf000
sample!mainCRTStartup+0x125
[d:\xpclient\base\crts\crtw32\dllstuff\crtexe.c @ 480]
0006fff0 00000000 0100191f 00000000 78746341
kernel32!BaseProcessStart+0x23

FOLLOWUP_IP:
proto+87f7
fa0db7f7 0fbf4806 movsx ecx,word ptr [eax+0x6]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: proto+87f7

MODULE_NAME: proto

IMAGE_NAME: proto.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42cf5857

STACK_COMMAND: kb

FAILURE_BUCKET_ID: ACCESS_VIOLATION_proto+87f7

BUCKET_ID: ACCESS_VIOLATION_proto+87f7

Followup: MachineOwner

******************************************

My service installation details are

[Install.Services]
AddService=Proto,PROTO_Service_Inst

[Proto_Service_Inst]
DisplayName = %PROTO_Desc%
ServiceType = SERVICE_KERNEL_DRIVER
StartType = SERVICE_MANUAL_START
ErrorControl = SERVICE_ERROR_NORMAL
ServiceBinary = %12%\proto.sys
LoadOrderGroup = NDIS
AddReg = AddReg_PROTO_Service_Inst
Description = %PROTO_Desc%

[AddReg_PROTO_Service_Inst]

**********************************************

I have writen that my few of controls are executing…

In my driver program i have designed 50 control of
FILE_DEVICE_PROTOCOL type defined with 0x8000

In my user mode program"sample.exe"i have firstly intereped
for QUERY OID with the control code CTL_CODE(8000, 1 ,
METHOD_BUFFERED,
FILE_ANY_ACCESS) which is working and i have seen this by
using IrpTracker. but as my pacture capture code which is 6TH
number of its series start system got failed.

Any more information i have to mail

Again thanks for your responce.

Niraj Jha

On 7/29/05, Gary G. Little wrote:
> > What is the WinDbg !analyze -v output? If you aren’t using
> WinDbg, or
> > Softice, then install them. WinDbg is free for the cost of
> a download.
> > We need a bit more information than “some of the control
> codes execute
> > well but when the packet capture IRP supplied my system
> got crashed”.
> >
> > –
> > The personal opinion of
> > Gary G. Little
> >
> > “Niraj Jha” wrote in message
> > news:xxxxx@noutput?tdev…
> > Hi all
> >
> > I am much fresher in driver development.
> >
> > I am developing a ndis protocol driver for a network
> sniffer product.
> >
> > when i install that .sys file and start the service it starts
> > sucessfully and some of the control codes excute well but when the
> > packet capture IRP supplied my system got crashed.
> > I am unable to find the problem.
> >
> >
> > Please tell me first what information i have to mail to so
> that you
> > all will help me to find out the problem.
> >
> > Thanks
> > Niraj Jha
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as:
> xxxxx@gmail.com To
> > unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag
> argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>