Thanks sir for your kind responce
This is the detail of the bug check analysis
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
PROCESS_NAME: sample.exe
FAULTING_IP:
proto+87f7
fa0db7f7 0fbf4806 movsx ecx,word ptr [eax+0x6]
EXCEPTION_RECORD: ffffffff – (.exr ffffffffffffffff)
ExceptionAddress: fa0db7f7 (proto+0x000087f7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000006
Attempt to read from address 00000006
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
READ_ADDRESS: 00000006
BUGCHECK_STR: ACCESS_VIOLATION
DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
LAST_CONTROL_TRANSFER: from 804ec04f to fa0db7f7
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
fb638c6c 804ec04f 80d6da18 ffb39b38 806b643c proto+0x87f7
fb638c7c 80571c0a ffb39ba8 ffb39b38 80d1e238 nt!IopfCallDriver+0x31
fb638c90 8057c4be 80d6da18 ffb39b38 80d1e238 nt!IopSynchronousServiceTail+0x5e
fb638d38 804d4e91 00000020 00000000 00000000 nt!NtReadFile+0x559
fb638d38 7ffe0304 00000020 00000000 00000000 nt!KiSystemService+0xc4
0006fddc 77f7ef2f 77e78bf1 00000020 00000000 SharedUserData!SystemCallStub+0x4
0006fde0 77e78bf1 00000020 00000000 00000000 ntdll!NtReadFile+0xc
0006fe48 010016b4 00000020 00300020 00062e1c kernel32!ReadFile+0x16c
0006ff44 01001a44 00000001 00263728 00262968 sample!main+0x324
[c:\winddk\2600\src\ is_chk_exe\sample.c @ 114]
0006ffc0 77e7eb69 00000000 00000001 7ffdf000
sample!mainCRTStartup+0x125
[d:\xpclient\base\crts\crtw32\dllstuff\crtexe.c @ 480]
0006fff0 00000000 0100191f 00000000 78746341 kernel32!BaseProcessStart+0x23
FOLLOWUP_IP:
proto+87f7
fa0db7f7 0fbf4806 movsx ecx,word ptr [eax+0x6]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: proto+87f7
MODULE_NAME: proto
IMAGE_NAME: proto.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 42cf5857
STACK_COMMAND: kb
FAILURE_BUCKET_ID: ACCESS_VIOLATION_proto+87f7
BUCKET_ID: ACCESS_VIOLATION_proto+87f7
Followup: MachineOwner
******************************************
My service installation details are
[Install.Services]
AddService=Proto,PROTO_Service_Inst
[Proto_Service_Inst]
DisplayName = %PROTO_Desc%
ServiceType = SERVICE_KERNEL_DRIVER
StartType = SERVICE_MANUAL_START
ErrorControl = SERVICE_ERROR_NORMAL
ServiceBinary = %12%\proto.sys
LoadOrderGroup = NDIS
AddReg = AddReg_PROTO_Service_Inst
Description = %PROTO_Desc%
[AddReg_PROTO_Service_Inst]
**********************************************
I have writen that my few of controls are executing…
In my driver program i have designed 50 control of
FILE_DEVICE_PROTOCOL type defined with 0x8000
In my user mode program"sample.exe"i have firstly intereped for QUERY
OID with the control code CTL_CODE(8000, 1 , METHOD_BUFFERED,
FILE_ANY_ACCESS) which is working and i have seen this by using
IrpTracker. but as my pacture capture code which is 6TH number of its
series start system got failed.
Any more information i have to mail
Again thanks for your responce.
Niraj Jha
On 7/29/05, Gary G. Little wrote:
> What is the WinDbg !analyze -v output? If you aren’t using WinDbg, or
> Softice, then install them. WinDbg is free
> for the cost of a download. We need a bit more information than “some of the
> control codes execute well but when the packet capture IRP
> supplied my system got crashed”.
>
> –
> The personal opinion of
> Gary G. Little
>
> “Niraj Jha” wrote in message
> news:xxxxx@noutput?tdev…
> Hi all
>
> I am much fresher in driver development.
>
> I am developing a ndis protocol driver for a network sniffer product.
>
> when i install that .sys file and start the service it starts
> sucessfully and some of the control codes excute well but when the
> packet capture IRP supplied my system got crashed.
> I am unable to find the problem.
>
>
> Please tell me first what information i have to mail to so that you
> all will help me to find out the problem.
>
> Thanks
> Niraj Jha
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>