HIDClass filter crashes

Hi,

I’m having some problem with a HIDClass filter that I implemented. The Filter work fine until I unplug the physical HID device. I don’t really know why the filter crashes.

I register PNP power callbacks for EvtDevicePrepareHardware, EvtDeviceReleaseHardware, EvtDeviceSurpriseRemoval, EvtDeviceQueryRemove and EvtDeviceQueryStop, but no callback is called if I suddenly unplug the HID device. For the moment every callback just print a debug message.

Any idea what I’m doing wrong?

Thank you!

Is it necessary to implement any PnP handling for my class filter?

  1. turn on driver verifier for your device stack.
  2. either attach a debugger or collect a crash dump.
  3. make sure you have symbols set up correctly in your debugger.
  4. post the output from windbg: !analyze -v here.
  5. collect the wdf trace log using !wdfkd.wdflogdump and post that here too.

Mark Roddy

On Wed, Apr 8, 2015 at 10:20 AM, wrote:

> Hi,
>
> I’m having some problem with a HIDClass filter that I implemented. The
> Filter work fine until I unplug the physical HID device. I don’t really
> know why the filter crashes.
>
> I register PNP power callbacks for EvtDevicePrepareHardware,
> EvtDeviceReleaseHardware, EvtDeviceSurpriseRemoval, EvtDeviceQueryRemove
> and EvtDeviceQueryStop, but no callback is called if I suddenly unplug the
> HID device. For the moment every callback just print a debug message.
>
> Any idea what I’m doing wrong?
>
> Thank you!
>
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Normally when I attach the debugger it will break if there is bad memory operation (blue screen). But in my case, the windbg doesn’t have any reaction but the operating system on the debug machine is not working anymore. I cannot move the mouse or use the keyboard.

After I unplugged the physical device I manually send the break command from windbg and then execute the command !analyze -v. Here is the output:

*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run kd.exe) or, *
* CTRL+BREAK (if you run WinDBG), *
* on your debugger machine’s keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the “g” key, then *
* press the “Enter” key now. This message might immediately reappear. If it *
* does, press “g” and “Enter” again. *
* *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
fffff800`02ad7490 cc int 3
kd> !analyze -v
Connected to Windows 7 7601 x64 target at (Thu Apr 9 14:23:04.805 2015 (UTC + 2:00)), ptr64 TRUE
Loading Kernel Symbols



Loading User Symbols

Loading unloaded module list

ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:

PROCESS_NAME: System

FAULTING_IP:
nt!RtlpBreakWithStatusInstruction+0
fffff800`02ad7490 cc int 3

EXCEPTION_RECORD: ffffffffffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: fffff80002ad7490 (nt!RtlpBreakWithStatusInstruction)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000

ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein Argument ist ung ltig.

EXCEPTION_PARAMETER1: 0000000000000000

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x0

CURRENT_IRQL: d

STACK_TEXT:
fffff80000b9b638 fffff80002abce36 : 0000000000000000 0000000000002070 fffff78000000320 0000000000026161 : nt!RtlpBreakWithStatusInstruction
fffff80000b9b640 fffff80002a20895 : fffff80002a46460 fffff80000b9b7f0 fffff80002a46460 fffffa8000000000 : nt! ?? ::FNODOBFM::string'+0x6c40 fffff80000b9b740 fffff80002adbb73 : 0000000000000000 fffffa800365d100 fffffa80036648c0 fffffa80036648c0 : hal!HalpHpetClockInterrupt+0x8d fffff80000b9b770 fffff80002aea109 : 0000000000000000 0000000000000000 fffffa8003546010 fffffa800367035c : nt!KiInterruptDispatchNoLock+0x163 fffff80000b9b900 fffff88001077167 : 0000000000000000 fffff88001076d9b fffffa8003670290 fffffa8003682020 : nt!KeReleaseSpinLock+0x19 fffff80000b9b930 fffff88001077410 : fffffa8003670202 fffffa8003670290 fffffa800367035c fffffa8003682020 : Wdf01000!FxIoQueueToMx::RequestCompletedCallback+0xcf fffff80000b9b960 fffff88001077ec0 : 0000000000000001 fffffa8003682000 0000000000000000 0000000000000000 : Wdf01000!FxRequest::PostProcessCompletion+0x1c fffff80000b9b9a0 fffff8800108ab02 : 0000000000000000 0000000000000001 fffffa8003682020 fffffa8003670290 : Wdf01000!FxRequest::CompleteInternal+0x680 fffff80000b9ba30 fffff88003feb4bf : fffffa8003670290 fffffa8003670290 0000000000000000 fffff80000040004 : Wdf01000!imp_WdfRequestComplete+0x176 fffff80000b9ba90 fffff88003feac75 : 0000057ffc98fd68 fffffa8000000000 fffffa8003670290 0000000000000000 : QPenFilter!WdfRequestComplete+0x3f [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfrequest.h @ 977] fffff80000b9bad0 fffff8800107163b : 0000057ffc98fd68 0000057ffcdc9fd8 fffff80000b9bb60 0000000000000000 : QPenFilter!EvtInterruptTransferCompletionRoutine+0xb5 [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 256] fffff80000b9bb40 fffff88001072838 : fffffa8003236030 fffffa8003236020 0000000000000001 fffffa8003236030 : Wdf01000!FxRequestBase::CompleteSubmitted+0x1eb fffff80000b9bbc0 fffff880010734b8 : fffffa80036c9502 fffffa8002cbe150 0000000000000000 0000000000000000 : Wdf01000!FxIoTarget::RequestCompletionRoutine+0x1c0 fffff80000b9bc30 fffff80002acbe75 : 0000000000000000 00000000c0000016 fffffa8003546010 0000000000000000 : Wdf01000!FxIoTarget::_RequestCompletionRoutine+0x3c fffff80000b9bc60 fffff80002ae2a91 : fffffa8003546203 0000000000000000 fffffa80036c9590 0000000000000000 : nt!IopUnloadSafeCompletion+0x55 fffff80000b9bca0 fffff88003c6abd3 : 0000000000000000 fffffa8002504000 fffffa8002504050 0000000000000000 : nt!IopfCompleteRequest+0x3b1 fffff80000b9bd80 fffff88003c73e34 : fffffa8003546010 fffffa8001bf0009 fffffa8003546010 fffffa8002c35010 : USBPORT!USBPORT_ProcessURB+0x29f fffff80000b9be30 fffff88003c4daf4 : 0000000000000000 fffffa8001bff050 fffffa80036c9510 fffffa8003546010 : USBPORT!USBPORT_PdoInternalDeviceControlIrp+0x138 fffff80000b9be70 fffff88003ee4566 : fffffa800305b050 fffffa800367f060 fffffa8003546010 fffffa800305b1a0 : USBPORT!USBPORT_Dispatch+0x1dc fffff80000b9beb0 fffff88003f14d8f : 0000000000000000 0000000000000000 fffffa800367f060 0000057ffcdc9fd8 : usbhub!UsbhFdoUrbPdoFilter+0xde fffff80000b9bee0 fffff88003ee2fb7 : 0000000000000005 fffff80000b9bfb0 fffffa8003236020 0000000000000000 : usbhub!UsbhPdoInternalDeviceControl+0x373 fffff80000b9bf30 fffff88001073f47 : 0000000000040001 fffffa8003670290 fffff80000b9bfb0 fffff8800107651c : usbhub!UsbhGenDispatch+0x57 fffff80000b9bf60 fffff88003feb5ea : fffffa8002cdedd0 fffffa8003670290 fffffa8003236020 fffffa8002cdec50 : Wdf01000!imp_WdfRequestSend+0x4b3 fffff80000b9bff0 fffff88003feaaa9 : 0000057ffc98fd68 0000057ffcdc9fd8 0000000000000000 fffffa8002cdec50 : QPenFilter!WdfRequestSend+0x4a [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfrequest.h @ 666] fffff80000b9c030 fffff88003feb2c3 : 0000057ffc98fd68 0000057ffcdc9fd8 fffff88003feabc0 0000000000000000 : QPenFilter!DispatchPassThrough+0x49 [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 659] fffff80000b9c070 fffff88001071042 : 0000057ffc97dfd8 0000057ffc98fd68 0000000002c35010 0000000000000000 : QPenFilter!QPenEvtInternalDeviceControl+0x183 [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 791] fffff80000b9c110 fffff8800107042f : fffffa8003682000 fffffa8000000000 fffffa8003682020 fffffa8001bd0808 : Wdf01000!FxIoQueue::DispatchRequestToDriver+0x542 fffff80000b9c190 fffff8800107bfbb : fffffa8002cdec50 fffffa8003670202 0000000000000000 fffffa8003670290 : Wdf01000!FxIoQueue::DispatchEvents+0x66f fffff80000b9c210 fffff8800107530a : fffffa8002cdec02 fffffa8003670290 fffffa8003546010 fffff80000b9c2f0 : Wdf01000!FxIoQueue::QueueRequest+0x2ab fffff80000b9c280 fffff880010749da : fffffa8003670290 fffffa8003546010 fffffa800365d060 fffffa8003546010 : Wdf01000!FxPkgIo::Dispatch+0x4da fffff80000b9c2f0 fffff88001074aa6 : fffffa8003546010 fffffa800365d060 fffffa80036c9590 fffffa800365d438 : Wdf01000!FxDevice::Dispatch+0x19a fffff80000b9c330 fffff88003c2c48f : fffffa8003546010 fffffa800365d060 fffffa800365d438 00000000000007ff : Wdf01000!FxDevice::DispatchWithLock+0xa6 fffff80000b9c370 fffff88003c2bf5b : fffffa8003546290 fffffa800365d101 fffff80000b9c430 fffffa800365d060 : hidusb!HumReadReport+0x13f fffff80000b9c3c0 fffff880039c8555 : fffffa8002c30101 fffffa8002c301d0 fffffa8003546010 0000000000000000 : hidusb!HumInternalIoctl+0x137 fffff80000b9c430 fffff880039c8d75 : fffffa8002c301d0 fffffa800365d1d0 0000000000000000 fffffa800365d060 : HIDCLASS!HidpSubmitInterruptRead+0xdd fffff80000b9c490 fffff80002ae2a91 : fffffa8003546293 0000000000000000 fffffa800365d001 fffffa8003546001 : HIDCLASS!HidpInterruptReadComplete+0x37d fffff80000b9c520 fffff88001077e9d : 0000000000000001 fffffa8003682000 0000000000000000 0000000000000000 : nt!IopfCompleteRequest+0x3b1 fffff80000b9c600 fffff8800108ab02 : fffffa8003546010 0000000000000001 fffffa8003682020 fffffa8002c96690 : Wdf01000!FxRequest::CompleteInternal+0x65d fffff80000b9c690 fffff88003feb4bf : fffffa8002c96690 fffffa8002c96690 0000000000000000 fffff80000baca4e : Wdf01000!imp_WdfRequestComplete+0x176 fffff80000b9c6f0 fffff88003feac75 : 0000057ffd369968 fffff80000000000 fffffa800305b708 0000000000000001 : QPenFilter!WdfRequestComplete+0x3f [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfrequest.h @ 977] fffff80000b9c730 fffff8800107163b : 0000057ffd369968 0000057ffcdc9fd8 fffff80000b9c7c0 0000000000000000 : QPenFilter!EvtInterruptTransferCompletionRoutine+0xb5 [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 256] fffff80000b9c7a0 fffff88001072838 : fffffa8003236030 fffffa8003236020 0000000000000001 fffffa8003236030 : Wdf01000!FxRequestBase::CompleteSubmitted+0x1eb fffff80000b9c820 fffff880010734b8 : 0000000000000002 fffff880039bb29e 0000000000000000 fffff80002a197d8 : Wdf01000!FxIoTarget::RequestCompletionRoutine+0x1c0 fffff80000b9c890 fffff80002acbe75 : fffffa80036c9500 fffff80002c0afbd 0000000000000000 fffff80002a18354 : Wdf01000!FxIoTarget::_RequestCompletionRoutine+0x3c fffff80000b9c8c0 fffff80002ae2a91 : fffffa8003546203 0000000000000000 fffffa80036c9590 00000000000007ff : nt!IopUnloadSafeCompletion+0x55 fffff80000b9c900 fffff88003c5c631 : fffffa8002504050 fffffa8002c35000 ffffffffc0010000 0000000000000000 : nt!IopfCompleteRequest+0x3b1 fffff80000b9c9e0 fffff88003c5cb0f : fffffa8003190a02 fffffa8003546010 00000000ffffffff fffffa8002504eb0 : USBPORT!USBPORT_Core_iCompleteDoneTransfer+0xa15 fffff80000b9cac0 fffff88003c5a66f : fffffa8002504eb0 fffffa80025041a0 fffffa8002505050 0000000000000000 : USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x3a7 fffff80000b9cb20 fffff88003c4bf89 : fffffa8002504050 0000000000000000 fffffa8002504e02 fffffa8002504eb0 : USBPORT!USBPORT_Core_UsbIocDpc_Worker+0xf3 fffff80000b9cb60 fffff80002aeab1c : fffff80002c51e80 fffffa8002504eb0 fffffa8002504ec8 0000000000000000 : USBPORT!USBPORT_Xdpc_Worker+0x1d9 fffff80000b9cb90 fffff80002ad736a : fffff80002c51e80 fffff80002c5fcc0 0000000000000000 fffff88003c4bdb0 : nt!KiRetireDpcList+0x1bc fffff80000b9cc40 0000000000000000 : fffff80000b9d000 fffff80000b97000 fffff80000b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!RtlpBreakWithStatusInstruction+0
fffff800`02ad7490 cc int 3

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!RtlpBreakWithStatusInstruction+0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a

BUCKET_ID: MANUAL_BREAKIN

Followup: MachineOwner

So… the filter does CRASH, like you said in your first post. But, rather, the system HANGS. And it does not do this WITHOUT your filter installed?

What does your filter do? Do you call WdfDeviceInitSetFilter in EvtDriverDeviceAdd?

Hmmm… How do you pass through Requests you receive?

We need some information… that output from the WDF Log that Mr. Roddy requested would help, as well, perhaps.

Peter
OSR
@OSRDrivers

I’ll guess you aren’t handling error conditions correctly in
QPenFilter!WdfRequestComplete
and are in an infinite loop cycling a request down a stack that is trying
to close.

Mark Roddy

On Thu, Apr 9, 2015 at 8:25 AM, wrote:

> Normally when I attach the debugger it will break if there is bad memory
> operation (blue screen). But in my case, the windbg doesn’t have any
> reaction but the operating system on the debug machine is not working
> anymore. I cannot move the mouse or use the keyboard.
>
> After I unplugged the physical device I manually send the break command
> from windbg and then execute the command !analyze -v. Here is the output:
>
>
> ****************
>
>
> * You are seeing this message because you pressed either
>
> * CTRL+C (if you run kd.exe) or,
>
> * CTRL+BREAK (if you run WinDBG),
>
> * on your debugger machine’s keyboard.
>
>
>
> * THIS IS NOT A BUG OR A SYSTEM CRASH
>
>
>
> * If you did not intend to break into the debugger, press the “g” key,
> then
> * press the “Enter” key now. This message might immediately reappear. If
> it
> * does, press “g” and “Enter” again.
>
>
>
>
>

> nt!RtlpBreakWithStatusInstruction:
> fffff80002ad7490 cc int 3<br>&gt; kd&gt; !analyze -v<br>&gt; Connected to Windows 7 7601 x64 target at (Thu Apr 9 14:23:04.805 2015<br>&gt; (UTC + 2:00)), ptr64 TRUE<br>&gt; Loading Kernel Symbols<br>&gt; ...............................................................<br>&gt; ................................................................<br>&gt; ..........................<br>&gt; Loading User Symbols<br>&gt;<br>&gt; Loading unloaded module list<br>&gt; ....<br>&gt; ERROR: FindPlugIns 8007007b<br>&gt;<br>&gt; *******************************************************************************<br>&gt; *<br>&gt; *<br>&gt; * Bugcheck Analysis<br>&gt; *<br>&gt; *<br>&gt; *<br>&gt;<br>&gt;******************************************************************************* <br>&gt;<br>&gt; Unknown bugcheck code (0)<br>&gt; Unknown bugcheck description<br>&gt; Arguments:<br>&gt; Arg1: 0000000000000000<br>&gt; Arg2: 0000000000000000<br>&gt; Arg3: 0000000000000000<br>&gt; Arg4: 0000000000000000<br>&gt;<br>&gt; Debugging Details:<br>&gt; ------------------<br>&gt;<br>&gt;<br>&gt; PROCESS_NAME: System<br>&gt;<br>&gt; FAULTING_IP:<br>&gt; nt!RtlpBreakWithStatusInstruction+0<br>&gt; fffff80002ad7490 cc int 3
>
> EXCEPTION_RECORD: ffffffffffffffff – (.exr 0xffffffffffffffff)
> ExceptionAddress: fffff80002ad7490 (nt!RtlpBreakWithStatusInstruction)
> ExceptionCode: 80000003 (Break instruction exception)
> ExceptionFlags: 00000000
> NumberParameters: 1
> Parameter[0]: 0000000000000000
>
> ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im
> Quellprogramm wurde ein Haltepunkt erreicht.
>
> EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - Mindestens ein
> Argument ist ung ltig.
>
> EXCEPTION_PARAMETER1: 0000000000000000
>
> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>
> BUGCHECK_STR: 0x0
>
> CURRENT_IRQL: d
>
> STACK_TEXT:
> fffff80000b9b638 fffff80002abce36 : 0000000000000000 0000000000002070
> fffff78000000320 0000000000026161 : nt!RtlpBreakWithStatusInstruction
> fffff80000b9b640 fffff80002a20895 : fffff80002a46460 fffff80000b9b7f0
> fffff80002a46460 fffffa8000000000 : nt! ?? ::FNODOBFM::string'+0x6c40<br>&gt; fffff80000b9b740 fffff80002adbb73 : 0000000000000000 fffffa800365d100<br>&gt; fffffa80036648c0 fffffa80036648c0 : hal!HalpHpetClockInterrupt+0x8d<br>&gt; fffff80000b9b770 fffff80002aea109 : 0000000000000000 0000000000000000<br>&gt; fffffa8003546010 fffffa800367035c : nt!KiInterruptDispatchNoLock+0x163<br>&gt; fffff80000b9b900 fffff88001077167 : 0000000000000000 fffff88001076d9b<br>&gt; fffffa8003670290 fffffa8003682020 : nt!KeReleaseSpinLock+0x19<br>&gt; fffff80000b9b930 fffff88001077410 : fffffa8003670202 fffffa8003670290<br>&gt; fffffa800367035c fffffa8003682020 :<br>&gt; Wdf01000!FxIoQueueToMx::RequestCompletedCallback+0xcf<br>&gt; fffff80000b9b960 fffff88001077ec0 : 0000000000000001 fffffa8003682000<br>&gt; 0000000000000000 0000000000000000 :<br>&gt; Wdf01000!FxRequest::PostProcessCompletion+0x1c<br>&gt; fffff80000b9b9a0 fffff8800108ab02 : 0000000000000000 0000000000000001<br>&gt; fffffa8003682020 fffffa8003670290 :<br>&gt; Wdf01000!FxRequest::CompleteInternal+0x680<br>&gt; fffff80000b9ba30 fffff88003feb4bf : fffffa8003670290 fffffa8003670290<br>&gt; 0000000000000000 fffff80000040004 : Wdf01000!imp_WdfRequestComplete+0x176<br>&gt; fffff80000b9ba90 fffff88003feac75 : 0000057ffc98fd68 fffffa8000000000<br>&gt; fffffa8003670290 0000000000000000 : QPenFilter!WdfRequestComplete+0x3f<br>&gt; [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfrequest.h<br>&gt; @ 977]<br>&gt; fffff80000b9bad0 fffff8800107163b : 0000057ffc98fd68 0000057ffcdc9fd8<br>&gt; fffff80000b9bb60 0000000000000000 :<br>&gt; QPenFilter!EvtInterruptTransferCompletionRoutine+0xb5<br>&gt; [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 256]<br>&gt; fffff80000b9bb40 fffff88001072838 : fffffa8003236030 fffffa8003236020<br>&gt; 0000000000000001 fffffa8003236030 :<br>&gt; Wdf01000!FxRequestBase::CompleteSubmitted+0x1eb<br>&gt; fffff80000b9bbc0 fffff880010734b8 : fffffa80036c9502 fffffa8002cbe150<br>&gt; 0000000000000000 0000000000000000 :<br>&gt; Wdf01000!FxIoTarget::RequestCompletionRoutine+0x1c0<br>&gt; fffff80000b9bc30 fffff80002acbe75 : 0000000000000000 00000000c0000016<br>&gt; fffffa8003546010 0000000000000000 :<br>&gt; Wdf01000!FxIoTarget::_RequestCompletionRoutine+0x3c<br>&gt; fffff80000b9bc60 fffff80002ae2a91 : fffffa8003546203 0000000000000000<br>&gt; fffffa80036c9590 0000000000000000 : nt!IopUnloadSafeCompletion+0x55<br>&gt; fffff80000b9bca0 fffff88003c6abd3 : 0000000000000000 fffffa8002504000<br>&gt; fffffa8002504050 0000000000000000 : nt!IopfCompleteRequest+0x3b1<br>&gt; fffff80000b9bd80 fffff88003c73e34 : fffffa8003546010 fffffa8001bf0009<br>&gt; fffffa8003546010 fffffa8002c35010 : USBPORT!USBPORT_ProcessURB+0x29f<br>&gt; fffff80000b9be30 fffff88003c4daf4 : 0000000000000000 fffffa8001bff050<br>&gt; fffffa80036c9510 fffffa8003546010 :<br>&gt; USBPORT!USBPORT_PdoInternalDeviceControlIrp+0x138<br>&gt; fffff80000b9be70 fffff88003ee4566 : fffffa800305b050 fffffa800367f060<br>&gt; fffffa8003546010 fffffa800305b1a0 : USBPORT!USBPORT_Dispatch+0x1dc<br>&gt; fffff80000b9beb0 fffff88003f14d8f : 0000000000000000 0000000000000000<br>&gt; fffffa800367f060 0000057ffcdc9fd8 : usbhub!UsbhFdoUrbPdoFilter+0xde<br>&gt; fffff80000b9bee0 fffff88003ee2fb7 : 0000000000000005 fffff80000b9bfb0<br>&gt; fffffa8003236020 0000000000000000 :<br>&gt; usbhub!UsbhPdoInternalDeviceControl+0x373<br>&gt; fffff80000b9bf30 fffff88001073f47 : 0000000000040001 fffffa8003670290<br>&gt; fffff80000b9bfb0 fffff8800107651c : usbhub!UsbhGenDispatch+0x57<br>&gt; fffff80000b9bf60 fffff88003feb5ea : fffffa8002cdedd0 fffffa8003670290<br>&gt; fffffa8003236020 fffffa8002cdec50 : Wdf01000!imp_WdfRequestSend+0x4b3<br>&gt; fffff80000b9bff0 fffff88003feaaa9 : 0000057ffc98fd68 0000057ffcdc9fd8<br>&gt; 0000000000000000 fffffa8002cdec50 : QPenFilter!WdfRequestSend+0x4a<br>&gt; [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfrequest.h<br>&gt; @ 666]<br>&gt; fffff80000b9c030 fffff88003feb2c3 : 0000057ffc98fd68 0000057ffcdc9fd8<br>&gt; fffff88003feabc0 0000000000000000 : QPenFilter!DispatchPassThrough+0x49<br>&gt; [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 659]<br>&gt; fffff80000b9c070 fffff88001071042 : 0000057ffc97dfd8 0000057ffc98fd68<br>&gt; 0000000002c35010 0000000000000000 :<br>&gt; QPenFilter!QPenEvtInternalDeviceControl+0x183<br>&gt; [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 791]<br>&gt; fffff80000b9c110 fffff8800107042f : fffffa8003682000 fffffa8000000000<br>&gt; fffffa8003682020 fffffa8001bd0808 :<br>&gt; Wdf01000!FxIoQueue::DispatchRequestToDriver+0x542<br>&gt; fffff80000b9c190 fffff8800107bfbb : fffffa8002cdec50 fffffa8003670202<br>&gt; 0000000000000000 fffffa8003670290 :<br>&gt; Wdf01000!FxIoQueue::DispatchEvents+0x66f<br>&gt; fffff80000b9c210 fffff8800107530a : fffffa8002cdec02 fffffa8003670290<br>&gt; fffffa8003546010 fffff80000b9c2f0 : Wdf01000!FxIoQueue::QueueRequest+0x2ab<br>&gt; fffff80000b9c280 fffff880010749da : fffffa8003670290 fffffa8003546010<br>&gt; fffffa800365d060 fffffa8003546010 : Wdf01000!FxPkgIo::Dispatch+0x4da<br>&gt; fffff80000b9c2f0 fffff88001074aa6 : fffffa8003546010 fffffa800365d060<br>&gt; fffffa80036c9590 fffffa800365d438 : Wdf01000!FxDevice::Dispatch+0x19a<br>&gt; fffff80000b9c330 fffff88003c2c48f : fffffa8003546010 fffffa800365d060<br>&gt; fffffa800365d438 00000000000007ff :<br>&gt; Wdf01000!FxDevice::DispatchWithLock+0xa6<br>&gt; fffff80000b9c370 fffff88003c2bf5b : fffffa8003546290 fffffa800365d101<br>&gt; fffff80000b9c430 fffffa800365d060 : hidusb!HumReadReport+0x13f<br>&gt; fffff80000b9c3c0 fffff880039c8555 : fffffa8002c30101 fffffa8002c301d0<br>&gt; fffffa8003546010 0000000000000000 : hidusb!HumInternalIoctl+0x137<br>&gt; fffff80000b9c430 fffff880039c8d75 : fffffa8002c301d0 fffffa800365d1d0<br>&gt; 0000000000000000 fffffa800365d060 : HIDCLASS!HidpSubmitInterruptRead+0xdd<br>&gt; fffff80000b9c490 fffff80002ae2a91 : fffffa8003546293 0000000000000000<br>&gt; fffffa800365d001 fffffa8003546001 :<br>&gt; HIDCLASS!HidpInterruptReadComplete+0x37d<br>&gt; fffff80000b9c520 fffff88001077e9d : 0000000000000001 fffffa8003682000<br>&gt; 0000000000000000 0000000000000000 : nt!IopfCompleteRequest+0x3b1<br>&gt; fffff80000b9c600 fffff8800108ab02 : fffffa8003546010 0000000000000001<br>&gt; fffffa8003682020 fffffa8002c96690 :<br>&gt; Wdf01000!FxRequest::CompleteInternal+0x65d<br>&gt; fffff80000b9c690 fffff88003feb4bf : fffffa8002c96690 fffffa8002c96690<br>&gt; 0000000000000000 fffff80000baca4e : Wdf01000!imp_WdfRequestComplete+0x176<br>&gt; fffff80000b9c6f0 fffff88003feac75 : 0000057ffd369968 fffff80000000000<br>&gt; fffffa800305b708 0000000000000001 : QPenFilter!WdfRequestComplete+0x3f<br>&gt; [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfrequest.h<br>&gt; @ 977]<br>&gt; fffff80000b9c730 fffff8800107163b : 0000057ffd369968 0000057ffcdc9fd8<br>&gt; fffff80000b9c7c0 0000000000000000 :<br>&gt; QPenFilter!EvtInterruptTransferCompletionRoutine+0xb5<br>&gt; [d:\repository\qpen\driver\projects\qpen\qpenfilter\src\hid.c @ 256]<br>&gt; fffff80000b9c7a0 fffff88001072838 : fffffa8003236030 fffffa8003236020<br>&gt; 0000000000000001 fffffa8003236030 :<br>&gt; Wdf01000!FxRequestBase::CompleteSubmitted+0x1eb<br>&gt; fffff80000b9c820 fffff880010734b8 : 0000000000000002 fffff880039bb29e<br>&gt; 0000000000000000 fffff80002a197d8 :<br>&gt; Wdf01000!FxIoTarget::RequestCompletionRoutine+0x1c0<br>&gt; fffff80000b9c890 fffff80002acbe75 : fffffa80036c9500 fffff80002c0afbd<br>&gt; 0000000000000000 fffff80002a18354 :<br>&gt; Wdf01000!FxIoTarget::_RequestCompletionRoutine+0x3c<br>&gt; fffff80000b9c8c0 fffff80002ae2a91 : fffffa8003546203 0000000000000000<br>&gt; fffffa80036c9590 00000000000007ff : nt!IopUnloadSafeCompletion+0x55<br>&gt; fffff80000b9c900 fffff88003c5c631 : fffffa8002504050 fffffa8002c35000<br>&gt; ffffffffc0010000 0000000000000000 : nt!IopfCompleteRequest+0x3b1<br>&gt; fffff80000b9c9e0 fffff88003c5cb0f : fffffa8003190a02 fffffa8003546010<br>&gt; 00000000ffffffff fffffa8002504eb0 :<br>&gt; USBPORT!USBPORT_Core_iCompleteDoneTransfer+0xa15<br>&gt; fffff80000b9cac0 fffff88003c5a66f : fffffa8002504eb0 fffffa80025041a0<br>&gt; fffffa8002505050 0000000000000000 :<br>&gt; USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x3a7<br>&gt; fffff80000b9cb20 fffff88003c4bf89 : fffffa8002504050 0000000000000000<br>&gt; fffffa8002504e02 fffffa8002504eb0 :<br>&gt; USBPORT!USBPORT_Core_UsbIocDpc_Worker+0xf3<br>&gt; fffff80000b9cb60 fffff80002aeab1c : fffff80002c51e80 fffffa8002504eb0<br>&gt; fffffa8002504ec8 0000000000000000 : USBPORT!USBPORT_Xdpc_Worker+0x1d9<br>&gt; fffff80000b9cb90 fffff80002ad736a : fffff80002c51e80 fffff80002c5fcc0<br>&gt; 0000000000000000 fffff88003c4bdb0 : nt!KiRetireDpcList+0x1bc<br>&gt; fffff80000b9cc40 0000000000000000 : fffff80000b9d000 fffff80000b97000<br>&gt; fffff80000b9cc00 0000000000000000 : nt!KiIdleLoop+0x5a<br>&gt;<br>&gt;<br>&gt; STACK_COMMAND: kb<br>&gt;<br>&gt; FOLLOWUP_IP:<br>&gt; nt!RtlpBreakWithStatusInstruction+0<br>&gt; fffff80002ad7490 cc int 3
>
> SYMBOL_STACK_INDEX: 0
>
> SYMBOL_NAME: nt!RtlpBreakWithStatusInstruction+0
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: nt
>
> IMAGE_NAME: ntkrnlmp.exe
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a
>
> BUCKET_ID: MANUAL_BREAKIN
>
> Followup: MachineOwner
> ---------
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

I implemented a HIDClass lower filter which filters some HID devices by parsing their HID descriptor. I save all relevant devices in a device list and then filter all HID reports that the system receives.

The filter works fine until I physically unplug (surprise remove) any HID device (it doesn’t matter if the HID device is registered in my list or not). This is a sign, that something goes wrong in the HID device stack…

If I remove one HID device (no matter which one) by calling “devcon remove HID*xxxx*” the operating system successful removes the device, but still HANGS after I try to physically remove the device. The system is really hanging (e.g. the clock is also not working).

No, I don’t call WdfDeviceInitSetFilter in EvtDriverDeviceAdd. Instead I call WdfFdoInitSetFilter (I don’t know if is the same thing)

I register a completion callback for every request that I receive. I the completion callback I read the data that the HID device send it to the OS.

VOID DispatchPassThrough(IN WDFREQUEST Request,
IN WDFIOTARGET IoTarget,
pfCompletionRequest Completion)
{
//
// Pass the IRP to the target
//

BOOLEAN ret;
NTSTATUS status = STATUS_SUCCESS;

//DbgPrint(“DispatchPassThrough”);

WdfRequestFormatRequestUsingCurrentType(Request);

WdfRequestSetCompletionRoutine(Request, Completion, WDF_NO_CONTEXT);

ret = WdfRequestSend(Request, IoTarget, WDF_NO_SEND_OPTIONS);

if (ret == FALSE)
{
status = WdfRequestGetStatus(Request);
#ifdef DEBUG
DbgPrint(“WdfRequestSend failed: 0x%x\n”, status);
#endif
WdfRequestComplete(Request, status);
}

return;
}

VOID EvtInterruptTransferCompletionRoutine(IN WDFREQUEST objRequest,
IN WDFIOTARGET objTarget,
IN PWDF_REQUEST_COMPLETION_PARAMS objReqComplnParams,
IN WDFCONTEXT objContext)
{
NTSTATUS status = STATUS_SUCCESS;
PURB pUrbBuffer = NULL;
WDF_REQUEST_PARAMETERS objRequestParameters;

UNREFERENCED_PARAMETER(objReqComplnParams);
UNREFERENCED_PARAMETER(objContext);

//DbgPrint(“TESTDRIVER: MESSAGE: —>EvtInterruptTransferCompletionRoutine\n”);

WDF_REQUEST_PARAMETERS_INIT(&objRequestParameters);
WdfRequestGetParameters(objRequest, &objRequestParameters);

pUrbBuffer = objRequestParameters.Parameters.Others.Arg1;

if (pUrbBuffer->UrbHeader.Function == URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER)
{
if (pUrbBuffer->UrbBulkOrInterruptTransfer.TransferBufferLength > 0 &&
pUrbBuffer->UrbBulkOrInterruptTransfer.TransferBuffer != NULL)
{
// read data here
}
}

WdfRequestComplete(objRequest, status);
}

@Mark Roddy

Thank you for your hint. It sure feels like the filter is hanging in an infinite loop. I will follow this trace you gave me and check the error conditions (for the moment I don’t really know which error condition I don’t handle)

Thank you.