I have USB device that mounts two drive’s a CDROM and generic storage device. Both drive’s gets mounted successfully. From CDROM device an autorun application is executed. and it suddenly through IRP_MN_SURPRISE_REMOVAL ( after QueryDevicerelation IRP iwth RemovalRelation & EjectionRelacation ).
Since USB is never unplugged, how can I track the source of IRP_MN_SURPRISE_REMOVAL IRP.
Thanks
Is your problem that the application crashes? Link it with an option /SWAPRUN:CD
I think the application installs a special driver for the device. This may cause REMOVE_DEVICE IRP.
xxxxx@hotmail.com wrote:
I have USB device that mounts two drive’s a CDROM and generic storage device. Both drive’s gets mounted successfully. From CDROM device an autorun application is executed. and it suddenly through IRP_MN_SURPRISE_REMOVAL ( after QueryDevicerelation IRP iwth RemovalRelation & EjectionRelacation ).
Since USB is never unplugged, how can I track the source of IRP_MN_SURPRISE_REMOVAL IRP.
So, your device is a composite device, with multiple interfaces? Are
all of the interfaces getting surprise removed, or only one?
It’s possible for USB errors to cause this kind of thing. If a hub gets
confused, it can restart itself, and everybody gets surprise removed.
Where did you get the IP for the drives? Is it possible you have
protocol violations?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
>Since USB is never unplugged, how can I track the source of IRP_MN_SURPRISE_REMOVAL IRP.
Attach WinDbg, put a breakpoint in your driver IRP_MN_SURPRISE_REMOVAL and see a stack.
Igor Sharovar
Thanks for reply. I am trying to answer’s the question asked, as I am new to this whole device drivers area. Please forgive me if I am interpreting answer’s incorrectly.
App/system is not crashing. But the third party application on USB is showing error saying “Insert device or login as privileged user”.
If I am logging in as local admin user, it works fine and allows USB to launch its application, unlock drive. but If I am logging in as local standard user, above error is displayed.
If my drivers are unsinstalled it works fine for local admin and local standard users.
Device has single interface. in working scenario, it shows a dialog box asking for password to unlock the generic storage device.
My drivers are not handling IRP_MN_SURPRISE_REMOVAL, however I am able see it through Windbg when they are coming. I will try to understand the stack, as Igor suggested.
Thanks
By the time you get the surprise removal irp, the stack is not going to tell you anything. Get a USB bus trace and view it in net on and see why the bus is reporting your device as missing.
d
debt from my phone
From: xxxxx@hotmail.com
Sent: 12/18/2011 9:11 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to trace the source of IRP_MN_SURPRISE_REMOVAL
Thanks for reply. I am trying to answer’s the question asked, as I am new to this whole device drivers area. Please forgive me if I am interpreting answer’s incorrectly.
App/system is not crashing. But the third party application on USB is showing error saying “Insert device or login as privileged user”.
If I am logging in as local admin user, it works fine and allows USB to launch its application, unlock drive. but If I am logging in as local standard user, above error is displayed.
If my drivers are unsinstalled it works fine for local admin and local standard users.
Device has single interface. in working scenario, it shows a dialog box asking for password to unlock the generic storage device.
My drivers are not handling IRP_MN_SURPRISE_REMOVAL, however I am able see it through Windbg when they are coming. I will try to understand the stack, as Igor suggested.
Thanks
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I searched a log and I found most of the documentation related to USB trace is for Win7. Netmon doesnt interpret etl files on xp.My issue is on WinXp.
I am trying to collect the USB trace with Logman and its throwing error message saying Collection “Usbtrace” does not exist.
is it correct way to collect the USB hub trace. Any links for USB hub trace.
Thanks
You are on your own with XP, not a lot of tracing support there (none, really)
d
debt from my phone
From: xxxxx@hotmail.com
Sent: 12/19/2011 1:34 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to trace the source of IRP_MN_SURPRISE_REMOVAL
I searched a log and I found most of the documentation related to USB trace is for Win7. Netmon doesnt interpret etl files on xp.My issue is on WinXp.
I am trying to collect the USB trace with Logman and its throwing error message saying Collection “Usbtrace” does not exist.
is it correct way to collect the USB hub trace. Any links for USB hub trace.
Thanks
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>By the time you get the surprise removal irp, the stack is not going to tell you anything.
It is strange. I solved a problem of surprise removal of a storage device by looking of stack. When I unplug the device it didn’t receive surprise removal IRP. By looking the stack I found that another device driver blocked this IRP.
Igor