IoCallDriver and Access Violation in ntoskrnl.exe

Hi All,

In my TDI filter driver while calling IoCallDriver the following code works fine some time but during system Boot generates KMODE_EXCEPTION_NOT_HANDLED.The BSOD shows some thing like -

***STOP:0x0000001E(0xC0000005,0x804601C3,0x00000000,0x00000000)
KMODE_EXCEPTION_NOT_HANDLED
*** Adress 804601C3 base at 80400000,dateStamp 3d366b8b - ntoskrnl.exe

NTSTATUS
CompleteOrDenyTdiDispatch(IN PDEVICE_OBJECT pFilterDeviceObject,IN PIRP pIrp,IN int filter,
IN PIO_COMPLETION_ROUTINE pCompletionRoutine,IN PVOID pFilterContext)
{

NTSTATUS status = STATUS_SUCCESS;
PIO_STACK_LOCATION pIrpStackLocation = IoGetCurrentIrpStackLocation(pIrp);
PFILTER_DEVICE_EXTENSION pDeviceExtension = pFilterDeviceObject->DeviceExtension;
PDEVICE_OBJECT pTargetDeviceObject = pDeviceExtension->pTargetDeviceObject;
PIO_STACK_LOCATION pNextIrpStackLocation = IoGetNextIrpStackLocation(pIrp);

DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request\n”);

if(filter == FILTER_ALLOW_IRP )
{

if(pCompletionRoutine != NULL)
{
DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next \n”);
IoCopyCurrentIrpStackLocationToNext(pIrp);
IoSetCompletionRoutine(pIrp,pCompletionRoutine,pFilterContext,TRUE,TRUE,TRUE);

}
else
{
IoSkipCurrentIrpStackLocation(pIrp);
}

// Call TCP in Any Case
DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target %x Protocol %u\n”,pTargetDeviceObject,pDeviceExtension->Protocol);

status = IoCallDriver(pTargetDeviceObject,pIrp); //--------------> *GENERATES ACCESS VIOLATION*.

DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);

return status;
}
else
{
DbgPrint(“[INFITCP.SYS] CompleteOrDenyTdiDispatch - Denying The request %u \n”,pDeviceExtension->Protocol );
status = STATUS_ACCESS_VIOLATION;
pIrp->IoStatus.Status = status;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
return status;
}

}

The Debug Output Looks Like this -

[INFITCP.SYS]FilterInternalDeviceControlOnTransport - return
[INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for Examination
[INFITCP.SYS]- Got An IRP Entering FilterPass
[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
[INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object
[INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file object c0000002
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b06b0 Protocol 17
Second chance exception c0000005 (Access Violation) occurred

After using gh or gn The Stack Looks like given below…

kb
FramePtr RetAddr Param1 Param2 Param3 Function Name
ffffffffb79dd0c0 ffffffff8042c487 0000000000000003 ffffffffb79dd82c ffffffffb79dd880 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
ffffffffb79dd44c ffffffff80430479 000000000000001e ffffffffc0000005 ffffffff804601c3 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
ffffffffb79dd810 ffffffff80465f1b ffffffffb79dd82c 0000000000000000 ffffffffb79dd880 NTOSKRNL!KeSaveFloatingPointState+0x14b (EBP)
ffffffffb79dd880 ffffffffb79dd9b4 0000000000000000 ffffffff815d8f48 ffffffff804924a6 NTOSKRNL!ExRaiseStatus+0x25 (No FPO)
0000000000000040 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0xFFFFFFFFB79DD9B4 (No FPO)

I tried to find the stack frame as described in http://www.osr.com/ddk/ddtools/bccodes_763r.htm But there is no call to NT!PspUnhandledExceptionInSystemThread or ntoskrnl!KiDispatchException !!! can Some body help me to locate the exact problem ?

Regards…
Subodh Radheshyam Gupta

What version of the debugger are you using? From the information output it
looks like you are using the Windows 2K release version, which is now six
versions old. The first thing is to start by using the current debugger
(http://www.microsoft.com/ddk/debugging
http: ) which will at least give you
better information. And before trying to continue past the exception
(handled or not) try dumping out the stack. Use “kv” since that will
display trap frame information which may be useful.

If all else fails, I have a standing offer to examine crash dumps. In
exchange I am allowed to use them in debugging class as examples.

Regards,

Tony

Tony Mason

Consulting Partner

OSR Open Systems Resources, Inc.

http://www.osr.com

-----Original Message-----
From: subodh gupta [mailto:xxxxx@softhome.net]
Sent: Tuesday, May 06, 2003 7:49 AM
To: NT Developers Interest List
Subject: [ntdev] IoCallDriver and Access Violation in ntoskrnl.exe

Hi All,

In my TDI filter driver while calling IoCallDriver the following code works
fine some time but during system Boot generates
KMODE_EXCEPTION_NOT_HANDLED.The BSOD shows some thing like -

STOP:0x0000001E(0xC0000005,0x804601C3,0x00000000,0x00000000)

KMODE_EXCEPTION_NOT_HANDLED

Adress 804601C3 base at 80400000,dateStamp 3d366b8b - ntoskrnl.exe

NTSTATUS
CompleteOrDenyTdiDispatch(IN PDEVICE_OBJECT pFilterDeviceObject,IN PIRP
pIrp,IN int filter,
IN PIO_COMPLETION_ROUTINE pCompletionRoutine,IN PVOID pFilterContext)
{

NTSTATUS status = STATUS_SUCCESS;

PIO_STACK_LOCATION pIrpStackLocation = IoGetCurrentIrpStackLocation(pIrp);
PFILTER_DEVICE_EXTENSION pDeviceExtension =
pFilterDeviceObject->DeviceExtension;
PDEVICE_OBJECT pTargetDeviceObject = pDeviceExtension->pTargetDeviceObject;
PIO_STACK_LOCATION pNextIrpStackLocation = IoGetNextIrpStackLocation(pIrp);

DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the
request\n”);

if(filter == FILTER_ALLOW_IRP )
{

if(pCompletionRoutine != NULL)
{
DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack
Location to Next \n”);

IoCopyCurrentIrpStackLocationToNext(pIrp);

IoSetCompletionRoutine(pIrp,pCompletionRoutine,pFilterContext,TRUE,TRUE,TRUE
);

}
else
{
IoSkipCurrentIrpStackLocation(pIrp);

}

// Call TCP in Any Case
DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target %x
Protocol %u\n”,pTargetDeviceObject,pDeviceExtension->Protocol);

status = IoCallDriver(pTargetDeviceObject,pIrp); //-------------->
GENERATES ACCESS VIOLATION.

DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);

return status;

}
else
{
DbgPrint(“[INFITCP.SYS] CompleteOrDenyTdiDispatch - Denying The
request %u \n”,pDeviceExtension->Protocol );

status = STATUS_ACCESS_VIOLATION;
pIrp->IoStatus.Status = status;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);

DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
return status;
}

}

The Debug Output Looks Like this -

[INFITCP.SYS]FilterInternalDeviceControlOnTransport - return
[INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for
Examination
[INFITCP.SYS]- Got An IRP Entering FilterPass
[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
[INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object
[INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file
object c0000002
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b06b0 Protocol
17
Second chance exception c0000005 (Access Violation) occurred

After using gh or gn The Stack Looks like given below…

> kb
FramePtr RetAddr Param1 Param2 Param3 Function Name
ffffffffb79dd0c0 ffffffff8042c487 0000000000000003 ffffffffb79dd82c
ffffffffb79dd880 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
ffffffffb79dd44c ffffffff80430479 000000000000001e ffffffffc0000005
ffffffff804601c3 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
ffffffffb79dd810 ffffffff80465f1b ffffffffb79dd82c 0000000000000000
ffffffffb79dd880 NTOSKRNL!KeSaveFloatingPointState+0x14b (EBP)
ffffffffb79dd880 ffffffffb79dd9b4 0000000000000000 ffffffff815d8f48
ffffffff804924a6 NTOSKRNL!ExRaiseStatus+0x25 (No FPO)
0000000000000040 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0xFFFFFFFFB79DD9B4 (No FPO)

I tried to find the stack frame as described in
http://www.osr.com/ddk/ddtools/bccodes_763r.htm
http: But there is no call to
NT!PspUnhandledExceptionInSystemThread or ntoskrnl!KiDispatchException !!!
can Some body help me to locate the exact problem ?

Regards…

Subodh Radheshyam Gupta


You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>

Yeah, I am using the Win 2k Professional and DDK 2000 {this is all my
company have for this development:-)}But yeah i have downloaded the latest
debugger and will start using it and will provide you with the complete
debug dump in next few hrs.
Regards…
Subodh

Tony Mason writes:

What version of the debugger are you using? From the information output it
looks like you are using the Windows 2K release version, which is now six
versions old. The first thing is to start by using the current debugger
(http://www.microsoft.com/ddk/debugging
http: ) which will at least give you
> better information. And before trying to continue past the exception
> (handled or not) try dumping out the stack. Use “kv” since that will
> display trap frame information which may be useful.
>
>
>
> If all else fails, I have a standing offer to examine crash dumps. In
> exchange I am allowed to use them in debugging class as examples.
>
>
>
> Regards,
>
>
>
> Tony
>
>
>
> Tony Mason
>
> Consulting Partner
>
> OSR Open Systems Resources, Inc.
>
> http://www.osr.com
>
>
>
> -----Original Message-----
> From: subodh gupta [mailto:xxxxx@softhome.net]
> Sent: Tuesday, May 06, 2003 7:49 AM
> To: NT Developers Interest List
> Subject: [ntdev] IoCallDriver and Access Violation in ntoskrnl.exe
>
>
>
> Hi All,
>
>
>
> In my TDI filter driver while calling IoCallDriver the following code works
> fine some time but during system Boot generates
> KMODE_EXCEPTION_NOT_HANDLED.The BSOD shows some thing like -
>
>
>
> STOP:0x0000001E(0xC0000005,0x804601C3,0x00000000,0x00000000)
>
> KMODE_EXCEPTION_NOT_HANDLED
>
>
Adress 804601C3 base at 80400000,dateStamp 3d366b8b - ntoskrnl.exe
>
>
>
>
>
> NTSTATUS
> CompleteOrDenyTdiDispatch(IN PDEVICE_OBJECT pFilterDeviceObject,IN PIRP
> pIrp,IN int filter,
> IN PIO_COMPLETION_ROUTINE pCompletionRoutine,IN PVOID pFilterContext)
> {
>
> NTSTATUS status = STATUS_SUCCESS;
>
> PIO_STACK_LOCATION pIrpStackLocation = IoGetCurrentIrpStackLocation(pIrp);
> PFILTER_DEVICE_EXTENSION pDeviceExtension =
> pFilterDeviceObject->DeviceExtension;
> PDEVICE_OBJECT pTargetDeviceObject = pDeviceExtension->pTargetDeviceObject;
> PIO_STACK_LOCATION pNextIrpStackLocation = IoGetNextIrpStackLocation(pIrp);
>
>
> DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the
> request\n”);
>
>
>
> if(filter == FILTER_ALLOW_IRP )
> {
>
> if(pCompletionRoutine != NULL)
> {
> DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack
> Location to Next \n”);
>
> IoCopyCurrentIrpStackLocationToNext(pIrp);
>
> IoSetCompletionRoutine(pIrp,pCompletionRoutine,pFilterContext,TRUE,TRUE,TRUE
> );
>
>
> }
> else
> {
> IoSkipCurrentIrpStackLocation(pIrp);
>
> }
>
> // Call TCP in Any Case
> DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target %x
> Protocol %u\n”,pTargetDeviceObject,pDeviceExtension->Protocol);
>
> status = IoCallDriver(pTargetDeviceObject,pIrp); //-------------->
> GENERATES ACCESS VIOLATION.
>
> DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
>
> return status;
>
> }
> else
> {
> DbgPrint(“[INFITCP.SYS] CompleteOrDenyTdiDispatch - Denying The
> request %u \n”,pDeviceExtension->Protocol );
>
> status = STATUS_ACCESS_VIOLATION;
> pIrp->IoStatus.Status = status;
> IoCompleteRequest(pIrp,IO_NO_INCREMENT);
>
> DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
> return status;
> }
>
>
>
> }
>
> The Debug Output Looks Like this -
>
>
>
> [INFITCP.SYS]FilterInternalDeviceControlOnTransport - return
> [INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for
> Examination
> [INFITCP.SYS]- Got An IRP Entering FilterPass
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
> [INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object
> [INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file
> object c0000002
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b06b0 Protocol
> 17
> Second chance exception c0000005 (Access Violation) occurred
>
>
>
> After using gh or gn The Stack Looks like given below…
>
>
>
>> kb
> FramePtr RetAddr Param1 Param2 Param3 Function Name
> ffffffffb79dd0c0 ffffffff8042c487 0000000000000003 ffffffffb79dd82c
> ffffffffb79dd880 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
> ffffffffb79dd44c ffffffff80430479 000000000000001e ffffffffc0000005
> ffffffff804601c3 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
> ffffffffb79dd810 ffffffff80465f1b ffffffffb79dd82c 0000000000000000
> ffffffffb79dd880 NTOSKRNL!KeSaveFloatingPointState+0x14b (EBP)
> ffffffffb79dd880 ffffffffb79dd9b4 0000000000000000 ffffffff815d8f48
> ffffffff804924a6 NTOSKRNL!ExRaiseStatus+0x25 (No FPO)
> 0000000000000040 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0xFFFFFFFFB79DD9B4 (No FPO)
>
>
>
> I tried to find the stack frame as described in
> http://www.osr.com/ddk/ddtools/bccodes_763r.htm
> http: But there is no call to
> NT!PspUnhandledExceptionInSystemThread or ntoskrnl!KiDispatchException !!!
> can Some body help me to locate the exact problem ?
>
>
>
> Regards…
>
> Subodh Radheshyam Gupta
>
> —
> You are currently subscribed to ntdev as: xxxxx@osr.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>

Hi Tony,

After downloading the latest windbg here is what i have in the debugger
before using go handled exception or go unhandled exception- BTW though i
have specified the path of debug server in windbg still it says the that
symbols could not be found for ntorskrnl ?
[INFITCP.SYS]FilterInternalDeviceControlOnTransport - return

[INFITCP.SYS]- FilterPass IoCallDriver For TCP returend 0

[INFITCP.SYS] FilterDispatchIoControl - return

[INFITCP.SYS]- Got An IRP Entering FilterDispatchIoControl

[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request

[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next

[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b0630 Protocol
17

[INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for
Examination

[INFITCP.SYS]- Got An IRP Entering FilterPass

[INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object

Access violation - code c0000005 (!!! second chance !!!)

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntoskrnl.exe -

nt!local_unwind2+35:

804601c3 8b0cb3 mov ecx,[ebx+esi*4]

kd> kv

ChildEBP RetAddr Args to Child

WARNING: Stack unwind information not available. Following frames may be
wrong.

81663e78 815e622c 00000000 00000000 02020000 nt!local_unwind2+0x35

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e6718 81663e78 00000000 00000000 04040001 0x81663e78

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718-

And After using go unhandled it shows this -

kd> gn

*** Fatal System Error: 0x0000001e

(0xC0000005,0x804601C3,0x00000000,0x00000000)

[INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file
object c0000002

[INFITCP.SYS]- FilterPass Skipping the current IRP Location…

Break instruction exception - code 80000003 (first chance)

But still there is nothing which relates to the things described in the
article…

Regards…

Subodh

— Original Message -----

From:
To: “NT Developers Interest List”
Sent: Tuesday, May 06, 2003 6:49 PM
Subject: [ntdev] Re: IoCallDriver and Access Violation in ntoskrnl.exe

> Yeah, I am using the Win 2k Professional and DDK 2000 {this is all my
> company have for this development:-)}But yeah i have downloaded the latest
> debugger and will start using it and will provide you with the complete
> debug dump in next few hrs.
> Regards…
> Subodh
>
> Tony Mason writes:
>
> > What version of the debugger are you using? From the information output
it
> > looks like you are using the Windows 2K release version, which is now
six
> > versions old. The first thing is to start by using the current debugger
> > (http://www.microsoft.com/ddk/debugging
> > http: ) which will at least give you
> > better information. And before trying to continue past the exception
> > (handled or not) try dumping out the stack. Use “kv” since that will
> > display trap frame information which may be useful.
> >
> >
> >
> > If all else fails, I have a standing offer to examine crash dumps. In
> > exchange I am allowed to use them in debugging class as examples.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Tony
> >
> >
> >
> > Tony Mason
> >
> > Consulting Partner
> >
> > OSR Open Systems Resources, Inc.
> >
> > http://www.osr.com
> >
> >
> >
> > -----Original Message-----
> > From: subodh gupta [mailto:xxxxx@softhome.net]
> > Sent: Tuesday, May 06, 2003 7:49 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] IoCallDriver and Access Violation in ntoskrnl.exe
> >
> >
> >
> > Hi All,
> >
> >
> >
> > In my TDI filter driver while calling IoCallDriver the following code
works
> > fine some time but during system Boot generates
> > KMODE_EXCEPTION_NOT_HANDLED.The BSOD shows some thing like -
> >
> >
> >
> > STOP:0x0000001E(0xC0000005,0x804601C3,0x00000000,0x00000000)
> >
> > KMODE_EXCEPTION_NOT_HANDLED
> >
> >
Adress 804601C3 base at 80400000,dateStamp 3d366b8b - ntoskrnl.exe
> >
> >
> >
> >
> >
> > NTSTATUS
> > CompleteOrDenyTdiDispatch(IN PDEVICE_OBJECT pFilterDeviceObject,IN PIRP
> > pIrp,IN int filter,
> > IN PIO_COMPLETION_ROUTINE pCompletionRoutine,IN PVOID
pFilterContext)
> > {
> >
> > NTSTATUS status = STATUS_SUCCESS;
> >
> > PIO_STACK_LOCATION pIrpStackLocation =
IoGetCurrentIrpStackLocation(pIrp);
> > PFILTER_DEVICE_EXTENSION pDeviceExtension =
> > pFilterDeviceObject->DeviceExtension;
> > PDEVICE_OBJECT pTargetDeviceObject =
pDeviceExtension->pTargetDeviceObject;
> > PIO_STACK_LOCATION pNextIrpStackLocation =
IoGetNextIrpStackLocation(pIrp);
> >
> >
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete
the
> > request\n”);
> >
> >
> >
> > if(filter == FILTER_ALLOW_IRP )
> > {
> >
> > if(pCompletionRoutine != NULL)
> > {
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying
Stack
> > Location to Next \n”);
> >
> > IoCopyCurrentIrpStackLocationToNext(pIrp);
> >
> >
IoSetCompletionRoutine(pIrp,pCompletionRoutine,pFilterContext,TRUE,TRUE,TRUE
> > );
> >
> >
> > }
> > else
> > {
> > IoSkipCurrentIrpStackLocation(pIrp);
> >
> > }
> >
> > // Call TCP in Any Case
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target %x
> > Protocol %u\n”,pTargetDeviceObject,pDeviceExtension->Protocol);
> >
> > status = IoCallDriver(pTargetDeviceObject,pIrp); //-------------->
> > GENERATES ACCESS VIOLATION.
> >
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
> >
> > return status;
> >
> > }
> > else
> > {
> > DbgPrint(“[INFITCP.SYS] CompleteOrDenyTdiDispatch - Denying The
> > request %u \n”,pDeviceExtension->Protocol );
> >
> > status = STATUS_ACCESS_VIOLATION;
> > pIrp->IoStatus.Status = status;
> > IoCompleteRequest(pIrp,IO_NO_INCREMENT);
> >
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
> > return status;
> > }
> >
> >
> >
> > }
> >
> > The Debug Output Looks Like this -
> >
> >
> >
> > [INFITCP.SYS]FilterInternalDeviceControlOnTransport - return
> > [INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP
for
> > Examination
> > [INFITCP.SYS]- Got An IRP Entering FilterPass
> > [INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the
request
> > [INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to
Next
> > [INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object
> > [INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file
> > object c0000002
> > [INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b06b0
Protocol
> > 17
> > Second chance exception c0000005 (Access Violation) occurred
> >
> >
> >
> > After using gh or gn The Stack Looks like given below…
> >
> >
> >
> >> kb
> > FramePtr RetAddr Param1 Param2 Param3 Function
Name
> > ffffffffb79dd0c0 ffffffff8042c487 0000000000000003 ffffffffb79dd82c
> > ffffffffb79dd880 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
> > ffffffffb79dd44c ffffffff80430479 000000000000001e ffffffffc0000005
> > ffffffff804601c3 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
> > ffffffffb79dd810 ffffffff80465f1b ffffffffb79dd82c 0000000000000000
> > ffffffffb79dd880 NTOSKRNL!KeSaveFloatingPointState+0x14b (EBP)
> > ffffffffb79dd880 ffffffffb79dd9b4 0000000000000000 ffffffff815d8f48
> > ffffffff804924a6 NTOSKRNL!ExRaiseStatus+0x25 (No FPO)
> > 0000000000000040 0000000000000000 0000000000000000 0000000000000000
> > 0000000000000000 0xFFFFFFFFB79DD9B4 (No FPO)
> >
> >
> >
> > I tried to find the stack frame as described in
> > http://www.osr.com/ddk/ddtools/bccodes_763r.htm
> > http: But there is no call
to
> > NT!PspUnhandledExceptionInSystemThread or ntoskrnl!KiDispatchException
!!!
> > can Some body help me to locate the exact problem ?
> >
> >
> >
> > Regards…
> >
> > Subodh Radheshyam Gupta
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@osr.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@softhome.net
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>

Without symbols the rest of the output is pretty much useless. Assuming
that you are connected to the internet, the best path to use for symbol
searching is:

srv*c:\websymbols*http://msdl.microsoft.com/download/symbols

You can add additional paths (separated by semi-colons) but this works
wonders since it downloads the symbols from the Microsoft symbol server (I
specified c:\websymbols as the cache directory, but you can change that to
point to some other directory - make sure it exists, though.) The first
time this is slower, each subsequent time it is fast since they come from
local disk. This also saves disk space since it only pulls down those
symbols that are needed.

If you still have symbol problems, type the command “!sym noisy” into the
debugger (command window) and then “.reload” and try your operation again.
This will cause the debugger to display information about where it is
looking for symbols. In my experience this allows easy debugging of setup
problems.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: subodh gupta [mailto:xxxxx@softhome.net]
Sent: Tuesday, May 06, 2003 11:32 AM
To: NT Developers Interest List
Subject: [ntdev] Re: IoCallDriver and Access Violation in ntoskrnl.exe

Hi Tony,

After downloading the latest windbg here is what i have in the debugger
before using go handled exception or go unhandled exception- BTW though i
have specified the path of debug server in windbg still it says the that
symbols could not be found for ntorskrnl ?
[INFITCP.SYS]FilterInternalDeviceControlOnTransport - return

[INFITCP.SYS]- FilterPass IoCallDriver For TCP returend 0

[INFITCP.SYS] FilterDispatchIoControl - return

[INFITCP.SYS]- Got An IRP Entering FilterDispatchIoControl

[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request

[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next

[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b0630 Protocol
17

[INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for
Examination

[INFITCP.SYS]- Got An IRP Entering FilterPass

[INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object

Access violation - code c0000005 (!!! second chance !!!)

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntoskrnl.exe -

nt!local_unwind2+35:

804601c3 8b0cb3 mov ecx,[ebx+esi*4]

kd> kv

ChildEBP RetAddr Args to Child

WARNING: Stack unwind information not available. Following frames may be
wrong.

81663e78 815e622c 00000000 00000000 02020000 nt!local_unwind2+0x35

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e6718 81663e78 00000000 00000000 04040001 0x81663e78

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718

815e6718 81663e78 00000000 00000000 04040001 0x815e622c

815e622c 815e6718 00000000 00000000 00000007 0x81663e78

81663e78 815e622c 00000000 00000000 02020000 0x815e6718-

And After using go unhandled it shows this -

kd> gn

*** Fatal System Error: 0x0000001e

(0xC0000005,0x804601C3,0x00000000,0x00000000)

[INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file
object c0000002

[INFITCP.SYS]- FilterPass Skipping the current IRP Location…

Break instruction exception - code 80000003 (first chance)

But still there is nothing which relates to the things described in the
article…

Regards…

Subodh

— Original Message -----

From:
To: “NT Developers Interest List”
Sent: Tuesday, May 06, 2003 6:49 PM
Subject: [ntdev] Re: IoCallDriver and Access Violation in ntoskrnl.exe

> Yeah, I am using the Win 2k Professional and DDK 2000 {this is all my
> company have for this development:-)}But yeah i have downloaded the latest
> debugger and will start using it and will provide you with the complete
> debug dump in next few hrs.
> Regards…
> Subodh
>
> Tony Mason writes:
>
> > What version of the debugger are you using? From the information output
it
> > looks like you are using the Windows 2K release version, which is now
six
> > versions old. The first thing is to start by using the current debugger
> > (http://www.microsoft.com/ddk/debugging
> > http: ) which will at least give you
> > better information. And before trying to continue past the exception
> > (handled or not) try dumping out the stack. Use “kv” since that will
> > display trap frame information which may be useful.
> >
> >
> >
> > If all else fails, I have a standing offer to examine crash dumps. In
> > exchange I am allowed to use them in debugging class as examples.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Tony
> >
> >
> >
> > Tony Mason
> >
> > Consulting Partner
> >
> > OSR Open Systems Resources, Inc.
> >
> > http://www.osr.com
> >
> >
> >
> > -----Original Message-----
> > From: subodh gupta [mailto:xxxxx@softhome.net]
> > Sent: Tuesday, May 06, 2003 7:49 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] IoCallDriver and Access Violation in ntoskrnl.exe
> >
> >
> >
> > Hi All,
> >
> >
> >
> > In my TDI filter driver while calling IoCallDriver the following code
works
> > fine some time but during system Boot generates
> > KMODE_EXCEPTION_NOT_HANDLED.The BSOD shows some thing like -
> >
> >
> >
> > STOP:0x0000001E(0xC0000005,0x804601C3,0x00000000,0x00000000)
> >
> > KMODE_EXCEPTION_NOT_HANDLED
> >
> >
Adress 804601C3 base at 80400000,dateStamp 3d366b8b - ntoskrnl.exe
> >
> >
> >
> >
> >
> > NTSTATUS
> > CompleteOrDenyTdiDispatch(IN PDEVICE_OBJECT pFilterDeviceObject,IN PIRP
> > pIrp,IN int filter,
> > IN PIO_COMPLETION_ROUTINE pCompletionRoutine,IN PVOID
pFilterContext)
> > {
> >
> > NTSTATUS status = STATUS_SUCCESS;
> >
> > PIO_STACK_LOCATION pIrpStackLocation =
IoGetCurrentIrpStackLocation(pIrp);
> > PFILTER_DEVICE_EXTENSION pDeviceExtension =
> > pFilterDeviceObject->DeviceExtension;
> > PDEVICE_OBJECT pTargetDeviceObject =
pDeviceExtension->pTargetDeviceObject;
> > PIO_STACK_LOCATION pNextIrpStackLocation =
IoGetNextIrpStackLocation(pIrp);
> >
> >
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete
the
> > request\n”);
> >
> >
> >
> > if(filter == FILTER_ALLOW_IRP )
> > {
> >
> > if(pCompletionRoutine != NULL)
> > {
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying
Stack
> > Location to Next \n”);
> >
> > IoCopyCurrentIrpStackLocationToNext(pIrp);
> >
> >
IoSetCompletionRoutine(pIrp,pCompletionRoutine,pFilterContext,TRUE,TRUE,TRUE
> > );
> >
> >
> > }
> > else
> > {
> > IoSkipCurrentIrpStackLocation(pIrp);
> >
> > }
> >
> > // Call TCP in Any Case
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target %x
> > Protocol %u\n”,pTargetDeviceObject,pDeviceExtension->Protocol);
> >
> > status = IoCallDriver(pTargetDeviceObject,pIrp); //-------------->
> > GENERATES ACCESS VIOLATION.
> >
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
> >
> > return status;
> >
> > }
> > else
> > {
> > DbgPrint(“[INFITCP.SYS] CompleteOrDenyTdiDispatch - Denying The
> > request %u \n”,pDeviceExtension->Protocol );
> >
> > status = STATUS_ACCESS_VIOLATION;
> > pIrp->IoStatus.Status = status;
> > IoCompleteRequest(pIrp,IO_NO_INCREMENT);
> >
> > DbgPrint(“[INFITCP.SYS]CompleteOrDenyTdiDispatch - Done \n”);
> > return status;
> > }
> >
> >
> >
> > }
> >
> > The Debug Output Looks Like this -
> >
> >
> >
> > [INFITCP.SYS]FilterInternalDeviceControlOnTransport - return
> > [INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP
for
> > Examination
> > [INFITCP.SYS]- Got An IRP Entering FilterPass
> > [INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the
request
> > [INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to
Next
> > [INFITCP.SYS]- FilterPass IRP_MJ_DEVICE_CONTROL on file object
> > [INFITCP.SYS]- FilterPass Unable to Map IRP_MJ_INTERNAL_DEVICE on file
> > object c0000002
> > [INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling Target 816b06b0
Protocol
> > 17
> > Second chance exception c0000005 (Access Violation) occurred
> >
> >
> >
> > After using gh or gn The Stack Looks like given below…
> >
> >
> >
> >> kb
> > FramePtr RetAddr Param1 Param2 Param3 Function
Name
> > ffffffffb79dd0c0 ffffffff8042c487 0000000000000003 ffffffffb79dd82c
> > ffffffffb79dd880 NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
> > ffffffffb79dd44c ffffffff80430479 000000000000001e ffffffffc0000005
> > ffffffff804601c3 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
> > ffffffffb79dd810 ffffffff80465f1b ffffffffb79dd82c 0000000000000000
> > ffffffffb79dd880 NTOSKRNL!KeSaveFloatingPointState+0x14b (EBP)
> > ffffffffb79dd880 ffffffffb79dd9b4 0000000000000000 ffffffff815d8f48
> > ffffffff804924a6 NTOSKRNL!ExRaiseStatus+0x25 (No FPO)
> > 0000000000000040 0000000000000000 0000000000000000 0000000000000000
> > 0000000000000000 0xFFFFFFFFB79DD9B4 (No FPO)
> >
> >
> >
> > I tried to find the stack frame as described in
> > http://www.osr.com/ddk/ddtools/bccodes_763r.htm
> > http: But there is no call
to
> > NT!PspUnhandledExceptionInSystemThread or ntoskrnl!KiDispatchException
!!!
> > can Some body help me to locate the exact problem ?
> >
> >
> >
> > Regards…
> >
> > Subodh Radheshyam Gupta
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@osr.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@softhome.net
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>