Probably a stupid question, but what does it mean:
kd> !irp ffaf89a8
Irp is active with 9 stacks 10 is current (= 0xffaf8b5c)
No BSODs, it looks that it’s ok, but why it’s ok?
Not that I’m out of ideas, but any comment would be appreciated.
Regards,
Alex Shvedov
By default the one who allocates the IRP does not get a stack location, call
IoAllocateIrp/IoInitializeIrp and you should see the exact same IRP setup.
So long as the person who originated the IRP never tries to call
IoGetCurrentIrpStackLocation and futz around with the resulting stack
pointer all will be well (note that this is a common bug and something that
CUV catches quite nicely).
-scott
–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Probably a stupid question, but what does it mean:
>
> kd> !irp ffaf89a8
> Irp is active with 9 stacks 10 is current (= 0xffaf8b5c)
>
> No BSODs, it looks that it’s ok, but why it’s ok?
>
> Not that I’m out of ideas, but any comment would be appreciated.
>
>
> Regards,
> Alex Shvedov
>
>
>
Alex,
It’s OK.
The matter is IRP stack locations grow down.
A quick look at the ntddk.h could prove this:
#define IoGetNextIrpStackLocation( Irp ) (
(Irp)->Tail.Overlay.CurrentStackLocation - 1 )
In the case you have a new just allocated IRP that is ready to be filled in
and passed down a device stack that includes up to 9 device objects in the
chain.
Best regards,
Valeriy Glushkov
Probably a stupid question, but what does it mean:
kd> !irp ffaf89a8
Irp is active with 9 stacks 10 is current (= 0xffaf8b5c)No BSODs, it looks that it’s ok, but why it’s ok?
Not that I’m out of ideas, but any comment would be appreciated.
Regards,
Alex Shvedov
Valeriy, Scott,
thanks for your answers.
The matter is IRP stack locations grow down.
The order does not matter; you can’t buy a $10 meal for $9
no matter how you count your $9:-)
So long as the person who originated the IRP never tries to call
IoGetCurrentIrpStackLocation
… and what if it does?
Try any filter, including disperf, and you’ll see stack location 6 and stack
depth of 5. It’s obvious that the driver for the device being filtered
will
check the current stack location.
Actually, I simply forgot the correct answer (from Oney?): the first
thing that IoCallDriver does is decrement the current stack location.
It is set to 10 before the call to IoCallDriver and is brought back to 9
before the control is passed to the driver being called.
So 9 is really equal to 10 (after you subtract 1 from 10).
Regards,
Alex Shvedov