James Antognini's APC driver rebooting system(help)

Hi,

I was playing around with jame’s driver here and it has crashed my
windows professional XP SP2 system. what is the problem?

  1. I did a Installdriver APCDRV load …\apcdrv.sys

It said it loaded.

  1. Now I went to administrative tools->double clicked services and bang, my
    system rebooted.

I rebooted. Now I try to do a load as:-

  1. InstallDriver APCDRV load …\apcdrv.sys

// BANG, my system rebooted again

I got back, Now I do

InstallDriverAPCDRV unload APCDRV:-

  1. I went to administrative tools->services and the name wasn’t listed
    there.
  2. It complained with closeService(…) failure and then said Unload
    sucessful, I think
    it says successful whatever happens.

Can someone tell me how to go about this?, as my first practical experience
was a failure.

The driver is here:-

. APC kernel http:.
This shows APC techniques. Also shows use of PsLookupProcessByProcessId,
KeAttachProcess and KeDetachProcess.

Thanks</http:>

You should realize that driver is a experimental piece of code, using
undocumented APIs , and more , directly accessing opaque OS objects, such
a KTHREAD. While I cant tell you what exactly goes wrong in your situation
because you are not providing enough data to identify the crash, I can
tell you that you choose a wrond driver to play as your first practical
experience.

Dan

Hi,

I was playing around with jame’s driver here and it has crashed my
windows professional XP SP2 system. what is the problem?

  1. I did a Installdriver APCDRV load …\apcdrv.sys

It said it loaded.

  1. Now I went to administrative tools->double clicked services and bang,
    my system rebooted.

I rebooted. Now I try to do a load as:-

  1. InstallDriver APCDRV load …\apcdrv.sys

// BANG, my system rebooted again

I got back, Now I do

InstallDriverAPCDRV unload APCDRV:-

  1. I went to administrative tools->services and the name wasn’t listed
    there.
  2. It complained with closeService(…) failure and then said Unload
    sucessful, I think
    it says successful whatever happens.

Can someone tell me how to go about this?, as my first practical
experience was a failure.

The driver is here:-

. APC kernel http:.
> This shows APC techniques. Also shows use of
> PsLookupProcessByProcessId, KeAttachProcess and KeDetachProcess.
>
> Thanks
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

But I am not invoking any of the APC communication stuff. All I feel it
should be doing is to have the DriverEntry invoked.
I am not sure if the DriverEntry has got some serious problems. It loads the
driver and bang it reboots always.

Do you have a pointer to simple driver to play with?
Tell me how should I gather the relevant data to work on the problem. Since
it crashes and reboots the system, I have no clue. Do I need
to start the windbg and run in the “kernel debug” mode.

Thanks
ps: James is a MSFT and I hope he will say what the real reason is.

wrote in message news:xxxxx@ntdev…
> You should realize that driver is a experimental piece of code, using
> undocumented APIs , and more , directly accessing opaque OS objects, such
> a KTHREAD. While I cant tell you what exactly goes wrong in your situation
> because you are not providing enough data to identify the crash, I can
> tell you that you choose a wrond driver to play as your first practical
> experience.
>
> Dan
>
>> Hi,
>>
>> I was playing around with jame’s driver here and it has crashed my
>> windows professional XP SP2 system. what is the problem?
>>
>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>
>> It said it loaded.
>>
>> 2) Now I went to administrative tools->double clicked services and bang,
>> my system rebooted.
>>
>>
>> I rebooted. Now I try to do a load as:-
>>
>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>
>> // BANG, my system rebooted again
>>
>> I got back, Now I do
>>
>> InstallDriverAPCDRV unload APCDRV:-
>> 1) I went to administrative tools->services and the name wasn’t listed
>> there.
>> 2) It complained with closeService(…) failure and then said Unload
>> sucessful, I think
>> it says successful whatever happens.
>>
>> Can someone tell me how to go about this?, as my first practical
>> experience was a failure.
>>
>> The driver is here:-
>>
>> . APC kernel http:.
>> This shows APC techniques. Also shows use of
>> PsLookupProcessByProcessId, KeAttachProcess and KeDetachProcess.
>>
>> Thanks
>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
></http:>

This problem could be just about anything. I bet that if you go to “My
Computer”->Properties->Advanced->Startup&Recovery and unset “Automatically
restart”, you’ll see a nice BSOD rather than a reboot. I could be wrong, it
could be that the machine is getting so messed up that it triple-faults,
and thus reboots immediately. [I can describe triple-faulting more if you like, just ask].

Now, if you were to hook up a debugger to the machine (requires either
softICE or a second machine to use WinDBG), you should be able to get more
information.

I just saw your second mail, and yes, it’s quite possible that the problem
is with the DriverEntry or something related to that.


Mats

xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:

Hi,

I was playing around with jame’s driver here and it has crashed my
windows professional XP SP2 system. what is the problem?

  1. I did a Installdriver APCDRV load …\apcdrv.sys

It said it loaded.

  1. Now I went to administrative tools->double clicked services and bang,
    my
    system rebooted.

I rebooted. Now I try to do a load as:-

  1. InstallDriver APCDRV load …\apcdrv.sys

// BANG, my system rebooted again

I got back, Now I do

InstallDriverAPCDRV unload APCDRV:-

  1. I went to administrative tools->services and the name wasn’t listed
    there.
  2. It complained with closeService(…) failure and then said Unload
    sucessful, I think
    it says successful whatever happens.

Can someone tell me how to go about this?, as my first practical
experience
was a failure.

The driver is here:-

. APC kernel http:.
> This shows APC techniques. Also shows use of PsLookupProcessByProcessId,
> KeAttachProcess and KeDetachProcess.
>
> Thanks
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> ForwardSourceID:NT0000962A</http:>

I don’t have softice debugger to break in, may be back home I have one but
not here at work.
Well the “automatically restart” option was checked. I will uncheck and can
give a try but what should I note
down from the blue screen if I am to get one.

Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the cause for
the problem.
I never went through the code but just had a idea of the outline,
started looking and see something like this:-

"
// Invoke an attached debugger. If there’s none, continue.

_try // Per Mark Roddy,
comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
{
DbgBreakPoint();
}
_except(EXCEPTION_EXECUTE_HANDLER)
{
}
"

I will comment and see if that indeed is the reason behind this problem.
So see your response on triple faults after reboot if it crashes again.

Thanks

“Mats PETERSSON” wrote in message
news:xxxxx@ntdev…
>
>
>
>
>
> This problem could be just about anything. I bet that if you go to “My
> Computer”->Properties->Advanced->Startup&Recovery and unset “Automatically
> restart”, you’ll see a nice BSOD rather than a reboot. I could be wrong,
> it
> could be that the machine is getting so messed up that it triple-faults,
> and thus reboots immediately. [I can describe triple-faulting more if you<br>&gt; like, just ask].
>
> Now, if you were to hook up a debugger to the machine (requires either
> softICE or a second machine to use WinDBG), you should be able to get more
> information.
>
> I just saw your second mail, and yes, it’s quite possible that the problem
> is with the DriverEntry or something related to that.
>
> –
> Mats
>
>
>
> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>
>> Hi,
>>
>> I was playing around with jame’s driver here and it has crashed my
>> windows professional XP SP2 system. what is the problem?
>>
>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>
>> It said it loaded.
>>
>> 2) Now I went to administrative tools->double clicked services and bang,
> my
>> system rebooted.
>>
>>
>> I rebooted. Now I try to do a load as:-
>>
>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>
>> // BANG, my system rebooted again
>>
>> I got back, Now I do
>>
>> InstallDriverAPCDRV unload APCDRV:-
>> 1) I went to administrative tools->services and the name wasn’t listed
>> there.
>> 2) It complained with closeService(…) failure and then said Unload
>> sucessful, I think
>> it says successful whatever happens.
>>
>> Can someone tell me how to go about this?, as my first practical
> experience
>> was a failure.
>>
>> The driver is here:-
>>
>> . APC kernel http:.
>> This shows APC techniques. Also shows use of PsLookupProcessByProcessId,
>> KeAttachProcess and KeDetachProcess.
>>
>> Thanks
>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at http://www.
>> osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>> ForwardSourceID:NT0000962A
>
></http:>

If you have a second machine (an old one will do) and a simple crossed
serial cable, you can download WinDBG from Microsoft. It’s free, and works
well.

I don’t think it’s the Debug break, but I guess it could be.


Mats
-------- Notice --------
The information in this message is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of the message, or any
action taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error, please delete it and contact
the sender immediately. Thank you.

xxxxx@lists.osr.com wrote on 12/14/2004 09:50:36 AM:

I don’t have softice debugger to break in, may be back home I have one
but
not here at work.
Well the “automatically restart” option was checked. I will uncheck and
can
give a try but what should I note
down from the blue screen if I am to get one.

Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the cause
for
the problem.
I never went through the code but just had a idea of the outline,
started looking and see something like this:-

"
// Invoke an attached debugger. If there’s none, continue.

_try // Per Mark Roddy,
comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
{
DbgBreakPoint();
}
_except(EXCEPTION_EXECUTE_HANDLER)
{
}
"

I will comment and see if that indeed is the reason behind this problem.
So see your response on triple faults after reboot if it crashes again.

Thanks

“Mats PETERSSON” wrote in message
> news:xxxxx@ntdev…
> >
> >
> >
> >
> >
> > This problem could be just about anything. I bet that if you go to “My
> > Computer”->Properties->Advanced->Startup&Recovery and unset
“Automatically
> > restart”, you’ll see a nice BSOD rather than a reboot. I could be
wrong,
> > it
> > could be that the machine is getting so messed up that it
triple-faults,
> > and thus reboots immediately. [I can describe triple-faulting more if<br>you<br>&gt; &gt; like, just ask].
> >
> > Now, if you were to hook up a debugger to the machine (requires either
> > softICE or a second machine to use WinDBG), you should be able to get
more
> > information.
> >
> > I just saw your second mail, and yes, it’s quite possible that the
problem
> > is with the DriverEntry or something related to that.
> >
> > –
> > Mats
> >
> >
> >
> > xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
> >
> >> Hi,
> >>
> >> I was playing around with jame’s driver here and it has crashed
my
> >> windows professional XP SP2 system. what is the problem?
> >>
> >> 1) I did a Installdriver APCDRV load …\apcdrv.sys
> >>
> >> It said it loaded.
> >>
> >> 2) Now I went to administrative tools->double clicked services and
bang,
> > my
> >> system rebooted.
> >>
> >>
> >> I rebooted. Now I try to do a load as:-
> >>
> >> 1) InstallDriver APCDRV load …\apcdrv.sys
> >>
> >> // BANG, my system rebooted again
> >>
> >> I got back, Now I do
> >>
> >> InstallDriverAPCDRV unload APCDRV:-
> >> 1) I went to administrative tools->services and the name wasn’t listed
> >> there.
> >> 2) It complained with closeService(…) failure and then said Unload
> >> sucessful, I think
> >> it says successful whatever happens.
> >>
> >> Can someone tell me how to go about this?, as my first practical
> > experience
> >> was a failure.
> >>
> >> The driver is here:-
> >>
> >> . APC kernel
http:.
> >> This shows APC techniques. Also shows use of
PsLookupProcessByProcessId,
> >> KeAttachProcess and KeDetachProcess.
> >>
> >> Thanks
> >>
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at http://www.
> >> osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >> ForwardSourceID:NT0000962A
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> ForwardSourceID:NT0000964E</http:>

Cool,the kernel mode DebugBreakPoint was the problem.
It loads and unloads nicely now.
verified with the drivers.exe tool.

But there is one problem, it doesn’t shows up an entry in Services:-

In the . Install a legacy driver
http:. A program
to install legacy-type drivers.

here is the code snippet:-
(Is there any way of showing it up there? or Is it supposed not to show up
over there?)

/

FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR)

PURPOSE: Creates a driver service.

*****/
BOOL InstallDriverService(
SC_HANDLE hSCManager, // open handle to SCM
LPCTSTR pDriverName, // driver name
LPCTSTR pExecutableLocn // fully qualified
binary name
)
{
SC_HANDLE schService;
BOOL flag = FALSE,
flag2;
DWORD lclError;

//
// Note: This creates an entry for a standalone driver. If this
// is modified for use with a driver that requires a Tag,
// Group, and/or Dependencies, it may be necessary to
// query the registry for existing driver information
// (in order to determine a unique Tag, etc.).
//

schService = CreateService( // create the driver
service.
hSCManager, // SCManager database
pDriverName, // name of service
pDriverName, // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
pExecutableLocn, // service’s binary
NULL, // no load ordering
group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL // no password
);

if (NULL==schService) // any problem?
{
lclError = GetLastError(); // get more
information

if (ERROR_SERVICE_EXISTS==lclError) // already exists?
{
flag = TRUE;

goto done;
}

printf(“InstallDriverService: Failed in CreateService, rc = 0%08X\n”,
lclError);

flag = FALSE;

goto done;
}

flag2 = CloseServiceHandle(schService); // close connection to
driver service.

if (FALSE==flag2)
printf(“InstallDriverService: Error in closing driver service
handle.\n”);

flag = TRUE;

done:
return flag;
}

Thanks

“ntdevstart” wrote in message news:xxxxx@ntdev…
>I don’t have softice debugger to break in, may be back home I have one but
>not here at work.
> Well the “automatically restart” option was checked. I will uncheck and
> can give a try but what should I note
> down from the blue screen if I am to get one.
>
> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the cause
> for the problem.
> I never went through the code but just had a idea of the outline,
> started looking and see something like this:-
>
> "
> // Invoke an attached debugger. If there’s none, continue.
>
> _try // Per Mark Roddy,
> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
> {
> DbgBreakPoint();
> }
> _except(EXCEPTION_EXECUTE_HANDLER)
> {
> }
> "
>
> I will comment and see if that indeed is the reason behind this problem.
> So see your response on triple faults after reboot if it crashes again.
>
> Thanks
>
>
> “Mats PETERSSON” wrote in message
> news:xxxxx@ntdev…
>>
>>
>>
>>
>>
>> This problem could be just about anything. I bet that if you go to “My
>> Computer”->Properties->Advanced->Startup&Recovery and unset
>> “Automatically
>> restart”, you’ll see a nice BSOD rather than a reboot. I could be wrong,
>> it
>> could be that the machine is getting so messed up that it triple-faults,
>> and thus reboots immediately. [I can describe triple-faulting more if you<br>&gt;&gt; like, just ask].
>>
>> Now, if you were to hook up a debugger to the machine (requires either
>> softICE or a second machine to use WinDBG), you should be able to get
>> more
>> information.
>>
>> I just saw your second mail, and yes, it’s quite possible that the
>> problem
>> is with the DriverEntry or something related to that.
>>
>> –
>> Mats
>>
>>
>>
>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>
>>> Hi,
>>>
>>> I was playing around with jame’s driver here and it has crashed my
>>> windows professional XP SP2 system. what is the problem?
>>>
>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>
>>> It said it loaded.
>>>
>>> 2) Now I went to administrative tools->double clicked services and bang,
>> my
>>> system rebooted.
>>>
>>>
>>> I rebooted. Now I try to do a load as:-
>>>
>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>
>>> // BANG, my system rebooted again
>>>
>>> I got back, Now I do
>>>
>>> InstallDriverAPCDRV unload APCDRV:-
>>> 1) I went to administrative tools->services and the name wasn’t listed
>>> there.
>>> 2) It complained with closeService(…) failure and then said Unload
>>> sucessful, I think
>>> it says successful whatever happens.
>>>
>>> Can someone tell me how to go about this?, as my first practical
>> experience
>>> was a failure.
>>>
>>> The driver is here:-
>>>
>>> . APC kernel http:.
>>> This shows APC techniques. Also shows use of PsLookupProcessByProcessId,
>>> KeAttachProcess and KeDetachProcess.
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at http://www.
>>> osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>> ForwardSourceID:NT0000962A
>>
>>
>
>
></http:></http:>

I have 2 machines at home, one new and one old. What should I purchase to
get them linked together?what is the term to be used in the computer shop?
Also should I test the old machine for any problems like static charges when
connecting to the new machine, lest I will damage the new one.

I do lot of win32 programming so I use windbg for usermode debugging.

Thanks

“Mats PETERSSON” wrote in message
news:xxxxx@ntdev…
>
>
>
>
>
> If you have a second machine (an old one will do) and a simple crossed
> serial cable, you can download WinDBG from Microsoft. It’s free, and works
> well.
>
> I don’t think it’s the Debug break, but I guess it could be.
>
> –
> Mats
> -------- Notice --------
> The information in this message is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this
> message by anyone else is unauthorized. If you are not the intended
> recipient, any disclosure, copying or distribution of the message, or any
> action taken by you in reliance on it, is prohibited and may be unlawful.
> If you have received this message in error, please delete it and contact
> the sender immediately. Thank you.
>
>
> xxxxx@lists.osr.com wrote on 12/14/2004 09:50:36 AM:
>
>> I don’t have softice debugger to break in, may be back home I have one
> but
>> not here at work.
>> Well the “automatically restart” option was checked. I will uncheck and
> can
>> give a try but what should I note
>> down from the blue screen if I am to get one.
>>
>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the cause
> for
>> the problem.
>> I never went through the code but just had a idea of the outline,
>> started looking and see something like this:-
>>
>> "
>> // Invoke an attached debugger. If there’s none, continue.
>>
>> _try // Per Mark Roddy,
>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>> {
>> DbgBreakPoint();
>> }
>> _except(EXCEPTION_EXECUTE_HANDLER)
>> {
>> }
>> "
>>
>> I will comment and see if that indeed is the reason behind this problem.
>> So see your response on triple faults after reboot if it crashes again.
>>
>> Thanks
>>
>>
>> “Mats PETERSSON” wrote in message
>> news:xxxxx@ntdev…
>> >
>> >
>> >
>> >
>> >
>> > This problem could be just about anything. I bet that if you go to “My
>> > Computer”->Properties->Advanced->Startup&Recovery and unset
> “Automatically
>> > restart”, you’ll see a nice BSOD rather than a reboot. I could be
> wrong,
>> > it
>> > could be that the machine is getting so messed up that it
> triple-faults,
>> > and thus reboots immediately. [I can describe triple-faulting more if<br>&gt; you<br>&gt;&gt; &gt; like, just ask].
>> >
>> > Now, if you were to hook up a debugger to the machine (requires either
>> > softICE or a second machine to use WinDBG), you should be able to get
> more
>> > information.
>> >
>> > I just saw your second mail, and yes, it’s quite possible that the
> problem
>> > is with the DriverEntry or something related to that.
>> >
>> > –
>> > Mats
>> >
>> >
>> >
>> > xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>> >
>> >> Hi,
>> >>
>> >> I was playing around with jame’s driver here and it has crashed
> my
>> >> windows professional XP SP2 system. what is the problem?
>> >>
>> >> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>> >>
>> >> It said it loaded.
>> >>
>> >> 2) Now I went to administrative tools->double clicked services and
> bang,
>> > my
>> >> system rebooted.
>> >>
>> >>
>> >> I rebooted. Now I try to do a load as:-
>> >>
>> >> 1) InstallDriver APCDRV load …\apcdrv.sys
>> >>
>> >> // BANG, my system rebooted again
>> >>
>> >> I got back, Now I do
>> >>
>> >> InstallDriverAPCDRV unload APCDRV:-
>> >> 1) I went to administrative tools->services and the name wasn’t listed
>> >> there.
>> >> 2) It complained with closeService(…) failure and then said Unload
>> >> sucessful, I think
>> >> it says successful whatever happens.
>> >>
>> >> Can someone tell me how to go about this?, as my first practical
>> > experience
>> >> was a failure.
>> >>
>> >> The driver is here:-
>> >>
>> >> . APC kernel
> http:.
>> >> This shows APC techniques. Also shows use of
> PsLookupProcessByProcessId,
>> >> KeAttachProcess and KeDetachProcess.
>> >>
>> >> Thanks
>> >>
>> >>
>> >>
>> >>
>> >> —
>> >> Questions? First check the Kernel Driver FAQ at http://www.
>> >> osronline.com/article.cfm?id=256
>> >>
>> >> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
>> >
>> >> ForwardSourceID:NT0000962A
>> >
>> >
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at http://www.
>> osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>> ForwardSourceID:NT0000964E
>
></http:>

You just need a “Null-modem” serial cable with suitable connectors for the
serial port on each machine (usually DB9 female ones).

It shouldn’t be a problem to connect the machines together. The serial port
should be isolated from the rest of the electrics in the machine with a
MAX232 type device anyways, so the ‘worst case’ is that the serial port
stops working, but that hasn’t happened to me for many years. I can’t
remember last time, but it used to be a common occurance to some of the
VT100 compatible terminals that we used about 15 years back, but I think
that was a badly designed terminal (they were also using the pesky 1489
line drivers that I think aren’t quite as beefy as the Max 232 type
devices).

Mats

xxxxx@lists.osr.com wrote on 12/14/2004 10:28:16 AM:

I have 2 machines at home, one new and one old. What should I purchase to

get them linked together?what is the term to be used in the computer
shop?
Also should I test the old machine for any problems like static charges
when
connecting to the new machine, lest I will damage the new one.

I do lot of win32 programming so I use windbg for usermode debugging.

Thanks

“Mats PETERSSON” wrote in message
> news:xxxxx@ntdev…
> >
> >
> >
> >
> >
> > If you have a second machine (an old one will do) and a simple crossed
> > serial cable, you can download WinDBG from Microsoft. It’s free, and
works
> > well.
> >
> > I don’t think it’s the Debug break, but I guess it could be.
> >
> > –
> > Mats
> > -------- Notice --------
> > The information in this message is confidential and may be legally
> > privileged. It is intended solely for the addressee. Access to this
> > message by anyone else is unauthorized. If you are not the intended
> > recipient, any disclosure, copying or distribution of the message, or
any
> > action taken by you in reliance on it, is prohibited and may be
unlawful.
> > If you have received this message in error, please delete it and
contact
> > the sender immediately. Thank you.
> >
> >
> > xxxxx@lists.osr.com wrote on 12/14/2004 09:50:36 AM:
> >
> >> I don’t have softice debugger to break in, may be back home I have one
> > but
> >> not here at work.
> >> Well the “automatically restart” option was checked. I will uncheck
and
> > can
> >> give a try but what should I note
> >> down from the blue screen if I am to get one.
> >>
> >> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
cause
> > for
> >> the problem.
> >> I never went through the code but just had a idea of the outline,
> >> started looking and see something like this:-
> >>
> >> "
> >> // Invoke an attached debugger. If there’s none, continue.
> >>
> >> _try // Per Mark
Roddy,
> >> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
> >> {
> >> DbgBreakPoint();
> >> }
> >> _except(EXCEPTION_EXECUTE_HANDLER)
> >> {
> >> }
> >> "
> >>
> >> I will comment and see if that indeed is the reason behind this
problem.
> >> So see your response on triple faults after reboot if it crashes
again.
> >>
> >> Thanks
> >>
> >>
> >> “Mats PETERSSON” wrote in message
> >> news:xxxxx@ntdev…
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > This problem could be just about anything. I bet that if you go to
“My
> >> > Computer”->Properties->Advanced->Startup&Recovery and unset
> > “Automatically
> >> > restart”, you’ll see a nice BSOD rather than a reboot. I could be
> > wrong,
> >> > it
> >> > could be that the machine is getting so messed up that it
> > triple-faults,
> >> > and thus reboots immediately. [I can describe triple-faulting more<br>if<br>&gt; &gt; you<br>&gt; &gt;&gt; &gt; like, just ask].
> >> >
> >> > Now, if you were to hook up a debugger to the machine (requires
either
> >> > softICE or a second machine to use WinDBG), you should be able to
get
> > more
> >> > information.
> >> >
> >> > I just saw your second mail, and yes, it’s quite possible that the
> > problem
> >> > is with the DriverEntry or something related to that.
> >> >
> >> > –
> >> > Mats
> >> >
> >> >
> >> >
> >> > xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
> >> >
> >> >> Hi,
> >> >>
> >> >> I was playing around with jame’s driver here and it has
crashed
> > my
> >> >> windows professional XP SP2 system. what is the problem?
> >> >>
> >> >> 1) I did a Installdriver APCDRV load …\apcdrv.sys
> >> >>
> >> >> It said it loaded.
> >> >>
> >> >> 2) Now I went to administrative tools->double clicked services and
> > bang,
> >> > my
> >> >> system rebooted.
> >> >>
> >> >>
> >> >> I rebooted. Now I try to do a load as:-
> >> >>
> >> >> 1) InstallDriver APCDRV load …\apcdrv.sys
> >> >>
> >> >> // BANG, my system rebooted again
> >> >>
> >> >> I got back, Now I do
> >> >>
> >> >> InstallDriverAPCDRV unload APCDRV:-
> >> >> 1) I went to administrative tools->services and the name wasn’t
listed
> >> >> there.
> >> >> 2) It complained with closeService(…) failure and then said
Unload
> >> >> sucessful, I think
> >> >> it says successful whatever happens.
> >> >>
> >> >> Can someone tell me how to go about this?, as my first practical
> >> > experience
> >> >> was a failure.
> >> >>
> >> >> The driver is here:-
> >> >>
> >> >> . APC kernel
> > http:.
> >> >> This shows APC techniques. Also shows use of
> > PsLookupProcessByProcessId,
> >> >> KeAttachProcess and KeDetachProcess.
> >> >>
> >> >> Thanks
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> —
> >> >> Questions? First check the Kernel Driver FAQ at http://www.
> >> >> osronline.com/article.cfm?id=256
> >> >>
> >> >> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> >> >> To unsubscribe send a blank email to
xxxxx@lists.osr.com
> >> >
> >> >> ForwardSourceID:NT0000962A
> >> >
> >> >
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at http://www.
> >> osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >> ForwardSourceID:NT0000964E
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> ForwardSourceID:NT0000966A</http:>

Ok, I will try saying “Null modem” serial cable at the computer shop.
If they don’t understand, I hope telling serial cable would be fine.
Is there a good book also? Is wdm book by walter oney a good place to start,
though I haven’t seen the contents.

Thanks

“Mats PETERSSON” wrote in message
news:xxxxx@ntdev…
>
>
>
>
>
> You just need a “Null-modem” serial cable with suitable connectors for the
> serial port on each machine (usually DB9 female ones).
>
> It shouldn’t be a problem to connect the machines together. The serial
> port
> should be isolated from the rest of the electrics in the machine with a
> MAX232 type device anyways, so the ‘worst case’ is that the serial port
> stops working, but that hasn’t happened to me for many years. I can’t
> remember last time, but it used to be a common occurance to some of the
> VT100 compatible terminals that we used about 15 years back, but I think
> that was a badly designed terminal (they were also using the pesky 1489
> line drivers that I think aren’t quite as beefy as the Max 232 type
> devices).
> –
> Mats
>
> xxxxx@lists.osr.com wrote on 12/14/2004 10:28:16 AM:
>
>> I have 2 machines at home, one new and one old. What should I purchase to
>
>> get them linked together?what is the term to be used in the computer
> shop?
>> Also should I test the old machine for any problems like static charges
> when
>> connecting to the new machine, lest I will damage the new one.
>>
>> I do lot of win32 programming so I use windbg for usermode debugging.
>>
>>
>> Thanks
>>
>> “Mats PETERSSON” wrote in message
>> news:xxxxx@ntdev…
>> >
>> >
>> >
>> >
>> >
>> > If you have a second machine (an old one will do) and a simple crossed
>> > serial cable, you can download WinDBG from Microsoft. It’s free, and
> works
>> > well.
>> >
>> > I don’t think it’s the Debug break, but I guess it could be.
>> >
>> > –
>> > Mats
>> > -------- Notice --------
>> > The information in this message is confidential and may be legally
>> > privileged. It is intended solely for the addressee. Access to this
>> > message by anyone else is unauthorized. If you are not the intended
>> > recipient, any disclosure, copying or distribution of the message, or
> any
>> > action taken by you in reliance on it, is prohibited and may be
> unlawful.
>> > If you have received this message in error, please delete it and
> contact
>> > the sender immediately. Thank you.
>> >
>> >
>> > xxxxx@lists.osr.com wrote on 12/14/2004 09:50:36 AM:
>> >
>> >> I don’t have softice debugger to break in, may be back home I have one
>> > but
>> >> not here at work.
>> >> Well the “automatically restart” option was checked. I will uncheck
> and
>> > can
>> >> give a try but what should I note
>> >> down from the blue screen if I am to get one.
>> >>
>> >> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
> cause
>> > for
>> >> the problem.
>> >> I never went through the code but just had a idea of the outline,
>> >> started looking and see something like this:-
>> >>
>> >> "
>> >> // Invoke an attached debugger. If there’s none, continue.
>> >>
>> >> _try // Per Mark
> Roddy,
>> >> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>> >> {
>> >> DbgBreakPoint();
>> >> }
>> >> _except(EXCEPTION_EXECUTE_HANDLER)
>> >> {
>> >> }
>> >> "
>> >>
>> >> I will comment and see if that indeed is the reason behind this
> problem.
>> >> So see your response on triple faults after reboot if it crashes
> again.
>> >>
>> >> Thanks
>> >>
>> >>
>> >> “Mats PETERSSON” wrote in message
>> >> news:xxxxx@ntdev…
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > This problem could be just about anything. I bet that if you go to
> “My
>> >> > Computer”->Properties->Advanced->Startup&Recovery and unset
>> > “Automatically
>> >> > restart”, you’ll see a nice BSOD rather than a reboot. I could be
>> > wrong,
>> >> > it
>> >> > could be that the machine is getting so messed up that it
>> > triple-faults,
>> >> > and thus reboots immediately. [I can describe triple-faulting more<br>&gt; if<br>&gt;&gt; &gt; you<br>&gt;&gt; &gt;&gt; &gt; like, just ask].
>> >> >
>> >> > Now, if you were to hook up a debugger to the machine (requires
> either
>> >> > softICE or a second machine to use WinDBG), you should be able to
> get
>> > more
>> >> > information.
>> >> >
>> >> > I just saw your second mail, and yes, it’s quite possible that the
>> > problem
>> >> > is with the DriverEntry or something related to that.
>> >> >
>> >> > –
>> >> > Mats
>> >> >
>> >> >
>> >> >
>> >> > xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>> >> >
>> >> >> Hi,
>> >> >>
>> >> >> I was playing around with jame’s driver here and it has
> crashed
>> > my
>> >> >> windows professional XP SP2 system. what is the problem?
>> >> >>
>> >> >> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>> >> >>
>> >> >> It said it loaded.
>> >> >>
>> >> >> 2) Now I went to administrative tools->double clicked services and
>> > bang,
>> >> > my
>> >> >> system rebooted.
>> >> >>
>> >> >>
>> >> >> I rebooted. Now I try to do a load as:-
>> >> >>
>> >> >> 1) InstallDriver APCDRV load …\apcdrv.sys
>> >> >>
>> >> >> // BANG, my system rebooted again
>> >> >>
>> >> >> I got back, Now I do
>> >> >>
>> >> >> InstallDriverAPCDRV unload APCDRV:-
>> >> >> 1) I went to administrative tools->services and the name wasn’t
> listed
>> >> >> there.
>> >> >> 2) It complained with closeService(…) failure and then said
> Unload
>> >> >> sucessful, I think
>> >> >> it says successful whatever happens.
>> >> >>
>> >> >> Can someone tell me how to go about this?, as my first practical
>> >> > experience
>> >> >> was a failure.
>> >> >>
>> >> >> The driver is here:-
>> >> >>
>> >> >> . APC kernel
>> > http:.
>> >> >> This shows APC techniques. Also shows use of
>> > PsLookupProcessByProcessId,
>> >> >> KeAttachProcess and KeDetachProcess.
>> >> >>
>> >> >> Thanks
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> —
>> >> >> Questions? First check the Kernel Driver FAQ at http://www.
>> >> >> osronline.com/article.cfm?id=256
>> >> >>
>> >> >> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>> >> >> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>> >> >
>> >> >> ForwardSourceID:NT0000962A
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> —
>> >> Questions? First check the Kernel Driver FAQ at http://www.
>> >> osronline.com/article.cfm?id=256
>> >>
>> >> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
>> >
>> >> ForwardSourceID:NT0000964E
>> >
>> >
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at http://www.
>> osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>> ForwardSourceID:NT0000966A
>
></http:>

This isn’t a service in the sense of a user-mode program that runs without
anyone logging in. So I don’t think it’s worthwhile to look for it as a
service.

As for DebugBreakPoint, I’m skeptical that’s a problem.

Just in case anyone is in doubt, the subject program and other things from
my web site are my personal efforts and not related to my employer.


James Antognini
Windows DDK Support

This posting is provided “AS IS” with no warranties, and confers no rights.

“ntdevstart” wrote in message news:xxxxx@ntdev…
> Cool,the kernel mode DebugBreakPoint was the problem.
> It loads and unloads nicely now.
> verified with the drivers.exe tool.
>
> But there is one problem, it doesn’t shows up an entry in Services:-
>
> In the . Install a legacy driver
> http:. A
> program to install legacy-type drivers.
>
> here is the code snippet:-
> (Is there any way of showing it up there? or Is it supposed not to show up
> over there?)
>
>
> /***
>
> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR)
>
> * PURPOSE: Creates a driver service.
>
>
/
> BOOL InstallDriverService(
> SC_HANDLE hSCManager, // open handle to SCM
> LPCTSTR pDriverName, // driver name
> LPCTSTR pExecutableLocn // fully qualified
> binary name
> )
> {
> SC_HANDLE schService;
> BOOL flag = FALSE,
> flag2;
> DWORD lclError;
>
> //
> // Note: This creates an entry for a standalone driver. If this
> // is modified for use with a driver that requires a Tag,
> // Group, and/or Dependencies, it may be necessary to
> // query the registry for existing driver information
> // (in order to determine a unique Tag, etc.).
> //
>
> schService = CreateService( // create the driver
> service.
> hSCManager, // SCManager database
> pDriverName, // name of service
> pDriverName, // name to display
> SERVICE_ALL_ACCESS, // desired access
> SERVICE_KERNEL_DRIVER, // service type
> SERVICE_DEMAND_START, // start type
> SERVICE_ERROR_NORMAL, // error control type
> pExecutableLocn, // service’s binary
> NULL, // no load ordering
> group
> NULL, // no tag identifier
> NULL, // no dependencies
> NULL, // LocalSystem
> account
> NULL // no password
> );
>
> if (NULL==schService) // any problem?
> {
> lclError = GetLastError(); // get more
> information
>
> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
> {
> flag = TRUE;
>
> goto done;
> }
>
> printf(“InstallDriverService: Failed in CreateService, rc = 0%08X\n”,
> lclError);
>
> flag = FALSE;
>
> goto done;
> }
>
> flag2 = CloseServiceHandle(schService); // close connection
> to driver service.
>
> if (FALSE==flag2)
> printf(“InstallDriverService: Error in closing driver service
> handle.\n”);
>
> flag = TRUE;
>
> done:
> return flag;
> }
>
>
> Thanks
>
> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>I don’t have softice debugger to break in, may be back home I have one but
>>not here at work.
>> Well the “automatically restart” option was checked. I will uncheck and
>> can give a try but what should I note
>> down from the blue screen if I am to get one.
>>
>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the cause
>> for the problem.
>> I never went through the code but just had a idea of the outline,
>> started looking and see something like this:-
>>
>> "
>> // Invoke an attached debugger. If there’s none, continue.
>>
>> _try // Per Mark Roddy,
>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>> {
>> DbgBreakPoint();
>> }
>> _except(EXCEPTION_EXECUTE_HANDLER)
>> {
>> }
>> "
>>
>> I will comment and see if that indeed is the reason behind this problem.
>> So see your response on triple faults after reboot if it crashes again.
>>
>> Thanks
>>
>>
>> “Mats PETERSSON” wrote in message
>> news:xxxxx@ntdev…
>>>
>>>
>>>
>>>
>>>
>>> This problem could be just about anything. I bet that if you go to “My
>>> Computer”->Properties->Advanced->Startup&Recovery and unset
>>> “Automatically
>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be wrong,
>>> it
>>> could be that the machine is getting so messed up that it triple-faults,
>>> and thus reboots immediately. [I can describe triple-faulting more if <br>&gt;&gt;&gt; you<br>&gt;&gt;&gt; like, just ask].
>>>
>>> Now, if you were to hook up a debugger to the machine (requires either
>>> softICE or a second machine to use WinDBG), you should be able to get
>>> more
>>> information.
>>>
>>> I just saw your second mail, and yes, it’s quite possible that the
>>> problem
>>> is with the DriverEntry or something related to that.
>>>
>>> –
>>> Mats
>>>
>>>
>>>
>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>>
>>>> Hi,
>>>>
>>>> I was playing around with jame’s driver here and it has crashed my
>>>> windows professional XP SP2 system. what is the problem?
>>>>
>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>>
>>>> It said it loaded.
>>>>
>>>> 2) Now I went to administrative tools->double clicked services and
>>>> bang,
>>> my
>>>> system rebooted.
>>>>
>>>>
>>>> I rebooted. Now I try to do a load as:-
>>>>
>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>>
>>>> // BANG, my system rebooted again
>>>>
>>>> I got back, Now I do
>>>>
>>>> InstallDriverAPCDRV unload APCDRV:-
>>>> 1) I went to administrative tools->services and the name wasn’t listed
>>>> there.
>>>> 2) It complained with closeService(…) failure and then said Unload
>>>> sucessful, I think
>>>> it says successful whatever happens.
>>>>
>>>> Can someone tell me how to go about this?, as my first practical
>>> experience
>>>> was a failure.
>>>>
>>>> The driver is here:-
>>>>
>>>> . APC kernel
>>>> http:.
>>>> This shows APC techniques. Also shows use of
>>>> PsLookupProcessByProcessId,
>>>> KeAttachProcess and KeDetachProcess.
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>> —
>>>> Questions? First check the Kernel Driver FAQ at http://www.
>>>> osronline.com/article.cfm?id=256
>>>>
>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>>> ForwardSourceID:NT0000962A
>>>
>>>
>>
>>
>>
>
>
></http:></http:>

I removed the DebugBreakPoint which you had put in the DriverEntry which was
causing my machine to reboot and it worked fine.
My machine is

Intel P4 3.2GHz and windows XP professional SP2

if this helps.

You say " So I don’t think it’s worthwhile to look for it as a service."
Clarify guys, I am trying to understand the fundamentals as Max says it is a
service and you say it isn’t. I see it to be a service from the way it is
created.

Thanks for the informative website of yours, it is a nice place to start KM
programming.

“James Antognini [MSFT]” wrote in message
news:xxxxx@ntdev…
> This isn’t a service in the sense of a user-mode program that runs without
> anyone logging in. So I don’t think it’s worthwhile to look for it as a
> service.
>
> As for DebugBreakPoint, I’m skeptical that’s a problem.
>
> Just in case anyone is in doubt, the subject program and other things from
> my web site are my personal efforts and not related to my employer.
>
> –
> James Antognini
> Windows DDK Support
>
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “ntdevstart” wrote in message news:xxxxx@ntdev…
>> Cool,the kernel mode DebugBreakPoint was the problem.
>> It loads and unloads nicely now.
>> verified with the drivers.exe tool.
>>
>> But there is one problem, it doesn’t shows up an entry in Services:-
>>
>> In the . Install a legacy driver
>> http:. A
>> program to install legacy-type drivers.
>>
>> here is the code snippet:-
>> (Is there any way of showing it up there? or Is it supposed not to show
>> up over there?)
>>
>>
>> /***
>>
>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
>> LPCTSTR)
>>
>> * PURPOSE: Creates a driver service.
>>
>>
/
>> BOOL InstallDriverService(
>> SC_HANDLE hSCManager, // open handle to
>> SCM
>> LPCTSTR pDriverName, // driver name
>> LPCTSTR pExecutableLocn // fully qualified
>> binary name
>> )
>> {
>> SC_HANDLE schService;
>> BOOL flag = FALSE,
>> flag2;
>> DWORD lclError;
>>
>> //
>> // Note: This creates an entry for a standalone driver. If this
>> // is modified for use with a driver that requires a Tag,
>> // Group, and/or Dependencies, it may be necessary to
>> // query the registry for existing driver information
>> // (in order to determine a unique Tag, etc.).
>> //
>>
>> schService = CreateService( // create the driver
>> service.
>> hSCManager, // SCManager
>> database
>> pDriverName, // name of service
>> pDriverName, // name to display
>> SERVICE_ALL_ACCESS, // desired access
>> SERVICE_KERNEL_DRIVER, // service type
>> SERVICE_DEMAND_START, // start type
>> SERVICE_ERROR_NORMAL, // error control
>> type
>> pExecutableLocn, // service’s binary
>> NULL, // no load ordering
>> group
>> NULL, // no tag identifier
>> NULL, // no dependencies
>> NULL, // LocalSystem
>> account
>> NULL // no password
>> );
>>
>> if (NULL==schService) // any problem?
>> {
>> lclError = GetLastError(); // get more
>> information
>>
>> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
>> {
>> flag = TRUE;
>>
>> goto done;
>> }
>>
>> printf(“InstallDriverService: Failed in CreateService, rc = 0%08X\n”,
>> lclError);
>>
>> flag = FALSE;
>>
>> goto done;
>> }
>>
>> flag2 = CloseServiceHandle(schService); // close connection
>> to driver service.
>>
>> if (FALSE==flag2)
>> printf(“InstallDriverService: Error in closing driver service
>> handle.\n”);
>>
>> flag = TRUE;
>>
>> done:
>> return flag;
>> }
>>
>>
>> Thanks
>>
>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>>I don’t have softice debugger to break in, may be back home I have one
>>>but not here at work.
>>> Well the “automatically restart” option was checked. I will uncheck and
>>> can give a try but what should I note
>>> down from the blue screen if I am to get one.
>>>
>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the cause
>>> for the problem.
>>> I never went through the code but just had a idea of the outline,
>>> started looking and see something like this:-
>>>
>>> "
>>> // Invoke an attached debugger. If there’s none, continue.
>>>
>>> _try // Per Mark Roddy,
>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>>> {
>>> DbgBreakPoint();
>>> }
>>> _except(EXCEPTION_EXECUTE_HANDLER)
>>> {
>>> }
>>> "
>>>
>>> I will comment and see if that indeed is the reason behind this problem.
>>> So see your response on triple faults after reboot if it crashes again.
>>>
>>> Thanks
>>>
>>>
>>> “Mats PETERSSON” wrote in message
>>> news:xxxxx@ntdev…
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This problem could be just about anything. I bet that if you go to “My
>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
>>>> “Automatically
>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
>>>> wrong, it
>>>> could be that the machine is getting so messed up that it
>>>> triple-faults,
>>>> and thus reboots immediately. [I can describe triple-faulting more if <br>&gt;&gt;&gt;&gt; you<br>&gt;&gt;&gt;&gt; like, just ask].
>>>>
>>>> Now, if you were to hook up a debugger to the machine (requires either
>>>> softICE or a second machine to use WinDBG), you should be able to get
>>>> more
>>>> information.
>>>>
>>>> I just saw your second mail, and yes, it’s quite possible that the
>>>> problem
>>>> is with the DriverEntry or something related to that.
>>>>
>>>> –
>>>> Mats
>>>>
>>>>
>>>>
>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>>>
>>>>> Hi,
>>>>>
>>>>> I was playing around with jame’s driver here and it has crashed
>>>>> my
>>>>> windows professional XP SP2 system. what is the problem?
>>>>>
>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>>>
>>>>> It said it loaded.
>>>>>
>>>>> 2) Now I went to administrative tools->double clicked services and
>>>>> bang,
>>>> my
>>>>> system rebooted.
>>>>>
>>>>>
>>>>> I rebooted. Now I try to do a load as:-
>>>>>
>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>>>
>>>>> // BANG, my system rebooted again
>>>>>
>>>>> I got back, Now I do
>>>>>
>>>>> InstallDriverAPCDRV unload APCDRV:-
>>>>> 1) I went to administrative tools->services and the name wasn’t listed
>>>>> there.
>>>>> 2) It complained with closeService(…) failure and then said Unload
>>>>> sucessful, I think
>>>>> it says successful whatever happens.
>>>>>
>>>>> Can someone tell me how to go about this?, as my first practical
>>>> experience
>>>>> was a failure.
>>>>>
>>>>> The driver is here:-
>>>>>
>>>>> . APC kernel
>>>>> http:.
>>>>> This shows APC techniques. Also shows use of
>>>>> PsLookupProcessByProcessId,
>>>>> KeAttachProcess and KeDetachProcess.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> —
>>>>> Questions? First check the Kernel Driver FAQ at http://www.
>>>>> osronline.com/article.cfm?id=256
>>>>>
>>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>>
>>>>> ForwardSourceID:NT0000962A
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
></http:></http:>

> Clarify guys, I am trying to understand the fundamentals as Max says it is a

service and you say it isn’t.

This depends on how we understand the “service”.

If it is - “entity which has the SC database entry” - then yes, each driver
except the kernel mode DLLs is a service.
If it is - “user process” - then it is not a service.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

I’m sure that removing the statement cured your problem. I simply cannot
come up with an idea why it would make a difference.


James Antognini
Windows DDK Support

This posting is provided “AS IS” with no warranties, and confers no rights.

“ntdevstart” wrote in message news:xxxxx@ntdev…
>I removed the DebugBreakPoint which you had put in the DriverEntry which
>was causing my machine to reboot and it worked fine.
> My machine is
>
> Intel P4 3.2GHz and windows XP professional SP2
>
> if this helps.
>
> You say " So I don’t think it’s worthwhile to look for it as a service."
> Clarify guys, I am trying to understand the fundamentals as Max says it is
> a service and you say it isn’t. I see it to be a service from the way it
> is created.
>
> Thanks for the informative website of yours, it is a nice place to start
> KM programming.
>
>
>
> “James Antognini [MSFT]” wrote in message
> news:xxxxx@ntdev…
>> This isn’t a service in the sense of a user-mode program that runs
>> without anyone logging in. So I don’t think it’s worthwhile to look for
>> it as a service.
>>
>> As for DebugBreakPoint, I’m skeptical that’s a problem.
>>
>> Just in case anyone is in doubt, the subject program and other things
>> from my web site are my personal efforts and not related to my employer.
>>
>> –
>> James Antognini
>> Windows DDK Support
>>
>> This posting is provided “AS IS” with no warranties, and confers no
>> rights.
>>
>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>> Cool,the kernel mode DebugBreakPoint was the problem.
>>> It loads and unloads nicely now.
>>> verified with the drivers.exe tool.
>>>
>>> But there is one problem, it doesn’t shows up an entry in Services:-
>>>
>>> In the . Install a legacy driver
>>> http:. A
>>> program to install legacy-type drivers.
>>>
>>> here is the code snippet:-
>>> (Is there any way of showing it up there? or Is it supposed not to show
>>> up over there?)
>>>
>>>
>>> /***
>>>
>>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
>>> LPCTSTR)
>>>
>>> * PURPOSE: Creates a driver service.
>>>
>>>
/
>>> BOOL InstallDriverService(
>>> SC_HANDLE hSCManager, // open handle to
>>> SCM
>>> LPCTSTR pDriverName, // driver name
>>> LPCTSTR pExecutableLocn // fully qualified
>>> binary name
>>> )
>>> {
>>> SC_HANDLE schService;
>>> BOOL flag = FALSE,
>>> flag2;
>>> DWORD lclError;
>>>
>>> //
>>> // Note: This creates an entry for a standalone driver. If this
>>> // is modified for use with a driver that requires a Tag,
>>> // Group, and/or Dependencies, it may be necessary to
>>> // query the registry for existing driver information
>>> // (in order to determine a unique Tag, etc.).
>>> //
>>>
>>> schService = CreateService( // create the
>>> driver service.
>>> hSCManager, // SCManager
>>> database
>>> pDriverName, // name of service
>>> pDriverName, // name to display
>>> SERVICE_ALL_ACCESS, // desired access
>>> SERVICE_KERNEL_DRIVER, // service type
>>> SERVICE_DEMAND_START, // start type
>>> SERVICE_ERROR_NORMAL, // error control
>>> type
>>> pExecutableLocn, // service’s binary
>>> NULL, // no load ordering
>>> group
>>> NULL, // no tag
>>> identifier
>>> NULL, // no dependencies
>>> NULL, // LocalSystem
>>> account
>>> NULL // no password
>>> );
>>>
>>> if (NULL==schService) // any problem?
>>> {
>>> lclError = GetLastError(); // get more
>>> information
>>>
>>> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
>>> {
>>> flag = TRUE;
>>>
>>> goto done;
>>> }
>>>
>>> printf(“InstallDriverService: Failed in CreateService, rc =
>>> 0%08X\n”, lclError);
>>>
>>> flag = FALSE;
>>>
>>> goto done;
>>> }
>>>
>>> flag2 = CloseServiceHandle(schService); // close connection
>>> to driver service.
>>>
>>> if (FALSE==flag2)
>>> printf(“InstallDriverService: Error in closing driver service
>>> handle.\n”);
>>>
>>> flag = TRUE;
>>>
>>> done:
>>> return flag;
>>> }
>>>
>>>
>>> Thanks
>>>
>>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>>>I don’t have softice debugger to break in, may be back home I have one
>>>>but not here at work.
>>>> Well the “automatically restart” option was checked. I will uncheck and
>>>> can give a try but what should I note
>>>> down from the blue screen if I am to get one.
>>>>
>>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
>>>> cause for the problem.
>>>> I never went through the code but just had a idea of the outline,
>>>> started looking and see something like this:-
>>>>
>>>> "
>>>> // Invoke an attached debugger. If there’s none, continue.
>>>>
>>>> _try // Per Mark Roddy,
>>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>>>> {
>>>> DbgBreakPoint();
>>>> }
>>>> _except(EXCEPTION_EXECUTE_HANDLER)
>>>> {
>>>> }
>>>> "
>>>>
>>>> I will comment and see if that indeed is the reason behind this
>>>> problem.
>>>> So see your response on triple faults after reboot if it crashes again.
>>>>
>>>> Thanks
>>>>
>>>>
>>>> “Mats PETERSSON” wrote in message
>>>> news:xxxxx@ntdev…
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> This problem could be just about anything. I bet that if you go to “My
>>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
>>>>> “Automatically
>>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
>>>>> wrong, it
>>>>> could be that the machine is getting so messed up that it
>>>>> triple-faults,
>>>>> and thus reboots immediately. [I can describe triple-faulting more if <br>&gt;&gt;&gt;&gt;&gt; you<br>&gt;&gt;&gt;&gt;&gt; like, just ask].
>>>>>
>>>>> Now, if you were to hook up a debugger to the machine (requires either
>>>>> softICE or a second machine to use WinDBG), you should be able to get
>>>>> more
>>>>> information.
>>>>>
>>>>> I just saw your second mail, and yes, it’s quite possible that the
>>>>> problem
>>>>> is with the DriverEntry or something related to that.
>>>>>
>>>>> –
>>>>> Mats
>>>>>
>>>>>
>>>>>
>>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I was playing around with jame’s driver here and it has crashed
>>>>>> my
>>>>>> windows professional XP SP2 system. what is the problem?
>>>>>>
>>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>>>>
>>>>>> It said it loaded.
>>>>>>
>>>>>> 2) Now I went to administrative tools->double clicked services and
>>>>>> bang,
>>>>> my
>>>>>> system rebooted.
>>>>>>
>>>>>>
>>>>>> I rebooted. Now I try to do a load as:-
>>>>>>
>>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>>>>
>>>>>> // BANG, my system rebooted again
>>>>>>
>>>>>> I got back, Now I do
>>>>>>
>>>>>> InstallDriverAPCDRV unload APCDRV:-
>>>>>> 1) I went to administrative tools->services and the name wasn’t
>>>>>> listed
>>>>>> there.
>>>>>> 2) It complained with closeService(…) failure and then said Unload
>>>>>> sucessful, I think
>>>>>> it says successful whatever happens.
>>>>>>
>>>>>> Can someone tell me how to go about this?, as my first practical
>>>>> experience
>>>>>> was a failure.
>>>>>>
>>>>>> The driver is here:-
>>>>>>
>>>>>> . APC kernel
>>>>>> http:.
>>>>>> This shows APC techniques. Also shows use of
>>>>>> PsLookupProcessByProcessId,
>>>>>> KeAttachProcess and KeDetachProcess.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> —
>>>>>> Questions? First check the Kernel Driver FAQ at http://www.
>>>>>> osronline.com/article.cfm?id=256
>>>>>>
>>>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>>>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>>>
>>>>>> ForwardSourceID:NT0000962A
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
></http:></http:>

I’ve only been following this thread with half a brain cell, but if you
call DbgBreakPoint() from the kernel without a kernel debugger of some
kind attached, it should bugcheck.

Should it not?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

xxxxx@lists.osr.com wrote on 12/15/2004 11:51:01 AM:

I’m sure that removing the statement cured your problem. I simply cannot

come up with an idea why it would make a difference.


James Antognini
Windows DDK Support

This posting is provided “AS IS” with no warranties, and confers no
rights.

“ntdevstart” wrote in message news:xxxxx@ntdev…
> >I removed the DebugBreakPoint which you had put in the DriverEntry
which
> >was causing my machine to reboot and it worked fine.
> > My machine is
> >
> > Intel P4 3.2GHz and windows XP professional SP2
> >
> > if this helps.
> >
> > You say " So I don’t think it’s worthwhile to look for it as a
service."
> > Clarify guys, I am trying to understand the fundamentals as Max says
it is
> > a service and you say it isn’t. I see it to be a service from the way
it
> > is created.
> >
> > Thanks for the informative website of yours, it is a nice place to
start
> > KM programming.
> >
> >
> >
> > “James Antognini [MSFT]” wrote in
message
> > news:xxxxx@ntdev…
> >> This isn’t a service in the sense of a user-mode program that runs
> >> without anyone logging in. So I don’t think it’s worthwhile to look
for
> >> it as a service.
> >>
> >> As for DebugBreakPoint, I’m skeptical that’s a problem.
> >>
> >> Just in case anyone is in doubt, the subject program and other things

> >> from my web site are my personal efforts and not related to my
employer.
> >>
> >> –
> >> James Antognini
> >> Windows DDK Support
> >>
> >> This posting is provided “AS IS” with no warranties, and confers no
> >> rights.
> >>
> >> “ntdevstart” wrote in message
news:xxxxx@ntdev…
> >>> Cool,the kernel mode DebugBreakPoint was the problem.
> >>> It loads and unloads nicely now.
> >>> verified with the drivers.exe tool.
> >>>
> >>> But there is one problem, it doesn’t shows up an entry in Services:-
> >>>
> >>> In the . Install a legacy driver
> >>> http:. A

> >>> program to install legacy-type drivers.
> >>>
> >>> here is the code snippet:-
> >>> (Is there any way of showing it up there? or Is it supposed not to
show
> >>> up over there?)
> >>>
> >>>
> >>>
>
/***
> >>>
> >>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
> >>> LPCTSTR)
> >>>
> >>> * PURPOSE: Creates a driver service.
> >>>
> >>>
>
/
> >>> BOOL InstallDriverService(
> >>> SC_HANDLE hSCManager, // open handle
to
> >>> SCM
> >>> LPCTSTR pDriverName, // driver name
> >>> LPCTSTR pExecutableLocn // fully
qualified
> >>> binary name
> >>> )
> >>> {
> >>> SC_HANDLE schService;
> >>> BOOL flag = FALSE,
> >>> flag2;
> >>> DWORD lclError;
> >>>
> >>> //
> >>> // Note: This creates an entry for a standalone driver. If this
> >>> // is modified for use with a driver that requires a Tag,
> >>> // Group, and/or Dependencies, it may be necessary to
> >>> // query the registry for existing driver information
> >>> // (in order to determine a unique Tag, etc.).
> >>> //
> >>>
> >>> schService = CreateService( // create the
> >>> driver service.
> >>> hSCManager, // SCManager
> >>> database
> >>> pDriverName, // name of
service
> >>> pDriverName, // name to
display
> >>> SERVICE_ALL_ACCESS, // desired
access
> >>> SERVICE_KERNEL_DRIVER, // service type
> >>> SERVICE_DEMAND_START, // start type
> >>> SERVICE_ERROR_NORMAL, // error
control
> >>> type
> >>> pExecutableLocn, // service’s
binary
> >>> NULL, // no load
ordering
> >>> group
> >>> NULL, // no tag
> >>> identifier
> >>> NULL, // no
dependencies
> >>> NULL, // LocalSystem
> >>> account
> >>> NULL // no password
> >>> );
> >>>
> >>> if (NULL==schService) // any problem?
> >>> {
> >>> lclError = GetLastError(); // get more
> >>> information
> >>>
> >>> if (ERROR_SERVICE_EXISTS==lclError) // already
exists?
> >>> {
> >>> flag = TRUE;
> >>>
> >>> goto done;
> >>> }
> >>>
> >>> printf(“InstallDriverService: Failed in CreateService, rc =
> >>> 0%08X\n”, lclError);
> >>>
> >>> flag = FALSE;
> >>>
> >>> goto done;
> >>> }
> >>>
> >>> flag2 = CloseServiceHandle(schService); // close
connection
> >>> to driver service.
> >>>
> >>> if (FALSE==flag2)
> >>> printf(“InstallDriverService: Error in closing driver service
> >>> handle.\n”);
> >>>
> >>> flag = TRUE;
> >>>
> >>> done:
> >>> return flag;
> >>> }
> >>>
> >>>
> >>> Thanks
> >>>
> >>> “ntdevstart” wrote in message
news:xxxxx@ntdev…
> >>>>I don’t have softice debugger to break in, may be back home I have
one
> >>>>but not here at work.
> >>>> Well the “automatically restart” option was checked. I will uncheck
and
> >>>> can give a try but what should I note
> >>>> down from the blue screen if I am to get one.
> >>>>
> >>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
> >>>> cause for the problem.
> >>>> I never went through the code but just had a idea of the outline,
> >>>> started looking and see something like this:-
> >>>>
> >>>> "
> >>>> // Invoke an attached debugger. If there’s none, continue.
> >>>>
> >>>> _try // Per Mark
Roddy,
> >>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
> >>>> {
> >>>> DbgBreakPoint();
> >>>> }
> >>>> _except(EXCEPTION_EXECUTE_HANDLER)
> >>>> {
> >>>> }
> >>>> "
> >>>>
> >>>> I will comment and see if that indeed is the reason behind this
> >>>> problem.
> >>>> So see your response on triple faults after reboot if it crashes
again.
> >>>>
> >>>> Thanks
> >>>>
> >>>>
> >>>> “Mats PETERSSON” wrote in message
> >>>> news:xxxxx@ntdev…
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> This problem could be just about anything. I bet that if you go to
“My
> >>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
> >>>>> “Automatically
> >>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
> >>>>> wrong, it
> >>>>> could be that the machine is getting so messed up that it
> >>>>> triple-faults,
> >>>>> and thus reboots immediately. [I can describe triple-faulting more <br>if <br>&gt; &gt;&gt;&gt;&gt;&gt; you<br>&gt; &gt;&gt;&gt;&gt;&gt; like, just ask].
> >>>>>
> >>>>> Now, if you were to hook up a debugger to the machine (requires
either
> >>>>> softICE or a second machine to use WinDBG), you should be able to
get
> >>>>> more
> >>>>> information.
> >>>>>
> >>>>> I just saw your second mail, and yes, it’s quite possible that the

> >>>>> problem
> >>>>> is with the DriverEntry or something related to that.
> >>>>>
> >>>>> –
> >>>>> Mats
> >>>>>
> >>>>>
> >>>>>
> >>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> I was playing around with jame’s driver here and it has
crashed
> >>>>>> my
> >>>>>> windows professional XP SP2 system. what is the problem?
> >>>>>>
> >>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
> >>>>>>
> >>>>>> It said it loaded.
> >>>>>>
> >>>>>> 2) Now I went to administrative tools->double clicked services
and
> >>>>>> bang,
> >>>>> my
> >>>>>> system rebooted.
> >>>>>>
> >>>>>>
> >>>>>> I rebooted. Now I try to do a load as:-
> >>>>>>
> >>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
> >>>>>>
> >>>>>> // BANG, my system rebooted again
> >>>>>>
> >>>>>> I got back, Now I do
> >>>>>>
> >>>>>> InstallDriverAPCDRV unload APCDRV:-
> >>>>>> 1) I went to administrative tools->services and the name wasn’t
> >>>>>> listed
> >>>>>> there.
> >>>>>> 2) It complained with closeService(…) failure and then said
Unload
> >>>>>> sucessful, I think
> >>>>>> it says successful whatever happens.
> >>>>>>
> >>>>>> Can someone tell me how to go about this?, as my first practical
> >>>>> experience
> >>>>>> was a failure.
> >>>>>>
> >>>>>> The driver is here:-
> >>>>>>
> >>>>>> . APC kernel
> >>>>>> http:.
> >>>>>> This shows APC techniques. Also shows use of
> >>>>>> PsLookupProcessByProcessId,
> >>>>>> KeAttachProcess and KeDetachProcess.
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> —
> >>>>>> Questions? First check the Kernel Driver FAQ at http://www.
> >>>>>> osronline.com/article.cfm?id=256
> >>>>>>
> >>>>>> You are currently subscribed to ntdev as:
xxxxx@3dlabs.com
> >>>>>> To unsubscribe send a blank email to
xxxxx@lists.osr.com
> >>>>>
> >>>>>> ForwardSourceID:NT0000962A
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@seagate.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>

The documentation says so! But it might not always be true, I think I
remember leaving a litteral DbgBreakPoint() in one of my drivers and I was
surprised the breakpoint did not pop in WinDbg. Then I realized why. The
serial connector was loose. But the system had not bugchecked. Ymmv a lot.

Mat


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip D Barila
Sent: Wednesday, December 15, 2004 2:14 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] James Antognini’s APC driver rebooting system(help)

I’ve only been following this thread with half a brain cell, but if you call
DbgBreakPoint() from the kernel without a kernel debugger of some kind
attached, it should bugcheck.

Should it not?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

xxxxx@lists.osr.com wrote on 12/15/2004 11:51:01 AM:

I’m sure that removing the statement cured your problem. I simply cannot
come up with an idea why it would make a difference.


James Antognini
Windows DDK Support

This posting is provided “AS IS” with no warranties, and confers no
rights.

“ntdevstart” wrote in message news:xxxxx@ntdev…
> >I removed the DebugBreakPoint which you had put in the DriverEntry which
> >was causing my machine to reboot and it worked fine.
> > My machine is
> >
> > Intel P4 3.2GHz and windows XP professional SP2
> >
> > if this helps.
> >
> > You say " So I don’t think it’s worthwhile to look for it as a
?service."
> > Clarify guys, I am trying to understand the fundamentals as Max says it
is
> > a service and you say it isn’t. I see it to be a service from the way it

> > is created.
> >
> > Thanks for the informative website of yours, it is a nice place to start

> > KM programming.
> >
> >
> >
> > “James Antognini [MSFT]” wrote in
message
> > news:xxxxx@ntdev…
> >> This isn’t a service in the sense of a user-mode program that runs
> >> without anyone logging in. So I don’t think it’s worthwhile to look for

> >> it as a service.
> >>
> >> As for DebugBreakPoint, I’m skeptical that’s a problem.
> >>
> >> Just in case anyone is in doubt, the subject program and other things
> >> from my web site are my personal efforts and not related to my
employer.
> >>
> >> –
> >> James Antognini
> >> Windows DDK Support
> >>
> >> This posting is provided “AS IS” with no warranties, and confers no
> >> rights.
> >>
> >> “ntdevstart” wrote in message
news:xxxxx@ntdev…
> >>> Cool,the kernel mode DebugBreakPoint was the problem.
> >>> It loads and unloads nicely now.
> >>> verified with the drivers.exe tool.
> >>>
> >>> But there is one problem, it doesn’t shows up an entry in Services:-
> >>>
> >>> In the . Install a legacy driver
> >>> http:. A
> >>> program to install legacy-type drivers.
> >>>
> >>> here is the code snippet:-
> >>> (Is there any way of showing it up there? or Is it supposed not to
show
> >>> up over there?)
> >>>
> >>>
> >>>
>
/*

> >>>
> >>> * ? ?FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
> >>> LPCTSTR)
> >>>
> >>> * ? ?PURPOSE: Creates a driver service.
> >>>
> >>>
>

/
> >>> BOOL InstallDriverService(
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ?SC_HANDLE hSCManager, ? ? ? // open handle to

> >>> SCM
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ?LPCTSTR ? pDriverName, ? ? ?// driver name
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ?LPCTSTR ? pExecutableLocn ? // fully
qualified
> >>> binary name
> >>> ? ? ? ? ? ? ? ? ? ? ? ? )
> >>> {
> >>> SC_HANDLE ? ? ? schService;
> >>> BOOL ? ? ? ? ? ?flag = FALSE,
> >>> ? ? ? ? ? ? ? ? flag2;
> >>> DWORD ? ? ? ? ? lclError;
> >>>
> >>> //
> >>> // Note: This creates an entry for a standalone driver. If this
> >>> // ? ? ? is modified for use with a driver that requires a Tag,
> >>> // ? ? ? Group, and/or Dependencies, it may be necessary to
> >>> // ? ? ? query the registry for existing driver information
> >>> // ? ? ? (in order to determine a unique Tag, etc.).
> >>> //
> >>>
> >>> schService = CreateService( ? ? ? ? ? ? ? ? ? ? ? ? ?// create the
> >>> driver service.
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?hSCManager, ? ? ? ? ? ? ? // SCManager
> >>> database
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?pDriverName, ? ? ? ? ? ? ?// name of
service
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?pDriverName, ? ? ? ? ? ? ?// name to
display
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?SERVICE_ALL_ACCESS, ? ? ? // desired access
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?SERVICE_KERNEL_DRIVER, ? ?// service type
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?SERVICE_DEMAND_START, ? ? // start type
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?SERVICE_ERROR_NORMAL, ? ? // error control
> >>> type
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?pExecutableLocn, ? ? ? ? ?// service’s
binary
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?NULL, ? ? ? ? ? ? ? ? ? ? // no load
ordering
> >>> group
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?NULL, ? ? ? ? ? ? ? ? ? ? // no tag
> >>> identifier
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?NULL, ? ? ? ? ? ? ? ? ? ? // no
dependencies
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?NULL, ? ? ? ? ? ? ? ? ? ? // LocalSystem
> >>> account
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? ?NULL ? ? ? ? ? ? ? ? ? ? ?// no password
> >>> ? ? ? ? ? ? ? ? ? ? ? ? ? );
> >>>
> >>> if (NULL==schService) ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// any problem?
> >>> ? {
> >>> ? ?lclError = GetLastError(); ? ? ? ? ? ? ? ? ? ? ? ?// get more
> >>> information
> >>>
> >>> ? ?if (ERROR_SERVICE_EXISTS==lclError) ? ? ? ? ? ? ? // already
exists?
> >>> ? ? ?{
> >>> ? ? ? flag = TRUE;
> >>>
> >>> ? ? ? goto done;
> >>> ? ? ?}
> >>>
> >>> ? ?printf(“InstallDriverService: ?Failed in CreateService, rc =
> >>> 0%08X\n”, lclError);
> >>>
> >>> ? ?flag = FALSE;
> >>>
> >>> ? ?goto done;
> >>> ? }
> >>>
> >>> flag2 = CloseServiceHandle(schService); ? ? ? ? ? ? ?// close
connection
> >>> to driver service.
> >>>
> >>> if (FALSE==flag2)
> >>> ? printf(“InstallDriverService: ?Error in closing driver service
> >>> handle.\n”);
> >>>
> >>> flag = TRUE;
> >>>
> >>> done:
> >>> return flag;
> >>> }
> >>>
> >>>
> >>> Thanks
> >>>
> >>> “ntdevstart” wrote in message
news:xxxxx@ntdev…
> >>>>I don’t have softice debugger to break in, may be back home I have one

> >>>>but not here at work.
> >>>> Well the “automatically restart” option was checked. I will uncheck
and
> >>>> can give a try but what should I note
> >>>> down from the blue screen if I am to get one.
> >>>>
> >>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
> >>>> cause for the problem.
> >>>> I never went through the code but just had a idea of the outline,
> >>>> started looking and see something like this:-
> >>>>
> >>>> "
> >>>> // Invoke an attached debugger. ?If there’s none, continue.
> >>>>
> >>>> _try ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? // Per Mark
Roddy,
> >>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
> >>>> ? ?{
> >>>> ? ? DbgBreakPoint();
> >>>> ? ?}
> >>>> ? ? _except(EXCEPTION_EXECUTE_HANDLER)
> >>>> ? ? ?{
> >>>> ? ? ?}
> >>>> "
> >>>>
> >>>> I will comment and see if that indeed is the reason behind this
> >>>> problem.
> >>>> So see your response on triple faults after reboot if it crashes
again.
> >>>>
> >>>> Thanks
> >>>>
> >>>>
> >>>> “Mats PETERSSON” wrote in message
> >>>> news:xxxxx@ntdev…
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> This problem could be just about anything. I bet that if you go to
“My
> >>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
> >>>>> “Automatically
> >>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
> >>>>> wrong, it
> >>>>> could be that the machine is getting so messed up that it
> >>>>> triple-faults,
> >>>>> and thus reboots immediately. [I can describe triple-faulting more<br>if <br>&gt; &gt;&gt;&gt;&gt;&gt; you<br>&gt; &gt;&gt;&gt;&gt;&gt; like, just ask].
> >>>>>
> >>>>> Now, if you were to hook up a debugger to the machine (requires
either
> >>>>> softICE or a second machine to use WinDBG), you should be able to
get
> >>>>> more
> >>>>> information.
> >>>>>
> >>>>> I just saw your second mail, and yes, it’s quite possible that the
> >>>>> problem
> >>>>> is with the DriverEntry or something related to that.
> >>>>>
> >>>>> –
> >>>>> Mats
> >>>>>
> >>>>>
> >>>>>
> >>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> ? ? ?I was playing around with jame’s driver here and it has
crashed
> >>>>>> my
> >>>>>> windows professional XP SP2 system. what is the problem?
> >>>>>>
> >>>>>> 1) I did a Installdriver APCDRV ?load …\apcdrv.sys
> >>>>>>
> >>>>>> ?It said it loaded.
> >>>>>>
> >>>>>> 2) Now I went to administrative tools->double clicked services and
> >>>>>> bang,
> >>>>> my
> >>>>>> system rebooted.
> >>>>>>
> >>>>>>
> >>>>>> I rebooted. Now I try to do a load ?as:-
> >>>>>>
> >>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
> >>>>>>
> >>>>>> // ?BANG, my system rebooted again
> >>>>>>
> >>>>>> I ?got back, Now I do
> >>>>>>
> >>>>>> InstallDriverAPCDRV unload APCDRV:-
> >>>>>> 1) I went to administrative tools->services and the name wasn’t
> >>>>>> listed
> >>>>>> there.
> >>>>>> 2) It complained with closeService(…) failure and then said
Unload
> >>>>>> sucessful, I think
> >>>>>> it says successful whatever happens.
> >>>>>>
> >>>>>> Can someone tell me how to go about this?, as my first practical
> >>>>> experience
> >>>>>> was a failure.
> >>>>>>
> >>>>>> The driver is here:-
> >>>>>>
> >>>>>> . APC kernel
> >>>>>> http:.
> >>>>>> This shows APC techniques. Also shows use of
> >>>>>> PsLookupProcessByProcessId,
> >>>>>> KeAttachProcess and KeDetachProcess.
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> —
> >>>>>> Questions? First check the Kernel Driver FAQ at http://www.
> >>>>>> osronline.com/article.cfm?id=256
> >>>>>>
> >>>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> >>>>>> To unsubscribe send a blank email to
xxxxx@lists.osr.com
> >>>>>
> >>>>>> ForwardSourceID:NT0000962A
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@seagate.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: xxxxx@encentrus.com To unsubscribe send a blank email to
xxxxx@lists.osr.com</http:></http:>

Sure, it should. This function just invokes int 3 at x86 systems which is expected to cause BSOD if there is no debugger attached.

The strange thing is mentioned driver calls this function inside __try/__except block so exception should be handled and don’t cause BSOD. Who knows what OP did, this driver definitely isn’t anything for the beginner.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]


From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Philip D Barila[SMTP:xxxxx@seagate.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, December 15, 2004 8:13 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] James Antognini’s APC driver rebooting system(help)

I’ve only been following this thread with half a brain cell, but if you call DbgBreakPoint() from the kernel without a kernel debugger of some kind attached, it should bugcheck.

Should it not?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

xxxxx@lists.osr.com wrote on 12/15/2004 11:51:01 AM:

> I’m sure that removing the statement cured your problem. I simply cannot
> come up with an idea why it would make a difference.
>
> –
> James Antognini
> Windows DDK Support
>
> This posting is provided “AS IS” with no warranties, and confers no rights.
>
> “ntdevstart” wrote in message news:xxxxx@ntdev…
> > >I removed the DebugBreakPoint which you had put in the DriverEntry which
> > >was causing my machine to reboot and it worked fine.
> > > My machine is
> > >
> > > Intel P4 3.2GHz and windows XP professional SP2
> > >
> > > if this helps.
> > >
> > > You say " So I don’t think it’s worthwhile to look for it as a service."
> > > Clarify guys, I am trying to understand the fundamentals as Max says it is
> > > a service and you say it isn’t. I see it to be a service from the way it
> > > is created.
> > >
> > > Thanks for the informative website of yours, it is a nice place to start
> > > KM programming.
> > >
> > >
> > >
> > > “James Antognini [MSFT]” wrote in message
> > > news:xxxxx@ntdev…
> > >> This isn’t a service in the sense of a user-mode program that runs
> > >> without anyone logging in. So I don’t think it’s worthwhile to look for
> > >> it as a service.
> > >>
> > >> As for DebugBreakPoint, I’m skeptical that’s a problem.
> > >>
> > >> Just in case anyone is in doubt, the subject program and other things
> > >> from my web site are my personal efforts and not related to my employer.
> > >>
> > >> –
> > >> James Antognini
> > >> Windows DDK Support
> > >>
> > >> This posting is provided “AS IS” with no warranties, and confers no
> > >> rights.
> > >>
> > >> “ntdevstart” wrote in message news:xxxxx@ntdev…
> > >>> Cool,the kernel mode DebugBreakPoint was the problem.
> > >>> It loads and unloads nicely now.
> > >>> verified with the drivers.exe tool.
> > >>>
> > >>> But there is one problem, it doesn’t shows up an entry in Services:-
> > >>>
> > >>> In the . Install a legacy driver
> > >>> http:. A
> > >>> program to install legacy-type drivers.
> > >>>
> > >>> here is the code snippet:-
> > >>> (Is there any way of showing it up there? or Is it supposed not to show
> > >>> up over there?)
> > >>>
> > >>>
> > >>>
> > /***
> > >>>
> > >>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
> > >>> LPCTSTR)
> > >>>
> > >>> * PURPOSE: Creates a driver service.
> > >>>
> > >>>
> >
/
> > >>> BOOL InstallDriverService(
> > >>> > SC_HANDLE hSCManager, // open handle to
> > >>> SCM
> > >>> LPCTSTR pDriverName, // driver name
> > >>> LPCTSTR pExecutableLocn // fully qualified
> > >>> binary name
> > >>> )
> > >>> {
> > >>> SC_HANDLE schService;
> > >>> BOOL flag = FALSE,
> > >>> flag2;
> > >>> DWORD lclError;
> > >>>
> > >>> //
> > >>> // Note: This creates an entry for a standalone driver. If this
> > >>> // is modified for use with a driver that requires a Tag,
> > >>> // Group, and/or Dependencies, it may be necessary to
> > >>> // query the registry for existing driver information
> > >>> // (in order to determine a unique Tag, etc.).
> > >>> //
> > >>>
> > >>> schService = CreateService( // create the
> > >>> driver service.
> > >>> hSCManager, // SCManager
> > >>> database
> > >>> pDriverName, // name of service
> > >>> pDriverName, // name to display
> > >>> SERVICE_ALL_ACCESS, // desired access
> > >>> SERVICE_KERNEL_DRIVER, // service type
> > >>> SERVICE_DEMAND_START, // start type
> > >>> SERVICE_ERROR_NORMAL, // error control
> > >>> type
> > >>> pExecutableLocn, // service’s binary
> > >>> NULL, // no load ordering
> > >>> group
> > >>> NULL, // no tag
> > >>> identifier
> > >>> NULL, // no dependencies
> > >>> NULL, // LocalSystem
> > >>> account
> > >>> NULL // no password
> > >>> );
> > >>>
> > >>> if (NULL==schService) // any problem?
> > >>> {
> > >>> lclError = GetLastError(); // get more
> > >>> information
> > >>>
> > >>> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
> > >>> {
> > >>> flag = TRUE;
> > >>>
> > >>> goto done;
> > >>> }
> > >>>
> > >>> printf(“InstallDriverService: Failed in CreateService, rc =
> > >>> 0%08X\n”, lclError);
> > >>>
> > >>> flag = FALSE;
> > >>>
> > >>> goto done;
> > >>> }
> > >>>
> > >>> flag2 = CloseServiceHandle(schService); // close connection
> > >>> to driver service.
> > >>>
> > >>> if (FALSE==flag2)
> > >>> printf(“InstallDriverService: Error in closing driver service
> > >>> handle.\n”);
> > >>>
> > >>> flag = TRUE;
> > >>>
> > >>> done:
> > >>> return flag;
> > >>> }
> > >>>
> > >>>
> > >>> Thanks
> > >>>
> > >>> “ntdevstart” wrote in message news:xxxxx@ntdev…
> > >>>>I don’t have softice debugger to break in, may be back home I have one
> > >>>>but not here at work.
> > >>>> Well the “automatically restart” option was checked. I will uncheck and
> > >>>> can give a try but what should I note
> > >>>> down from the blue screen if I am to get one.
> > >>>>
> > >>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
> > >>>> cause for the problem.
> > >>>> I never went through the code but just had a idea of the outline,
> > >>>> started looking and see something like this:-
> > >>>>
> > >>>> "
> > >>>> // Invoke an attached debugger. If there’s none, continue.
> > >>>>
> > >>>> _try // Per Mark Roddy,
> > >>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
> > >>>> {
> > >>>> DbgBreakPoint();
> > >>>> }
> > >>>> _except(EXCEPTION_EXECUTE_HANDLER)>
> > >>>> {
> > >>>> }
> > >>>> "
> > >>>>
> > >>>> I will comment and see if that indeed is the reason behind this
> > >>>> problem.
> > >>>> So see your response on triple faults after reboot if it crashes again.
> > >>>>
> > >>>> Thanks
> > >>>>
> > >>>>
> > >>>> “Mats PETERSSON” wrote in message
> > >>>> news:xxxxx@ntdev…
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> This problem could be just about anything. I bet that if you go to “My
> > >>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
> > >>>>> “Automatically
> > >>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
> > >>>>> wrong, it
> > >>>>> could be that the machine is getting so messed up that it
> > >>>>> triple-faults,
> > >>>>> and thus reboots immediately. [I can describe triple-faulting more if <br>&gt; &gt; &gt;&gt;&gt;&gt;&gt; you<br>&gt; &gt; &gt;&gt;&gt;&gt;&gt; like, just ask].
> > >>>>>
> > >>>>> Now, if you were to hook up a debugger to the machine (requires either
> > >>>>> softICE or a second machine to use WinDBG), you should be able to get
> > >>>>> more
> > >>>>> information.
> > >>>>>
> > >>>>> I just saw your second mail, and yes, it’s quite possible that the
> > >>>>> problem
> > >>>>> is with the DriverEntry or something related to that.
> > >>>>>
> > >>>>> –
> > >>>>> Mats
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
> > >>>>>
> > >>>>>> Hi,
> > >>>>>>
> > >>>>>> I was playing around with jame’s driver here and it has crashed
> > >>>>>> my
> > >>>>>> windows professional XP SP2 system. what is the problem?
> > >>>>>>
> > >>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
> > >>>>>>
> > >>>>>> It said it loaded.
> > >>>>>>
> > >>>>>> 2) Now I went to administrative tools->double clicked services and
> > >>>>>> bang,
> > >>>>> my
> > >>>>>> system rebooted.
> > >>>>>>
> > >>>>>>
> > >>>>>> I rebooted. Now I try to do a load as:-
> > >>>>>>
> > >>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
> > >>>>>>
> > >>>>>> // BANG, my system rebooted again
> > >>>>>>
> > >>>>>> I got back, Now I do
> > >>>>>>
> > >>>>>> InstallDriverAPCDRV unload APCDRV:-
> > >>>>>> 1) I went to administrative tools->services and the name wasn’t
> > >>>>>> listed
> > >>>>>> there.
> > >>>>>> 2) It complained with closeService(…) failure and then said Unload
> > >>>>>> sucessful, I think
> > >>>>>> it says successful whatever happens.
> > >>>>>>
> > >>>>>> Can someone tell me how to go about this?, as my first practical
> > >>>>> experience
> > >>>>>> was a failure.
> > >>>>>>
> > >>>>>> The driver is here:-
> > >>>>>>
> > >>>>>> . APC kernel
> > >>>>>> http:.
> > >>>>>> This shows APC techniques. Also shows use of
> > >>>>>> PsLookupProcessByProcessId,
> > >>>>>> KeAttachProcess and KeDetachProcess.
> > >>>>>>
> > >>>>>> Thanks
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> —
> > >>>>>> Questions? First check the Kernel Driver FAQ at http://www.
> > >>>>>> osronline.com/article.cfm?id=256
> > >>>>>>
> > >>>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > >>>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >>>>>
> > >>>>>> ForwardSourceID:NT0000962A
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at http://www.
> > osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@seagate.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@upek.com To unsubscribe send a blank email to xxxxx@lists.osr.com
></http:></http:>

Maybe I missed some important detail, but an unhandled kernel breakpoint on
a system without an attached debugger tends to put the system into its
rinse-and-reboot cycle.

=====================
Mark Roddy

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of James Antognini
[MSFT]
Sent: Wednesday, December 15, 2004 1:51 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] James Antognini’s APC driver rebooting system(help)

I’m sure that removing the statement cured your problem. I simply cannot
come up with an idea why it would make a difference.


James Antognini
Windows DDK Support

This posting is provided “AS IS” with no warranties, and confers no rights.

“ntdevstart” wrote in message news:xxxxx@ntdev…
>I removed the DebugBreakPoint which you had put in the DriverEntry
>which was causing my machine to reboot and it worked fine.
> My machine is
>
> Intel P4 3.2GHz and windows XP professional SP2
>
> if this helps.
>
> You say " So I don’t think it’s worthwhile to look for it as a service."
> Clarify guys, I am trying to understand the fundamentals as Max says
> it is a service and you say it isn’t. I see it to be a service from
> the way it is created.
>
> Thanks for the informative website of yours, it is a nice place to
> start KM programming.
>
>
>
> “James Antognini [MSFT]” wrote in
> message news:xxxxx@ntdev…
>> This isn’t a service in the sense of a user-mode program that runs
>> without anyone logging in. So I don’t think it’s worthwhile to look
>> for it as a service.
>>
>> As for DebugBreakPoint, I’m skeptical that’s a problem.
>>
>> Just in case anyone is in doubt, the subject program and other things
>> from my web site are my personal efforts and not related to my employer.
>>
>> –
>> James Antognini
>> Windows DDK Support
>>
>> This posting is provided “AS IS” with no warranties, and confers no
>> rights.
>>
>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>> Cool,the kernel mode DebugBreakPoint was the problem.
>>> It loads and unloads nicely now.
>>> verified with the drivers.exe tool.
>>>
>>> But there is one problem, it doesn’t shows up an entry in Services:-
>>>
>>> In the . Install a legacy driver
>>> http:. A
>>> program to install legacy-type drivers.
>>>
>>> here is the code snippet:-
>>> (Is there any way of showing it up there? or Is it supposed not to
>>> show up over there?)
>>>
>>>
>>> / **********************************************************
>>>

>>> *
>>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
>>> LPCTSTR)
>>> *
>>> * PURPOSE: Creates a driver service.
>>> *
>>> ************************************************************
>>>
/
>>> BOOL InstallDriverService(
>>> SC_HANDLE hSCManager, // open handle to
>>> SCM
>>> LPCTSTR pDriverName, // driver name
>>> LPCTSTR pExecutableLocn // fully qualified
>>> binary name
>>> )
>>> {
>>> SC_HANDLE schService;
>>> BOOL flag = FALSE,
>>> flag2;
>>> DWORD lclError;
>>>
>>> //
>>> // Note: This creates an entry for a standalone driver. If this
>>> // is modified for use with a driver that requires a Tag,
>>> // Group, and/or Dependencies, it may be necessary to
>>> // query the registry for existing driver information
>>> // (in order to determine a unique Tag, etc.).
>>> //
>>>
>>> schService = CreateService( // create the
>>> driver service.
>>> hSCManager, // SCManager
>>> database
>>> pDriverName, // name of service
>>> pDriverName, // name to display
>>> SERVICE_ALL_ACCESS, // desired access
>>> SERVICE_KERNEL_DRIVER, // service type
>>> SERVICE_DEMAND_START, // start type
>>> SERVICE_ERROR_NORMAL, // error control
>>> type
>>> pExecutableLocn, // service’s binary
>>> NULL, // no load ordering

>>> group
>>> NULL, // no tag
>>> identifier
>>> NULL, // no dependencies
>>> NULL, // LocalSystem
>>> account
>>> NULL // no password
>>> );
>>>
>>> if (NULL==schService) // any problem?
>>> {
>>> lclError = GetLastError(); // get more
>>> information
>>>
>>> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
>>> {
>>> flag = TRUE;
>>>
>>> goto done;
>>> }
>>>
>>> printf(“InstallDriverService: Failed in CreateService, rc =
>>> 0%08X\n”, lclError);
>>>
>>> flag = FALSE;
>>>
>>> goto done;
>>> }
>>>
>>> flag2 = CloseServiceHandle(schService); // close connection

>>> to driver service.
>>>
>>> if (FALSE==flag2)
>>> printf(“InstallDriverService: Error in closing driver service
>>> handle.\n”);
>>>
>>> flag = TRUE;
>>>
>>> done:
>>> return flag;
>>> }
>>>
>>>
>>> Thanks
>>>
>>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>>>I don’t have softice debugger to break in, may be back home I have
>>>>one but not here at work.
>>>> Well the “automatically restart” option was checked. I will uncheck
>>>>and can give a try but what should I note down from the blue
>>>>screen if I am to get one.
>>>>
>>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
>>>> cause for the problem.
>>>> I never went through the code but just had a idea of the outline,
>>>> started looking and see something like this:-
>>>>
>>>> "
>>>> // Invoke an attached debugger. If there’s none, continue.
>>>>
>>>> _try // Per Mark Roddy,

>>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>>>> {
>>>> DbgBreakPoint();
>>>> }
>>>> _except(EXCEPTION_EXECUTE_HANDLER)
>>>> {
>>>> }
>>>> "
>>>>
>>>> I will comment and see if that indeed is the reason behind this
>>>> problem.
>>>> So see your response on triple faults after reboot if it crashes again.
>>>>
>>>> Thanks
>>>>
>>>>
>>>> “Mats PETERSSON” wrote in message
>>>> news:xxxxx@ntdev…
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> This problem could be just about anything. I bet that if you go to
>>>>> “My Computer”->Properties->Advanced->Startup&Recovery and unset
>>>>> “Automatically restart”, you’ll see a nice BSOD rather than a
>>>>> reboot. I could be wrong, it could be that the machine is getting
>>>>> so messed up that it triple-faults, and thus reboots immediately.
>>>>> [I can describe triple-faulting more if you like, just ask].
>>>>>
>>>>> Now, if you were to hook up a debugger to the machine (requires
>>>>> either softICE or a second machine to use WinDBG), you should be
>>>>> able to get more information.
>>>>>
>>>>> I just saw your second mail, and yes, it’s quite possible that the
>>>>> problem is with the DriverEntry or something related to that.
>>>>>
>>>>> –
>>>>> Mats
>>>>>
>>>>>
>>>>>
>>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I was playing around with jame’s driver here and it has
>>>>>> crashed my windows professional XP SP2 system. what is the
>>>>>> problem?
>>>>>>
>>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>>>>
>>>>>> It said it loaded.
>>>>>>
>>>>>> 2) Now I went to administrative tools->double clicked services
>>>>>> and bang,
>>>>> my
>>>>>> system rebooted.
>>>>>>
>>>>>>
>>>>>> I rebooted. Now I try to do a load as:-
>>>>>>
>>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>>>>
>>>>>> // BANG, my system rebooted again
>>>>>>
>>>>>> I got back, Now I do
>>>>>>
>>>>>> InstallDriverAPCDRV unload APCDRV:-
>>>>>> 1) I went to administrative tools->services and the name wasn’t
>>>>>> listed there.
>>>>>> 2) It complained with closeService(…) failure and then said
>>>>>> Unload sucessful, I think it says successful whatever happens.
>>>>>>
>>>>>> Can someone tell me how to go about this?, as my first practical
>>>>> experience
>>>>>> was a failure.
>>>>>>
>>>>>> The driver is here:-
>>>>>>
>>>>>> . APC kernel
>>>>>> http:.
>>>>>> This shows APC techniques. Also shows use of
>>>>>> PsLookupProcessByProcessId, KeAttachProcess and KeDetachProcess.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> —
>>>>>> Questions? First check the Kernel Driver FAQ at http://www.
>>>>>> osronline.com/article.cfm?id=256
>>>>>>
>>>>>> You are currently subscribed to ntdev as:
>>>>>> xxxxx@3dlabs.com To unsubscribe send a blank email to
>>>>>> xxxxx@lists.osr.com
>>>>>
>>>>>> ForwardSourceID:NT0000962A
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>

I would suspect the possibility of several things, especially seeing the
recent posts here and in the Microsoft.public.* newsgroups:

  1. Not using the correct build process so SEH is properly included.

  2. The __try/__except block is incorrectly constructed. I use:
    __try
    {
    __asm int 1;
    } __except(EXCEPTION_EXECUTE_HANDLER)
    {
    //
    // Do nothing here. Stops blue screens when no debugger.
    //
    }
    OR
    #define BreakPoint() { __try { __asm int 1 }
    __except(EXCEPTION_EXECUTE_HANDLER) {}}

  3. No debugger registered for the appropriate interrupt. SoftIce doesn’t
    look for INT 1 or INT 3 unless the appropriate command has been invoked
    before it occurs. As in: “int1here on” or “in3here on”.

“James Antognini [MSFT]” wrote in message
news:xxxxx@ntdev…
> I’m sure that removing the statement cured your problem. I simply cannot
> come up with an idea why it would make a difference.
>
> –
> James Antognini
> Windows DDK Support
>
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>I removed the DebugBreakPoint which you had put in the DriverEntry which
>>was causing my machine to reboot and it worked fine.
>> My machine is
>>
>> Intel P4 3.2GHz and windows XP professional SP2
>>
>> if this helps.
>>
>> You say " So I don’t think it’s worthwhile to look for it as a service."
>> Clarify guys, I am trying to understand the fundamentals as Max says it
>> is a service and you say it isn’t. I see it to be a service from the way
>> it is created.
>>
>> Thanks for the informative website of yours, it is a nice place to start
>> KM programming.
>>
>>
>>
>> “James Antognini [MSFT]” wrote in message
>> news:xxxxx@ntdev…
>>> This isn’t a service in the sense of a user-mode program that runs
>>> without anyone logging in. So I don’t think it’s worthwhile to look for
>>> it as a service.
>>>
>>> As for DebugBreakPoint, I’m skeptical that’s a problem.
>>>
>>> Just in case anyone is in doubt, the subject program and other things
>>> from my web site are my personal efforts and not related to my employer.
>>>
>>> –
>>> James Antognini
>>> Windows DDK Support
>>>
>>> This posting is provided “AS IS” with no warranties, and confers no
>>> rights.
>>>
>>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>>> Cool,the kernel mode DebugBreakPoint was the problem.
>>>> It loads and unloads nicely now.
>>>> verified with the drivers.exe tool.
>>>>
>>>> But there is one problem, it doesn’t shows up an entry in Services:-
>>>>
>>>> In the . Install a legacy driver
>>>> http:. A
>>>> program to install legacy-type drivers.
>>>>
>>>> here is the code snippet:-
>>>> (Is there any way of showing it up there? or Is it supposed not to show
>>>> up over there?)
>>>>
>>>>
>>>> /***
>>>>
>>>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
>>>> LPCTSTR)
>>>>
>>>> * PURPOSE: Creates a driver service.
>>>>
>>>>
/
>>>> BOOL InstallDriverService(
>>>> SC_HANDLE hSCManager, // open handle to
>>>> SCM
>>>> LPCTSTR pDriverName, // driver name
>>>> LPCTSTR pExecutableLocn // fully qualified
>>>> binary name
>>>> )
>>>> {
>>>> SC_HANDLE schService;
>>>> BOOL flag = FALSE,
>>>> flag2;
>>>> DWORD lclError;
>>>>
>>>> //
>>>> // Note: This creates an entry for a standalone driver. If this
>>>> // is modified for use with a driver that requires a Tag,
>>>> // Group, and/or Dependencies, it may be necessary to
>>>> // query the registry for existing driver information
>>>> // (in order to determine a unique Tag, etc.).
>>>> //
>>>>
>>>> schService = CreateService( // create the
>>>> driver service.
>>>> hSCManager, // SCManager
>>>> database
>>>> pDriverName, // name of service
>>>> pDriverName, // name to display
>>>> SERVICE_ALL_ACCESS, // desired access
>>>> SERVICE_KERNEL_DRIVER, // service type
>>>> SERVICE_DEMAND_START, // start type
>>>> SERVICE_ERROR_NORMAL, // error control
>>>> type
>>>> pExecutableLocn, // service’s
>>>> binary
>>>> NULL, // no load
>>>> ordering group
>>>> NULL, // no tag
>>>> identifier
>>>> NULL, // no dependencies
>>>> NULL, // LocalSystem
>>>> account
>>>> NULL // no password
>>>> );
>>>>
>>>> if (NULL==schService) // any problem?
>>>> {
>>>> lclError = GetLastError(); // get more
>>>> information
>>>>
>>>> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
>>>> {
>>>> flag = TRUE;
>>>>
>>>> goto done;
>>>> }
>>>>
>>>> printf(“InstallDriverService: Failed in CreateService, rc =
>>>> 0%08X\n”, lclError);
>>>>
>>>> flag = FALSE;
>>>>
>>>> goto done;
>>>> }
>>>>
>>>> flag2 = CloseServiceHandle(schService); // close
>>>> connection to driver service.
>>>>
>>>> if (FALSE==flag2)
>>>> printf(“InstallDriverService: Error in closing driver service
>>>> handle.\n”);
>>>>
>>>> flag = TRUE;
>>>>
>>>> done:
>>>> return flag;
>>>> }
>>>>
>>>>
>>>> Thanks
>>>>
>>>> “ntdevstart” wrote in message
>>>> news:xxxxx@ntdev…
>>>>>I don’t have softice debugger to break in, may be back home I have one
>>>>>but not here at work.
>>>>> Well the “automatically restart” option was checked. I will uncheck
>>>>> and can give a try but what should I note
>>>>> down from the blue screen if I am to get one.
>>>>>
>>>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
>>>>> cause for the problem.
>>>>> I never went through the code but just had a idea of the outline,
>>>>> started looking and see something like this:-
>>>>>
>>>>> "
>>>>> // Invoke an attached debugger. If there’s none, continue.
>>>>>
>>>>> _try // Per Mark
>>>>> Roddy, comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>>>>> {
>>>>> DbgBreakPoint();
>>>>> }
>>>>> _except(EXCEPTION_EXECUTE_HANDLER)
>>>>> {
>>>>> }
>>>>> "
>>>>>
>>>>> I will comment and see if that indeed is the reason behind this
>>>>> problem.
>>>>> So see your response on triple faults after reboot if it crashes
>>>>> again.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> “Mats PETERSSON” wrote in message
>>>>> news:xxxxx@ntdev…
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> This problem could be just about anything. I bet that if you go to
>>>>>> “My
>>>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
>>>>>> “Automatically
>>>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
>>>>>> wrong, it
>>>>>> could be that the machine is getting so messed up that it
>>>>>> triple-faults,
>>>>>> and thus reboots immediately. [I can describe triple-faulting more if <br>&gt;&gt;&gt;&gt;&gt;&gt; you<br>&gt;&gt;&gt;&gt;&gt;&gt; like, just ask].
>>>>>>
>>>>>> Now, if you were to hook up a debugger to the machine (requires
>>>>>> either
>>>>>> softICE or a second machine to use WinDBG), you should be able to get
>>>>>> more
>>>>>> information.
>>>>>>
>>>>>> I just saw your second mail, and yes, it’s quite possible that the
>>>>>> problem
>>>>>> is with the DriverEntry or something related to that.
>>>>>>
>>>>>> –
>>>>>> Mats
>>>>>>
>>>>>>
>>>>>>
>>>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I was playing around with jame’s driver here and it has crashed
>>>>>>> my
>>>>>>> windows professional XP SP2 system. what is the problem?
>>>>>>>
>>>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>>>>>
>>>>>>> It said it loaded.
>>>>>>>
>>>>>>> 2) Now I went to administrative tools->double clicked services and
>>>>>>> bang,
>>>>>> my
>>>>>>> system rebooted.
>>>>>>>
>>>>>>>
>>>>>>> I rebooted. Now I try to do a load as:-
>>>>>>>
>>>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>>>>>
>>>>>>> // BANG, my system rebooted again
>>>>>>>
>>>>>>> I got back, Now I do
>>>>>>>
>>>>>>> InstallDriverAPCDRV unload APCDRV:-
>>>>>>> 1) I went to administrative tools->services and the name wasn’t
>>>>>>> listed
>>>>>>> there.
>>>>>>> 2) It complained with closeService(…) failure and then said Unload
>>>>>>> sucessful, I think
>>>>>>> it says successful whatever happens.
>>>>>>>
>>>>>>> Can someone tell me how to go about this?, as my first practical
>>>>>> experience
>>>>>>> was a failure.
>>>>>>>
>>>>>>> The driver is here:-
>>>>>>>
>>>>>>> . APC kernel
>>>>>>> http:.
>>>>>>> This shows APC techniques. Also shows use of
>>>>>>> PsLookupProcessByProcessId,
>>>>>>> KeAttachProcess and KeDetachProcess.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> —
>>>>>>> Questions? First check the Kernel Driver FAQ at http://www.
>>>>>>> osronline.com/article.cfm?id=256
>>>>>>>
>>>>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>>>>>>> To unsubscribe send a blank email to
>>>>>>> xxxxx@lists.osr.com
>>>>>>
>>>>>>> ForwardSourceID:NT0000962A
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
></http:></http:>

I feel what I see is normal with system reboot and I don’t have a kernel
debugger started to trap also kernel interupts( I guess the system reboot as
per MATT and no BSOD is because of the “Automatically Restart” in the
“startup and recovery options->System failure” in the System
Properties->advanced.) I haven’t turned off the option and seen whether I
get a BSOD instead of restart. I feel it should, I will do it before the end
of the day.

Thanks

“James Antognini [MSFT]” wrote in message
news:xxxxx@ntdev…
> I’m sure that removing the statement cured your problem. I simply cannot
> come up with an idea why it would make a difference.
>
> –
> James Antognini
> Windows DDK Support
>
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>I removed the DebugBreakPoint which you had put in the DriverEntry which
>>was causing my machine to reboot and it worked fine.
>> My machine is
>>
>> Intel P4 3.2GHz and windows XP professional SP2
>>
>> if this helps.
>>
>> You say " So I don’t think it’s worthwhile to look for it as a service."
>> Clarify guys, I am trying to understand the fundamentals as Max says it
>> is a service and you say it isn’t. I see it to be a service from the way
>> it is created.
>>
>> Thanks for the informative website of yours, it is a nice place to start
>> KM programming.
>>
>>
>>
>> “James Antognini [MSFT]” wrote in message
>> news:xxxxx@ntdev…
>>> This isn’t a service in the sense of a user-mode program that runs
>>> without anyone logging in. So I don’t think it’s worthwhile to look for
>>> it as a service.
>>>
>>> As for DebugBreakPoint, I’m skeptical that’s a problem.
>>>
>>> Just in case anyone is in doubt, the subject program and other things
>>> from my web site are my personal efforts and not related to my employer.
>>>
>>> –
>>> James Antognini
>>> Windows DDK Support
>>>
>>> This posting is provided “AS IS” with no warranties, and confers no
>>> rights.
>>>
>>> “ntdevstart” wrote in message news:xxxxx@ntdev…
>>>> Cool,the kernel mode DebugBreakPoint was the problem.
>>>> It loads and unloads nicely now.
>>>> verified with the drivers.exe tool.
>>>>
>>>> But there is one problem, it doesn’t shows up an entry in Services:-
>>>>
>>>> In the . Install a legacy driver
>>>> http:. A
>>>> program to install legacy-type drivers.
>>>>
>>>> here is the code snippet:-
>>>> (Is there any way of showing it up there? or Is it supposed not to show
>>>> up over there?)
>>>>
>>>>
>>>> /***
>>>>
>>>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
>>>> LPCTSTR)
>>>>
>>>> * PURPOSE: Creates a driver service.
>>>>
>>>>
/
>>>> BOOL InstallDriverService(
>>>> SC_HANDLE hSCManager, // open handle to
>>>> SCM
>>>> LPCTSTR pDriverName, // driver name
>>>> LPCTSTR pExecutableLocn // fully qualified
>>>> binary name
>>>> )
>>>> {
>>>> SC_HANDLE schService;
>>>> BOOL flag = FALSE,
>>>> flag2;
>>>> DWORD lclError;
>>>>
>>>> //
>>>> // Note: This creates an entry for a standalone driver. If this
>>>> // is modified for use with a driver that requires a Tag,
>>>> // Group, and/or Dependencies, it may be necessary to
>>>> // query the registry for existing driver information
>>>> // (in order to determine a unique Tag, etc.).
>>>> //
>>>>
>>>> schService = CreateService( // create the
>>>> driver service.
>>>> hSCManager, // SCManager
>>>> database
>>>> pDriverName, // name of service
>>>> pDriverName, // name to display
>>>> SERVICE_ALL_ACCESS, // desired access
>>>> SERVICE_KERNEL_DRIVER, // service type
>>>> SERVICE_DEMAND_START, // start type
>>>> SERVICE_ERROR_NORMAL, // error control
>>>> type
>>>> pExecutableLocn, // service’s
>>>> binary
>>>> NULL, // no load
>>>> ordering group
>>>> NULL, // no tag
>>>> identifier
>>>> NULL, // no dependencies
>>>> NULL, // LocalSystem
>>>> account
>>>> NULL // no password
>>>> );
>>>>
>>>> if (NULL==schService) // any problem?
>>>> {
>>>> lclError = GetLastError(); // get more
>>>> information
>>>>
>>>> if (ERROR_SERVICE_EXISTS==lclError) // already exists?
>>>> {
>>>> flag = TRUE;
>>>>
>>>> goto done;
>>>> }
>>>>
>>>> printf(“InstallDriverService: Failed in CreateService, rc =
>>>> 0%08X\n”, lclError);
>>>>
>>>> flag = FALSE;
>>>>
>>>> goto done;
>>>> }
>>>>
>>>> flag2 = CloseServiceHandle(schService); // close
>>>> connection to driver service.
>>>>
>>>> if (FALSE==flag2)
>>>> printf(“InstallDriverService: Error in closing driver service
>>>> handle.\n”);
>>>>
>>>> flag = TRUE;
>>>>
>>>> done:
>>>> return flag;
>>>> }
>>>>
>>>>
>>>> Thanks
>>>>
>>>> “ntdevstart” wrote in message
>>>> news:xxxxx@ntdev…
>>>>>I don’t have softice debugger to break in, may be back home I have one
>>>>>but not here at work.
>>>>> Well the “automatically restart” option was checked. I will uncheck
>>>>> and can give a try but what should I note
>>>>> down from the blue screen if I am to get one.
>>>>>
>>>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
>>>>> cause for the problem.
>>>>> I never went through the code but just had a idea of the outline,
>>>>> started looking and see something like this:-
>>>>>
>>>>> "
>>>>> // Invoke an attached debugger. If there’s none, continue.
>>>>>
>>>>> _try // Per Mark
>>>>> Roddy, comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
>>>>> {
>>>>> DbgBreakPoint();
>>>>> }
>>>>> _except(EXCEPTION_EXECUTE_HANDLER)
>>>>> {
>>>>> }
>>>>> "
>>>>>
>>>>> I will comment and see if that indeed is the reason behind this
>>>>> problem.
>>>>> So see your response on triple faults after reboot if it crashes
>>>>> again.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> “Mats PETERSSON” wrote in message
>>>>> news:xxxxx@ntdev…
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> This problem could be just about anything. I bet that if you go to
>>>>>> “My
>>>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
>>>>>> “Automatically
>>>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
>>>>>> wrong, it
>>>>>> could be that the machine is getting so messed up that it
>>>>>> triple-faults,
>>>>>> and thus reboots immediately. [I can describe triple-faulting more if <br>&gt;&gt;&gt;&gt;&gt;&gt; you<br>&gt;&gt;&gt;&gt;&gt;&gt; like, just ask].
>>>>>>
>>>>>> Now, if you were to hook up a debugger to the machine (requires
>>>>>> either
>>>>>> softICE or a second machine to use WinDBG), you should be able to get
>>>>>> more
>>>>>> information.
>>>>>>
>>>>>> I just saw your second mail, and yes, it’s quite possible that the
>>>>>> problem
>>>>>> is with the DriverEntry or something related to that.
>>>>>>
>>>>>> –
>>>>>> Mats
>>>>>>
>>>>>>
>>>>>>
>>>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I was playing around with jame’s driver here and it has crashed
>>>>>>> my
>>>>>>> windows professional XP SP2 system. what is the problem?
>>>>>>>
>>>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
>>>>>>>
>>>>>>> It said it loaded.
>>>>>>>
>>>>>>> 2) Now I went to administrative tools->double clicked services and
>>>>>>> bang,
>>>>>> my
>>>>>>> system rebooted.
>>>>>>>
>>>>>>>
>>>>>>> I rebooted. Now I try to do a load as:-
>>>>>>>
>>>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
>>>>>>>
>>>>>>> // BANG, my system rebooted again
>>>>>>>
>>>>>>> I got back, Now I do
>>>>>>>
>>>>>>> InstallDriverAPCDRV unload APCDRV:-
>>>>>>> 1) I went to administrative tools->services and the name wasn’t
>>>>>>> listed
>>>>>>> there.
>>>>>>> 2) It complained with closeService(…) failure and then said Unload
>>>>>>> sucessful, I think
>>>>>>> it says successful whatever happens.
>>>>>>>
>>>>>>> Can someone tell me how to go about this?, as my first practical
>>>>>> experience
>>>>>>> was a failure.
>>>>>>>
>>>>>>> The driver is here:-
>>>>>>>
>>>>>>> . APC kernel
>>>>>>> http:.
>>>>>>> This shows APC techniques. Also shows use of
>>>>>>> PsLookupProcessByProcessId,
>>>>>>> KeAttachProcess and KeDetachProcess.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> —
>>>>>>> Questions? First check the Kernel Driver FAQ at http://www.
>>>>>>> osronline.com/article.cfm?id=256
>>>>>>>
>>>>>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
>>>>>>> To unsubscribe send a blank email to
>>>>>>> xxxxx@lists.osr.com
>>>>>>
>>>>>>> ForwardSourceID:NT0000962A
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
></http:></http:>