I feel I understand what the driver does. Don’t know what you mean by
beginner?
Will he have to be dumb to be a beginner?
“Michal Vodicka” wrote in message
news:xxxxx@ntdev…
Sure, it should. This function just invokes int 3 at x86 systems which is
expected to cause BSOD if there is no debugger attached.
The strange thing is mentioned driver calls this function inside
try/ except block so exception should be handled and don’t cause BSOD.
Who knows what OP did, this driver definitely isn’t anything for the
beginner.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
> ----------
> From:
> xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
> on behalf of Philip D Barila[SMTP:xxxxx@seagate.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Wednesday, December 15, 2004 8:13 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] James Antognini’s APC driver rebooting system(help)
>
>
> I’ve only been following this thread with half a brain cell, but if you
> call DbgBreakPoint() from the kernel without a kernel debugger of some
> kind attached, it should bugcheck.
>
> Should it not?
>
> Phil
>
> Philip D. Barila
> Seagate Technology LLC
> (720) 684-1842
>
> xxxxx@lists.osr.com wrote on 12/15/2004 11:51:01 AM:
>
> > I’m sure that removing the statement cured your problem. I simply cannot
> > come up with an idea why it would make a difference.
> >
> > –
> > James Antognini
> > Windows DDK Support
> >
> > This posting is provided “AS IS” with no warranties, and confers no
> > rights.
> >
> > “ntdevstart” wrote in message news:xxxxx@ntdev…
> > >I removed the DebugBreakPoint which you had put in the DriverEntry
> > >which
> > >was causing my machine to reboot and it worked fine.
> > > My machine is
> > >
> > > Intel P4 3.2GHz and windows XP professional SP2
> > >
> > > if this helps.
> > >
> > > You say " So I don’t think it’s worthwhile to look for it as a
> > > service."
> > > Clarify guys, I am trying to understand the fundamentals as Max says
> > > it is
> > > a service and you say it isn’t. I see it to be a service from the way
> > > it
> > > is created.
> > >
> > > Thanks for the informative website of yours, it is a nice place to
> > > start
> > > KM programming.
> > >
> > >
> > >
> > > “James Antognini [MSFT]” wrote in
> > > message
> > > news:xxxxx@ntdev…
> > >> This isn’t a service in the sense of a user-mode program that runs
> > >> without anyone logging in. So I don’t think it’s worthwhile to look
> > >> for
> > >> it as a service.
> > >>
> > >> As for DebugBreakPoint, I’m skeptical that’s a problem.
> > >>
> > >> Just in case anyone is in doubt, the subject program and other things
> > >> from my web site are my personal efforts and not related to my
> > >> employer.
> > >>
> > >> –
> > >> James Antognini
> > >> Windows DDK Support
> > >>
> > >> This posting is provided “AS IS” with no warranties, and confers no
> > >> rights.
> > >>
> > >> “ntdevstart” wrote in message
> > >> news:xxxxx@ntdev…
> > >>> Cool,the kernel mode DebugBreakPoint was the problem.
> > >>> It loads and unloads nicely now.
> > >>> verified with the drivers.exe tool.
> > >>>
> > >>> But there is one problem, it doesn’t shows up an entry in Services:-
> > >>>
> > >>> In the . Install a legacy driver
> > >>> http:. A
> > >>> program to install legacy-type drivers.
> > >>>
> > >>> here is the code snippet:-
> > >>> (Is there any way of showing it up there? or Is it supposed not to
> > >>> show
> > >>> up over there?)
> > >>>
> > >>>
> > >>>
> > /***
> > >>>
> > >>> * FUNCTION: InstallDriverService( IN SC_HANDLE, IN LPCTSTR, IN
> > >>> LPCTSTR)
> > >>>
> > >>> * PURPOSE: Creates a driver service.
> > >>>
> > >>>
> >/
> > >>> BOOL InstallDriverService(
> > >>> > SC_HANDLE hSCManager, // open
> > >>> handle to
> > >>> SCM
> > >>> LPCTSTR pDriverName, // driver name
> > >>> LPCTSTR pExecutableLocn // fully
> > >>> qualified
> > >>> binary name
> > >>> )
> > >>> {
> > >>> SC_HANDLE schService;
> > >>> BOOL flag = FALSE,
> > >>> flag2;
> > >>> DWORD lclError;
> > >>>
> > >>> //
> > >>> // Note: This creates an entry for a standalone driver. If this
> > >>> // is modified for use with a driver that requires a Tag,
> > >>> // Group, and/or Dependencies, it may be necessary to
> > >>> // query the registry for existing driver information
> > >>> // (in order to determine a unique Tag, etc.).
> > >>> //
> > >>>
> > >>> schService = CreateService( // create the
> > >>> driver service.
> > >>> hSCManager, // SCManager
> > >>> database
> > >>> pDriverName, // name of
> > >>> service
> > >>> pDriverName, // name to
> > >>> display
> > >>> SERVICE_ALL_ACCESS, // desired
> > >>> access
> > >>> SERVICE_KERNEL_DRIVER, // service type
> > >>> SERVICE_DEMAND_START, // start type
> > >>> SERVICE_ERROR_NORMAL, // error
> > >>> control
> > >>> type
> > >>> pExecutableLocn, // service’s
> > >>> binary
> > >>> NULL, // no load
> > >>> ordering
> > >>> group
> > >>> NULL, // no tag
> > >>> identifier
> > >>> NULL, // no
> > >>> dependencies
> > >>> NULL, // LocalSystem
> > >>> account
> > >>> NULL // no password
> > >>> );
> > >>>
> > >>> if (NULL==schService) // any problem?
> > >>> {
> > >>> lclError = GetLastError(); // get more
> > >>> information
> > >>>
> > >>> if (ERROR_SERVICE_EXISTS==lclError) // already
> > >>> exists?
> > >>> {
> > >>> flag = TRUE;
> > >>>
> > >>> goto done;
> > >>> }
> > >>>
> > >>> printf(“InstallDriverService: Failed in CreateService, rc =
> > >>> 0%08X\n”, lclError);
> > >>>
> > >>> flag = FALSE;
> > >>>
> > >>> goto done;
> > >>> }
> > >>>
> > >>> flag2 = CloseServiceHandle(schService); // close
> > >>> connection
> > >>> to driver service.
> > >>>
> > >>> if (FALSE==flag2)
> > >>> printf(“InstallDriverService: Error in closing driver service
> > >>> handle.\n”);
> > >>>
> > >>> flag = TRUE;
> > >>>
> > >>> done:
> > >>> return flag;
> > >>> }
> > >>>
> > >>>
> > >>> Thanks
> > >>>
> > >>> “ntdevstart” wrote in message
> > >>> news:xxxxx@ntdev…
> > >>>>I don’t have softice debugger to break in, may be back home I have
> > >>>>one
> > >>>>but not here at work.
> > >>>> Well the “automatically restart” option was checked. I will uncheck
> > >>>> and
> > >>>> can give a try but what should I note
> > >>>> down from the blue screen if I am to get one.
> > >>>>
> > >>>> Looks like the DebugBreakPoint(…) in the DriverEntry(…) is the
> > >>>> cause for the problem.
> > >>>> I never went through the code but just had a idea of the outline,
> > >>>> started looking and see something like this:-
> > >>>>
> > >>>> "
> > >>>> // Invoke an attached debugger. If there’s none, continue.
> > >>>>
> > >>>> _try // Per Mark
> > >>>> Roddy,
> > >>>> comp.os.ms-windows.programmer.nt.kernel-mode, 27 Apr 2001.
> > >>>> {
> > >>>> DbgBreakPoint();
> > >>>> }
> > >>>> _except(EXCEPTION_EXECUTE_HANDLER)>
> > >>>> {
> > >>>> }
> > >>>> "
> > >>>>
> > >>>> I will comment and see if that indeed is the reason behind this
> > >>>> problem.
> > >>>> So see your response on triple faults after reboot if it crashes
> > >>>> again.
> > >>>>
> > >>>> Thanks
> > >>>>
> > >>>>
> > >>>> “Mats PETERSSON” wrote in message
> > >>>> news:xxxxx@ntdev…
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> This problem could be just about anything. I bet that if you go to
> > >>>>> “My
> > >>>>> Computer”->Properties->Advanced->Startup&Recovery and unset
> > >>>>> “Automatically
> > >>>>> restart”, you’ll see a nice BSOD rather than a reboot. I could be
> > >>>>> wrong, it
> > >>>>> could be that the machine is getting so messed up that it
> > >>>>> triple-faults,
> > >>>>> and thus reboots immediately. [I can describe triple-faulting more <br>> > >>>>> if<br>> > >>>>> you<br>> > >>>>> like, just ask].
> > >>>>>
> > >>>>> Now, if you were to hook up a debugger to the machine (requires
> > >>>>> either
> > >>>>> softICE or a second machine to use WinDBG), you should be able to
> > >>>>> get
> > >>>>> more
> > >>>>> information.
> > >>>>>
> > >>>>> I just saw your second mail, and yes, it’s quite possible that the
> > >>>>> problem
> > >>>>> is with the DriverEntry or something related to that.
> > >>>>>
> > >>>>> –
> > >>>>> Mats
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> xxxxx@lists.osr.com wrote on 12/14/2004 09:12:07 AM:
> > >>>>>
> > >>>>>> Hi,
> > >>>>>>
> > >>>>>> I was playing around with jame’s driver here and it has
> > >>>>>> crashed
> > >>>>>> my
> > >>>>>> windows professional XP SP2 system. what is the problem?
> > >>>>>>
> > >>>>>> 1) I did a Installdriver APCDRV load …\apcdrv.sys
> > >>>>>>
> > >>>>>> It said it loaded.
> > >>>>>>
> > >>>>>> 2) Now I went to administrative tools->double clicked services
> > >>>>>> and
> > >>>>>> bang,
> > >>>>> my
> > >>>>>> system rebooted.
> > >>>>>>
> > >>>>>>
> > >>>>>> I rebooted. Now I try to do a load as:-
> > >>>>>>
> > >>>>>> 1) InstallDriver APCDRV load …\apcdrv.sys
> > >>>>>>
> > >>>>>> // BANG, my system rebooted again
> > >>>>>>
> > >>>>>> I got back, Now I do
> > >>>>>>
> > >>>>>> InstallDriverAPCDRV unload APCDRV:-
> > >>>>>> 1) I went to administrative tools->services and the name wasn’t
> > >>>>>> listed
> > >>>>>> there.
> > >>>>>> 2) It complained with closeService(…) failure and then said
> > >>>>>> Unload
> > >>>>>> sucessful, I think
> > >>>>>> it says successful whatever happens.
> > >>>>>>
> > >>>>>> Can someone tell me how to go about this?, as my first practical
> > >>>>> experience
> > >>>>>> was a failure.
> > >>>>>>
> > >>>>>> The driver is here:-
> > >>>>>>
> > >>>>>> . APC kernel
> > >>>>>> http:.
> > >>>>>> This shows APC techniques. Also shows use of
> > >>>>>> PsLookupProcessByProcessId,
> > >>>>>> KeAttachProcess and KeDetachProcess.
> > >>>>>>
> > >>>>>> Thanks
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> —
> > >>>>>> Questions? First check the Kernel Driver FAQ at http://www.
> > >>>>>> osronline.com/article.cfm?id=256
> > >>>>>>
> > >>>>>> You are currently subscribed to ntdev as:
> > >>>>>> xxxxx@3dlabs.com
> > >>>>>> To unsubscribe send a blank email to
> > >>>>>> xxxxx@lists.osr.com
> > >>>>>
> > >>>>>> ForwardSourceID:NT0000962A
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at http://www.
> > osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@seagate.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> — Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256 You are currently subscribed
> to ntdev as: xxxxx@upek.com To unsubscribe send a blank email to
> xxxxx@lists.osr.com
></http:></http:>
