Sheesh Tony, thanks for all the frigging sympathy!!!
:-{)
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Monday, December 05, 2005 5:54 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
And this is an excellent example of WinDBG over SMTP (and you thought
that using a serial connection was slow!)
![:wink: :wink:](/images/emoji/twitter/wink.png?v=12)
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@seagate.com
Sent: Monday, December 05, 2005 6:40 PM
To: ntdev redirect
Subject: RE: [ntdev] KMDF10 …
Lm t n
…
f7587000 f75fd000 Wdf01000 Wdf01000.sys Wed Nov 30 16:03:42 2005
…
2: kd> kP
ChildEBP RetAddr
f7c9ad4c 805360bf nt!RtlpBreakWithStatusInstruction
f7c9ad98 80536b96 nt!KiBugCheckDebugBreak+0x19
f7c9b178 805371aa nt!KeBugCheck2+0x574
f7c9b198 80633685 nt!KeBugCheckEx+0x1b
f7c9b1b4 80603855 nt!PspUnhandledExceptionInSystemThread+0x1a
f7c9bddc 804efc81 nt!PspSystemThreadStartup+0x5a
00000000 00000000 nt!KiThreadStartup+0x16
Once I saw this happening, I uninstalled and purged the 5054 beta from
my
system. The BUILD I did per your request was done via that environment
using -cZe. I also deleted all instances of WdfXxxx from the target and
then did a clean install with WdfCoinstaller01000. How then do I correct
this situation?
By the way, the target is a dual Xeon with HT enabled and 1 gig of
memory.
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, December 05, 2005 5:28 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
…and the resulting “kP” output after you called .cxr.
What I bet is happening is that your driver was not recompiled clean and
that you are using old jump table offsets in your driver and jumping
into another function (probably WdfDpcWdmGetDpc based on seeing this
issue before). The callstack should confirm this.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@seagate.com
Sent: Monday, December 05, 2005 3:18 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
I think I found it:
FxObjectHandleGetPtr calls GetObjectFromHandle and gets a WDF handle
(7xxxxxxx), which is moves into edi. It then attempts to compare [edi+4]
to bx and panics since I do believe 799487a0+4 is not a valid address,
unless WDF structures are mapped to 7xxxxxxx. But, not having the
source,
that is all speculation.
The CXR you requested:
eax=799436a8 ebx=00001001 ecx=00000000 edx=864e7fd0 esi=f7c9b790
edi=799436a8
eip=f75a5213 esp=f7c9b758 ebp=f7c9b76c iopl=0 nv up ei pl zr na
po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000246
Wdf01000!FxObjectHandleGetPtr+0x8b:
f75a5213 66395f04 cmp [edi+0x4],bx
ds:0023:799436ac=???
And the code preceding the IP of f75a5213:
Wdf01000!FxObjectHandleGetPtr+0x84:
f75a520c e8bffdffff call Wdf01000!FxObject::_GetObjectFromHandle
(f75a4fd0)
f75a5211 8bf8 mov edi,eax
f75a5213 66395f04 cmp [edi+0x4],bx
f75a5217 7507 jnz Wdf01000!FxObjectHandleGetPtr+0x98
(f75a5220)
f75a5219 893e mov [esi],edi
f75a521b e980000000 jmp Wdf01000!FxObjectHandleGetPtr+0x118
(f75a52a0)
f75a5220 832600 and dword ptr [esi],0x0
f75a5223 8b07 mov eax,[edi]
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, December 05, 2005 5:01 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
And .cxr for the callback…
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@seagate.com
Sent: Monday, December 05, 2005 2:55 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
I assume you mean opening build in a 3790.1830 build and running
set_wdf_env since KMDF has no build environments.
However … doing that still produces the same error.
Here is the information you wanted:
1: kd> .exr fffffffff7c9b690
ExceptionAddress: f75a5213 (Wdf01000!FxObjectHandleGetPtr+0x0000008b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 799487a4
Attempt to read from address 799487a4
It looks like an attempt was made to directly access a WDF object
(799487a4) during manipulation of the registry path in WdfDriverCreate.
This info was in the first !analyze -v dump.
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, December 05, 2005 4:29 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
Please use the DDK build environment first and see if it repros, as
ddkbuild.bat is not a supported build env that we have tested. I bet
there is some work Mark needs to do to get it working with the final
release. We did change the layout of the headers and libs so if
ddkbuild.bat assumes the previous layout, that might be the issue.
Thx
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@seagate.com
Sent: Monday, December 05, 2005 2:25 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
I use DDKBUILD … I’ll get the call stack next breakpoint.
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, December 05, 2005 4:07 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] KMDF10 …
Are you building in the DDK build environment or via ddkbuild.exe/VS?
to get the real callstack, run the following
.exr fffffffff7c9b690
k
And then send the stack.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@seagate.com
Sent: Monday, December 05, 2005 1:26 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] KMDF10 …
I installed the released version of WDF and then built and installed the
resulting driver. The only changes I have made to the sources were those
required due to changes in WDF. When I load the driver, it panics the
system in DriverEntry when I call WdfDriverCreate. From the
documentation
I can see no differences in that call. It is a access denied (C0000005).
I purged the old installation from the target, deleting the olnd INF
files
as well as the WDF files on the target before doing the new install.
Here is !analyze:
1: kd> !analyze -v
************************************************************************
**
*****
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
**
*****
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f75a5213, The address that the exception occurred at
Arg3: f7c9b690, Exception Record Address
Arg4: f7c9b38c, Context Record Address
Debugging Details:
*** Error in in reading nt!_ETHREAD @ 00000000
*** Error in in reading nt!_ETHREAD @ 00000000
*** Error in in reading nt!_ETHREAD @ 00000000
*** Error in in reading nt!_ETHREAD @ 00000000
*** Error in in reading nt!_ETHREAD @ 00000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
Wdf01000!FxObjectHandleGetPtr+8b
f75a5213 66395f04 cmp [edi+0x4],bx
EXCEPTION_RECORD: f7c9b690 – (.exr fffffffff7c9b690)
ExceptionAddress: f75a5213 (Wdf01000!FxObjectHandleGetPtr+0x0000008b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 79945c1c
Attempt to read from address 79945c1c
CONTEXT: f7c9b38c – (.cxr fffffffff7c9b38c)
eax=79945c18 ebx=00001001 ecx=00000000 edx=864ebc78 esi=f7c9b790
edi=79945c18
eip=f75a5213 esp=f7c9b758 ebp=f7c9b76c iopl=0 nv up ei pl zr na
po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
Wdf01000!FxObjectHandleGetPtr+0x8b:
f75a5213 66395f04 cmp [edi+0x4],bx
ds:0023:79945c1c=???
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
READ_ADDRESS: 79945c1c
BUGCHECK_STR: 0x7E
LOCK_ADDRESS: 80560560 – (!locks 80560560)
Resource @ nt!IopDeviceTreeLock (0x80560560) Shared 1 owning threads
Threads: 867c23c8-01<*>
1 total locks, 1 locks currently held
FAULTING_THREAD: 867c23c8
PNP_TRIAGE:
Lock address : 0x80560560
Thread Count : 1
Thread address: 0x867c23c8
Thread wait : 0x3a0
LAST_CONTROL_TRANSFER: from 805360bf to 804e2a52
STACK_TEXT:
f7c9ad4c 805360bf 00000003 f7c9b0a8 00000000
nt!RtlpBreakWithStatusInstruction
f7c9ad98 80536b96 00000003 00000000 00000000
nt!KiBugCheckDebugBreak+0x19
f7c9b178 805371aa 0000007e c0000005 f75a5213 nt!KeBugCheck2+0x574
f7c9b198 80633685 0000007e c0000005 f75a5213 nt!KeBugCheckEx+0x1b
f7c9b1b4 80603855 f7c9b1dc 804e2f39 f7c9b1e4
nt!PspUnhandledExceptionInSystemThread+0x1a
f7c9bddc 804efc81 804e22f1 00000001 00000000
nt!PspSystemThreadStartup+0x5a
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
Wdf01000!FxObjectHandleGetPtr+8b
f75a5213 66395f04 cmp [edi+0x4],bx
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: Wdf01000!FxObjectHandleGetPtr+8b
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 438e21be
FAILURE_BUCKET_ID: 0x7E_Wdf01000!FxObjectHandleGetPtr+8b
BUCKET_ID: 0x7E_Wdf01000!FxObjectHandleGetPtr+8b
Followup: MachineOwner
Gary G. Little
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com