Mirror Display Driver - Log off system crush

NTDEV
21

xxxxx@gmail.com wrote:

> There’s really no difference between a mapped file and normal allocated memory. It’s all memory.
>
Yes I know. But this is not what I wanted to say. Sorry if I say something wrong.
I want to do that my driver will map only one file. I assume that it will be more better, than to have a lot of mapped files.

Well, if you define “better” as “not working”, then you are right.

You are micro-optimizing. If we were talking about 150 mapped files,
that would be one thing. But on all but the most exotic of systems,
we’re talking about a maximum of roughly 3.

As much I have understood, when I switching accounts the picture that I see on display is current active surface.
When system switching or creating a new surface it calls DrvEnableSurface function.

Does it? Are you convinced that doing a fast user switch calls
DrvDisableSurface on the old driver and DrvEnableSurface on the new?

Inside this function I need to allocate memory for future surface. I want to do mapped file only map current surfaces memory. If to consider that when system creates a new surface the old must still to have own memory, I want to allocate new memory not in mapped file and assign it to old surface (ppdev->hsurfEng).
It is possible to do that?

Not the way you describe. I suppose you could copy the contents of the
mapped file to some safe area, and copy it back later, but that seems
like a lot more trouble.

And two more questions:
If I have for example two display on my Computer the system creates two or one surface?

Each display is a different driver instance, and hence a different surface.

And what about DIB section? How I can try to use it? It’s possible to share additional information through it?

A DIB section is a memory-mapped file or memory object that can be drawn
on like a bitmap. Personally, I don’t think that will lead anywhere for
you, but you may be able to think of some creative way to use it.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

22

I did some tests with DIB section and I see that I can use it to share memory.
Now I’m searching for a way, how to get pointer to DIB memory from ring 3 app?
It’s possible to this?
In current moment I only know that I can access to it through CreateDC, BitBlt and functions in this way.
Could anyone can say something about this situation?

23

xxxxx@gmail.com wrote:

I did some tests with DIB section and I see that I can use it to share memory.
Now I’m searching for a way, how to get pointer to DIB memory from ring 3 app?
It’s possible to this?
In current moment I only know that I can access to it through CreateDC, BitBlt and functions in this way.
Could anyone can say something about this situation?

When your application calls CreateDIBSection, it passes a variable that
receives a pointer to the bits.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

24

Yes, Tim you are right that DIB section isn’t a good idea.
Now I’m at the dead end. I don’t know
Where I can safe pointers to the shared files memory?
And how can I get to know which mapped file I need to write changed areas coordinates?

25

xxxxx@gmail.com wrote:

Yes, Tim you are right that DIB section isn’t a good idea.
Now I’m at the dead end. I don’t know
Where I can safe pointers to the shared files memory?
And how can I get to know which mapped file I need to write changed areas coordinates?

Each surface needs a mapped file. Your key design problem is storing
the mapped file information in a global. It should be associated with
the surface.

All you need to do is have a “flags” word in your mapped file, or a
generation number, or something similar. When you are told delete a
surface and have to remove the mapped file, you just write a flag in
there that says “this surface is dead”. Your application can watch for
that, and when it is set, it closes its handle (which closes the
mapping) and asks for the new one.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

26

For me situation is still foggy.
Let’s assume that user will have two monitors working with one computer.
I assume that there will be two surfaces and when any graphical function will be called for example DrvCopyBits and how I can get know in which mapped file I need to write changed coordinates?
As I have understood the only place to store pointer to the mapped file not global is inside PDEV structure which declared inside driver.h file.
I don’t see how I can access to it inside for example DrvCopyBits function because there isn’t any PDEV in function params.

27

> -----Original Message-----

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: 02 November 2007 12:14
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Mirror Display Driver - Log off system crush

As I have understood the only place to store pointer to the
mapped file not global is inside PDEV structure which
declared inside driver.h file.
I don’t see how I can access to it inside for example
DrvCopyBits function because there isn’t any PDEV in function params.

You will find the “dhpdev” member in the SURFOBJ structure to be a
pointer to the PDEV.

Regards,
Tim Green
Development Engineer
DisplayLink (UK) Limited

28

Hmm.
Thank you for information.
I have a little problem with string (LPWSTR) path for mapped file, I want to create it dynamically.
How I can use format function? It’s possible to use it?

29

xxxxx@gmail.com wrote:

I have a little problem with string (LPWSTR) path for mapped file, I want to create it dynamically.
How I can use format function? It’s possible to use it?

As long as you add libcntpr.lib to your library list, you have swprintf
available to you.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

30

I tried to add
TARGETLIBS= $(TARGETLIBS) $(DDK_LIB_PATH)\libcntpr.lib
into “sources” file, but I get error
error C4013: ‘swprintf’ undefined; assuming extern returning int
Did I add to right place?
I’m using Windows DDK 3790.

31

xxxxx@gmail.com wrote:

I tried to add
TARGETLIBS= $(TARGETLIBS) $(DDK_LIB_PATH)\libcntpr.lib
into “sources” file, but I get error
error C4013: ‘swprintf’ undefined; assuming extern returning int
Did I add to right place?
I’m using Windows DDK 3790.

That’s a compiler error. You need to include a header file that defines
swprintf(). I don’t know what that is officially in the kernel.

mm

32

> xxxxx@gmail.com wrote:

> I tried to add
> TARGETLIBS= $(TARGETLIBS) $(DDK_LIB_PATH)\libcntpr.lib
> into “sources” file, but I get error
> error C4013: ‘swprintf’ undefined; assuming extern returning int
> Did I add to right place?
> I’m using Windows DDK 3790.
>
That’s a compiler error. You need to include a header file that defines
swprintf(). I don’t know what that is officially in the kernel.

include : .\inc\crt\stdio.h

Christiaan

33

xxxxx@gmail.com wrote:

I tried to add
TARGETLIBS= $(TARGETLIBS) $(DDK_LIB_PATH)\libcntpr.lib
into “sources” file, but I get error
error C4013: ‘swprintf’ undefined; assuming extern returning int
Did I add to right place?
I’m using Windows DDK 3790.

Sigh. Surely you know the difference between compile-time and link-time.

Did you #include <stdio.h> or <wchar.h>?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.</wchar.h></stdio.h>

34

With TARGETLIBS= $(TARGETLIBS) $(DDK_LIB_PATH)\libcntpr.lib in both cases it compiles normal.
But when I try to enable driver
I get strange error, the crush dump is
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf9ea86d, The address that the exception occurred at
Arg3: f826c92c, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
mddriver_bf9e8000!EngFindImageProcAddress+5b
bf9ea86d c60000 mov byte ptr [eax],0

TRAP_FRAME: f826c92c – (.trap 0xfffffffff826c92c)
ErrCode = 00000002
eax=00000000 ebx=e11a1008 ecx=00000004 edx=7ffffffa esi=0000001e edi=e119d008
eip=bf9ea86d esp=f826c9a0 ebp=f826c9c4 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
mddriver_bf9e8000!EngFindImageProcAddress+0x5b:
bf9ea86d c60000 mov byte ptr [eax],0 ds:0023:00000000=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: Client.exe

LAST_CONTROL_TRANSFER: from bf9e9a05 to bf9ea86d

STACK_TEXT:
f826c9c4 bf9e9a05 00000000 bf9e9804 bf9e97d8 mddriver_bf9e8000!EngFindImageProcAddress+0x5b
f826ca28 bf892607 e11a7210 e119d008 00000000 mddriver_bf9e8000!DrvEnableSurface+0x155 [i:\winddk\3790\src\video\displays\mirror\disp\enable.c @ 495]
f826ca44 bf8b2873 00000000 e19e8448 00000000 win32k!PDEVOBJ::bMakeSurface+0x43
f826ca70 bf8b3272 e19e8448 e122ba30 e1df1e28 win32k!hCreateHDEV+0x3a9
f826cbe8 bf8b9b84 f826ccb0 e13f8b70 00000001 win32k!DrvCreateMDEV+0x4dc
f826ccdc bf8bbe20 f826ccb0 e1624008 00000000 win32k!DrvChangeDisplaySettings+0x251
f826cd20 bf8bbd13 0012f960 0019b558 00000000 win32k!xxxUserChangeDisplaySettings+0x141
f826cd48 8053c808 0012f960 0019b558 00000000 win32k!NtUserChangeDisplaySettings+0x4a
f826cd64 7c90eb94 badb0d00 0012f93c 00000000 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be wrong.
f826cd70 00000000 00000000 00000000 00000000 0x7c90eb94

STACK_COMMAND: kb

FOLLOWUP_IP:
mddriver_bf9e8000!EngFindImageProcAddress+5b
bf9ea86d c60000 mov byte ptr [eax],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mddriver_bf9e8000!EngFindImageProcAddress+5b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mddriver_bf9e8000

IMAGE_NAME: mddriver.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 472c433d

FAILURE_BUCKET_ID: 0x8E_mddriver_bf9e8000!EngFindImageProcAddress+5b

BUCKET_ID: 0x8E_mddriver_bf9e8000!EngFindImageProcAddress+5b

Followup: MachineOwner

I can’t understand what can make this error.
In line 495 I just assign pointer to pointer.

35

The values you are handing to EngFindImageProcAddress are garbage. I’d suggest setting a breakpoint in your code just before this call to EngFindImageProcAddress and seeing exactly what those values are. My guess is that you have mismanaged a string or are passing in a null value where a non-null value is required.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-305043-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, November 03, 2007 7:22 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Mirror Display Driver - Log off system crush

With TARGETLIBS= $(TARGETLIBS) $(DDK_LIB_PATH)\libcntpr.lib in both
cases it compiles normal.
But when I try to enable driver
I get strange error, the crush dump is
kd> !analyze -v
***********************************************************************
********
*
*
* Bugcheck Analysis
*
*
*
***********************************************************************
********

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf9ea86d, The address that the exception occurred at
Arg3: f826c92c, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
mddriver_bf9e8000!EngFindImageProcAddress+5b
bf9ea86d c60000 mov byte ptr [eax],0

TRAP_FRAME: f826c92c – (.trap 0xfffffffff826c92c)
ErrCode = 00000002
eax=00000000 ebx=e11a1008 ecx=00000004 edx=7ffffffa esi=0000001e
edi=e119d008
eip=bf9ea86d esp=f826c9a0 ebp=f826c9c4 iopl=0 nv up ei pl nz na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
mddriver_bf9e8000!EngFindImageProcAddress+0x5b:
bf9ea86d c60000 mov byte ptr [eax],0
ds:0023:00000000=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: Client.exe

LAST_CONTROL_TRANSFER: from bf9e9a05 to bf9ea86d

STACK_TEXT:
f826c9c4 bf9e9a05 00000000 bf9e9804 bf9e97d8
mddriver_bf9e8000!EngFindImageProcAddress+0x5b
f826ca28 bf892607 e11a7210 e119d008 00000000
mddriver_bf9e8000!DrvEnableSurface+0x155
[i:\winddk\3790\src\video\displays\mirror\disp\enable.c @ 495]
f826ca44 bf8b2873 00000000 e19e8448 00000000
win32k!PDEVOBJ::bMakeSurface+0x43
f826ca70 bf8b3272 e19e8448 e122ba30 e1df1e28 win32k!hCreateHDEV+0x3a9
f826cbe8 bf8b9b84 f826ccb0 e13f8b70 00000001 win32k!DrvCreateMDEV+0x4dc
f826ccdc bf8bbe20 f826ccb0 e1624008 00000000
win32k!DrvChangeDisplaySettings+0x251
f826cd20 bf8bbd13 0012f960 0019b558 00000000
win32k!xxxUserChangeDisplaySettings+0x141
f826cd48 8053c808 0012f960 0019b558 00000000
win32k!NtUserChangeDisplaySettings+0x4a
f826cd64 7c90eb94 badb0d00 0012f93c 00000000 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f826cd70 00000000 00000000 00000000 00000000 0x7c90eb94

STACK_COMMAND: kb

FOLLOWUP_IP:
mddriver_bf9e8000!EngFindImageProcAddress+5b
bf9ea86d c60000 mov byte ptr [eax],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mddriver_bf9e8000!EngFindImageProcAddress+5b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mddriver_bf9e8000

IMAGE_NAME: mddriver.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 472c433d

FAILURE_BUCKET_ID: 0x8E_mddriver_bf9e8000!EngFindImageProcAddress+5b

BUCKET_ID: 0x8E_mddriver_bf9e8000!EngFindImageProcAddress+5b

Followup: MachineOwner

I can’t understand what can make this error.
In line 495 I just assign pointer to pointer.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

36

But I don’t call this function directly.
This function calls through another function. And I don’t know where is this place.

37

Sorry. It was my mistake, I forgot to allocate memory for the string.
First I did not think that such terrible message of error can be from not allocated memory.
Now swprintf works correct. Thank you for your answers.

38

> error C4013: ‘swprintf’ undefined; assuming extern returning int

Use StringCchPrintfW instead.


Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

39

On Sat, Nov 03, 2007 at 09:16:17AM -0500, xxxxx@gmail.com wrote:

But I don’t call this function directly.
This function calls through another function. And I don’t know where is
this place.

You have to be able to apply some debugging techniques yourself.
Catch this in the kernel debugger, and you can view the disassembly
around the call to figure out how you got there.

Tim Roberts, xxxxx@probo.com
Providenza & Boeklheide, Inc.