Mirror Driver - how to track changes

Hi all.
I’m creating Mirror Display Driver and I’m using DDK(src\video\displays\mirror)
I want to track all changes (areas) which happened on a screen, before some event.
As I understood that I need to save changes from every Eng graphical event for
CLIPOBJ *pco
variable.
But where I can save It?
I read that CLIPOBJ may be has more than four rectangles, how I can work with them?
I tried to use for example pco->rclBounds.left and I got blue screen.

Could anyone answer to my question, please.

Vit.

xxxxx@gmail.com wrote:

Hi all.
I’m creating Mirror Display Driver and I’m using DDK(src\video\displays\mirror)
I want to track all changes (areas) which happened on a screen, before some event.
As I understood that I need to save changes from every Eng graphical event for
CLIPOBJ *pco
variable.
But where I can save It?
I read that CLIPOBJ may be has more than four rectangles, how I can work with them?
I tried to use for example pco->rclBounds.left and I got blue screen.

Could anyone answer to my question, please.

Vit.

You have a lot of basics to learn young one…

All the pointers passed to the Drv… entrypoints in video drivers
become invalid the moment your entrypoint returns to the system, except
for the two pointers that represent your own data.

Writing a good mirror driver is a tough job, even for an expert.

Jakob (who has maintained such mirror drivers for 12 years now).

–
Jakob Bøhm, M.Sc.Eng. * xxxxx@danware.dk * direct tel:+45-45-90-25-33
Danware Data A/S * Bregnerodvej 127 * DK-3460 Birkerod * DENMARK
http://www.netop.com * tel:+45-45-90-25-25 * fax tel:+45-45-90-25-26
Information in this mail is hasty, not binding and may not be right

I mean there(in 1 message, mistake) not Eng, but Drv.
Can anyone say plainly, where I can get those changes and where I can store them?

xxxxx@gmail.com wrote:

I’m creating Mirror Display Driver and I’m using DDK(src\video\displays\mirror)
I want to track all changes (areas) which happened on a screen, before some event.
As I understood that I need to save changes from every Eng graphical event for
CLIPOBJ *pco
variable.
But where I can save It?
I read that CLIPOBJ may be has more than four rectangles, how I can work with them?
I tried to use for example pco->rclBounds.left and I got blue screen.

Could anyone answer to my question, please.

You should not assume that you will always get a CLIPOBJ. The vast
majority of drawing operations don’t need a clipping region at all.
Further, even when a CLIPOBJ is supplied, that’s not the dirty region.
Consider drawing a string onto a window, for example. The clipping
region will be the whole window, although the dirty region is just the
size of the string.

You have to compute the “dirty” region yourself. For bitblt and
CopyBits, that’s not too hard; you just need to compute the intersection
between the destination rectangle and the clipping region (if any). For
TextOut, it’s a little more complicated, since you have to run through
the characters in the string to compute the overall size, and you have
the opaquing rectangle as well.

Keeping track of the dirty region is a job you’ll have to figure out.
You can keep a list of rectangles, or you can just compute the largest
enclosing rectangle.

Personally, I can’t believe that you aren’t looking at the source code
for VNC, which already does all of this.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

xxxxx@gmail.com wrote:

I mean there(in 1 message, mistake) not Eng, but Drv.
Can anyone say plainly, where I can get those changes and where I can store them?

You know, you have to figure some of this out for yourself. Have you
actually used WinDbg to breakpoint in your regular display driver to see
what kind of information is actually passed to the driver entry points
in response to specific GDI calls? If not, then how can you possibly
hope to understand what information you need to track, or where it comes
from, or how often it comes in?

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

>Personally, I can’t believe that you aren’t looking at the source code for VNC, which already does all of >this.
But VNC isn’t opensource for M-Driver.
I only found where it’s(App) using ExtEscape function and it passes PCHANGES_BUF which contains those changes.
I want to do something similar.
I don’t understand for example how I can detect “dirty” region, because through pco->rclBounds.left it isn’t working(blue screen).

If not, then how can you possibly hope to understand what information you need to track, or where >it comes from, or how often it comes in?
I read that
pco
Pointer to a CLIPOBJ structure that defines the clip region through which all rendering must be done. The driver cannot affect any pixels outside the clip region.
and I think this is the way which I can detect “dirty” region.

>>
I read that
pco
Pointer to a CLIPOBJ structure that defines the clip region through which all rendering must be done. The driver cannot affect any pixels outside the clip region.
and I think this is the way which I can detect “dirty” region.
<<

Tim already said “no” quite well, but it’s late in the week, and I’ve been biting my fingers to avoid posting to the printer threads (too much potential to dig myself in too deep on that one, as in “explain why it’s a bad idea, get back question asking how to work around the negative consequences of the choice without abandoning the original bad idea”- no time for that nonsense these days)…

Ever do ANY Win32 GDI programming? If so, recognize CLIPOBJ as the clipping region in the DC. Period.

A lot of times, it is just going to be the entire surface (or a null region, which is effectively the same thing), because the programmer has no desire whatsoever to explicitly clip the rendering.

So if you assume that the CLIPOBJ is everything that might have been dirtied, resign yourself now to constantly assuming the whole display surface changed every time the programmer asked to change a single pixel.

Again, as Tim mentioned, there may not even BE a CLIPOBJ- when you got BSOD were you dereferencing a NULL pco?

xxxxx@gmail.com wrote:

> Personally, I can’t believe that you aren’t looking at the source code for VNC, which already does all of >this.
>
But VNC isn’t opensource for M-Driver.
I only found where it’s(App) using ExtEscape function and it passes PCHANGES_BUF which contains those changes.
I want to do something similar.

Why can’t you just use their driver?
http://www.demoforge.com/dfmirage.htm is what TightVNC uses. You can
wrap your own application around it.

I don’t understand for example how I can detect “dirty” region, because through pco->rclBounds.left it isn’t working(blue screen).

Why did you get a blue screen? What did windbg’s !analyze tell you?

I read that pco
Pointer to a CLIPOBJ structure that defines the clip region through which all rendering must be done. The driver cannot affect any pixels outside the clip region.
and I think this is the way which I can detect “dirty” region.

Then you still don’t understand. It’s true that a driver cannot draw
outside of the clip region, if one is supplied. However, most drawing
is done without a clip region, and when one is supplied, it’s often an
entire window. The “dirty” region is the part of the screen that is
actually going to be changed by an API, and that varies depending on the
API.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Tim. Sorry.
I have understood, what you are saying.
Ok before I’ll be understanding with DrvTextOut.
First I need to understand, why this code isn’t working (I got blue screen)
BOOL DrvCopyBits(
OUT SURFOBJ *psoDst,
IN SURFOBJ *psoSrc,
IN CLIPOBJ *pco,
IN XLATEOBJ *pxlo,
IN RECTL *prclDst,
IN POINTL *pptlSrc
)
{
if (psoDst)
{
if (psoDst->dhpdev)
{
PPDEV ppdev = (PPDEV) psoDst->dhpdev;
if((ppdev->hsurfEng ==
psoDst->hsurf)&&(ppdev->pvTmpBuffer))
{
EngCopyBits(psoDst, psoSrc, pco, pxlo,
prclDst, pptlSrc);
DISPDBG((0,“pco->rclBounds.left is %d:\n”,pco->rclBounds.left)); //@ 465
}
}
}
return TRUE;
}
The crush-dump is
kd> !analyze -f -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf9e9aa3, The address that the exception occurred at
Arg3: fa9b89bc, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
mirror_bf9e8000!DrvCopyBits+53
bf9e9aa3 8b5104 mov edx,[ecx+0x4]

TRAP_FRAME: fa9b89bc – (.trap fffffffffa9b89bc)
ErrCode = 00000000
eax=00000001 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=bf9e9aa3 esp=fa9b8a30 ebp=fa9b8a34 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
mirror_bf9e8000!DrvCopyBits+53:
bf9e9aa3 8b5104 mov edx,[ecx+0x4] ds:0023:00000004=???
Resetting default context

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from bf904222 to bf9e9aa3

STACK_TEXT:
fa9b8a34 bf904222 e1c9fe90 e10e3010 00000000 mirror_bf9e8000!DrvCopyBits+0x53 [c:\winddk\3790\src\video\displays\mirror\disp\enable.c @ 465]
fa9b8a7c bf84d6a3 bf9e9a50 bf9a2fb4 e1c9fe90 win32k!OffCopyBits+0x7d
fa9b8b34 bf84d400 e1089048 e10644e0 e10e3010 win32k!vSpWriteToScreen+0x99
fa9b8bc4 bf822e63 e1125010 00000001 e1089048 win32k!vSpRedrawUncoveredArea+0x188
fa9b8c90 bf8fd579 e1089048 00000000 00000000 win32k!bSpUpdatePosition+0x17d
fa9b8cc0 bf8fd4bb e1089008 bc510300 bc6366e8 win32k!vSpDeleteSprite+0x3f
fa9b8cd8 bf92d23e e160c008 00030040 00000000 win32k!GreDeleteSprite+0x3a
fa9b8d08 bf8bbf05 fa9b8d64 0012f274 bf8bbcdf win32k!ResetRedirectedWindows+0x77
fa9b8d20 bf8bbd13 0012f284 0014bdf8 00000000 win32k!xxxUserChangeDisplaySettings+0x18f
fa9b8d48 8053c808 0012f284 0014bdf8 00000000 win32k!NtUserChangeDisplaySettings+0x4a
fa9b8d64 7c90eb94 badb0d00 0012f260 fad0cda0 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f28c 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
mirror_bf9e8000!DrvCopyBits+53
bf9e9aa3 8b5104 mov edx,[ecx+0x4]

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: mirror_bf9e8000!DrvCopyBits+53

MODULE_NAME: mirror_bf9e8000

IMAGE_NAME: mirror.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 467c466d

STACK_COMMAND: .trap fffffffffa9b89bc ; kb

BUCKET_ID: 0x8E_mirror_bf9e8000!DrvCopyBits+53

Followup: MachineOwner

I don’t know the first thing about video drivers, but your !analyze -v
shows

mov edx, [ecx + 04]

with ecx = 0

This is no no. One of those parameters to EngCopyBits is bogus.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Friday, June 22, 2007 18:12
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Mirror Driver - how to track changes

Tim. Sorry.
I have understood, what you are saying.
Ok before I’ll be understanding with DrvTextOut.
First I need to understand, why this code isn’t working (I got blue
screen)
BOOL DrvCopyBits(
OUT SURFOBJ *psoDst,
IN SURFOBJ *psoSrc,
IN CLIPOBJ *pco,
IN XLATEOBJ *pxlo,
IN RECTL *prclDst,
IN POINTL *pptlSrc
)
{
if (psoDst)
{
if (psoDst->dhpdev)
{
PPDEV ppdev = (PPDEV) psoDst->dhpdev;
if((ppdev->hsurfEng ==
psoDst->hsurf)&&(ppdev->pvTmpBuffer))
{
EngCopyBits(psoDst, psoSrc, pco, pxlo,
prclDst, pptlSrc);
DISPDBG((0,“pco->rclBounds.left is
%d:\n”,pco->rclBounds.left)); //@ 465
}
}
}
return TRUE;
}
The crush-dump is
kd> !analyze -f -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf9e9aa3, The address that the exception occurred at
Arg3: fa9b89bc, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
mirror_bf9e8000!DrvCopyBits+53
bf9e9aa3 8b5104 mov edx,[ecx+0x4]

TRAP_FRAME: fa9b89bc – (.trap fffffffffa9b89bc)
ErrCode = 00000000
eax=00000001 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000
edi=00000000
eip=bf9e9aa3 esp=fa9b8a30 ebp=fa9b8a34 iopl=0 nv up ei pl nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
mirror_bf9e8000!DrvCopyBits+53:
bf9e9aa3 8b5104 mov edx,[ecx+0x4]
ds:0023:00000004=???
Resetting default context

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from bf904222 to bf9e9aa3

STACK_TEXT:
fa9b8a34 bf904222 e1c9fe90 e10e3010 00000000
mirror_bf9e8000!DrvCopyBits+0x53
[c:\winddk\3790\src\video\displays\mirror\disp\enable.c @ 465]
fa9b8a7c bf84d6a3 bf9e9a50 bf9a2fb4 e1c9fe90 win32k!OffCopyBits+0x7d
fa9b8b34 bf84d400 e1089048 e10644e0 e10e3010
win32k!vSpWriteToScreen+0x99
fa9b8bc4 bf822e63 e1125010 00000001 e1089048
win32k!vSpRedrawUncoveredArea+0x188
fa9b8c90 bf8fd579 e1089048 00000000 00000000
win32k!bSpUpdatePosition+0x17d
fa9b8cc0 bf8fd4bb e1089008 bc510300 bc6366e8 win32k!vSpDeleteSprite+0x3f
fa9b8cd8 bf92d23e e160c008 00030040 00000000 win32k!GreDeleteSprite+0x3a
fa9b8d08 bf8bbf05 fa9b8d64 0012f274 bf8bbcdf
win32k!ResetRedirectedWindows+0x77
fa9b8d20 bf8bbd13 0012f284 0014bdf8 00000000
win32k!xxxUserChangeDisplaySettings+0x18f
fa9b8d48 8053c808 0012f284 0014bdf8 00000000
win32k!NtUserChangeDisplaySettings+0x4a
fa9b8d64 7c90eb94 badb0d00 0012f260 fad0cda0 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be
wrong.
0012f28c 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
mirror_bf9e8000!DrvCopyBits+53
bf9e9aa3 8b5104 mov edx,[ecx+0x4]

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: mirror_bf9e8000!DrvCopyBits+53

MODULE_NAME: mirror_bf9e8000

IMAGE_NAME: mirror.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 467c466d

STACK_COMMAND: .trap fffffffffa9b89bc ; kb

BUCKET_ID: 0x8E_mirror_bf9e8000!DrvCopyBits+53

Followup: MachineOwner

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

xxxxx@gmail.com wrote:

I have understood, what you are saying.
Ok before I’ll be understanding with DrvTextOut.
First I need to understand, why this code isn’t working (I got blue screen)

Yes, you did. I knew exactly why you got a blue screen as soon as you
described the problem. At least two of us have given you hint after
hint after hint, and I am disappointed that I now have to spell it out.
You SHOULD have been able to figure this out.

EngCopyBits(psoDst, psoSrc, pco, pxlo, prclDst, pptlSrc);
DISPDBG((0,“pco->rclBounds.left is %d:\n”,pco->rclBounds.left)); //@ 465

OK, let’s look at the analysis.

Arguments:
Arg1: c0000005, The exception code that was not handled

C0000005 is a general protection fault – trying to read or write from a
bad address. The analyze output even said this.

TRAP_FRAME: fa9b89bc – (.trap fffffffffa9b89bc)
ErrCode = 00000000
eax=00000001 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=bf9e9aa3 esp=fa9b8a30 ebp=fa9b8a34 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
mirror_bf9e8000!DrvCopyBits+53:
bf9e9aa3 8b5104 mov edx,[ecx+0x4] ds:0023:00000004=???

It’s fetching a dword from a structure based on pointer. There’s only
one pointer dereference in the line you mention, and that’s
“pco->rclBounds.left”. If you look at the definition of a CLIPOBJ, and
I certainly hope you have done so at least once in chasing this down,
you’ll see that rclBounds is 4 bytes into the structure, and “left” is
the first dword in a RECTL, so clearly this instruction is trying to
fetch that value. The structure address here is in ecx. ecx is 0.
That means the structure pointer was NULL.

So, the problem here is the situation that you have been warned about at
least three times this week: there was no CLIPOBJ given to you. The
CLIPOBJ pointer was NULL.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Martin O’Brien wrote:

I don’t know the first thing about video drivers, but your !analyze -v
shows

mov edx, [ecx + 04]

with ecx = 0

This is no no. One of those parameters to EngCopyBits is bogus.

No, it’s not bogus. It’s just NULL, as the CLIPOBJ pointer often is.
He just didn’t check for that.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Bogus here used in the non technical sense - just NULL and fubar.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Friday, June 22, 2007 19:27
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Mirror Driver - how to track changes

Martin O’Brien wrote:

I don’t know the first thing about video drivers, but your !analyze -v
shows

mov edx, [ecx + 04]

with ecx = 0

This is no no. One of those parameters to EngCopyBits is bogus.

No, it’s not bogus. It’s just NULL, as the CLIPOBJ pointer often is.
He just didn’t check for that.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

R,

You’ll get much further using prclDst as the dirty rectangle in DrvCopyBits. Simpler too, as it’s a rectangle and not something potentially more complex. In driver code you need to be much more paranoid about pointer variables you receive - check them! Also, read up about “prefast” which will help you find more bugs in your code at compile time.

Good luck,
Tim.

-----Original Message-----
From: xxxxx@lists.osr.com on behalf of xxxxx@gmail.com
Sent: Fri 22/06/2007 23:12
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Mirror Driver - how to track changes

Tim. Sorry.
I have understood, what you are saying.
Ok before I’ll be understanding with DrvTextOut.
First I need to understand, why this code isn’t working (I got blue screen)
BOOL DrvCopyBits(
OUT SURFOBJ *psoDst,
IN SURFOBJ *psoSrc,
IN CLIPOBJ *pco,
IN XLATEOBJ *pxlo,
IN RECTL *prclDst,
IN POINTL *pptlSrc
)
{
if (psoDst)
{
if (psoDst->dhpdev)
{
PPDEV ppdev = (PPDEV) psoDst->dhpdev;
if((ppdev->hsurfEng ==
psoDst->hsurf)&&(ppdev->pvTmpBuffer))
{
EngCopyBits(psoDst, psoSrc, pco, pxlo,
prclDst, pptlSrc);
DISPDBG((0,“pco->rclBounds.left is %d:\n”,pco->rclBounds.left)); //@ 465
}
}
}
return TRUE;
}
The crush-dump is
kd> !analyze -f -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf9e9aa3, The address that the exception occurred at
Arg3: fa9b89bc, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
mirror_bf9e8000!DrvCopyBits+53
bf9e9aa3 8b5104 mov edx,[ecx+0x4]

TRAP_FRAME: fa9b89bc – (.trap fffffffffa9b89bc)
ErrCode = 00000000
eax=00000001 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=bf9e9aa3 esp=fa9b8a30 ebp=fa9b8a34 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
mirror_bf9e8000!DrvCopyBits+53:
bf9e9aa3 8b5104 mov edx,[ecx+0x4] ds:0023:00000004=???
Resetting default context

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from bf904222 to bf9e9aa3

STACK_TEXT:
fa9b8a34 bf904222 e1c9fe90 e10e3010 00000000 mirror_bf9e8000!DrvCopyBits+0x53 [c:\winddk\3790\src\video\displays\mirror\disp\enable.c @ 465]
fa9b8a7c bf84d6a3 bf9e9a50 bf9a2fb4 e1c9fe90 win32k!OffCopyBits+0x7d
fa9b8b34 bf84d400 e1089048 e10644e0 e10e3010 win32k!vSpWriteToScreen+0x99
fa9b8bc4 bf822e63 e1125010 00000001 e1089048 win32k!vSpRedrawUncoveredArea+0x188
fa9b8c90 bf8fd579 e1089048 00000000 00000000 win32k!bSpUpdatePosition+0x17d
fa9b8cc0 bf8fd4bb e1089008 bc510300 bc6366e8 win32k!vSpDeleteSprite+0x3f
fa9b8cd8 bf92d23e e160c008 00030040 00000000 win32k!GreDeleteSprite+0x3a
fa9b8d08 bf8bbf05 fa9b8d64 0012f274 bf8bbcdf win32k!ResetRedirectedWindows+0x77
fa9b8d20 bf8bbd13 0012f284 0014bdf8 00000000 win32k!xxxUserChangeDisplaySettings+0x18f
fa9b8d48 8053c808 0012f284 0014bdf8 00000000 win32k!NtUserChangeDisplaySettings+0x4a
fa9b8d64 7c90eb94 badb0d00 0012f260 fad0cda0 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f28c 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
mirror_bf9e8000!DrvCopyBits+53
bf9e9aa3 8b5104 mov edx,[ecx+0x4]

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: mirror_bf9e8000!DrvCopyBits+53

MODULE_NAME: mirror_bf9e8000

IMAGE_NAME: mirror.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 467c466d

STACK_COMMAND: .trap fffffffffa9b89bc ; kb

BUCKET_ID: 0x8E_mirror_bf9e8000!DrvCopyBits+53

Followup: MachineOwner

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Tim, you are right.
I did
if (pco != NULL) DISPDBG((0,“pco->rclBounds.left is %d:\n”,pco->rclBounds.left));
And now it’s working correctly.
Thank you!

I have problem with dynamically memory allocation.
I can’t find the function which reallocates (realloc), I only found EngAllocMem which only allocates memory.
Could anyone can tell me please, how can I add some memory to allocated in display driver?

xxxxx@gmail.com wrote:

I have problem with dynamically memory allocation.
I can’t find the function which reallocates (realloc), I only found EngAllocMem which only allocates memory.
Could anyone can tell me please, how can I add some memory to allocated in display driver?

It’s easy enough to simulate what realloc does, by allocating the larger
block, copying the old data, and freeing the old block. However, you
can’t do this to a chunk of memory allocated by another driver, because
the address will change. There’s no way to tell the display driver that
its pointer is no longer valid.

What are you really trying to do?

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Ok, I solve this problem.
I allocated maximum of possible operations memory.

Tim,
I have question about optimization.
If I call DrvEscape in timer with interval for example 100ms (in DrvEscape does nothing, just returns TRUE) it’s using CPU speed about 40-30 percent. And it bad for me.
I saw that for example Radmin is using 0-2 percent while it’s passing the changed(dirty) areas.
How can I pass from driver to app with maximum speed?
Or I’m doing something wrong?
Have you ever worked with DrvEscape function?

Sorry.
Wrong info. It’s not DrvEscape slow.