Hi All,
What is the way of allocating memory in NDIS 6.0 filter driver. Is it possible to allocate memory using NdisAllocateMemoryWithTag/ ExAllocatePoolWithTag.
I am using NdisAllocateMemoryWithTag, but driver is crashing after few minutes of installation.
Regards,
Rajendra
hi Rajendra,
*this is my suspect only, I could be wrong but:
in miniport we allocate memory during Initializing state
https://msdn.microsoft.com/en-us/library/windows/hardware/ff543701(v=vs.85).aspx
,
so in filter I expect that we have to allocate memory during Attaching during
state
https://msdn.microsoft.com/en-us/library/windows/hardware/ff560558(v=vs.85).aspx
(it’s corresponding to Initializing state in miniport).
Do you allocate memory during Attaching state ?
Krs
2015-07-07 9:41 GMT+02:00 :
> Hi All,
> What is the way of allocating memory in NDIS 6.0 filter driver. Is it
> possible to allocate memory using NdisAllocateMemoryWithTag/
> ExAllocatePoolWithTag.
> I am using NdisAllocateMemoryWithTag, but driver is crashing after few
> minutes of installation.
>
> Regards,
> Rajendra
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
How are you crashing? Without a !analyze -v from WinDBG we have no idea
whether this has anything to do with memory allocation or something else.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, July 07, 2015 3:41 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] NDIS 6 Filter Driver memory allocation
Hi All,
What is the way of allocating memory in NDIS 6.0 filter driver. Is it
possible to allocate memory using NdisAllocateMemoryWithTag/
ExAllocatePoolWithTag.
I am using NdisAllocateMemoryWithTag, but driver is crashing after few
minutes of installation.
Regards,
Rajendra
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Hi Don Burn ,
Thank you for your comment.
Bug check analysis:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88000c11b36, address which referenced memory
STACK_TEXT:
fffff80000b99d98 fffff80002977cc2 : 0000000000000008 fffff80002a10cc0 0000000000000065 fffff800028c17e8 : nt!DbgBreakPointWithStatus
fffff80000b99da0 fffff80002978aae : 0000000000000003 0000000000000000 fffff800028c2040 00000000000000d1 : nt!HeadlessDispatch+0x192
fffff80000b99e00 fffff80002885fc4 : 0000000000000000 0000000000000000 0000000000000000 fffff80002903394 : nt!KeEnterKernelDebugger+0x76e
fffff80000b9a4d0 fffff80002885469 : 000000000000000a 0000000000000008 0000000000000002 0000000000000001 : nt!KeBugCheckEx+0x104
fffff80000b9a510 fffff800028840e0 : 0000000000000003 0000000000000010 0000000000000000 fffffa80038941a0 : nt!KeSynchronizeExecution+0x3d39
fffff80000b9a650 fffff88000c11b36 : fffff88000c1b3a0 fffff88000c118a3 fffff80000b9aac0 000000008704a8c0 : nt!KeSynchronizeExecution+0x29b0
fffff80000b9a7e0 fffff88000c1178f : fffff98003f3ac90 fffff80000b9aac0 fffff8808704a8c0 00000000ff04008a : NWLWF!IMFilter_InitConnection+0x76 [d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 5219]
fffff80000b9a840 fffff88000c0d55b : fffff98003f3ac90 0000000000000000 0000000000000000 0000000000000000 : NWLWF!IMFilter_SetupConnection+0x23f [d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 5103]
fffff80000b9a8d0 fffff88000c0c3f2 : fffff98003f3ac90 fffff80000b9aac0 fffffa800183c3d8 fffff98003af0e20 : NWLWF!IMFilter_CheckUDPReceivePacket+0xbb [d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 1618]
fffff80000b9a930 fffff88000c0bd9c : fffff98003f3ac90 fffff80000b9aac0 fffff98003af0e20 0000000000000001 : NWLWF!IMFilter_CheckReceivePacket+0xe2 [d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 1004]
fffff80000b9a970 fffff88000c07afd : fffff98003f58b30 fffff80000b9aac0 fffff80000b9aaa0 fffff98000000000 : NWLWF!IMFilter_DartHandler+0x19c [d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 686]
fffff80000b9aa10 fffff880014234f7 : fffff98003f58b30 fffff98003af0e20 fffff98000000000 fffff98000000001 : NWLWF!FilterReceiveNetBufferLists+0x41d [d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\filter.c @ 2600]
fffff80000b9ab50 fffff8800433a776 : 0000000000000000 0000000000000001 0000000000000000 0000000000000000 : ndis!NdisIfAllocateNetLuidIndex+0xdbb7
fffff80000b9aba0 fffff8800433a3d1 : fffff80002a05001 0000000000000000 0000000000000000 fffffa8003905000 : E1G6032E+0x776
fffff80000b9ac10 fffff88001401bb6 : fffff98003e28e50 0000000000000000 fffffa80038941a0 0000000000000000 : E1G6032E+0x3d1
fffff80000b9ac40 fffff800028917ac : fffff98003e28e78 0000000000000000 0000000000000000 fffff80002a02e80 : ndis!NdisGetSessionToCompartmentMappingEpochAndZero+0x1c6
fffff80000b9acd0 fffff8000287dbca : fffff80002a02e80 fffff80002a10cc0 0000000000000000 fffff88001401a00 : nt!KeSetTimer+0x714
fffff80000b9ad80 0000000000000000 : fffff80000b9b000 fffff80000b95000 fffff80000b9ad40 0000000000000000 : nt!KiCpuId+0x6fa
My Failing code:
conn = (PCONNECTION)NdisAllocateMemoryWithTagPriority(handle, sizeof(CONNECTION), ‘NCWN’, LowPoolPriority);
//IMFilter_AllocMemWithPriority(&conn, sizeof(CONNECTION), ‘NCWN’);
pMetaData->conn = conn;
conn->remoteAddress = remoteAddress;
conn->remotePort = remotePort;
It’s not crashing immediately.
Regards,
Rajendra
Hi Rajendra,
The clue is here:
Arg1: 0000000000000008, memory referenced
The address suggests that offset 8 from a NULL pointer is being written to.
Given that you’ve called NdisAllocateMemoryWithTagPriority(,LowPoolPriority) without checking that the returned pointer is valid, that’s almost certainly the problem.
Hi Don Burn ,
Thank you for your comment.
Bug check analysis:DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid)
address at an interrupt request level (IRQL) that is too high. This is
usually caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88000c11b36, address which referenced memorySTACK_TEXT:
fffff80000b99d98 fffff80002977cc2 : 0000000000000008 fffff80002a10cc0 0000000000000065 fffff800028c17e8 :
nt!DbgBreakPointWithStatus
fffff80000b99da0 fffff80002978aae : 0000000000000003 0000000000000000 fffff800028c2040 00000000000000d1 :
nt!HeadlessDispatch+0x192
fffff80000b99e00 fffff80002885fc4 : 0000000000000000 0000000000000000 0000000000000000 fffff80002903394 :
nt!KeEnterKernelDebugger+0x76e
fffff80000b9a4d0 fffff80002885469 : 000000000000000a 0000000000000008 0000000000000002 0000000000000001 :
nt!KeBugCheckEx+0x104
fffff80000b9a510 fffff800028840e0 : 0000000000000003 0000000000000010 0000000000000000 fffffa80038941a0 :
nt!KeSynchronizeExecution+0x3d39
fffff80000b9a650 fffff88000c11b36 : fffff88000c1b3a0 fffff88000c118a3 fffff80000b9aac0 000000008704a8c0 :
nt!KeSynchronizeExecution+0x29b0
fffff80000b9a7e0 fffff88000c1178f : fffff98003f3ac90 fffff80000b9aac0 fffff8808704a8c0 00000000ff04008a :
NWLWF!IMFilter_InitConnection+0x76
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 5219]
fffff80000b9a840 fffff88000c0d55b : fffff98003f3ac90 0000000000000000 0000000000000000 0000000000000000 :
NWLWF!IMFilter_SetupConnection+0x23f
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 5103]
fffff80000b9a8d0 fffff88000c0c3f2 : fffff98003f3ac90 fffff80000b9aac0 fffffa800183c3d8 fffff98003af0e20 :
NWLWF!IMFilter_CheckUDPReceivePacket+0xbb
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 1618]
fffff80000b9a930 fffff88000c0bd9c : fffff98003f3ac90 fffff80000b9aac0 fffff98003af0e20 0000000000000001 :
NWLWF!IMFilter_CheckReceivePacket+0xe2
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 1004]
fffff80000b9a970 fffff88000c07afd : fffff98003f58b30 fffff80000b9aac0 fffff80000b9aaa0 fffff98000000000 :
NWLWF!IMFilter_DartHandler+0x19c
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 686]
fffff80000b9aa10 fffff880014234f7 : fffff98003f58b30 fffff98003af0e20 fffff98000000000 fffff98000000001 :
NWLWF!FilterReceiveNetBufferLists+0x41d
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\filter.c @ 2600]
fffff80000b9ab50 fffff8800433a776 : 0000000000000000 0000000000000001 0000000000000000 0000000000000000 :
ndis!NdisIfAllocateNetLuidIndex+0xdbb7
fffff80000b9aba0 fffff8800433a3d1 : fffff80002a05001 0000000000000000 0000000000000000 fffffa8003905000 : E1G6032E+0x776
fffff80000b9ac10 fffff88001401bb6 : fffff98003e28e50 0000000000000000 fffffa80038941a0 0000000000000000 : E1G6032E+0x3d1
fffff80000b9ac40 fffff800028917ac : fffff98003e28e78 0000000000000000 0000000000000000 fffff80002a02e80 :
ndis!NdisGetSessionToCompartmentMappingEpochAndZero+0x1c6
fffff80000b9acd0 fffff8000287dbca : fffff80002a02e80 fffff80002a10cc0 0000000000000000 fffff88001401a00 :
nt!KeSetTimer+0x714
fffff80000b9ad80 0000000000000000 : fffff80000b9b000 fffff80000b95000 fffff80000b9ad40 0000000000000000 :
nt!KiCpuId+0x6faMy Failing code:
conn = (PCONNECTION)NdisAllocateMemoryWithTagPriority(handle,
sizeof(CONNECTION), ‘NCWN’, LowPoolPriority);
//IMFilter_AllocMemWithPriority(&conn, sizeof(CONNECTION),
‘NCWN’);pMetaData->conn = conn;
conn->remoteAddress = remoteAddress;
conn->remotePort = remotePort;
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.com
(Following up to my previous message)
… except that the pointer returned is immediately dereferenced:
conn->remoteAddress = remoteAddress;
apparently without causing a problem, so my previous comment is incorrect (but you should still check the returned value and take appropriate action!)
Driver Verifier may help you to get more information about the root cause; see
https://msdn.microsoft.com/en-us/library/windows/hardware/ff554113.aspx
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of David Boyce
Sent: 08 July 2015 10:42
To: Windows System Software Devs Interest List
Subject: RE: RE:[ntdev] NDIS 6 Filter Driver memory allocation
Hi Rajendra,
The clue is here:
Arg1: 0000000000000008, memory referenced
The address suggests that offset 8 from a NULL pointer is being written to.
Given that you’ve called NdisAllocateMemoryWithTagPriority(,LowPoolPriority) without checking that the returned pointer is valid, that’s almost certainly the problem.
Hi Don Burn ,
Thank you for your comment.
Bug check analysis:DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid)
address at an interrupt request level (IRQL) that is too high. This is
usually caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88000c11b36, address which referenced memorySTACK_TEXT:
fffff80000b99d98 fffff80002977cc2 : 0000000000000008 fffff80002a10cc0 0000000000000065 fffff800028c17e8 :
nt!DbgBreakPointWithStatus
fffff80000b99da0 fffff80002978aae : 0000000000000003 0000000000000000 fffff800028c2040 00000000000000d1 :
nt!HeadlessDispatch+0x192
fffff80000b99e00 fffff80002885fc4 : 0000000000000000 0000000000000000 0000000000000000 fffff80002903394 :
nt!KeEnterKernelDebugger+0x76e
fffff80000b9a4d0 fffff80002885469 : 000000000000000a 0000000000000008 0000000000000002 0000000000000001 :
nt!KeBugCheckEx+0x104
fffff80000b9a510 fffff800028840e0 : 0000000000000003 0000000000000010 0000000000000000 fffffa80038941a0 :
nt!KeSynchronizeExecution+0x3d39
fffff80000b9a650 fffff88000c11b36 : fffff88000c1b3a0 fffff88000c118a3 fffff80000b9aac0 000000008704a8c0 :
nt!KeSynchronizeExecution+0x29b0
fffff80000b9a7e0 fffff88000c1178f : fffff98003f3ac90 fffff80000b9aac0 fffff8808704a8c0 00000000ff04008a :
NWLWF!IMFilter_InitConnection+0x76
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 5219]
fffff80000b9a840 fffff88000c0d55b : fffff98003f3ac90 0000000000000000 0000000000000000 0000000000000000 :
NWLWF!IMFilter_SetupConnection+0x23f
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 5103]
fffff80000b9a8d0 fffff88000c0c3f2 : fffff98003f3ac90 fffff80000b9aac0 fffffa800183c3d8 fffff98003af0e20 :
NWLWF!IMFilter_CheckUDPReceivePacket+0xbb
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 1618]
fffff80000b9a930 fffff88000c0bd9c : fffff98003f3ac90 fffff80000b9aac0 fffff98003af0e20 0000000000000001 :
NWLWF!IMFilter_CheckReceivePacket+0xe2
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 1004]
fffff80000b9a970 fffff88000c07afd : fffff98003f58b30 fffff80000b9aac0 fffff80000b9aaa0 fffff98000000000 :
NWLWF!IMFilter_DartHandler+0x19c
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\imfilter.c @ 686]
fffff80000b9aa10 fffff880014234f7 : fffff98003f58b30 fffff98003af0e20 fffff98000000000 fffff98000000001 :
NWLWF!FilterReceiveNetBufferLists+0x41d
[d:\hfnbackups\hfn_ibm\engine\cust\netif\nwlwf\filter.c @ 2600]
fffff80000b9ab50 fffff8800433a776 : 0000000000000000 0000000000000001 0000000000000000 0000000000000000 :
ndis!NdisIfAllocateNetLuidIndex+0xdbb7
fffff80000b9aba0 fffff8800433a3d1 : fffff80002a05001 0000000000000000 0000000000000000 fffffa8003905000 : E1G6032E+0x776
fffff80000b9ac10 fffff88001401bb6 : fffff98003e28e50 0000000000000000 fffffa80038941a0 0000000000000000 : E1G6032E+0x3d1
fffff80000b9ac40 fffff800028917ac : fffff98003e28e78 0000000000000000 0000000000000000 fffff80002a02e80 :
ndis!NdisGetSessionToCompartmentMappingEpochAndZero+0x1c6
fffff80000b9acd0 fffff8000287dbca : fffff80002a02e80 fffff80002a10cc0 0000000000000000 fffff88001401a00 :
nt!KeSetTimer+0x714
fffff80000b9ad80 0000000000000000 : fffff80000b9b000 fffff80000b95000 fffff80000b9ad40 0000000000000000 :
nt!KiCpuId+0x6faMy Failing code:
conn = (PCONNECTION)NdisAllocateMemoryWithTagPriority(handle,
sizeof(CONNECTION), ‘NCWN’, LowPoolPriority);
//IMFilter_AllocMemWithPriority(&conn, sizeof(CONNECTION),
‘NCWN’);pMetaData->conn = conn;
conn->remoteAddress = remoteAddress;
conn->remotePort = remotePort;
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.com
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.com
Hi David,
Thank you for your comments. But NdisAllocateMemoryWithTagPriority is not allocating the memory sometime. Just want to know what is the issue, and how can i get rid of this. And I am also using verifier for this.
Regards,
Rajendra
When you request memory, your code needs to be able to cope with it sometimes not being allocated - especially when you use priority LowPoolPriority, which is saying ‘Please fulfil this request, but I can cope if it isn’t’.
Even when you use NormalPoolPriority (which most drivers would use), you should expect the occasional refusal.
I doubt very much that your driver should ever use HighPoolPriority - and even then it might get refused in exceptional circumstances.
Basically you need to decide how your driver should behave when memory is not allocated.
See https://msdn.microsoft.com/en-us/library/windows/hardware/ff544523.aspx for more about the Priority argument (this is the page referred to by NdisAllocateMemoryWithTagPriority).
Also, have you given consideration to the response from Krs on Tuesday?
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-586230-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: 09 July 2015 05:27
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] NDIS 6 Filter Driver memory allocationHi David,
Thank you for your comments. But NdisAllocateMemoryWithTagPriority is
not allocating the memory sometime. Just want to know what is the
issue, and how can i get rid of this. And I am also using verifier for
this.Regards,
Rajendra
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.com
xxxxx@gmail.com wrote:
Thank you for your comments. But NdisAllocateMemoryWithTagPriority is not allocating the memory sometime. Just want to know what is the issue, and how can i get rid of this.
The issue is that your code is not handling a memory allocation
failure. I don’t care what causes it to fail, sooner or later you’re
going to encounter a memory stress situation where an allocation fails,
and your driver needs to handle that without causing a BSOD. You don’t
need to continue normal operation, but you need to be able to fail
gracefully by returning an error.
And I am also using verifier for this.
Did you turn on “low resource simulation”? If so, that’s the root of
the problem. That causes memory allocations to fail randomly. In
general, you don’t want to use that option in normal operation.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.