David,
Thanks for your help. Finally I had time to play with my driver and I
don’t understand what’s wrong.
Here is the source code.
From miniport.c:
NdisMSetAttributesEx(MiniportAdapterHandle,
pAdapt,
0,
// CheckForHangTimeInSeconds
NDIS_ATTRIBUTE_IGNORE_PACKET_TIMEOUT |
NDIS_ATTRIBUTE_IGNORE_REQUEST_TIMEOUT|
NDIS_ATTRIBUTE_INTERMEDIATE_DRIVER |
NDIS_ATTRIBUTE_DESERIALIZE |
NDIS_ATTRIBUTE_NO_HALT_ON_SUSPEND,
0);
NdisMInitializeTimer(pMiniportTimer, pAdapt->MiniportHandle,
(PNDIS_TIMER_FUNCTION)TimerFunction, pAdapt);
//
// Initialize LastIndicatedStatus to be NDIS_STATUS_MEDIA_CONNECT
//
pAdapt->LastIndicatedStatus = NDIS_STATUS_MEDIA_CONNECT;
From Passthru.h:
extern PNDIS_MINIPORT_TIMER pMiniportTimer;
extern VOID TimerFunction(IN PVOID
SystemSpecific1, IN PVOID FunctionContext,
IN PVOID SystemSpecific2, IN PVOID SystemSpecific3);
From passthru.c:
VOID TimerFunction(IN PVOID SystemSpecific1,
IN PVOID FunctionContext,
IN PVOID SystemSpecific2,
IN PVOID SystemSpecific3)
{
UINT s = 0;
s = s + 1;
}
Analyzing the crash-dump the problem is in the last line from miniport.c
above. What is wrong with it? I haven’t made any other modifications to
the original passthru driver source code. By the way, I tried a few
variations of initializing the timer, and the problem was always in the
next line after NdisMInitializeTimer.
Thanks again.
Baki
David R. Cattley wrote:
All of those WinDbg commands (except !analyze, of course) had a “.” (dot) in
front of them when I sent this message as in “.exepath+”, “.sympath+”,
“.srcpath+”, “.reload”, and “.cxr”. Some modestly clever bit of mail/list
processing software has decided to strip them from the original mail for
whatever reason. Windbg, however, will not be very tollerant of using “cxr”
where you mean “.cxr”, as it were. Ah, software. You have to love it.
-dave
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of David R. Cattley
Sent: Saturday, February 04, 2006 9:11 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] NdisMInitializeTimer crashes
Baki,
It seems as though you have passed a NULL parameter perhaps to
NdisMInitializeTimer. Since you wrote this driver and have the crash-dump,
perhaps you could command WinDbg to load symbols for your driver and inspect
the source & locals (stack frame) of where your code calls
NdisMInitializeTimer(). It will allow you to see what is wrong very
easily.
Try:
exepath+ <the-path-to-where-the-driver.sys-and-driver.pdb are>
> sympath+ <the-path-to-where-the-driver.sys-and-driver.pdb are>
> srcpath+
> reload
> !analyze -v
> cxr fffffffffb470038
>
> Now open the “stack” window of WinDbg and double-click on the caller of
> NdisMInitializeTimer(), in other words the line right below
>
> NDIS!NdisMInitializeTimer+0x11
>
> which you did not show in your original post. If all went well with loading
> symbols, you should have the source window of your driver pop open. At this
> point you can also open the Locals window in WinDbg which works pretty well
> if you have a CHECKED build of the driver but is a bit more challenging if
> it is a FREE build.
>
> Good Luck,
> Dave Cattley
> Consulting Engineer
> Systems Software Development
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Bakonyi Gabor
> Sent: Saturday, February 04, 2006 6:44 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] NdisMInitializeTimer crashes
>
> Hi!
>
> I’d like to use timers in the extended Passthru driver, so I just wanted to
> initialize a timer because I never used it. The DDK doc says that
> NdisMInitializeTimer can be called after NdisMSetAttributesEx. I did this
> and tried to install on a Windows XP SP2 machine with one nic, but it makes
> a blue screen of death.
> I analyzed the crash dump with WinDbg and here are the results:
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The memory could not be “%s”.
>
> FAULTING_IP:
> nt!KeInitializeTimerEx+10
> 804fa3ad 8808 mov [eax],cl
>
> EXCEPTION_RECORD: fb47033c – (.exr fffffffffb47033c)
> ExceptionAddress: 804fa3ad (nt!KeInitializeTimerEx+0x00000010)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 00000001
> Parameter[1]: 00000000
> Attempt to write to address 00000000
>
> CONTEXT: fb470038 – (.cxr fffffffffb470038) eax=00000000 ebx=ffb52ad0
> ecx=ffb52a08 edx=00000000 esi=00000000 edi=00000000
> eip=804fa3ad esp=fb470404 ebp=fb470404 iopl=0 nv up ei pl zr na
> po nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00210246
> nt!KeInitializeTimerEx+0x10:
> 804fa3ad 8808 mov [eax],cl
> ds:0023:00000000=??
> Resetting default scope
>
> DEFAULT_BUCKET_ID: NULL_DEREFERENCE
>
> ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The memory could not be “%s”.
>
> WRITE_ADDRESS: 00000000
>
> BUGCHECK_STR: 0x7E
>
> LAST_CONTROL_TRANSFER: from 804fa3e2 to 804fa3ad
>
> STACK_TEXT:
> fb470404 804fa3e2 00000000 00000000 fb470428 nt!KeInitializeTimerEx+0x10
> fb470414 fae59d1d 00000000 00000000 fb470630 nt!KeInitializeTimer+0xf
> fb470428 fb3d5704 00000000 ffb52ad0 fb3d6d90 NDIS!NdisMInitializeTimer+0x11
> .
>
> Can anybody tell me what’s wrong? Thank you in advance.
>
> Baki
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@msn.com To unsubscribe
> send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@msn.com To unsubscribe
> send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@enternet.hu
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
></the-path-to-where-the-driver.sys-and-driver.pdb></the-path-to-where-the-driver.sys-and-driver.pdb>
