need help debugging exception

Hi everybody

while running some tests with driver verifier on (most severe settings) my
driver crashed in a bizarre place and I would appreciate some help to
understand the debugger output.
If I understand it correctly, the error was caused by mov [ecx+eax*4],edx,
because both ecx and eax are null.

However, in my C code that MOV equates to " t = s;", where t is declared as
“const char *t;” and s as “const char * &s” (function argument.

My question: if t is a const char*, how come eax and ecx are both set to
zero?

Thank you for any insight you may provide.

Marco

** debugger output ***

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f26dd125, The address that the exception occurred at
Arg3: f27bb668, Exception Record Address
Arg4: f27bb364, Context Record Address
Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
neoexec!$E6+15
f26dd125 891481 mov [ecx+eax*4],edx
EXCEPTION_PARAMETER1: f27bb668
CONTEXT: f27bb364 – (.cxr fffffffff27bb364)
eax=00000000 ebx=00000000 ecx=00000000 edx=ab006cfa esi=82ebcf00
edi=82c25000
eip=f26dd125 esp=f27bb730 ebp=f27bb764 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
neoexec!$E6+0x15:
f26dd125 891481 mov [ecx+eax*4],edx
Resetting default scope

** end output ***

To debug this, we need to understand what the variable t and s come from.

Are you having the “simulate low resource” setting in Driver Verifier turned
on? If so, I would say that the reason your driver crashes is that it’s not
properly checking for some “out of memory” condition.

I suspect that at s is allocated from somewhere[1], and this allocation has
gone wrong (i.e. out of memory), which means that s is NULL. Now, I can’t
really say for sure that this is what happens, but that’s what I’d suspect.

To find out how it goes wrong, you need to look a the stack and see what the
value of t and s are.

[1] It could of course be some other system call that can validly return a
NULL value when you call it. Low resource simulation can and will return
“not there” for many different types of calls, not just regular memory
calls.

const on a char * does not mean that the value can not be NULL. I can create
a function like this:

void f(const char *s)
{
if (s == NULL)
…;
else
…;
}

and call it:

f(NULL);
f(“Blah”);
p = malloc(15);
f(p);

All of those are valid. And more importantly, f(p) could well result in the
same as f(NULL), since malloc is capable of returning NULL.

The const is only telling the code that the value of the data pointed at
will not change, but the pointer itself could be any valid pointer value
(including pointer to something that doesn’t exist, like NULL or a random
number).

If you paste this into your help URL, it should give you some more info on
“const” (but it’s not entirely CLEARLY written).

ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm

–
Mats

-----Original Message-----
From: Marco Peretti [mailto:xxxxx@neovalens.com]
Sent: Friday, March 26, 2004 11:06 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] need help debugging exception

Hi everybody

while running some tests with driver verifier on (most severe
settings) my
driver crashed in a bizarre place and I would appreciate some help to
understand the debugger output.
If I understand it correctly, the error was caused by mov
[ecx+eax*4],edx,
because both ecx and eax are null.

However, in my C code that MOV equates to " t = s;", where t
is declared as
“const char *t;” and s as “const char * &s” (function argument.

My question: if t is a const char*, how come eax and ecx are
both set to
zero?

Thank you for any insight you may provide.

Marco

** debugger output ***

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f26dd125, The address that the exception occurred at
Arg3: f27bb668, Exception Record Address
Arg4: f27bb364, Context Record Address
Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
neoexec!$E6+15
f26dd125 891481 mov [ecx+eax*4],edx
EXCEPTION_PARAMETER1: f27bb668
CONTEXT: f27bb364 – (.cxr fffffffff27bb364)
eax=00000000 ebx=00000000 ecx=00000000 edx=ab006cfa esi=82ebcf00
edi=82c25000
eip=f26dd125 esp=f27bb730 ebp=f27bb764 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
neoexec!$E6+0x15:
f26dd125 891481 mov [ecx+eax*4],edx
Resetting default scope

** end output ***

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Mats

>Are you having the “simulate low resource” setting in Driver Verifier
turned
on?

yes, I do. I am also checking for the return val of all (well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address ( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> To debug this, we need to understand what the variable t and s come from.
>
> Are you having the “simulate low resource” setting in Driver Verifier
turned
> on? If so, I would say that the reason your driver crashes is that it’s
not
> properly checking for some “out of memory” condition.
>
> I suspect that at s is allocated from somewhere[1], and this allocation
has
> gone wrong (i.e. out of memory), which means that s is NULL. Now, I can’t
> really say for sure that this is what happens, but that’s what I’d
suspect.
>
> To find out how it goes wrong, you need to look a the stack and see what
the
> value of t and s are.
>
> [1] It could of course be some other system call that can validly return a
> NULL value when you call it. Low resource simulation can and will return
> “not there” for many different types of calls, not just regular memory
> calls.
>
> const on a char * does not mean that the value can not be NULL. I can
create
> a function like this:
>
> void f(const char *s)
> {
> if (s == NULL)
> …;
> else
> …;
> }
>
> and call it:
>
> f(NULL);
> f(“Blah”);
> p = malloc(15);
> f(p);
>
> All of those are valid. And more importantly, f(p) could well result in
the
> same as f(NULL), since malloc is capable of returning NULL.
>
> The const is only telling the code that the value of the data pointed at
> will not change, but the pointer itself could be any valid pointer value
> (including pointer to something that doesn’t exist, like NULL or a random
> number).
>
> If you paste this into your help URL, it should give you some more info on
> “const” (but it’s not entirely CLEARLY written).
>
> ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
>
> –
> Mats
>

> Mats

>>Are you having the “simulate low resource” setting in
Driver Verifier
turned
> on?

yes, I do. I am also checking for the return val of all
(well, I think…)
mem allocations.

Check again. And remember to check the ones that aren’t actually memory
allocations, but indirect memory allocations (such as asking for a list of
some sort from the OS, which requires the OS to allocate memory).

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address
( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it
mean that I
have overwritten that portion of memory?

It could be. It looks like some sort of indexing, and the *4 means to me
that it’s an array of 32-bit values, such as an array of pointers, rather
than an array of bytes (string).

Not sure what’s going on. You need to a: Check that s is correct when it’s
passed into the function. b: Check that it’s still valid before asigning it.
If it’s “gone missing” in the process, it’s probably because something has
been overwritten.

It’s sometimes hard to track these problems, especially if the problem only
occurs when you do a particular thing or some special event in the system
triggers it. I would suggest looking back at the stack.

Are you doing some sort of memset/strcpy or similar in the “do something
with s” code, and is it possible that you got that one wrong?

Check one that is right first, to see what it’s supposed to look like, and
then check again when it’s “failing”.

Also, setting access breakpoints can be helpful when debugging things like
this, so that you get a break when you overwrite something. For instance:
kd> ?? &s
0xBE432100
kd> ba w 4 0xBE432100
The first line checks the address of pointer s, the second says “Break if we
write to this location”. 4 is the number of bytes to watch, so we check the
whole string.

Note that each time you get into the function, you MAY have a different
address, depending on how you get into the driver. If the stack is always
the same, then it’s fine, but if the function is called from a multitude of
places, then it’s likely that it’s not going to be the same address each
place.

I hope this helps.

–
Mats

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> > To debug this, we need to understand what the variable t
> and s come from.
> >
> > Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on? If so, I would say that the reason your driver crashes
> is that it’s
> not
> > properly checking for some “out of memory” condition.
> >
> > I suspect that at s is allocated from somewhere[1], and
> this allocation
> has
> > gone wrong (i.e. out of memory), which means that s is
> NULL. Now, I can’t
> > really say for sure that this is what happens, but that’s what I’d
> suspect.
> >
> > To find out how it goes wrong, you need to look a the stack
> and see what
> the
> > value of t and s are.
> >
> > [1] It could of course be some other system call that can
> validly return a
> > NULL value when you call it. Low resource simulation can
> and will return
> > “not there” for many different types of calls, not just
> regular memory
> > calls.
> >
> > const on a char * does not mean that the value can not be
> NULL. I can
> create
> > a function like this:
> >
> > void f(const char *s)
> > {
> > if (s == NULL)
> > …;
> > else
> > …;
> > }
> >
> > and call it:
> >
> > f(NULL);
> > f(“Blah”);
> > p = malloc(15);
> > f(p);
> >
> > All of those are valid. And more importantly, f(p) could
> well result in
> the
> > same as f(NULL), since malloc is capable of returning NULL.
> >
> > The const is only telling the code that the value of the
> data pointed at
> > will not change, but the pointer itself could be any valid
> pointer value
> > (including pointer to something that doesn’t exist, like
> NULL or a random
> > number).
> >
> > If you paste this into your help URL, it should give you
> some more info on
> > “const” (but it’s not entirely CLEARLY written).
> >
> > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> >
> > –
> > Mats
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Marco,
I think your symbols are not set up correctly or you are
misinterpreting the assignment t=s with mov [ecx+eax*4],edx.

Assignment to simple local vars are addressed via [ebp+XX] or local
vars are held in registers. But they are never be addressed like this.

Hmm, label ‘$E6’ ???

If it reproducible put a breakpoint on neoexec!$E6 and step through.

Norbert.

“A fanatic is one who can’t change his mind and won’t change the
subject. - Winston Churchill”
---- snip ----

Hi everybody

while running some tests with driver verifier on (most severe settings) my
driver crashed in a bizarre place and I would appreciate some help to
understand the debugger output.
If I understand it correctly, the error was caused by mov [ecx+eax*4],edx,
because both ecx and eax are null.

However, in my C code that MOV equates to " t = s;", where t is declared as
“const char *t;” and s as “const char * &s” (function argument.

My question: if t is a const char*, how come eax and ecx are both set to
zero?

Thank you for any insight you may provide.

Marco

** debugger output ***

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f26dd125, The address that the exception occurred at
Arg3: f27bb668, Exception Record Address
Arg4: f27bb364, Context Record Address
Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
neoexec!$E6+15
f26dd125 891481 mov [ecx+eax*4],edx
EXCEPTION_PARAMETER1: f27bb668
CONTEXT: f27bb364 – (.cxr fffffffff27bb364)
eax=00000000 ebx=00000000 ecx=00000000 edx=ab006cfa esi=82ebcf00
edi=82c25000
eip=f26dd125 esp=f27bb730 ebp=f27bb764 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
neoexec!$E6+0x15:
f26dd125 891481 mov [ecx+eax*4],edx
Resetting default scope

** end output ***

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stollmann.de
To unsubscribe send a blank email to xxxxx@lists.osr.com

---- snip ----

If I remember correctly eax is the return address, so it is trying
to pull the last/first (only arg). Arg you supplied is wrongly
interpreted since you have both * &…

Could you check why you have ptr to a ref !!!

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
Sent: Friday, March 26, 2004 4:09 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] need help debugging exception

Mats

>Are you having the “simulate low resource” setting in Driver Verifier
turned
on?

yes, I do. I am also checking for the return val of all (well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address ( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> To debug this, we need to understand what the variable t and s come from.
>
> Are you having the “simulate low resource” setting in Driver Verifier
turned
> on? If so, I would say that the reason your driver crashes is that it’s
not
> properly checking for some “out of memory” condition.
>
> I suspect that at s is allocated from somewhere[1], and this allocation
has
> gone wrong (i.e. out of memory), which means that s is NULL. Now, I can’t
> really say for sure that this is what happens, but that’s what I’d
suspect.
>
> To find out how it goes wrong, you need to look a the stack and see what
the
> value of t and s are.
>
> [1] It could of course be some other system call that can validly return a
> NULL value when you call it. Low resource simulation can and will return
> “not there” for many different types of calls, not just regular memory
> calls.
>
> const on a char * does not mean that the value can not be NULL. I can
create
> a function like this:
>
> void f(const char *s)
> {
> if (s == NULL)
> …;
> else
> …;
> }
>
> and call it:
>
> f(NULL);
> f(“Blah”);
> p = malloc(15);
> f(p);
>
> All of those are valid. And more importantly, f(p) could well result in
the
> same as f(NULL), since malloc is capable of returning NULL.
>
> The const is only telling the code that the value of the data pointed at
> will not change, but the pointer itself could be any valid pointer value
> (including pointer to something that doesn’t exist, like NULL or a random
> number).
>
> If you paste this into your help URL, it should give you some more info on
> “const” (but it’s not entirely CLEARLY written).
>
> ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
>
> –
> Mats
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

eax is the return argument, but only at function exit. EAX is used for all
sorts of things inside a function as a temporary value that can be used for
all sorts of things.

The compiler should be capable of having a reference to a char pointer no
problem (but it’s of course entirely possible to get this wrong). How else
would you solve the following:

void allocString(size_t size, char * &s)
{
s = (char *)malloc(size);
}

…
char *str;
allocString(42, str);
…

In regular C, you would have to do the following, to the same effect:

void allocString(size_t size, char **s)
{
*s = (char *)malloc(size);
}

…
char *str;
allocString(42, &str);
…

It is entirely possible that the original poster is doing something wrong
with his pointer(s), but I don’t believe that the code is broken as such.
Especially if it only happens when Low Resource Simulation is enabled in
Driver Verifier. That seems to indicate to me that it’s something allocating
memory that gets confused.

–
Mats

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Friday, March 26, 2004 2:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

If I remember correctly eax is the return address, so it is trying
to pull the last/first (only arg). Arg you supplied is wrongly
interpreted since you have both * &…

Could you check why you have ptr to a ref !!!

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
Sent: Friday, March 26, 2004 4:09 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] need help debugging exception

Mats

>>Are you having the “simulate low resource” setting in
Driver Verifier
turned
> on?

yes, I do. I am also checking for the return val of all
(well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address
( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it
mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> > To debug this, we need to understand what the variable t
> and s come from.
> >
> > Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on? If so, I would say that the reason your driver crashes
> is that it’s
> not
> > properly checking for some “out of memory” condition.
> >
> > I suspect that at s is allocated from somewhere[1], and
> this allocation
> has
> > gone wrong (i.e. out of memory), which means that s is
> NULL. Now, I can’t
> > really say for sure that this is what happens, but that’s what I’d
> suspect.
> >
> > To find out how it goes wrong, you need to look a the stack
> and see what
> the
> > value of t and s are.
> >
> > [1] It could of course be some other system call that can
> validly return a
> > NULL value when you call it. Low resource simulation can
> and will return
> > “not there” for many different types of calls, not just
> regular memory
> > calls.
> >
> > const on a char * does not mean that the value can not be
> NULL. I can
> create
> > a function like this:
> >
> > void f(const char *s)
> > {
> > if (s == NULL)
> > …;
> > else
> > …;
> > }
> >
> > and call it:
> >
> > f(NULL);
> > f(“Blah”);
> > p = malloc(15);
> > f(p);
> >
> > All of those are valid. And more importantly, f(p) could
> well result in
> the
> > same as f(NULL), since malloc is capable of returning NULL.
> >
> > The const is only telling the code that the value of the
> data pointed at
> > will not change, but the pointer itself could be any valid
> pointer value
> > (including pointer to something that doesn’t exist, like
> NULL or a random
> > number).
> >
> > If you paste this into your help URL, it should give you
> some more info on
> > “const” (but it’s not entirely CLEARLY written).
> >
> > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> >
> > –
> > Mats
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Well, I’m wrong, since the destination is being address that way.

It seems like due to ref, it is assuming ecx being this pointer !!!

Something wired.

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Prokash Sinha
Sent: Friday, March 26, 2004 6:22 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

If I remember correctly eax is the return address, so it is trying
to pull the last/first (only arg). Arg you supplied is wrongly
interpreted since you have both * &…

Could you check why you have ptr to a ref !!!

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
Sent: Friday, March 26, 2004 4:09 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] need help debugging exception

Mats

>Are you having the “simulate low resource” setting in Driver Verifier
turned
on?

yes, I do. I am also checking for the return val of all (well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address ( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> To debug this, we need to understand what the variable t and s come from.
>
> Are you having the “simulate low resource” setting in Driver Verifier
turned
> on? If so, I would say that the reason your driver crashes is that it’s
not
> properly checking for some “out of memory” condition.
>
> I suspect that at s is allocated from somewhere[1], and this allocation
has
> gone wrong (i.e. out of memory), which means that s is NULL. Now, I can’t
> really say for sure that this is what happens, but that’s what I’d
suspect.
>
> To find out how it goes wrong, you need to look a the stack and see what
the
> value of t and s are.
>
> [1] It could of course be some other system call that can validly return a
> NULL value when you call it. Low resource simulation can and will return
> “not there” for many different types of calls, not just regular memory
> calls.
>
> const on a char * does not mean that the value can not be NULL. I can
create
> a function like this:
>
> void f(const char *s)
> {
> if (s == NULL)
> …;
> else
> …;
> }
>
> and call it:
>
> f(NULL);
> f(“Blah”);
> p = malloc(15);
> f(p);
>
> All of those are valid. And more importantly, f(p) could well result in
the
> same as f(NULL), since malloc is capable of returning NULL.
>
> The const is only telling the code that the value of the data pointed at
> will not change, but the pointer itself could be any valid pointer value
> (including pointer to something that doesn’t exist, like NULL or a random
> number).
>
> If you paste this into your help URL, it should give you some more info on
> “const” (but it’s not entirely CLEARLY written).
>
> ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
>
> –
> Mats
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

ecx is usually the this-pointer in C++ code (and only C++ allows refernce,
but that doesn’t mean that you can only use reference operator with
classes). If it’s a non-class function (or “this” is not needed for the
follow on operations) “this” doesn’t have to be kept in any register, and
it’s fully possible for the compiler to rearrange which register things go
into on a whim.

–
Mats

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Friday, March 26, 2004 2:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

Well, I’m wrong, since the destination is being address that way.

It seems like due to ref, it is assuming ecx being this pointer !!!

Something wired.

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Prokash Sinha
Sent: Friday, March 26, 2004 6:22 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

If I remember correctly eax is the return address, so it is trying
to pull the last/first (only arg). Arg you supplied is wrongly
interpreted since you have both * &…

Could you check why you have ptr to a ref !!!

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
Sent: Friday, March 26, 2004 4:09 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] need help debugging exception

Mats

>>Are you having the “simulate low resource” setting in
Driver Verifier
turned
> on?

yes, I do. I am also checking for the return val of all
(well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address
( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it
mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> > To debug this, we need to understand what the variable t
> and s come from.
> >
> > Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on? If so, I would say that the reason your driver crashes
> is that it’s
> not
> > properly checking for some “out of memory” condition.
> >
> > I suspect that at s is allocated from somewhere[1], and
> this allocation
> has
> > gone wrong (i.e. out of memory), which means that s is
> NULL. Now, I can’t
> > really say for sure that this is what happens, but that’s what I’d
> suspect.
> >
> > To find out how it goes wrong, you need to look a the stack
> and see what
> the
> > value of t and s are.
> >
> > [1] It could of course be some other system call that can
> validly return a
> > NULL value when you call it. Low resource simulation can
> and will return
> > “not there” for many different types of calls, not just
> regular memory
> > calls.
> >
> > const on a char * does not mean that the value can not be
> NULL. I can
> create
> > a function like this:
> >
> > void f(const char *s)
> > {
> > if (s == NULL)
> > …;
> > else
> > …;
> > }
> >
> > and call it:
> >
> > f(NULL);
> > f(“Blah”);
> > p = malloc(15);
> > f(p);
> >
> > All of those are valid. And more importantly, f(p) could
> well result in
> the
> > same as f(NULL), since malloc is capable of returning NULL.
> >
> > The const is only telling the code that the value of the
> data pointed at
> > will not change, but the pointer itself could be any valid
> pointer value
> > (including pointer to something that doesn’t exist, like
> NULL or a random
> > number).
> >
> > If you paste this into your help URL, it should give you
> some more info on
> > “const” (but it’s not entirely CLEARLY written).
> >
> > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> >
> > –
> > Mats
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Yup, you are right about EAX, and its uses.

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of
xxxxx@3Dlabs.com
Sent: Friday, March 26, 2004 6:37 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

eax is the return argument, but only at function exit. EAX is used for all
sorts of things inside a function as a temporary value that can be used for
all sorts of things.

The compiler should be capable of having a reference to a char pointer no
problem (but it’s of course entirely possible to get this wrong). How else
would you solve the following:

void allocString(size_t size, char * &s)
{
s = (char *)malloc(size);
}

…
char *str;
allocString(42, str);
…

In regular C, you would have to do the following, to the same effect:

void allocString(size_t size, char **s)
{
*s = (char *)malloc(size);
}

…
char *str;
allocString(42, &str);
…

It is entirely possible that the original poster is doing something wrong
with his pointer(s), but I don’t believe that the code is broken as such.
Especially if it only happens when Low Resource Simulation is enabled in
Driver Verifier. That seems to indicate to me that it’s something allocating
memory that gets confused.

–
Mats

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Friday, March 26, 2004 2:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

If I remember correctly eax is the return address, so it is trying
to pull the last/first (only arg). Arg you supplied is wrongly
interpreted since you have both * &…

Could you check why you have ptr to a ref !!!

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
Sent: Friday, March 26, 2004 4:09 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] need help debugging exception

Mats

>>Are you having the “simulate low resource” setting in
Driver Verifier
turned
> on?

yes, I do. I am also checking for the return val of all
(well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address
( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it
mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> > To debug this, we need to understand what the variable t
> and s come from.
> >
> > Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on? If so, I would say that the reason your driver crashes
> is that it’s
> not
> > properly checking for some “out of memory” condition.
> >
> > I suspect that at s is allocated from somewhere[1], and
> this allocation
> has
> > gone wrong (i.e. out of memory), which means that s is
> NULL. Now, I can’t
> > really say for sure that this is what happens, but that’s what I’d
> suspect.
> >
> > To find out how it goes wrong, you need to look a the stack
> and see what
> the
> > value of t and s are.
> >
> > [1] It could of course be some other system call that can
> validly return a
> > NULL value when you call it. Low resource simulation can
> and will return
> > “not there” for many different types of calls, not just
> regular memory
> > calls.
> >
> > const on a char * does not mean that the value can not be
> NULL. I can
> create
> > a function like this:
> >
> > void f(const char *s)
> > {
> > if (s == NULL)
> > …;
> > else
> > …;
> > }
> >
> > and call it:
> >
> > f(NULL);
> > f(“Blah”);
> > p = malloc(15);
> > f(p);
> >
> > All of those are valid. And more importantly, f(p) could
> well result in
> the
> > same as f(NULL), since malloc is capable of returning NULL.
> >
> > The const is only telling the code that the value of the
> data pointed at
> > will not change, but the pointer itself could be any valid
> pointer value
> > (including pointer to something that doesn’t exist, like
> NULL or a random
> > number).
> >
> > If you paste this into your help URL, it should give you
> some more info on
> > “const” (but it’s not entirely CLEARLY written).
> >
> > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> >
> > –
> > Mats
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I see Ur point. Definitely, I’m a vitamin C taker :). It’s been long, I left
C++.
IIRC, from John Robbins book and Doran from MS also pointed out for
stdcall under
c++ ecx is this ptr. Also under C++, the types be implicitly buit as class,
not sure though
at this point of my rustiness about C++…

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of
xxxxx@3Dlabs.com
Sent: Friday, March 26, 2004 6:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

ecx is usually the this-pointer in C++ code (and only C++ allows refernce,
but that doesn’t mean that you can only use reference operator with
classes). If it’s a non-class function (or “this” is not needed for the
follow on operations) “this” doesn’t have to be kept in any register, and
it’s fully possible for the compiler to rearrange which register things go
into on a whim.

–
Mats

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Friday, March 26, 2004 2:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

Well, I’m wrong, since the destination is being address that way.

It seems like due to ref, it is assuming ecx being this pointer !!!

Something wired.

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Prokash Sinha
Sent: Friday, March 26, 2004 6:22 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

If I remember correctly eax is the return address, so it is trying
to pull the last/first (only arg). Arg you supplied is wrongly
interpreted since you have both * &…

Could you check why you have ptr to a ref !!!

-prokash

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
Sent: Friday, March 26, 2004 4:09 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] need help debugging exception

Mats

>>Are you having the “simulate low resource” setting in
Driver Verifier
turned
> on?

yes, I do. I am also checking for the return val of all
(well, I think…)
mem allocations.

BTW, thanks a lot for the info … just one more question.

In my code what seems to go wrong is the destination address
( which is
[ecx+eax*4] ) and that is what I really find odd. How can that happen?

// here is my code (names have been changed …) :

ParseS( const char * &s)
{
const char *t, *u;

[…] do something with s

t = s;

[…]

}

Q: if [ecx+eax*4] is supposed to be the address of t does it
mean that I
have overwritten that portion of memory?

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> > To debug this, we need to understand what the variable t
> and s come from.
> >
> > Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on? If so, I would say that the reason your driver crashes
> is that it’s
> not
> > properly checking for some “out of memory” condition.
> >
> > I suspect that at s is allocated from somewhere[1], and
> this allocation
> has
> > gone wrong (i.e. out of memory), which means that s is
> NULL. Now, I can’t
> > really say for sure that this is what happens, but that’s what I’d
> suspect.
> >
> > To find out how it goes wrong, you need to look a the stack
> and see what
> the
> > value of t and s are.
> >
> > [1] It could of course be some other system call that can
> validly return a
> > NULL value when you call it. Low resource simulation can
> and will return
> > “not there” for many different types of calls, not just
> regular memory
> > calls.
> >
> > const on a char * does not mean that the value can not be
> NULL. I can
> create
> > a function like this:
> >
> > void f(const char *s)
> > {
> > if (s == NULL)
> > …;
> > else
> > …;
> > }
> >
> > and call it:
> >
> > f(NULL);
> > f(“Blah”);
> > p = malloc(15);
> > f(p);
> >
> > All of those are valid. And more importantly, f(p) could
> well result in
> the
> > same as f(NULL), since malloc is capable of returning NULL.
> >
> > The const is only telling the code that the value of the
> data pointed at
> > will not change, but the pointer itself could be any valid
> pointer value
> > (including pointer to something that doesn’t exist, like
> NULL or a random
> > number).
> >
> > If you paste this into your help URL, it should give you
> some more info on
> > “const” (but it’s not entirely CLEARLY written).
> >
> > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> >
> > –
> > Mats
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I write driver code in C, but I also have to debug the simulator, which is a
whole lot of C++ (enough to make a 1.5MB driver into a 6.5MB driver), so I
get used to looking at both. Also write little helper apps and such in C++,
once you get used to using classes to do things, it’s much harder to go back
to “regular” C.

Either way, I don’t think this solves the OP’s problem, so let’s stop
here…

–
Mats

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Friday, March 26, 2004 3:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

I see Ur point. Definitely, I’m a vitamin C taker :). It’s
been long, I left
C++.
IIRC, from John Robbins book and Doran from MS also pointed out for
stdcall under
c++ ecx is this ptr. Also under C++, the types be implicitly
buit as class,
not sure though
at this point of my rustiness about C++…

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of
xxxxx@3Dlabs.com
Sent: Friday, March 26, 2004 6:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

ecx is usually the this-pointer in C++ code (and only C++
allows refernce,
but that doesn’t mean that you can only use reference operator with
classes). If it’s a non-class function (or “this” is not
needed for the
follow on operations) “this” doesn’t have to be kept in any
register, and
it’s fully possible for the compiler to rearrange which
register things go
into on a whim.

–
Mats

> -----Original Message-----
> From: Prokash Sinha [mailto:xxxxx@garlic.com]
> Sent: Friday, March 26, 2004 2:37 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] need help debugging exception
>
>
> Well, I’m wrong, since the destination is being address that way.
>
> It seems like due to ref, it is assuming ecx being this pointer !!!
>
> Something wired.
>
> -prokash
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Prokash Sinha
> Sent: Friday, March 26, 2004 6:22 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] need help debugging exception
>
>
> If I remember correctly eax is the return address, so it is trying
> to pull the last/first (only arg). Arg you supplied is wrongly
> interpreted since you have both * &…
>
> Could you check why you have ptr to a ref !!!
>
> -prokash
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
> Sent: Friday, March 26, 2004 4:09 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] need help debugging exception
>
>
> Mats
>
> >>Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on?
>
> yes, I do. I am also checking for the return val of all
> (well, I think…)
> mem allocations.
>
> BTW, thanks a lot for the info … just one more question.
>
> In my code what seems to go wrong is the destination address
> ( which is
> [ecx+eax*4] ) and that is what I really find odd. How can
that happen?
>
> // here is my code (names have been changed …) :
>
> ParseS( const char * &s)
> {
> const char *t, *u;
>
> […] do something with s
>
> t = s;
>
> […]
>
> }
>
> Q: if [ecx+eax*4] is supposed to be the address of t does it
> mean that I
> have overwritten that portion of memory?
>
> –
> Marco [www.neovalens.com]
> –
>
> wrote in message news:xxxxx@ntdev…
> > > To debug this, we need to understand what the variable t
> > and s come from.
> > >
> > > Are you having the “simulate low resource” setting in
> > Driver Verifier
> > turned
> > > on? If so, I would say that the reason your driver crashes
> > is that it’s
> > not
> > > properly checking for some “out of memory” condition.
> > >
> > > I suspect that at s is allocated from somewhere[1], and
> > this allocation
> > has
> > > gone wrong (i.e. out of memory), which means that s is
> > NULL. Now, I can’t
> > > really say for sure that this is what happens, but that’s what I’d
> > suspect.
> > >
> > > To find out how it goes wrong, you need to look a the stack
> > and see what
> > the
> > > value of t and s are.
> > >
> > > [1] It could of course be some other system call that can
> > validly return a
> > > NULL value when you call it. Low resource simulation can
> > and will return
> > > “not there” for many different types of calls, not just
> > regular memory
> > > calls.
> > >
> > > const on a char * does not mean that the value can not be
> > NULL. I can
> > create
> > > a function like this:
> > >
> > > void f(const char *s)
> > > {
> > > if (s == NULL)
> > > …;
> > > else
> > > …;
> > > }
> > >
> > > and call it:
> > >
> > > f(NULL);
> > > f(“Blah”);
> > > p = malloc(15);
> > > f(p);
> > >
> > > All of those are valid. And more importantly, f(p) could
> > well result in
> > the
> > > same as f(NULL), since malloc is capable of returning NULL.
> > >
> > > The const is only telling the code that the value of the
> > data pointed at
> > > will not change, but the pointer itself could be any valid
> > pointer value
> > > (including pointer to something that doesn’t exist, like
> > NULL or a random
> > > number).
> > >
> > > If you paste this into your help URL, it should give you
> > some more info on
> > > “const” (but it’s not entirely CLEARLY written).
> > >
> > > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> > >
> > > –
> > > Mats
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi

just foir the record, the driver is indeed makes use of C++ and the
exception happened in release mode.

I have a vbs script that goes through my HD and runs every app that it finds
(in a loop) and I had three of those scripts running concurrently for a long
time but I think that the fault depends a lot on the faults that verifier
injects. I have now found out about the 0xf (verifier) parameter which
should give me a hint of the faults injected …

Now I am waiting for the machine to crash

Thank you all for your comments.

–
Marco [www.neovalens.com]

wrote in message news:xxxxx@ntdev…
> I write driver code in C, but I also have to debug the simulator, which is
a
> whole lot of C++ (enough to make a 1.5MB driver into a 6.5MB driver), so I
> get used to looking at both. Also write little helper apps and such in
C++,
> once you get used to using classes to do things, it’s much harder to go
back
> to “regular” C.
>
> Either way, I don’t think this solves the OP’s problem, so let’s stop
> here…
>
> –
> Mats
>
> > -----Original Message-----
> > From: Prokash Sinha [mailto:xxxxx@garlic.com]
> > Sent: Friday, March 26, 2004 3:02 PM
> > To: Windows System Software Devs Interest List
> > Subject: RE: [ntdev] need help debugging exception
> >
> >
> > I see Ur point. Definitely, I’m a vitamin C taker :). It’s
> > been long, I left
> > C++.
> > IIRC, from John Robbins book and Doran from MS also pointed out for
> > stdcall under
> > c++ ecx is this ptr. Also under C++, the types be implicitly
> > buit as class,
> > not sure though
> > at this point of my rustiness about C++…
> >
> > -pro
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of
> > xxxxx@3Dlabs.com
> > Sent: Friday, March 26, 2004 6:49 AM
> > To: Windows System Software Devs Interest List
> > Subject: RE: [ntdev] need help debugging exception
> >
> >
> > ecx is usually the this-pointer in C++ code (and only C++
> > allows refernce,
> > but that doesn’t mean that you can only use reference operator with
> > classes). If it’s a non-class function (or “this” is not
> > needed for the
> > follow on operations) “this” doesn’t have to be kept in any
> > register, and
> > it’s fully possible for the compiler to rearrange which
> > register things go
> > into on a whim.
> >
> > –
> > Mats
> >
> > > -----Original Message-----
> > > From: Prokash Sinha [mailto:xxxxx@garlic.com]
> > > Sent: Friday, March 26, 2004 2:37 PM
> > > To: Windows System Software Devs Interest List
> > > Subject: RE: [ntdev] need help debugging exception
> > >
> > >
> > > Well, I’m wrong, since the destination is being address that way.
> > >
> > > It seems like due to ref, it is assuming ecx being this pointer !!!
> > >
> > > Something wired.
> > >
> > > -prokash
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com]On Behalf Of Prokash Sinha
> > > Sent: Friday, March 26, 2004 6:22 AM
> > > To: Windows System Software Devs Interest List
> > > Subject: RE: [ntdev] need help debugging exception
> > >
> > >
> > > If I remember correctly eax is the return address, so it is trying
> > > to pull the last/first (only arg). Arg you supplied is wrongly
> > > interpreted since you have both * &…
> > >
> > > Could you check why you have ptr to a ref !!!
> > >
> > > -prokash
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
> > > Sent: Friday, March 26, 2004 4:09 AM
> > > To: Windows System Software Devs Interest List
> > > Subject: Re:[ntdev] need help debugging exception
> > >
> > >
> > > Mats
> > >
> > > >>Are you having the “simulate low resource” setting in
> > > Driver Verifier
> > > turned
> > > > on?
> > >
> > > yes, I do. I am also checking for the return val of all
> > > (well, I think…)
> > > mem allocations.
> > >
> > > BTW, thanks a lot for the info … just one more question.
> > >
> > > In my code what seems to go wrong is the destination address
> > > ( which is
> > > [ecx+eax*4] ) and that is what I really find odd. How can
> > that happen?
> > >
> > > // here is my code (names have been changed …) :
> > >
> > > ParseS( const char * &s)
> > > {
> > > const char *t, u;
> > >
> > > […] do something with s
> > >
> > > t = s;
> > >
> > > […]
> > >
> > > }
> > >
> > > Q: if [ecx+eax4] is supposed to be the address of t does it
> > > mean that I
> > > have overwritten that portion of memory?
> > >
> > > –
> > > Marco [www.neovalens.com]
> > > –
> > >
> > > wrote in message news:xxxxx@ntdev…
> > > > To debug this, we need to understand what the variable t
> > > and s come from.
> > > >
> > > > Are you having the “simulate low resource” setting in
> > > Driver Verifier
> > > turned
> > > > on? If so, I would say that the reason your driver crashes
> > > is that it’s
> > > not
> > > > properly checking for some “out of memory” condition.
> > > >
> > > > I suspect that at s is allocated from somewhere[1], and
> > > this allocation
> > > has
> > > > gone wrong (i.e. out of memory), which means that s is
> > > NULL. Now, I can’t
> > > > really say for sure that this is what happens, but that’s what I’d
> > > suspect.
> > > >
> > > > To find out how it goes wrong, you need to look a the stack
> > > and see what
> > > the
> > > > value of t and s are.
> > > >
> > > > [1] It could of course be some other system call that can
> > > validly return a
> > > > NULL value when you call it. Low resource simulation can
> > > and will return
> > > > “not there” for many different types of calls, not just
> > > regular memory
> > > > calls.
> > > >
> > > > const on a char * does not mean that the value can not be
> > > NULL. I can
> > > create
> > > > a function like this:
> > > >
> > > > void f(const char *s)
> > > > {
> > > > if (s == NULL)
> > > > …;
> > > > else
> > > > …;
> > > > }
> > > >
> > > > and call it:
> > > >
> > > > f(NULL);
> > > > f(“Blah”);
> > > > p = malloc(15);
> > > > f(p);
> > > >
> > > > All of those are valid. And more importantly, f(p) could
> > > well result in
> > > the
> > > > same as f(NULL), since malloc is capable of returning NULL.
> > > >
> > > > The const is only telling the code that the value of the
> > > data pointed at
> > > > will not change, but the pointer itself could be any valid
> > > pointer value
> > > > (including pointer to something that doesn’t exist, like
> > > NULL or a random
> > > > number).
> > > >
> > > > If you paste this into your help URL, it should give you
> > > some more info on
> > > > “const” (but it’s not entirely CLEARLY written).
> > > >
> > > > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> > > >
> > > > –
> > > > Mats
> > > >
> > >
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >
> > >
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >
> > >
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Once I was a TA for C++ undergrad course. Now I think that they are
yelling at my name :). Here is my logic to jump to C# -

Once there was an ambassodor from a fairly poor country came to visit
united states. Mr Amb was interested about technology. So he was taken to
some places and showed that noone was using POTS telephone. He was bit
confused,
asked, pls show me if you have underground POTS line. He was shown, that
there
was no such lines. And the presenter was extreemly excited to show that,
then those
RF enabled phones were shown. Mr Amb. gently said good. Then the presenter,
happen to be
an Amb from US, was invited to that country. Once arrived, Amb was taken to
a village, and
was shown that there is no POTS either, people are using RF phone. Mr Amb
said, amazing !

I hope you got, why I should go for C#

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of
xxxxx@3Dlabs.com
Sent: Friday, March 26, 2004 7:11 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

I write driver code in C, but I also have to debug the simulator, which is a
whole lot of C++ (enough to make a 1.5MB driver into a 6.5MB driver), so I
get used to looking at both. Also write little helper apps and such in C++,
once you get used to using classes to do things, it’s much harder to go back
to “regular” C.

Either way, I don’t think this solves the OP’s problem, so let’s stop
here…

–
Mats

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Friday, March 26, 2004 3:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

I see Ur point. Definitely, I’m a vitamin C taker :). It’s
been long, I left
C++.
IIRC, from John Robbins book and Doran from MS also pointed out for
stdcall under
c++ ecx is this ptr. Also under C++, the types be implicitly
buit as class,
not sure though
at this point of my rustiness about C++…

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of
xxxxx@3Dlabs.com
Sent: Friday, March 26, 2004 6:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] need help debugging exception

ecx is usually the this-pointer in C++ code (and only C++
allows refernce,
but that doesn’t mean that you can only use reference operator with
classes). If it’s a non-class function (or “this” is not
needed for the
follow on operations) “this” doesn’t have to be kept in any
register, and
it’s fully possible for the compiler to rearrange which
register things go
into on a whim.

–
Mats

> -----Original Message-----
> From: Prokash Sinha [mailto:xxxxx@garlic.com]
> Sent: Friday, March 26, 2004 2:37 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] need help debugging exception
>
>
> Well, I’m wrong, since the destination is being address that way.
>
> It seems like due to ref, it is assuming ecx being this pointer !!!
>
> Something wired.
>
> -prokash
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Prokash Sinha
> Sent: Friday, March 26, 2004 6:22 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] need help debugging exception
>
>
> If I remember correctly eax is the return address, so it is trying
> to pull the last/first (only arg). Arg you supplied is wrongly
> interpreted since you have both * &…
>
> Could you check why you have ptr to a ref !!!
>
> -prokash
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Marco Peretti
> Sent: Friday, March 26, 2004 4:09 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] need help debugging exception
>
>
> Mats
>
> >>Are you having the “simulate low resource” setting in
> Driver Verifier
> turned
> > on?
>
> yes, I do. I am also checking for the return val of all
> (well, I think…)
> mem allocations.
>
> BTW, thanks a lot for the info … just one more question.
>
> In my code what seems to go wrong is the destination address
> ( which is
> [ecx+eax*4] ) and that is what I really find odd. How can
that happen?
>
> // here is my code (names have been changed …) :
>
> ParseS( const char * &s)
> {
> const char *t, *u;
>
> […] do something with s
>
> t = s;
>
> […]
>
> }
>
> Q: if [ecx+eax*4] is supposed to be the address of t does it
> mean that I
> have overwritten that portion of memory?
>
> –
> Marco [www.neovalens.com]
> –
>
> wrote in message news:xxxxx@ntdev…
> > > To debug this, we need to understand what the variable t
> > and s come from.
> > >
> > > Are you having the “simulate low resource” setting in
> > Driver Verifier
> > turned
> > > on? If so, I would say that the reason your driver crashes
> > is that it’s
> > not
> > > properly checking for some “out of memory” condition.
> > >
> > > I suspect that at s is allocated from somewhere[1], and
> > this allocation
> > has
> > > gone wrong (i.e. out of memory), which means that s is
> > NULL. Now, I can’t
> > > really say for sure that this is what happens, but that’s what I’d
> > suspect.
> > >
> > > To find out how it goes wrong, you need to look a the stack
> > and see what
> > the
> > > value of t and s are.
> > >
> > > [1] It could of course be some other system call that can
> > validly return a
> > > NULL value when you call it. Low resource simulation can
> > and will return
> > > “not there” for many different types of calls, not just
> > regular memory
> > > calls.
> > >
> > > const on a char * does not mean that the value can not be
> > NULL. I can
> > create
> > > a function like this:
> > >
> > > void f(const char *s)
> > > {
> > > if (s == NULL)
> > > …;
> > > else
> > > …;
> > > }
> > >
> > > and call it:
> > >
> > > f(NULL);
> > > f(“Blah”);
> > > p = malloc(15);
> > > f(p);
> > >
> > > All of those are valid. And more importantly, f(p) could
> > well result in
> > the
> > > same as f(NULL), since malloc is capable of returning NULL.
> > >
> > > The const is only telling the code that the value of the
> > data pointed at
> > > will not change, but the pointer itself could be any valid
> > pointer value
> > > (including pointer to something that doesn’t exist, like
> > NULL or a random
> > > number).
> > >
> > > If you paste this into your help URL, it should give you
> > some more info on
> > > “const” (but it’s not entirely CLEARLY written).
> > >
> > > ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
> > >
> > > –
> > > Mats
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I am afraid this code does not match at all the source code “t=s”.
It looks more like an array of DWORDs being asigned, like in Array[i]=y,
where Array is DWORD Array;

-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]
Enviado el: viernes, 26 de marzo de 2004 12:06
Para: Windows System Software Devs Interest List
Asunto: [ntdev] need help debugging exception

Hi everybody

while running some tests with driver verifier on (most severe settings) my
driver crashed in a bizarre place and I would appreciate some help to
understand the debugger output.
If I understand it correctly, the error was caused by mov [ecx+eax*4],edx,
because both ecx and eax are null.

However, in my C code that MOV equates to " t = s;", where t is declared as
“const char *t;” and s as “const char * &s” (function argument.

My question: if t is a const char*, how come eax and ecx are both set to
zero?

Thank you for any insight you may provide.

Marco

** debugger output ***

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f26dd125, The address that the exception occurred at
Arg3: f27bb668, Exception Record Address
Arg4: f27bb364, Context Record Address
Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
neoexec!$E6+15
f26dd125 891481 mov [ecx+eax*4],edx
EXCEPTION_PARAMETER1: f27bb668
CONTEXT: f27bb364 – (.cxr fffffffff27bb364)
eax=00000000 ebx=00000000 ecx=00000000 edx=ab006cfa esi=82ebcf00
edi=82c25000
eip=f26dd125 esp=f27bb730 ebp=f27bb764 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
neoexec!$E6+0x15:
f26dd125 891481 mov [ecx+eax*4],edx
Resetting default scope

** end output ***

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com