To debug this, we need to understand what the variable t and s come from.
Are you having the “simulate low resource” setting in Driver Verifier turned
on? If so, I would say that the reason your driver crashes is that it’s not
properly checking for some “out of memory” condition.
I suspect that at s is allocated from somewhere[1], and this allocation has
gone wrong (i.e. out of memory), which means that s is NULL. Now, I can’t
really say for sure that this is what happens, but that’s what I’d suspect.
To find out how it goes wrong, you need to look a the stack and see what the
value of t and s are.
[1] It could of course be some other system call that can validly return a
NULL value when you call it. Low resource simulation can and will return
“not there” for many different types of calls, not just regular memory
calls.
const on a char * does not mean that the value can not be NULL. I can create
a function like this:
void f(const char *s)
{
if (s == NULL)
…;
else
…;
}
and call it:
f(NULL);
f(“Blah”);
p = malloc(15);
f(p);
All of those are valid. And more importantly, f(p) could well result in the
same as f(NULL), since malloc is capable of returning NULL.
The const is only telling the code that the value of the data pointed at
will not change, but the pointer itself could be any valid pointer value
(including pointer to something that doesn’t exist, like NULL or a random
number).
If you paste this into your help URL, it should give you some more info on
“const” (but it’s not entirely CLEARLY written).
ms-help://MS.VSCC/MS.MSDNVS/vclang/html/_clang_Type_Qualifiers.htm
–
Mats
-----Original Message-----
From: Marco Peretti [mailto:xxxxx@neovalens.com]
Sent: Friday, March 26, 2004 11:06 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] need help debugging exception
Hi everybody
while running some tests with driver verifier on (most severe
settings) my
driver crashed in a bizarre place and I would appreciate some help to
understand the debugger output.
If I understand it correctly, the error was caused by mov
[ecx+eax*4],edx,
because both ecx and eax are null.
However, in my C code that MOV equates to " t = s;", where t
is declared as
“const char *t;” and s as “const char * &s” (function argument.
My question: if t is a const char*, how come eax and ecx are
both set to
zero?
Thank you for any insight you may provide.
Marco
** debugger output ***
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f26dd125, The address that the exception occurred at
Arg3: f27bb668, Exception Record Address
Arg4: f27bb364, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
neoexec!$E6+15
f26dd125 891481 mov [ecx+eax*4],edx
EXCEPTION_PARAMETER1: f27bb668
CONTEXT: f27bb364 – (.cxr fffffffff27bb364)
eax=00000000 ebx=00000000 ecx=00000000 edx=ab006cfa esi=82ebcf00
edi=82c25000
eip=f26dd125 esp=f27bb730 ebp=f27bb764 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
neoexec!$E6+0x15:
f26dd125 891481 mov [ecx+eax*4],edx
Resetting default scope
** end output ***
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com