Network Driver crashes when FSFD is loaded

Hi All,
Mine is a simple passive file system filter driver.Driver works fine
untill nobody access the drive from network location.When somebody tries
to copy the file from the network to the drive to which I am attached the
system crashes.
When i tried to debug the driver , It comes to FastIoRead few times in my
driver and crashes sometime after the FastIoRead. I think there is some
problem with the FastIoMdlRead/FastIoMdlReadComplete calls I have written
Folowing is the code for these functions

BOOLEAN FastIoRead(FileObject , …)
{
If(!DeviceObject) return FALSE;

HookExt = DeviceObject ->DeviceExtension;
if(FatsIOPresent(){
LowerDriver->FastIoRead(…)
}
}

Same for Mdlread,MdlReadComplete.
Is there anything else i need to do?
Strange thing is when i try to do anything else from copying to or from
network drive Driver works fine.
What are the things , I need to take care of when i write a FSFD??

Thanks in advance
Please Help
Regards
Shekhar

We need an !analyze -v output from WinDbg and some code from the
offending function that this output shows as causing the crash.

NewBie wrote:

Hi All,
Mine is a simple passive file system filter driver.Driver works fine
untill nobody access the drive from network location.When somebody tries
to copy the file from the network to the drive to which I am attached the
system crashes.
When i tried to debug the driver , It comes to FastIoRead few times in my
driver and crashes sometime after the FastIoRead. I think there is some
problem with the FastIoMdlRead/FastIoMdlReadComplete calls I have written
Folowing is the code for these functions

BOOLEAN FastIoRead(FileObject , …)
{
If(!DeviceObject) return FALSE;

HookExt = DeviceObject ->DeviceExtension;
if(FatsIOPresent(){
LowerDriver->FastIoRead(…)
}
}

Same for Mdlread,MdlReadComplete.
Is there anything else i need to do?
Strange thing is when i try to do anything else from copying to or from
network drive Driver works fine.
What are the things , I need to take care of when i write a FSFD??

Thanks in advance
Please Help
Regards
Shekhar

–
Nick Ryan (MVP for DDK)

Hi Nick
Thanks for the reply.Pasting the output of !analyze -v.
I have tested the driver on D-Link and Realtek drivers.
System crashes when i access the drive from some other machine.If I do any operations from the host m/c it works properly.
It will be better if u can guide me for the things I have to ensure when I write a FSFD,For the case of network drivers to work properly.
The code of the driver is very similar to FileMon.Basically it is a passive filter driver which monitors the FS I/O. I am not getting the problem NIC cards has bcoz of my driver
PLease help.
The NIC cards on both the m/c is Realtek 8139 RTL cards.
Thanks in advance
Shekhar
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 1200001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f2928c37, address which referenced memory
Debugging Details:

Database SolnDb not connected
READ_ADDRESS: 1200001c
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TCPDataRequestComplete+10
f2928c37 8b780c mov edi,[eax+0xc]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 8042c507 to 80456488
STACK_TEXT:
eb423b04 8042c507 00000003 eb423b4c 1200001c nt!RtlpBreakWithStatusInstruction
eb423b34 8042c8cb 00000003 1200001c f2928c37 nt!KiBugCheckDebugBreak+0x31
eb423ec0 80468b6f 00000000 1200001c 00000002 nt!KeBugCheckEx+0x390
eb423ec0 f2928c37 00000000 1200001c 00000002 nt!KiTrap0E+0x27c
eb423f60 f292a764 ff584880 00000000 0000008b tcpip!TCPDataRequestComplete+0x10
eb423f7c f2926875 fcd5bb08 00000000 f292687c tcpip!TCPRcvComplete+0x7b
eb423f88 f292687c fc91398d fcce6008 800694a8 tcpip!IPRcvComplete+0x19
eb423f8c fc91398d fcce6008 800694a8 fcd5b008 tcpip!ARPRcvComplete+0x5
eb423fa0 eb2e0712 fc020003 80402340 fcd5b008 NDIS!EthFilterDprIndicateReceiveComplete+0x3a
eb423fb0 eb2e0627 fcd5b008 fcd84810 fcd5b05c RTL8139!RTFast_RcvDpc+0x78
eb423fc4 fc8fc974 fcd5b000 fcd5bd88 fcd5bfec RTL8139!RTFast_HandleInterrupt+0x29
eb423fe0 80464bd4 fcd5b070 fcd5b05c 00000000 NDIS!ndisMDpc+0xc8
eb423ff4 804042be f2087d54 00000000 00000000 nt!KiRetireDpcList+0x30

FOLLOWUP_IP:
RTL8139!RTFast_RcvDpc+78
eb2e0712 80a6a602000000 and byte ptr [esi+0x2a6],0x0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: RTL8139!RTFast_RcvDpc+78
MODULE_NAME: RTL8139
IMAGE_NAME: RTL8139.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 37bafc79
STACK_COMMAND: kb
BUCKET_ID: 0xD1_RTL8139!RTFast_RcvDpc+78
Followup: MachineOwner

Nick Ryan wrote:
We need an !analyze -v output from WinDbg and some code from the
offending function that this output shows as causing the crash.

NewBie wrote:

> Hi All,
> Mine is a simple passive file system filter driver.Driver works fine
> untill nobody access the drive from network location.When somebody tries
> to copy the file from the network to the drive to which I am attached the
> system crashes.
> When i tried to debug the driver , It comes to FastIoRead few times in my
> driver and crashes sometime after the FastIoRead. I think there is some
> problem with the FastIoMdlRead/FastIoMdlReadComplete calls I have written
> Folowing is the code for these functions
>
> BOOLEAN FastIoRead(FileObject , ....)
> {
> If(!DeviceObject) return FALSE;
>
> HookExt = DeviceObject ->DeviceExtension;
> if(FatsIOPresent(){
> LowerDriver->FastIoRead(....)
> }
> }
>
> Same for Mdlread,MdlReadComplete.
> Is there anything else i need to do?
> Strange thing is when i try to do anything else from copying to or from
> network drive Driver works fine.
> What are the things , I need to take care of when i write a FSFD??
>
> Thanks in advance
> Please Help
> Regards
> Shekhar
>
>

--
Nick Ryan (MVP for DDK)

---
You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

OK something deep in the network stack is barfing. It appears to be
during completion processing for incoming network packets, perhaps when
copying data into a buffer owned by the filesystem stack. My guess is
your filter may be causing this buffer to go bad.

Let’s assume one of your filter entry points is causing this. Your best
bet is to keep disabling entry points until the problem goes away. You
know you can just return FALSE for FastIo calls to force the system to
send down an ordinary IRP? This will rule out your FastIo code. If this
fixes it, now you know how to narrow down to the specific FastIo entry
point. If it doesn’t, then the problem is with your filter’s dispatch
entry points and you can narrow down from there.

Shekhar Divekar wrote:

Hi Nick
Thanks for the reply.Pasting the output of !analyze -v.
I have tested the driver on D-Link and Realtek drivers.
System crashes when i access the drive from some other machine.If I do
any operations from the host m/c it works properly.
It will be better if u can guide me for the things I have to ensure
when I write a FSFD,For the case of network drivers to work properly.
The code of the driver is very similar to FileMon.Basically it is
a passive filter driver which monitors the FS I/O. I am not getting the
problem NIC cards has bcoz of my driver
PLease help.
The NIC cards on both the m/c is Realtek 8139 RTL cards.
Thanks in advance
Shekhar
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 1200001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f2928c37, address which referenced memory
Debugging Details:

Database SolnDb not connected
READ_ADDRESS: 1200001c
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TCPDataRequestComplete+10
f2928c37 8b780c mov edi,[eax+0xc]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 8042c507 to 80456488
STACK_TEXT:
eb423b04 8042c507 00000003 eb423b4c 1200001c
nt!RtlpBreakWithStatusInstruction
eb423b34 8042c8cb 00000003 1200001c f2928c37 nt!KiBugCheckDebugBreak+0x31
eb423ec0 80468b6f 00000000 1200001c 00000002 nt!KeBugCheckEx+0x390
eb423ec0 f2928c37 00000000 1200001c 00000002 nt!KiTrap0E+0x27c
eb423f60 f292a764 ff584880 00000000 0000008b
tcpip!TCPDataRequestComplete+0x10
eb423f7c f2926875 fcd5bb08 00000000 f292687c tcpip!TCPRcvComplete+0x7b
eb423f88 f292687c fc91398d fcce6008 800694a8 tcpip!IPRcvComplete+0x19
eb423f8c fc91398d fcce6008 800694a8 fcd5b008 tcpip!ARPRcvComplete+0x5
eb423fa0 eb2e0712 fc020003 80402340 fcd5b008
NDIS!EthFilterDprIndicateReceiveComplete+0x3a
eb423fb0 eb2e0627 fcd5b008 fcd84810 fcd5b05c RTL8139!RTFast_RcvDpc+0x78
eb423fc4 fc8fc974 fcd5b000 fcd5bd88 fcd5bfec
RTL8139!RTFast_HandleInterrupt+0x29
eb423fe0 80464bd4 fcd5b070 fcd5b05c 00000000 NDIS!ndisMDpc+0xc8
eb423ff4 804042be f2087d54 00000000 00000000 nt!KiRetireDpcList+0x30

FOLLOWUP_IP:
RTL8139!RTFast_RcvDpc+78
eb2e0712 80a6a602000000 and byte ptr [esi+0x2a6],0x0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: RTL8139!RTFast_RcvDpc+78
MODULE_NAME: RTL8139
IMAGE_NAME: RTL8139.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 37bafc79
STACK_COMMAND: kb
BUCKET_ID: 0xD1_RTL8139!RTFast_RcvDpc+78
Followup: MachineOwner

*/Nick Ryan /* wrote:
>
> We need an !analyze -v output from WinDbg and some code from the
> offending function that this output shows as causing the crash.
>
> NewBie wrote:
>
> > Hi All,
> > Mine is a simple passive file system filter driver.Driver works fine
> > untill nobody access the drive from network location.When
> somebody tries
> > to copy the file from the network to the drive to which I am
> attached the
> > system crashes.
> > When i tried to debug the driver , It comes to FastIoRead few
> times in my
> > driver and crashes sometime after the FastIoRead. I think there
> is some
> > problem with the FastIoMdlRead/FastIoMdlReadComplete calls I have
> written
> > Folowing is the code for these functions
> >
> > BOOLEAN FastIoRead(FileObject , …)
> > {
> > If(!DeviceObject) return FALSE;
> >
> > HookExt = DeviceObject ->DeviceExtension;
> > if(FatsIOPresent(){
> > LowerDriver->FastIoRead(…)
> > }
> > }
> >
> > Same for Mdlread,MdlReadComplete.
> > Is there anything else i need to do?
> > Strange thing is when i try to do anything else from copying to
> or from
> > network drive Driver works fine.
> > What are the things , I need to take care of when i write a FSFD??
> >
> > Thanks in advance
> > Please Help
> > Regards
> > Shekhar
> >
> >
>
> –
> Nick Ryan (MVP for DDK)
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@yahoo.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder
> http: - Free,
> easy-to-use web site design software

–
Nick Ryan (MVP for DDK)</http:>

Just a quick question are you using the "ObDereferenceObject" functions..? I
had seen a similar problem which ultimately boiled down to my code calling
an extra ObDereferenceObject function on one of the objects. Please ignore
if thats not the case:-)

Vikas
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Shekhar Divekar
Sent: Saturday, August 30, 2003 4:59 AM
To: File Systems Developers
Subject: [ntfsd] Re: Network Driver crashes when FSFD is loaded

Hi Nick
Thanks for the reply.Pasting the output of !analyze -v.
I have tested the driver on D-Link and Realtek drivers.
System crashes when i access the drive from some other machine.If I do
any operations from the host m/c it works properly.
It will be better if u can guide me for the things I have to ensure when
I write a FSFD,For the case of network drivers to work properly.
The code of the driver is very similar to FileMon.Basically it is a
passive filter driver which monitors the FS I/O. I am not getting the
problem NIC cards has bcoz of my driver
PLease help.
The NIC cards on both the m/c is Realtek 8139 RTL cards.
Thanks in advance
Shekhar

****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*

****************************************************************************
***
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 1200001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f2928c37, address which referenced memory
Debugging Details:

Database SolnDb not connected
READ_ADDRESS: 1200001c
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TCPDataRequestComplete+10
f2928c37 8b780c mov edi,[eax+0xc]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 8042c507 to 80456488
STACK_TEXT:
eb423b04 8042c507 00000003 eb423b4c 1200001c
nt!RtlpBreakWithStatusInstruction
eb423b34 8042c8cb 00000003 1200001c f2928c37 nt!KiBugCheckDebugBreak+0x31
eb423ec0 80468b6f 00000000 1200001c 00000002 nt!KeBugCheckEx+0x390
eb423ec0 f2928c37 00000000 1200001c 00000002 nt!KiTrap0E+0x27c
eb423f60 f292a764 ff584880 00000000 0000008b
tcpip!TCPDataRequestComplete+0x10
eb423f7c f2926875 fcd5bb08 00000000 f292687c tcpip!TCPRcvComplete+0x7b
eb423f88 f292687c fc91398d fcce6008 800694a8 tcpip!IPRcvComplete+0x19
eb423f8c fc91398d fcce6008 800694a8 fcd5b008 tcpip!ARPRcvComplete+0x5
eb423fa0 eb2e0712 fc020003 80402340 fcd5b008
NDIS!EthFilterDprIndicateReceiveComplete+0x3a
eb423fb0 eb2e0627 fcd5b008 fcd84810 fcd5b05c RTL8139!RTFast_RcvDpc+0x78
eb423fc4 fc8fc974 fcd5b000 fcd5bd88 fcd5bfec
RTL8139!RTFast_HandleInterrupt+0x29
eb423fe0 80464bd4 fcd5b070 fcd5b05c 00000000 NDIS!ndisMDpc+0xc8
eb423ff4 804042be f2087d54 00000000 00000000 nt!KiRetireDpcList+0x30

FOLLOWUP_IP:
RTL8139!RTFast_RcvDpc+78
eb2e0712 80a6a602000000 and byte ptr [esi+0x2a6],0x0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: RTL8139!RTFast_RcvDpc+78
MODULE_NAME: RTL8139
IMAGE_NAME: RTL8139.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 37bafc79
STACK_COMMAND: kb
BUCKET_ID: 0xD1_RTL8139!RTFast_RcvDpc+78
Followup: MachineOwner

Nick Ryan wrote:
We need an !analyze -v output from WinDbg and some code from the
offending function that this output shows as causing the crash.

NewBie wrote:

> Hi All,
> Mine is a simple passive file system filter driver.Driver works fine
> untill nobody access the drive from network location.When somebody
tries
> to copy the file from the network to the drive to which I am attached
the
> system crashes.
> When i tried to debug the driver , It comes to FastIoRead few times in
my
> driver and crashes sometime after the FastIoRead. I think there is
some
> problem with the FastIoMdlRead/FastIoMdlReadComplete calls I have
written
> Folowing is the code for these functions
>
> BOOLEAN FastIoRead(FileObject , ....)
> {
> If(!DeviceObject) return FALSE;
>
> HookExt = DeviceObject ->DeviceExtension;
> if(FatsIOPresent(){
> LowerDriver->FastIoRead(....)
> }
> }
>
> Same for Mdlread,MdlReadComplete.
> Is there anything else i need to do?
> Strange thing is when i try to do anything else from copying to or
from
> network drive Driver works fine.
> What are the things , I need to take care of when i write a FSFD??
>
> Thanks in advance
> Please Help
> Regards
> Shekhar
>
>

--
Nick Ryan (MVP for DDK)

---
You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

----------------------------------------------------------------------------
--
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software --- You
are currently subscribed to ntfsd as: xxxxx@agglut.com To unsubscribe send a
blank email to xxxxx@lists.osr.com

Thanks Nick,
Thanks a lot for solving my problem.
Actually the problem was I was not setting the IoCompletionRoutine?
Can that cause the problem??
Since I am setting the IOCompletionRoutine the Driver is working fine…
can u pls tell me why IoCompletion routines are required by the Filter Drivers?
Or is there something else to it ,than i am seeing??
I m just setting the completion routine and doin nothing in it…
Thanks again for solving the problem
Regards
Shekhar

Nick Ryan wrote:
OK something deep in the network stack is barfing. It appears to be
during completion processing for incoming network packets, perhaps when
copying data into a buffer owned by the filesystem stack. My guess is
your filter may be causing this buffer to go bad.

Let’s assume one of your filter entry points is causing this. Your best
bet is to keep disabling entry points until the problem goes away. You
know you can just return FALSE for FastIo calls to force the system to
send down an ordinary IRP? This will rule out your FastIo code. If this
fixes it, now you know how to narrow down to the specific FastIo entry
point. If it doesn’t, then the problem is with your filter’s dispatch
entry points and you can narrow down from there.

Shekhar Divekar wrote:

> Hi Nick
> Thanks for the reply.Pasting the output of !analyze -v.
> I have tested the driver on D-Link and Realtek drivers.
> System crashes when i access the drive from some other machine.If I do
> any operations from the host m/c it works properly.
> It will be better if u can guide me for the things I have to ensure
> when I write a FSFD,For the case of network drivers to work properly.
> The code of the driver is very similar to FileMon.Basically it is
> a passive filter driver which monitors the FS I/O. I am not getting the
> problem NIC cards has bcoz of my driver
> PLease help.
> The NIC cards on both the m/c is Realtek 8139 RTL cards.
> Thanks in advance
> Shekhar
> ***
> *
>
> * Bugcheck
> Analysis
> *
>
>
> DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
> An attempt was made to access a pageable (or completely invalid) address
> at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If kernel debugger is available get stack backtrace.
> Arguments:
> Arg1: 1200001c, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: f2928c37, address which referenced memory
> Debugging Details:
> ------------------
> Database SolnDb not connected
> READ_ADDRESS: 1200001c
> CURRENT_IRQL: 2
> FAULTING_IP:
> tcpip!TCPDataRequestComplete+10
> f2928c37 8b780c mov edi,[eax+0xc]
> DEFAULT_BUCKET_ID: DRIVER_FAULT
> BUGCHECK_STR: 0xD1
> LAST_CONTROL_TRANSFER: from 8042c507 to 80456488
> STACK_TEXT:
> eb423b04 8042c507 00000003 eb423b4c 1200001c
> nt!RtlpBreakWithStatusInstruction
> eb423b34 8042c8cb 00000003 1200001c f2928c37 nt!KiBugCheckDebugBreak+0x31
> eb423ec0 80468b6f 00000000 1200001c 00000002 nt!KeBugCheckEx+0x390
> eb423ec0 f2928c37 00000000 1200001c 00000002 nt!KiTrap0E+0x27c
> eb423f60 f292a764 ff584880 00000000 0000008b
> tcpip!TCPDataRequestComplete+0x10
> eb423f7c f2926875 fcd5bb08 00000000 f292687c tcpip!TCPRcvComplete+0x7b
> eb423f88 f292687c fc91398d fcce6008 800694a8 tcpip!IPRcvComplete+0x19
> eb423f8c fc91398d fcce6008 800694a8 fcd5b008 tcpip!ARPRcvComplete+0x5
> eb423fa0 eb2e0712 fc020003 80402340 fcd5b008
> NDIS!EthFilterDprIndicateReceiveComplete+0x3a
> eb423fb0 eb2e0627 fcd5b008 fcd84810 fcd5b05c RTL8139!RTFast_RcvDpc+0x78
> eb423fc4 fc8fc974 fcd5b000 fcd5bd88 fcd5bfec
> RTL8139!RTFast_HandleInterrupt+0x29
> eb423fe0 80464bd4 fcd5b070 fcd5b05c 00000000 NDIS!ndisMDpc+0xc8
> eb423ff4 804042be f2087d54 00000000 00000000 nt!KiRetireDpcList+0x30
>
> FOLLOWUP_IP:
> RTL8139!RTFast_RcvDpc+78
> eb2e0712 80a6a602000000 and byte ptr [esi+0x2a6],0x0
> FOLLOWUP_NAME: MachineOwner
> SYMBOL_NAME: RTL8139!RTFast_RcvDpc+78
> MODULE_NAME: RTL8139
> IMAGE_NAME: RTL8139.SYS
> DEBUG_FLR_IMAGE_TIMESTAMP: 37bafc79
> STACK_COMMAND: kb
> BUCKET_ID: 0xD1_RTL8139!RTFast_RcvDpc+78
> Followup: MachineOwner
>
>
> /Nick Ryan / wrote:
>
> We need an !analyze -v output from WinDbg and some code from the
> offending function that this output shows as causing the crash.
>
> NewBie wrote:
>
> > Hi All,
> > Mine is a simple passive file system filter driver.Driver works fine
> > untill nobody access the drive from network location.When
> somebody tries
> > to copy the file from the network to the drive to which I am
> attached the
> > system crashes.
> > When i tried to debug the driver , It comes to FastIoRead few
> times in my
> > driver and crashes sometime after the FastIoRead. I think there
> is some
> > problem with the FastIoMdlRead/FastIoMdlReadComplete calls I have
> written
> > Folowing is the code for these functions
> >
> > BOOLEAN FastIoRead(FileObject , …)
> > {
> > If(!DeviceObject) return FALSE;
> >
> > HookExt = DeviceObject ->DeviceExtension;
> > if(FatsIOPresent(){
> > LowerDriver->FastIoRead(…)
> > }
> > }
> >
> > Same for Mdlread,MdlReadComplete.
> > Is there anything else i need to do?
> > Strange thing is when i try to do anything else from copying to
> or from
> > network drive Driver works fine.
> > What are the things , I need to take care of when i write a FSFD??
> >
> > Thanks in advance
> > Please Help
> > Regards
> > Shekhar
> >
> >
>
> –
> Nick Ryan (MVP for DDK)
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@yahoo.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder
> - Free,
> easy-to-use web site design software

–
Nick Ryan (MVP for DDK)

—
You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

It is recommended that you use
IoCopyCurrentIrpStackLocationToNext. If you are not
using this function and copying the stack like this:
*nextIrpStack = *currentIrpStack;
you must call IoSetCompletionRoutine. You can call it
passing FALSE for the last 3 parameters which will
cause your completion routine to never be called.

It seems to me that the problem is this: since the
address and flags of your completion routine have not
been set to something valid, then the random, invalid
address is used and called as a completion routine.

Randy

— Shekhar Divekar wrote:
> Thanks Nick,
> Thanks a lot for solving my problem.
> Actually the problem was I was not setting the
> IoCompletionRoutine?
> Can that cause the problem??
> Since I am setting the IOCompletionRoutine the
> Driver is working fine…
> can u pls tell me why IoCompletion routines are
> required by the Filter Drivers?
> Or is there something else to it ,than i am seeing??
> I m just setting the completion routine and doin
> nothing in it…
> Thanks again for solving the problem
> Regards
> Shekhar
>
>
>
> Nick Ryan wrote:
> OK something deep in the network stack is barfing.
> It appears to be
> during completion processing for incoming network
> packets, perhaps when
> copying data into a buffer owned by the filesystem
> stack. My guess is
> your filter may be causing this buffer to go bad.
>
> Let’s assume one of your filter entry points is
> causing this. Your best
> bet is to keep disabling entry points until the
> problem goes away. You
> know you can just return FALSE for FastIo calls to
> force the system to
> send down an ordinary IRP? This will rule out your
> FastIo code. If this
> fixes it, now you know how to narrow down to the
> specific FastIo entry
> point. If it doesn’t, then the problem is with your
> filter’s dispatch
> entry points and you can narrow down from there.
>
> Shekhar Divekar wrote:
>
> > Hi Nick
> > Thanks for the reply.Pasting the output of
> !analyze -v.
> > I have tested the driver on D-Link and Realtek
> drivers.
> > System crashes when i access the drive from some
> other machine.If I do
> > any operations from the host m/c it works
> properly.
> > It will be better if u can guide me for the things
> I have to ensure
> > when I write a FSFD,For the case of network
> drivers to work properly.
> > The code of the driver is very similar to
> FileMon.Basically it is
> > a passive filter driver which monitors the FS I/O.
> I am not getting the
> > problem NIC cards has bcoz of my driver
> > PLease help.
> > The NIC cards on both the m/c is Realtek 8139 RTL
> cards.
> > Thanks in advance
> > Shekhar
> >
>
***
> > *
> >
> > * Bugcheck
> > Analysis
> > *
> >
> >
>

> > DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
> > An attempt was made to access a pageable (or
> completely invalid) address
> > at an
> > interrupt request level (IRQL) that is too high.
> This is usually
> > caused by drivers using improper addresses.
> > If kernel debugger is available get stack
> backtrace.
> > Arguments:
> > Arg1: 1200001c, memory referenced
> > Arg2: 00000002, IRQL
> > Arg3: 00000000, value 0 = read operation, 1 =
> write operation
> > Arg4: f2928c37, address which referenced memory
> > Debugging Details:
> > ------------------
> > Database SolnDb not connected
> > READ_ADDRESS: 1200001c
> > CURRENT_IRQL: 2
> > FAULTING_IP:
> > tcpip!TCPDataRequestComplete+10
> > f2928c37 8b780c mov edi,[eax+0xc]
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> > BUGCHECK_STR: 0xD1
> > LAST_CONTROL_TRANSFER: from 8042c507 to 80456488
> > STACK_TEXT:
> > eb423b04 8042c507 00000003 eb423b4c 1200001c
> > nt!RtlpBreakWithStatusInstruction
> > eb423b34 8042c8cb 00000003 1200001c f2928c37
> nt!KiBugCheckDebugBreak+0x31
> > eb423ec0 80468b6f 00000000 1200001c 00000002
> nt!KeBugCheckEx+0x390
> > eb423ec0 f2928c37 00000000 1200001c 00000002
> nt!KiTrap0E+0x27c
> > eb423f60 f292a764 ff584880 00000000 0000008b
> > tcpip!TCPDataRequestComplete+0x10
> > eb423f7c f2926875 fcd5bb08 00000000 f292687c
> tcpip!TCPRcvComplete+0x7b
> > eb423f88 f292687c fc91398d fcce6008 800694a8
> tcpip!IPRcvComplete+0x19
> > eb423f8c fc91398d fcce6008 800694a8 fcd5b008
> tcpip!ARPRcvComplete+0x5
> > eb423fa0 eb2e0712 fc020003 80402340 fcd5b008
> > NDIS!EthFilterDprIndicateReceiveComplete+0x3a
> > eb423fb0 eb2e0627 fcd5b008 fcd84810 fcd5b05c
> RTL8139!RTFast_RcvDpc+0x78
> > eb423fc4 fc8fc974 fcd5b000 fcd5bd88 fcd5bfec
> > RTL8139!RTFast_HandleInterrupt+0x29
> > eb423fe0 80464bd4 fcd5b070 fcd5b05c 00000000
> NDIS!ndisMDpc+0xc8
> > eb423ff4 804042be f2087d54 00000000 00000000
> nt!KiRetireDpcList+0x30
> >
> > FOLLOWUP_IP:
> > RTL8139!RTFast_RcvDpc+78
> > eb2e0712 80a6a602000000 and byte ptr
> [esi+0x2a6],0x0
> > FOLLOWUP_NAME: MachineOwner
> > SYMBOL_NAME: RTL8139!RTFast_RcvDpc+78
> > MODULE_NAME: RTL8139
> > IMAGE_NAME: RTL8139.SYS
> > DEBUG_FLR_IMAGE_TIMESTAMP: 37bafc79
> > STACK_COMMAND: kb
> > BUCKET_ID: 0xD1_RTL8139!RTFast_RcvDpc+78
> > Followup: MachineOwner
> >
> >
> > /Nick Ryan / wrote:
> >
> > We need an !analyze -v output from WinDbg and some
> code from the
> > offending function that this output shows as
> causing the crash.
> >
> > NewBie wrote:
> >
> > > Hi All,
> > > Mine is a simple passive file system filter
> driver.Driver works fine
> > > untill nobody access the drive from network
> location.When
> > somebody tries
> > > to copy the file from the network to the drive
> to which I am
> > attached the
> > > system crashes.
> > > When i tried to debug the driver , It comes to
> FastIoRead few
> > times in my
> > > driver and crashes sometime after the
> FastIoRead. I think there
> > is some
> > > problem with the
> FastIoMdlRead/FastIoMdlReadComplete calls I have
> > written
> > > Folowing is the code for these functions
> > >
> > > BOOLEAN FastIoRead(FileObject , …)
> > > {
> > > If(!DeviceObject) return FALSE;
> > >
> > > HookExt = DeviceObject ->DeviceExtension;
> > > if(FatsIOPresent(){
> > > LowerDriver->FastIoRead(…)
> > > }
> > > }
> > >
> > > Same for Mdlread,MdlReadComplete.
> > > Is there anything else i need to do?
> > > Strange thing is when i try to do anything else
> from copying to
> > or from
> > > network drive Driver works fine.
> > > What are the things , I need to take care of
> when i write a FSFD??
> > >
> > > Thanks in advance
> > > Please Help
> > > Regards
> > > Shekhar
> > >
> > >
> >
> > –
>
=== message truncated ===

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

No , you don’t have to set a completion routine. I suspect that you copied a
completion routine that is defined in the current stack location to the next
stack location. This cause completion routine to be called twice thus
creating a problem.

Alexei.

“Shekhar Divekar” wrote in message
news:xxxxx@ntfsd…
>Thanks Nick,
>Thanks a lot for solving my problem.
>Actually the problem was I was not setting the IoCompletionRoutine?
>Can that cause the problem??
>Since I am setting the IOCompletionRoutine the Driver is working fine…
>can u pls tell me why IoCompletion routines are required by the Filter
Drivers?
>Or is there something else to it ,than i am seeing??
>I m just setting the completion routine and doin nothing in it…
>Thanks again for solving the problem
>Regards
>Shekhar