---------- Forwarded message ----------
From: Sarbojit Sarkar
Date: Tue, Oct 19, 2010 at 6:20 PM
Subject: [ntdev/windbg]Mirror driver is crashing with 16 bits color depth.
To: Windows System Software Devs Interest List , Kernel
Debugging Interest List
Hi friends,
My mirror driver is crashing(Bug Check id = 0x50) on
win7-32bits/Vista-32bits if I am setting 16bits color depth from display
properties window. Error is happening in EngBitBlt() and as per error code
“Page fault occurred in non paged area”.
My doubts:
1.) Is any know issue with Mirror driver + 16 bits color depth?
2.) Why page fault is happening with 16 bits color depth not 32bits?
3.) I am creating shared memory using EngMapeFile of size = width X hight X
(bits per pixel/8), is this not correct?
Please let know if I am missing something here. I have given error code,
call stack and analyze results. Please let me know if anything else is
needed.
Error code:
BugCheck 50, {fd98e288, 1, 8219f8aa, 0}
Below is the call stack:
ChildEBP RetAddr Args to Child
a72dfe2c 82913e71 00000003 2510f246 00000065
nt!RtlpBreakWithStatusInstruction
a72dfe7c 8291496d 00000003 85f73578 00000000 nt!KiBugCheckDebugBreak+0x1c
a72e0240 828bc8e3 00000050 fd98e288 00000001 nt!KeBugCheck2+0x68b
a72e02cc 8287d5f8 00000001 fd98e288 00000000 nt!MmAccessFault+0x106
a72e02cc 8219f8aa 00000001 fd98e288 00000000 nt!KiTrap0E+0xdc
a72e0374 82147096 0000000f 250462a2 ffb86900 win32k!vSrcCopyS16D32+0xb3
a72e05b4 8214f8b7 ffb86910 fe052010 a72e08a4 win32k!EngCopyBits+0x604
a72e062c 82371c5a ffb86910 fe052010 00000000 win32k!EngBitBlt+0x4ec
WARNING: Stack unwind information not available. Following frames may be
wrong.
a72e0678 82371cff ffb86910 fe052010 00000000 MyMirrorDriver_82370000+0x1c5a
a72e06ac 820aa3ae ffb86910 fe052010 a72e08a4 MyMirrorDriver_82370000+0x1cff
a72e06f8 82178e27 fe0f8c90 fe052010 a72e08a4 win32k!WatchdogDrvCopyBits+0x53
a72e0740 8215eac4 820aa35b a72e09d0 ffb86910 win32k!OffCopyBits+0x7d
a72e09e4 8217c401 ffb86910 fe052010 00000000 win32k!SpBitBlt+0x252
a72e0a18 82178e27 ffb86910 fe052010 fe6e1248 win32k!SpCopyBits+0x27
a72e0a60 8225e8e0 8217c3da fe765d70 ffb86910 win32k!OffCopyBits+0x7d
a72e0ba0 8225ea49 ffb9a7f0 fe052010 00000000 win32k!MulBitBlt+0x372
a72e0be4 8217cc53 ffb9a7f0 fe052010 00000000 win32k!MulCopyBits+0xcc
a72e0ccc 82164e36 ffbacea8 ffa2c120 fe4dc388
win32k!NtGdiBitBltInternal+0x6ab
a72e0d00 8287a42a 02010867 00000000 00000000 win32k!NtGdiBitBlt+0x2f
a72e0d00 771364f4 02010867 00000000 00000000 nt!KiFastCallEntry+0x12a
0224f3d0 75a67209 75a671f1 02010867 00000000 ntdll!KiFastSystemCallRet
0224f3d4 75a671f1 02010867 00000000 00000000 GDI32!NtGdiBitBlt+0xc
0224f418 73f05bb7 02010867 00000000 00000000 GDI32!BitBlt+0x1fa
0224f454 73f05b46 00651278 e60107e8 80004005
UxTheme!CPaintBuffer::_PaintTargetRect+0x52
0224f484 73f040a8 e60107e8 02010867 00646a70
UxTheme!CPaintBuffer::_PaintImmediate+0x3a
0224f49c 73f04020 00000001 000054d6 80004005
UxTheme!CPaintBuffer::EndPaint+0x9e
0224f4b4 73f03fd4 000054d6 00000001 00179a38
UxTheme!CPaintBufferPool::Impl::End+0x22
0224f4d4 007dfd5b 000054d6 00000001 00000000 UxTheme!EndBufferedPaint+0x36
0224f55c 007dfcc2 00000000 0000000f 00179a38
Explorer!CShowDesktopButton::_HandlePaint+0x97
0224f578 007b2029 00020092 0000000f 00000000
Explorer!CShowDesktopButton::v_WndProc+0x40e
0224f59c 755f86ef 00020092 0000000f 00000000
Explorer!CImpWndProc::s_WndProc+0x68
0224f5c8 755f79cc 007b1fe7 00020092 0000000f USER32!InternalCallWinProc+0x23
0224f640 755f70f4 00000000 007b1fe7 00020092
USER32!UserCallWinProcCheckWow+0xe0
0224f69c 755f738f 00a38df0 0000000f 00000000
USER32!DispatchClientMessage+0xda
0224f6c4 7713642e 0224f6dc 00000018 0224f868 USER32! fnDWORD+0x24
0224f6f0 755f4341 755f2bfe 0003006c 00000060
ntdll!KiUserCallbackDispatcher+0x2e
0224f6f4 755f2bfe 0003006c 00000060 0224f7b0 USER32!NtUserCallHwndLock+0xc
0224f704 007dfcb5 0003006c 00000085 00860180 USER32!UpdateWindow+0x32
0224f7b0 007b2029 0003006c 00000085 00000001 Explorer!CTray::v_WndProc+0x783
0224f7d4 755f86ef 0003006c 00000085 00000001
Explorer!CImpWndProc::s_WndProc+0x68
0224f800 755f79cc 007b1fe7 0003006c 00000085 USER32!InternalCallWinProc+0x23
0224f878 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0xe0
0224f8d4 755f738f 00a38030 00000085 00000001
USER32!DispatchClientMessage+0xda
0224f8fc 7713642e 0224f914 00000018 0224fa04 USER32! fnDWORD+0x24
0224f928 755f732e 755f7361 0003006c 00000088
ntdll!KiUserCallbackDispatcher+0x2e
0224f92c 755f7361 0003006c 00000088 00000020 USER32!NtUserMessageCall+0xc
0224f9b0 755f7308 0003006c 00000088 00000020
USER32!RealDefWindowProcWorker+0x72
0224f9cc 755f729f 0003006c 00000088 00000020 USER32!RealDefWindowProcW+0x47
0224fa14 007b2203 0003006c 00000088 00000020 USER32!DefWindowProcW+0x6f
0224facc 007b2029 0003006c 00000088 00000020
Explorer!CTray::v_WndProc+0x1440
0224faf0 755f86ef 0003006c 00000088 00000020
Explorer!CImpWndProc::s_WndProc+0x68
0224fb1c 755f8876 007b1fe7 0003006c 00000088 USER32!InternalCallWinProc+0x23
0224fb94 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0x14b
0224fbf0 755f738f 00a38030 00000088 00000020
USER32!DispatchClientMessage+0xda
0224fc18 7713642e 0224fc30 00000018 0224fd04 USER32! fnDWORD+0x24
0224fc44 755f93df 73d41430 0224fccc 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fc48 73d41430 0224fccc 00000000 00000000
USER32!NtUserRealInternalGetMessage+0xc
0224fc84 73d414e9 0224fccc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xfb
0224fcac 755f9429 0224fccc 00000000 00000000 DUser!MphProcessMessage+0x5e
0224fcf4 7713642e 0224fd0c 00000014 0224fe98
USER32! ClientGetMessageMPH+0x30
0224fd1c 755f914b 755f9180 0224fd9c 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fd20 755f9180 0224fd9c 00000000 00000000 USER32!NtUserPeekMessage+0xc
0224fd48 755f92a9 0224fd9c 00000000 00000000 USER32!_PeekMessage+0x73
0224fd74 007b1dd4 0224fd9c 00000000 00000000 USER32!PeekMessageW+0xfb
0224fdc4 007d5816 00000000 772d18f2 0224fe5c
Explorer!CTray::_MessageLoop+0x2b
0224fdd4 772d46bc 00860180 00000000 00000000
Explorer!CTray::MainThreadProc+0x8a
0224fe5c 75d71174 0015f910 0224fea8 7714b3f5 SHLWAPI!WrapperThreadProc+0x1b5
0224fe68 7714b3f5 0015f910 753822cd 00000000
kernel32!BaseThreadInitThunk+0xe
0224fea8 7714b3c8 772d45e9 0015f910 00000000 ntdll!__RtlUserThreadStart+0x70
0224fec0 00000000 772d45e9 0015f910 00000000 ntdll!_RtlUserThreadStart+0x1b
analyze -v spew:
-------------------------
1: kd> !analyze -v
Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad or
it
is pointing at freed memory.
Arguments:
Arg1: fd98e288, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 8219f8aa, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
WRITE_ADDRESS: fd98e288 Paged session pool
FAULTING_IP:
win32k!vSrcCopyS16D32+b3
8219f8aa 8917 mov dword ptr [edi],edx
MM_INTERNAL_CODE: 0
DEBUG_FLR_IMAGE_TIMESTAMP: 4cbd870f
FAULTING_MODULE: 820a0000 win32k
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 2
TRAP_FRAME: a72e02e4 – (.trap 0xffffffffa72e02e4)
ErrCode = 00000002
eax=00000200 ebx=00000103 ecx=000004c2 edx=005a6573 esi=fe05df6d
edi=fd98e288
eip=8219f8aa esp=a72e0358 ebp=a72e0374 iopl=0 nv up ei ng nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
win32k!vSrcCopyS16D32+0xb3:
8219f8aa 8917 mov dword ptr [edi],edx
ds:0023:fd98e288=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 82913e71 to 828a2394
STACK_TEXT:
a72dfe2c 82913e71 00000003 2510f246 00000065
nt!RtlpBreakWithStatusInstruction
a72dfe7c 8291496d 00000003 85f73578 00000000 nt!KiBugCheckDebugBreak+0x1c
a72e0240 828bc8e3 00000050 fd98e288 00000001 nt!KeBugCheck2+0x68b
a72e02cc 8287d5f8 00000001 fd98e288 00000000 nt!MmAccessFault+0x106
a72e02cc 8219f8aa 00000001 fd98e288 00000000 nt!KiTrap0E+0xdc
a72e0374 82147096 0000000f 250462a2 ffb86900 win32k!vSrcCopyS16D32+0xb3
a72e05b4 8214f8b7 ffb86910 fe052010 a72e08a4 win32k!EngCopyBits+0x604
a72e062c 82371c5a ffb86910 fe052010 00000000 win32k!EngBitBlt+0x4ec
WARNING: Stack unwind information not available. Following frames may be
wrong.
a72e0678 82371cff ffb86910 fe052010 00000000 MyMirrorDriver_82370000+0x1c5a
a72e06ac 820aa3ae ffb86910 fe052010 a72e08a4 MyMirrorDriver_82370000+0x1cff
a72e06f8 82178e27 fe0f8c90 fe052010 a72e08a4 win32k!WatchdogDrvCopyBits+0x53
a72e0740 8215eac4 820aa35b a72e09d0 ffb86910 win32k!OffCopyBits+0x7d
a72e09e4 8217c401 ffb86910 fe052010 00000000 win32k!SpBitBlt+0x252
a72e0a18 82178e27 ffb86910 fe052010 fe6e1248 win32k!SpCopyBits+0x27
a72e0a60 8225e8e0 8217c3da fe765d70 ffb86910 win32k!OffCopyBits+0x7d
a72e0ba0 8225ea49 ffb9a7f0 fe052010 00000000 win32k!MulBitBlt+0x372
a72e0be4 8217cc53 ffb9a7f0 fe052010 00000000 win32k!MulCopyBits+0xcc
a72e0ccc 82164e36 ffbacea8 ffa2c120 fe4dc388
win32k!NtGdiBitBltInternal+0x6ab
a72e0d00 8287a42a 02010867 00000000 00000000 win32k!NtGdiBitBlt+0x2f
a72e0d00 771364f4 02010867 00000000 00000000 nt!KiFastCallEntry+0x12a
0224f3d0 75a67209 75a671f1 02010867 00000000 ntdll!KiFastSystemCallRet
0224f3d4 75a671f1 02010867 00000000 00000000 GDI32!NtGdiBitBlt+0xc
0224f418 73f05bb7 02010867 00000000 00000000 GDI32!BitBlt+0x1fa
0224f454 73f05b46 00651278 e60107e8 80004005
UxTheme!CPaintBuffer::_PaintTargetRect+0x52
0224f484 73f040a8 e60107e8 02010867 00646a70
UxTheme!CPaintBuffer::_PaintImmediate+0x3a
0224f49c 73f04020 00000001 000054d6 80004005
UxTheme!CPaintBuffer::EndPaint+0x9e
0224f4b4 73f03fd4 000054d6 00000001 00179a38
UxTheme!CPaintBufferPool::Impl::End+0x22
0224f4d4 007dfd5b 000054d6 00000001 00000000 UxTheme!EndBufferedPaint+0x36
0224f55c 007dfcc2 00000000 0000000f 00179a38
Explorer!CShowDesktopButton::_HandlePaint+0x97
0224f578 007b2029 00020092 0000000f 00000000
Explorer!CShowDesktopButton::v_WndProc+0x40e
0224f59c 755f86ef 00020092 0000000f 00000000
Explorer!CImpWndProc::s_WndProc+0x68
0224f5c8 755f79cc 007b1fe7 00020092 0000000f USER32!InternalCallWinProc+0x23
0224f640 755f70f4 00000000 007b1fe7 00020092
USER32!UserCallWinProcCheckWow+0xe0
0224f69c 755f738f 00a38df0 0000000f 00000000
USER32!DispatchClientMessage+0xda
0224f6c4 7713642e 0224f6dc 00000018 0224f868 USER32!__fnDWORD+0x24
0224f6f0 755f4341 755f2bfe 0003006c 00000060
ntdll!KiUserCallbackDispatcher+0x2e
0224f6f4 755f2bfe 0003006c 00000060 0224f7b0 USER32!NtUserCallHwndLock+0xc
0224f704 007dfcb5 0003006c 00000085 00860180 USER32!UpdateWindow+0x32
0224f7b0 007b2029 0003006c 00000085 00000001 Explorer!CTray::v_WndProc+0x783
0224f7d4 755f86ef 0003006c 00000085 00000001
Explorer!CImpWndProc::s_WndProc+0x68
0224f800 755f79cc 007b1fe7 0003006c 00000085 USER32!InternalCallWinProc+0x23
0224f878 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0xe0
0224f8d4 755f738f 00a38030 00000085 00000001
USER32!DispatchClientMessage+0xda
0224f8fc 7713642e 0224f914 00000018 0224fa04 USER32! fnDWORD+0x24
0224f928 755f732e 755f7361 0003006c 00000088
ntdll!KiUserCallbackDispatcher+0x2e
0224f92c 755f7361 0003006c 00000088 00000020 USER32!NtUserMessageCall+0xc
0224f9b0 755f7308 0003006c 00000088 00000020
USER32!RealDefWindowProcWorker+0x72
0224f9cc 755f729f 0003006c 00000088 00000020 USER32!RealDefWindowProcW+0x47
0224fa14 007b2203 0003006c 00000088 00000020 USER32!DefWindowProcW+0x6f
0224facc 007b2029 0003006c 00000088 00000020
Explorer!CTray::v_WndProc+0x1440
0224faf0 755f86ef 0003006c 00000088 00000020
Explorer!CImpWndProc::s_WndProc+0x68
0224fb1c 755f8876 007b1fe7 0003006c 00000088 USER32!InternalCallWinProc+0x23
0224fb94 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0x14b
0224fbf0 755f738f 00a38030 00000088 00000020
USER32!DispatchClientMessage+0xda
0224fc18 7713642e 0224fc30 00000018 0224fd04 USER32! fnDWORD+0x24
0224fc44 755f93df 73d41430 0224fccc 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fc48 73d41430 0224fccc 00000000 00000000
USER32!NtUserRealInternalGetMessage+0xc
0224fc84 73d414e9 0224fccc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xfb
0224fcac 755f9429 0224fccc 00000000 00000000 DUser!MphProcessMessage+0x5e
0224fcf4 7713642e 0224fd0c 00000014 0224fe98
USER32! _ClientGetMessageMPH+0x30
0224fd1c 755f914b 755f9180 0224fd9c 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fd20 755f9180 0224fd9c 00000000 00000000 USER32!NtUserPeekMessage+0xc
0224fd48 755f92a9 0224fd9c 00000000 00000000 USER32!PeekMessage+0x73
0224fd74 007b1dd4 0224fd9c 00000000 00000000 USER32!PeekMessageW+0xfb
0224fdc4 007d5816 00000000 772d18f2 0224fe5c
Explorer!CTray::MessageLoop+0x2b
0224fdd4 772d46bc 00860180 00000000 00000000
Explorer!CTray::MainThreadProc+0x8a
0224fe5c 75d71174 0015f910 0224fea8 7714b3f5 SHLWAPI!WrapperThreadProc+0x1b5
0224fe68 7714b3f5 0015f910 753822cd 00000000
kernel32!BaseThreadInitThunk+0xe
0224fea8 7714b3c8 772d45e9 0015f910 00000000 ntdll! RtlUserThreadStart+0x70
0224fec0 00000000 772d45e9 0015f910 00000000 ntdll!RtlUserThreadStart+0x1b
STACK_COMMAND: kb
FOLLOWUP_IP:
MyMirrorDriver_82370000+1c5a
82371c5a 8945e8 mov dword ptr [ebp-18h],eax
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: MyMirrorDriver_82370000+1c5a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MyMirrorDriver_82370000
IMAGE_NAME: MyMirrorDriver.dll
FAILURE_BUCKET_ID: 0x50 MyMirrorDriver_82370000+1c5a
BUCKET_ID: 0x50 MyMirrorDriver_82370000+1c5a
Followup: MachineOwner
---------
/sarbojit
I have observed one interesting thing.
If I am using 16bits color depth for 800x600 resolution then system is not
crashing but for 1024X768 it is crashing always.
Is it like for 1024X768 16 bits color depth is not supported? if that is the
case then why display properties windows is showing this as an option?
Any suggestion any hint will help a lot here.
/sarbojit
On Tue, Oct 19, 2010 at 6:25 PM, Sarbojit Sarkar wrote:
>
>
> ---------- Forwarded message ----------
> From: Sarbojit Sarkar
> Date: Tue, Oct 19, 2010 at 6:20 PM
> Subject: [ntdev/windbg]Mirror driver is crashing with 16 bits color depth.
> To: Windows System Software Devs Interest List ,
> Kernel Debugging Interest List
>
>
> Hi friends,
> My mirror driver is crashing(Bug Check id = 0x50) on
> win7-32bits/Vista-32bits if I am setting 16bits color depth from display
> properties window. Error is happening in EngBitBlt() and as per error code
> “Page fault occurred in non paged area”.
>
> My doubts:
> 1.) Is any know issue with Mirror driver + 16 bits color depth?
> 2.) Why page fault is happening with 16 bits color depth not 32bits?
> 3.) I am creating shared memory using EngMapeFile of size = width X hight X
> (bits per pixel/8), is this not correct?
>
> Please let know if I am missing something here. I have given error code,
> call stack and analyze results. Please let me know if anything else is
> needed.
>
> Error code:
> BugCheck 50, {fd98e288, 1, 8219f8aa, 0}
>
> Below is the call stack:
> ChildEBP RetAddr Args to Child
> a72dfe2c 82913e71 00000003 2510f246 00000065
> nt!RtlpBreakWithStatusInstruction
> a72dfe7c 8291496d 00000003 85f73578 00000000 nt!KiBugCheckDebugBreak+0x1c
> a72e0240 828bc8e3 00000050 fd98e288 00000001 nt!KeBugCheck2+0x68b
> a72e02cc 8287d5f8 00000001 fd98e288 00000000 nt!MmAccessFault+0x106
> a72e02cc 8219f8aa 00000001 fd98e288 00000000 nt!KiTrap0E+0xdc
> a72e0374 82147096 0000000f 250462a2 ffb86900 win32k!vSrcCopyS16D32+0xb3
> a72e05b4 8214f8b7 ffb86910 fe052010 a72e08a4 win32k!EngCopyBits+0x604
> a72e062c 82371c5a ffb86910 fe052010 00000000 win32k!EngBitBlt+0x4ec
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> a72e0678 82371cff ffb86910 fe052010 00000000 MyMirrorDriver_82370000+0x1c5a
> a72e06ac 820aa3ae ffb86910 fe052010 a72e08a4 MyMirrorDriver_82370000+0x1cff
> a72e06f8 82178e27 fe0f8c90 fe052010 a72e08a4
> win32k!WatchdogDrvCopyBits+0x53
> a72e0740 8215eac4 820aa35b a72e09d0 ffb86910 win32k!OffCopyBits+0x7d
> a72e09e4 8217c401 ffb86910 fe052010 00000000 win32k!SpBitBlt+0x252
> a72e0a18 82178e27 ffb86910 fe052010 fe6e1248 win32k!SpCopyBits+0x27
> a72e0a60 8225e8e0 8217c3da fe765d70 ffb86910 win32k!OffCopyBits+0x7d
> a72e0ba0 8225ea49 ffb9a7f0 fe052010 00000000 win32k!MulBitBlt+0x372
> a72e0be4 8217cc53 ffb9a7f0 fe052010 00000000 win32k!MulCopyBits+0xcc
> a72e0ccc 82164e36 ffbacea8 ffa2c120 fe4dc388
> win32k!NtGdiBitBltInternal+0x6ab
> a72e0d00 8287a42a 02010867 00000000 00000000 win32k!NtGdiBitBlt+0x2f
> a72e0d00 771364f4 02010867 00000000 00000000 nt!KiFastCallEntry+0x12a
> 0224f3d0 75a67209 75a671f1 02010867 00000000 ntdll!KiFastSystemCallRet
> 0224f3d4 75a671f1 02010867 00000000 00000000 GDI32!NtGdiBitBlt+0xc
> 0224f418 73f05bb7 02010867 00000000 00000000 GDI32!BitBlt+0x1fa
> 0224f454 73f05b46 00651278 e60107e8 80004005
> UxTheme!CPaintBuffer::_PaintTargetRect+0x52
> 0224f484 73f040a8 e60107e8 02010867 00646a70
> UxTheme!CPaintBuffer::_PaintImmediate+0x3a
> 0224f49c 73f04020 00000001 000054d6 80004005
> UxTheme!CPaintBuffer::EndPaint+0x9e
> 0224f4b4 73f03fd4 000054d6 00000001 00179a38
> UxTheme!CPaintBufferPool::Impl::End+0x22
> 0224f4d4 007dfd5b 000054d6 00000001 00000000 UxTheme!EndBufferedPaint+0x36
> 0224f55c 007dfcc2 00000000 0000000f 00179a38
> Explorer!CShowDesktopButton::_HandlePaint+0x97
> 0224f578 007b2029 00020092 0000000f 00000000
> Explorer!CShowDesktopButton::v_WndProc+0x40e
> 0224f59c 755f86ef 00020092 0000000f 00000000
> Explorer!CImpWndProc::s_WndProc+0x68
> 0224f5c8 755f79cc 007b1fe7 00020092 0000000f
> USER32!InternalCallWinProc+0x23
> 0224f640 755f70f4 00000000 007b1fe7 00020092
> USER32!UserCallWinProcCheckWow+0xe0
> 0224f69c 755f738f 00a38df0 0000000f 00000000
> USER32!DispatchClientMessage+0xda
> 0224f6c4 7713642e 0224f6dc 00000018 0224f868 USER32! fnDWORD+0x24
> 0224f6f0 755f4341 755f2bfe 0003006c 00000060
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224f6f4 755f2bfe 0003006c 00000060 0224f7b0 USER32!NtUserCallHwndLock+0xc
> 0224f704 007dfcb5 0003006c 00000085 00860180 USER32!UpdateWindow+0x32
> 0224f7b0 007b2029 0003006c 00000085 00000001
> Explorer!CTray::v_WndProc+0x783
> 0224f7d4 755f86ef 0003006c 00000085 00000001
> Explorer!CImpWndProc::s_WndProc+0x68
> 0224f800 755f79cc 007b1fe7 0003006c 00000085
> USER32!InternalCallWinProc+0x23
> 0224f878 755f70f4 00000000 007b1fe7 0003006c
> USER32!UserCallWinProcCheckWow+0xe0
> 0224f8d4 755f738f 00a38030 00000085 00000001
> USER32!DispatchClientMessage+0xda
> 0224f8fc 7713642e 0224f914 00000018 0224fa04 USER32! fnDWORD+0x24
> 0224f928 755f732e 755f7361 0003006c 00000088
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224f92c 755f7361 0003006c 00000088 00000020 USER32!NtUserMessageCall+0xc
> 0224f9b0 755f7308 0003006c 00000088 00000020
> USER32!RealDefWindowProcWorker+0x72
> 0224f9cc 755f729f 0003006c 00000088 00000020 USER32!RealDefWindowProcW+0x47
> 0224fa14 007b2203 0003006c 00000088 00000020 USER32!DefWindowProcW+0x6f
> 0224facc 007b2029 0003006c 00000088 00000020
> Explorer!CTray::v_WndProc+0x1440
> 0224faf0 755f86ef 0003006c 00000088 00000020
> Explorer!CImpWndProc::s_WndProc+0x68
> 0224fb1c 755f8876 007b1fe7 0003006c 00000088
> USER32!InternalCallWinProc+0x23
> 0224fb94 755f70f4 00000000 007b1fe7 0003006c
> USER32!UserCallWinProcCheckWow+0x14b
> 0224fbf0 755f738f 00a38030 00000088 00000020
> USER32!DispatchClientMessage+0xda
> 0224fc18 7713642e 0224fc30 00000018 0224fd04 USER32! fnDWORD+0x24
> 0224fc44 755f93df 73d41430 0224fccc 00000000
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224fc48 73d41430 0224fccc 00000000 00000000
> USER32!NtUserRealInternalGetMessage+0xc
> 0224fc84 73d414e9 0224fccc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xfb
> 0224fcac 755f9429 0224fccc 00000000 00000000 DUser!MphProcessMessage+0x5e
> 0224fcf4 7713642e 0224fd0c 00000014 0224fe98
> USER32! ClientGetMessageMPH+0x30
> 0224fd1c 755f914b 755f9180 0224fd9c 00000000
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224fd20 755f9180 0224fd9c 00000000 00000000 USER32!NtUserPeekMessage+0xc
> 0224fd48 755f92a9 0224fd9c 00000000 00000000 USER32!_PeekMessage+0x73
> 0224fd74 007b1dd4 0224fd9c 00000000 00000000 USER32!PeekMessageW+0xfb
> 0224fdc4 007d5816 00000000 772d18f2 0224fe5c
> Explorer!CTray::_MessageLoop+0x2b
> 0224fdd4 772d46bc 00860180 00000000 00000000
> Explorer!CTray::MainThreadProc+0x8a
> 0224fe5c 75d71174 0015f910 0224fea8 7714b3f5
> SHLWAPI!WrapperThreadProc+0x1b5
> 0224fe68 7714b3f5 0015f910 753822cd 00000000
> kernel32!BaseThreadInitThunk+0xe
> 0224fea8 7714b3c8 772d45e9 0015f910 00000000
> ntdll!__RtlUserThreadStart+0x70
> 0224fec0 00000000 772d45e9 0015f910 00000000 ntdll!_RtlUserThreadStart+0x1b
>
> analyze -v spew:
> -------------------------
>
> 1: kd> !analyze -v
>
> *****
>
>
> * Bugcheck Analysis
>
>
>
>
>
>
> PAGE_FAULT_IN_NONPAGED_AREA (50)
> Invalid system memory was referenced. This cannot be protected by
> try-except,
> it must be protected by a Probe. Typically the address is just plain bad
> or it
> is pointing at freed memory.
> Arguments:
> Arg1: fd98e288, memory referenced.
> Arg2: 00000001, value 0 = read operation, 1 = write operation.
> Arg3: 8219f8aa, If non-zero, the instruction address which referenced the
> bad memory
> address.
> Arg4: 00000000, (reserved)
>
> Debugging Details:
> ------------------
>
>
> WRITE_ADDRESS: fd98e288 Paged session pool
>
> FAULTING_IP:
> win32k!vSrcCopyS16D32+b3
> 8219f8aa 8917 mov dword ptr [edi],edx
>
> MM_INTERNAL_CODE: 0
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4cbd870f
>
> FAULTING_MODULE: 820a0000 win32k
>
> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>
> BUGCHECK_STR: 0x50
>
> PROCESS_NAME: explorer.exe
>
> CURRENT_IRQL: 2
>
> TRAP_FRAME: a72e02e4 – (.trap 0xffffffffa72e02e4)
> ErrCode = 00000002
> eax=00000200 ebx=00000103 ecx=000004c2 edx=005a6573 esi=fe05df6d
> edi=fd98e288
> eip=8219f8aa esp=a72e0358 ebp=a72e0374 iopl=0 nv up ei ng nz na po
> nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010282
> win32k!vSrcCopyS16D32+0xb3:
> 8219f8aa 8917 mov dword ptr [edi],edx
> ds:0023:fd98e288=???
> Resetting default scope
>
> LAST_CONTROL_TRANSFER: from 82913e71 to 828a2394
>
> STACK_TEXT:
> a72dfe2c 82913e71 00000003 2510f246 00000065
> nt!RtlpBreakWithStatusInstruction
> a72dfe7c 8291496d 00000003 85f73578 00000000 nt!KiBugCheckDebugBreak+0x1c
> a72e0240 828bc8e3 00000050 fd98e288 00000001 nt!KeBugCheck2+0x68b
> a72e02cc 8287d5f8 00000001 fd98e288 00000000 nt!MmAccessFault+0x106
> a72e02cc 8219f8aa 00000001 fd98e288 00000000 nt!KiTrap0E+0xdc
> a72e0374 82147096 0000000f 250462a2 ffb86900 win32k!vSrcCopyS16D32+0xb3
> a72e05b4 8214f8b7 ffb86910 fe052010 a72e08a4 win32k!EngCopyBits+0x604
> a72e062c 82371c5a ffb86910 fe052010 00000000 win32k!EngBitBlt+0x4ec
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> a72e0678 82371cff ffb86910 fe052010
> 00000000 MyMirrorDriver_82370000+0x1c5a
> a72e06ac 820aa3ae ffb86910 fe052010
> a72e08a4 MyMirrorDriver_82370000+0x1cff
> a72e06f8 82178e27 fe0f8c90 fe052010 a72e08a4
> win32k!WatchdogDrvCopyBits+0x53
> a72e0740 8215eac4 820aa35b a72e09d0 ffb86910 win32k!OffCopyBits+0x7d
> a72e09e4 8217c401 ffb86910 fe052010 00000000 win32k!SpBitBlt+0x252
> a72e0a18 82178e27 ffb86910 fe052010 fe6e1248 win32k!SpCopyBits+0x27
> a72e0a60 8225e8e0 8217c3da fe765d70 ffb86910 win32k!OffCopyBits+0x7d
> a72e0ba0 8225ea49 ffb9a7f0 fe052010 00000000 win32k!MulBitBlt+0x372
> a72e0be4 8217cc53 ffb9a7f0 fe052010 00000000 win32k!MulCopyBits+0xcc
> a72e0ccc 82164e36 ffbacea8 ffa2c120 fe4dc388
> win32k!NtGdiBitBltInternal+0x6ab
> a72e0d00 8287a42a 02010867 00000000 00000000 win32k!NtGdiBitBlt+0x2f
> a72e0d00 771364f4 02010867 00000000 00000000 nt!KiFastCallEntry+0x12a
> 0224f3d0 75a67209 75a671f1 02010867 00000000 ntdll!KiFastSystemCallRet
> 0224f3d4 75a671f1 02010867 00000000 00000000 GDI32!NtGdiBitBlt+0xc
> 0224f418 73f05bb7 02010867 00000000 00000000 GDI32!BitBlt+0x1fa
> 0224f454 73f05b46 00651278 e60107e8 80004005
> UxTheme!CPaintBuffer::_PaintTargetRect+0x52
> 0224f484 73f040a8 e60107e8 02010867 00646a70
> UxTheme!CPaintBuffer::_PaintImmediate+0x3a
> 0224f49c 73f04020 00000001 000054d6 80004005
> UxTheme!CPaintBuffer::EndPaint+0x9e
> 0224f4b4 73f03fd4 000054d6 00000001 00179a38
> UxTheme!CPaintBufferPool::Impl::End+0x22
> 0224f4d4 007dfd5b 000054d6 00000001 00000000 UxTheme!EndBufferedPaint+0x36
> 0224f55c 007dfcc2 00000000 0000000f 00179a38
> Explorer!CShowDesktopButton::_HandlePaint+0x97
> 0224f578 007b2029 00020092 0000000f 00000000
> Explorer!CShowDesktopButton::v_WndProc+0x40e
> 0224f59c 755f86ef 00020092 0000000f 00000000
> Explorer!CImpWndProc::s_WndProc+0x68
> 0224f5c8 755f79cc 007b1fe7 00020092 0000000f
> USER32!InternalCallWinProc+0x23
> 0224f640 755f70f4 00000000 007b1fe7 00020092
> USER32!UserCallWinProcCheckWow+0xe0
> 0224f69c 755f738f 00a38df0 0000000f 00000000
> USER32!DispatchClientMessage+0xda
> 0224f6c4 7713642e 0224f6dc 00000018 0224f868 USER32!__fnDWORD+0x24
> 0224f6f0 755f4341 755f2bfe 0003006c 00000060
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224f6f4 755f2bfe 0003006c 00000060 0224f7b0 USER32!NtUserCallHwndLock+0xc
> 0224f704 007dfcb5 0003006c 00000085 00860180 USER32!UpdateWindow+0x32
> 0224f7b0 007b2029 0003006c 00000085 00000001
> Explorer!CTray::v_WndProc+0x783
> 0224f7d4 755f86ef 0003006c 00000085 00000001
> Explorer!CImpWndProc::s_WndProc+0x68
> 0224f800 755f79cc 007b1fe7 0003006c 00000085
> USER32!InternalCallWinProc+0x23
> 0224f878 755f70f4 00000000 007b1fe7 0003006c
> USER32!UserCallWinProcCheckWow+0xe0
> 0224f8d4 755f738f 00a38030 00000085 00000001
> USER32!DispatchClientMessage+0xda
> 0224f8fc 7713642e 0224f914 00000018 0224fa04 USER32! fnDWORD+0x24
> 0224f928 755f732e 755f7361 0003006c 00000088
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224f92c 755f7361 0003006c 00000088 00000020 USER32!NtUserMessageCall+0xc
> 0224f9b0 755f7308 0003006c 00000088 00000020
> USER32!RealDefWindowProcWorker+0x72
> 0224f9cc 755f729f 0003006c 00000088 00000020 USER32!RealDefWindowProcW+0x47
> 0224fa14 007b2203 0003006c 00000088 00000020 USER32!DefWindowProcW+0x6f
> 0224facc 007b2029 0003006c 00000088 00000020
> Explorer!CTray::v_WndProc+0x1440
> 0224faf0 755f86ef 0003006c 00000088 00000020
> Explorer!CImpWndProc::s_WndProc+0x68
> 0224fb1c 755f8876 007b1fe7 0003006c 00000088
> USER32!InternalCallWinProc+0x23
> 0224fb94 755f70f4 00000000 007b1fe7 0003006c
> USER32!UserCallWinProcCheckWow+0x14b
> 0224fbf0 755f738f 00a38030 00000088 00000020
> USER32!DispatchClientMessage+0xda
> 0224fc18 7713642e 0224fc30 00000018 0224fd04 USER32! fnDWORD+0x24
> 0224fc44 755f93df 73d41430 0224fccc 00000000
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224fc48 73d41430 0224fccc 00000000 00000000
> USER32!NtUserRealInternalGetMessage+0xc
> 0224fc84 73d414e9 0224fccc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xfb
> 0224fcac 755f9429 0224fccc 00000000 00000000 DUser!MphProcessMessage+0x5e
> 0224fcf4 7713642e 0224fd0c 00000014 0224fe98
> USER32! _ClientGetMessageMPH+0x30
> 0224fd1c 755f914b 755f9180 0224fd9c 00000000
> ntdll!KiUserCallbackDispatcher+0x2e
> 0224fd20 755f9180 0224fd9c 00000000 00000000 USER32!NtUserPeekMessage+0xc
> 0224fd48 755f92a9 0224fd9c 00000000 00000000 USER32!PeekMessage+0x73
> 0224fd74 007b1dd4 0224fd9c 00000000 00000000 USER32!PeekMessageW+0xfb
> 0224fdc4 007d5816 00000000 772d18f2 0224fe5c
> Explorer!CTray::MessageLoop+0x2b
> 0224fdd4 772d46bc 00860180 00000000 00000000
> Explorer!CTray::MainThreadProc+0x8a
> 0224fe5c 75d71174 0015f910 0224fea8 7714b3f5
> SHLWAPI!WrapperThreadProc+0x1b5
> 0224fe68 7714b3f5 0015f910 753822cd 00000000
> kernel32!BaseThreadInitThunk+0xe
> 0224fea8 7714b3c8 772d45e9 0015f910 00000000
> ntdll! RtlUserThreadStart+0x70
> 0224fec0 00000000 772d45e9 0015f910 00000000 ntdll!RtlUserThreadStart+0x1b
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> MyMirrorDriver_82370000+1c5a
> 82371c5a 8945e8 mov dword ptr [ebp-18h],eax
>
> SYMBOL_STACK_INDEX: 8
>
> SYMBOL_NAME: MyMirrorDriver_82370000+1c5a
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: MyMirrorDriver_82370000
>
> IMAGE_NAME: MyMirrorDriver.dll
>
> FAILURE_BUCKET_ID: 0x50 MyMirrorDriver_82370000+1c5a
>
> BUCKET_ID: 0x50 MyMirrorDriver_82370000+1c5a
>
> Followup: MachineOwner
> ---------
>
> /sarbojit
>
>
Sarbojit Sarkar wrote:
I have observed one interesting thing.
If I am using 16bits color depth for 800x600 resolution then system is
not crashing but for 1024X768 it is crashing always.
Is it like for 1024X768 16 bits color depth is not supported? if that
is the case then why display properties windows is showing this as an
option?
You are looking in the wrong place. NEVER blame the operating system
first – it just makes you look silly. You have a bug in your mirror
driver. One thing to check is that you are handling the change of
resolution and depth correctly. For example, I believe you’ll find that
the system creates a new instance of your driver with the new resolution
before it disables the old one. If you don’t handle that properly, you
might find yourself at 1024x768 but still with an 800x600-sized
memory-mapped file.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Hi Tim, Thanks a lot for your reply.
My intension was NOT to blame anybody, I was just guessing. Anyways I will
dig it more. BTW, the scenario that you have explained is not applicable in
my case because before loading my mirror driver I have changed resolution
and color depth and then I have loaded my driver. So it is not possible that
my driver will create 800X600 memory for 1024X768 resolution.
/sarbojit
On Tue, Oct 19, 2010 at 9:57 PM, Tim Roberts wrote:
> Sarbojit Sarkar wrote:
> > I have observed one interesting thing.
> > If I am using 16bits color depth for 800x600 resolution then system is
> > not crashing but for 1024X768 it is crashing always.
> > Is it like for 1024X768 16 bits color depth is not supported? if that
> > is the case then why display properties windows is showing this as an
> > option?
>
> You are looking in the wrong place. NEVER blame the operating system
> first – it just makes you look silly. You have a bug in your mirror
> driver. One thing to check is that you are handling the change of
> resolution and depth correctly. For example, I believe you’ll find that
> the system creates a new instance of your driver with the new resolution
> before it disables the old one. If you don’t handle that properly, you
> might find yourself at 1024x768 but still with an 800x600-sized
> memory-mapped file.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Hi,
Please find the comments inline :
My doubts:
1.) Is any know issue with Mirror driver + 16 bits color depth?
---- As per the OS is concerned there is no inherent issue.
2.) Why page fault is happening with 16 bits color depth not 32bits?
---- This is what we need to debug.
3.) I am creating shared memory using EngMapeFile of size = width X hight X
(bits per pixel/8), is this not correct
---- This is correct…
Please check the access mechanism. When you create a surface of size width *
height* (bits per pixel/8), make sure that you are not accessing any
location beyond this boundary…
Thanks
Anshul Makkar
www.justkernel.com
xxxxx@justkernel.com
On Wed, Oct 20, 2010 at 10:06 AM, Sarbojit Sarkar wrote:
> Hi Tim, Thanks a lot for your reply.
>
> My intension was NOT to blame anybody, I was just guessing. Anyways I will
> dig it more. BTW, the scenario that you have explained is not applicable in
> my case because before loading my mirror driver I have changed resolution
> and color depth and then I have loaded my driver. So it is not possible that
> my driver will create 800X600 memory for 1024X768 resolution.
>
> /sarbojit
>
> On Tue, Oct 19, 2010 at 9:57 PM, Tim Roberts wrote:
>
>> Sarbojit Sarkar wrote:
>> > I have observed one interesting thing.
>> > If I am using 16bits color depth for 800x600 resolution then system is
>> > not crashing but for 1024X768 it is crashing always.
>> > Is it like for 1024X768 16 bits color depth is not supported? if that
>> > is the case then why display properties windows is showing this as an
>> > option?
>>
>> You are looking in the wrong place. NEVER blame the operating system
>> first – it just makes you look silly. You have a bug in your mirror
>> driver. One thing to check is that you are handling the change of
>> resolution and depth correctly. For example, I believe you’ll find that
>> the system creates a new instance of your driver with the new resolution
>> before it disables the old one. If you don’t handle that properly, you
>> might find yourself at 1024x768 but still with an 800x600-sized
>> memory-mapped file.
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
–
Thanks Tim and Anshul,
I had made a silly mistake, now it is working fine for all color depths :).
/sarbojit
On Wed, Oct 20, 2010 at 10:15 AM, anshul makkar <
xxxxx@gmail.com> wrote:
Hi,
Please find the comments inline :
My doubts:
1.) Is any know issue with Mirror driver + 16 bits color depth?
---- As per the OS is concerned there is no inherent issue.
2.) Why page fault is happening with 16 bits color depth not 32bits?
---- This is what we need to debug.
3.) I am creating shared memory using EngMapeFile of size = width X hight X
(bits per pixel/8), is this not correct
---- This is correct…Please check the access mechanism. When you create a surface of size width
* height* (bits per pixel/8), make sure that you are not accessing any
location beyond this boundary…Thanks
Anshul Makkar
www.justkernel.com
xxxxx@justkernel.comOn Wed, Oct 20, 2010 at 10:06 AM, Sarbojit Sarkar wrote:
>
>> Hi Tim, Thanks a lot for your reply.
>>
>> My intension was NOT to blame anybody, I was just guessing. Anyways I will
>> dig it more. BTW, the scenario that you have explained is not applicable in
>> my case because before loading my mirror driver I have changed resolution
>> and color depth and then I have loaded my driver. So it is not possible that
>> my driver will create 800X600 memory for 1024X768 resolution.
>>
>> /sarbojit
>>
>> On Tue, Oct 19, 2010 at 9:57 PM, Tim Roberts wrote:
>>
>>> Sarbojit Sarkar wrote:
>>> > I have observed one interesting thing.
>>> > If I am using 16bits color depth for 800x600 resolution then system is
>>> > not crashing but for 1024X768 it is crashing always.
>>> > Is it like for 1024X768 16 bits color depth is not supported? if that
>>> > is the case then why display properties windows is showing this as an
>>> > option?
>>>
>>> You are looking in the wrong place. NEVER blame the operating system
>>> first – it just makes you look silly. You have a bug in your mirror
>>> driver. One thing to check is that you are handling the change of
>>> resolution and depth correctly. For example, I believe you’ll find that
>>> the system creates a new instance of your driver with the new resolution
>>> before it disables the old one. If you don’t handle that properly, you
>>> might find yourself at 1024x768 but still with an 800x600-sized
>>> memory-mapped file.
>>>
>>> –
>>> Tim Roberts, xxxxx@probo.com
>>> Providenza & Boekelheide, Inc.
>>>
>>>
>>> —
>>> NTDEV is sponsored by OSR
>>>
>>> For our schedule of WDF, WDM, debugging and other seminars visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>
>> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
>> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
>> the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
>
> –
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer