Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so mu

True but please don’t get into confrontations. The problem is really — "The keyboard does not know when something is getting arrogant, otherwise it would have paused and say, nop I don’t send this unless I get an override from superuser :-)) "

-pro

On Oct 31, 2010, at 10:23 AM, xxxxx@hotmail.com wrote:

> When the structure is allocated by Windows itself or by another driver, and the contract is “ExFreePool
> must be called on it”.

Sorry, but this is exactly the same thing as saying “you cannot open a file if you don’t know its name”, i.e. something that is so plainly obvious that is not even worth mentioning. Here is exactly the same situation - you cannot call ExFreePoolWithTag() if you haven’t got ‘tag’ parameter for this call so that ExFreePool() is your only available option.

Judging from the way Calvin expressed his thought this is NOT the kind of thing he was talking about…

Anton Bassov

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

That’s one thing.

And some versions NT just don’t have the WithTag version:). Using it may
BSOD depending on the driver load type.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Sunday, October 31, 2010 8:20 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like
VMWare, McAfee, Juniper. Why does it suck so much?

Son, there are occasions ExFreePool is the only option. Heck, maybe this
is
a good interview question to ask when ExFreePoolWithTag can’t be used.

When the structure is allocated by Windows itself or by another driver, and
the contract is “ExFreePool must be called on it”.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Strange. I don’t remember ifdefs like that in sources. Moreover, MSDN
documentation should have clearly stated that you may or may not be
installed in environment which does not support tags. If that will be the
case, I am sure that MSFT guys would:

a. provide a way to check this in runtime

or

b. just remove ExAllocatePoolWithTag from export table, thus your driver
will just fail to load with error “import function is not resolved” if it is
using tag variant of function

Can you please be more specific about “some builds”? I will be interested to
know about such starting from Windows 2000 and higher which were (or are) in
GA (general avilability). Just for my education.

–
Volodymyr (http://www.shcherbyna.com/)

“Calvin Guan” a écrit dans le message de groupe
de discussion : xxxxx@ntdev…
> That’s one thing.
>
> And some versions NT just don’t have the WithTag version:). Using it may
> BSOD depending on the driver load type.
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Sunday, October 31, 2010 8:20 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like
> VMWare, McAfee, Juniper. Why does it suck so much?
>
>> Son, there are occasions ExFreePool is the only option. Heck, maybe this
> is
>> a good interview question to ask when ExFreePoolWithTag can’t be used.
>
> When the structure is allocated by Windows itself or by another driver,
> and
> the contract is “ExFreePool must be called on it”.
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>

> just remove ExAllocatePoolWithTag from export table, thus your driver will just fail to load with

error “import function is not resolved” if it is using tag variant of function

Well, there is not that much to remove from the export table if ExAllocatePoolWithTag() is not there anyway, don’t you think…

I think what Calvin meant in his follow-up post is that a driver will faill to load ( which may result in BSOD if this driver is critical for the OS’s operations) if it relies on API function that cannot be found in the corresponding module’s export table.

Therefore, if you want your driver binary to run on those systems that don’t export ExAllocatePoolWithTag()
you have to use only ExAllocatePool().

Anton Bassov

Actually, they all had the allocations WithTag, but the
ExFreePoolWithTag was unsupported, then for a while undocumented. Even
once it was documented, both Oney and OSR presented it as “a waste of
time” in their classes. I suspect the attitude was because a lot of
Microsoft dev’s would say that on the function when if was first
documented.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“Calvin Guan” wrote in message
news:xxxxx@ntdev:

> That’s one thing.
>
> And some versions NT just don’t have the WithTag version:). Using it may
> BSOD depending on the driver load type.
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Sunday, October 31, 2010 8:20 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like
> VMWare, McAfee, Juniper. Why does it suck so much?
>
> > Son, there are occasions ExFreePool is the only option. Heck, maybe this
> is
> > a good interview question to ask when ExFreePoolWithTag can’t be used.
>
> When the structure is allocated by Windows itself or by another driver, and
> the contract is “ExFreePool must be called on it”.
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Hmmmm… I don’t THINK that’s true. We don’t, as a rule, even teach the function ExAllocatePoolWithTag or any other similar function. We might talk about it in passing… but we don’t teach seminars in which we enumerate functions like that (“here you go, boys and girls… when you want to allocate scratch storage you can call ExAllocatePoolWithTag…”). We just don’t – and never have had – a slide like that in any of our seminars.

Now… *I* may have told YOU that *I* think it’s a waste of time… Because, ah, basically, I DO. It’s only likely to catch a vanishingly small category of error which is the type of error that you won’t encounter if you use strongly typed pointers in the first place, AND you have to be a dev that already has enough discipline to use a unique pool tag for (only) each TYPE of allocation… but not ENOUGH discipline to want to use a unique tag for each LOCATION where the allocation takes place (a far more useful practice, when you’re trying to chase-down a leak, if you ask me).

So, no… I can pretty much assure you that we never did “present it as ‘a waste of time’ in our classes.” Maybe you’re thinking of Wally…

Peter
OSR

> And some versions NT just don’t have the WithTag version:).

In NT3? even NT4 had WithTag version.

Using it may BSOD depending on the driver load type.

No. Not BSOD.

Boot driver load failure fails the whole boot loader before the kernel and its BSOD code is initialized. 2008 R2 reboots to recovery console immediately.

Non-boot driver load failure IIRC fails nothing except its own devnode (the yellow sign in the Device Manager).

There was also an ErrorControl registry value, but I think it is ignored in modern Windows, for boot drivers at least.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

OK. But it would be interesting to know exact info about these special
builds of Windows.

“Sons” demand some proof from “father”. Naming such OS (so I can download
it) or putting here ntoskrnl.exe will be enough.

–
Volodymyr (http://www.shcherbyna.com/)

a écrit dans le message de groupe de discussion :
xxxxx@ntdev…
>> just remove ExAllocatePoolWithTag from export table, thus your driver
>> will just fail to load with
>> error “import function is not resolved” if it is using tag variant of
>> function
>
>
> Well, there is not that much to remove from the export table if
> ExAllocatePoolWithTag() is not there anyway, don’t you think…
>
>
> I think what Calvin meant in his follow-up post is that a driver will
> faill to load ( which may result in BSOD if this driver is critical for
> the OS’s operations) if it relies on API function that cannot be found in
> the corresponding module’s export table.
>
>
> Therefore, if you want your driver binary to run on those systems that
> don’t export ExAllocatePoolWithTag()
> you have to use only ExAllocatePool().
>
>
> Anton Bassov
>

Max,

I’ll be very surprised if you can find ExFreePoolWithTag on NT4. I do
remember some NT doesn’t have this…That’s many many years ago. Maybe my
memory is so screwed up???

Anton has correctly interpreted what I meant by BSOD in my context. He is
reading my mind this time.

Game is over.

Calvin

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Sunday, October 31, 2010 11:05 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like
VMWare, McAfee, Juniper. Why does it suck so much?

And some versions NT just don’t have the WithTag version:).

In NT3? even NT4 had WithTag version.

Using it may BSOD depending on the driver load type.

No. Not BSOD.

Boot driver load failure fails the whole boot loader before the kernel and
its BSOD code is initialized. 2008 R2 reboots to recovery console
immediately.

Non-boot driver load failure IIRC fails nothing except its own devnode (the
yellow sign in the Device Manager).

There was also an ErrorControl registry value, but I think it is ignored in
modern Windows, for boot drivers at least.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Since two big names in this list are being so sure about the existence of
WithTag variants on ALL NT, I was determined to prove or disprove my memory.

And here it goes:

Insert my NT OEM install CD to d: drive and:

c:\Users\cguan>dumpbin /exports d:\I386\NTOSKRNL.EXE|grep -i ExFreePool
101 43 0000A442 ExFreePool

c:\Users\cguan>dumpbin /exports d:\I386\NTOSKRNL.EXE|grep -i WithTag
88 36 00009BA8 ExAllocatePoolWithTag
89 37 00009B6E ExAllocatePoolWithTagPriority
153 86 0000CD3C FsRtlAllocatePoolWithTag

c:\Users\cguan>

So my memory is not out of whack (yet) although I’m getting older and
retarded gradually:)

Calvin

-----Original Message-----
From: Calvin Guan [mailto:xxxxx@gradovec.com]
Sent: Monday, November 01, 2010 7:36 PM
To: ‘Windows System Software Devs Interest List’
Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like
VMWare, McAfee, Juniper. Why does it suck so much?

Max,

I’ll be very surprised if you can find ExFreePoolWithTag on NT4. I do
remember some NT doesn’t have this…That’s many many years ago. Maybe my
memory is so screwed up???

Anton has correctly interpreted what I meant by BSOD in my context. He is
reading my mind this time.

Game is over.

Calvin

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Sunday, October 31, 2010 11:05 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like
VMWare, McAfee, Juniper. Why does it suck so much?

And some versions NT just don’t have the WithTag version:).

In NT3? even NT4 had WithTag version.

Using it may BSOD depending on the driver load type.

No. Not BSOD.

Boot driver load failure fails the whole boot loader before the kernel and
its BSOD code is initialized. 2008 R2 reboots to recovery console
immediately.

Non-boot driver load failure IIRC fails nothing except its own devnode (the
yellow sign in the Device Manager).

There was also an ErrorControl registry value, but I think it is ignored in
modern Windows, for boot drivers at least.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

>

Since two big names in this list are being so sure about the existence
of
WithTag variants on ALL NT, I was determined to prove or disprove my
memory.

And here it goes:

Insert my NT OEM install CD to d: drive and:

c:\Users\cguan>dumpbin /exports d:\I386\NTOSKRNL.EXE|grep -i
ExFreePool
101 43 0000A442 ExFreePool

c:\Users\cguan>dumpbin /exports d:\I386\NTOSKRNL.EXE|grep -i WithTag
88 36 00009BA8 ExAllocatePoolWithTag
89 37 00009B6E ExAllocatePoolWithTagPriority
153 86 0000CD3C FsRtlAllocatePoolWithTag

c:\Users\cguan>

So my memory is not out of whack (yet) although I’m getting older and
retarded gradually:)

Bah. Facts are meaningless. You can use facts to prove anything that’s
even remotely true.[1]

James

[1] with apologies to Homer Simpson

On 10/31/2010 2:34 PM, xxxxx@hotmail.com wrote:

I would like to […] know in which situation ExFreePoolWithTag can’t be used.

You can’t use ExFreePoolWithTag if you need your driver to run on
‘legacy’ platforms. (E.g. Win98SE and WinME don’t have it.)

[Of course this is not a problem for most people. Most people can afford
to only write drivers for the latest and greatest OS version.]

I couldn’t resist this - sorry. And apologies to the Bard.

The quality of drivers is not strained,
It droppeth as the gentle rain from Redmond
Upon the Devs beneath. It is twice blest:
It blesseth the Dev that writes and the customer who takes.
Tis mightiest in the mightiest: it becomes
The skilled Dev better than his BSOD.
His skill shows the force of Verifier and PreFast,
The attributes of awe and majesty.
Wherein doth sit the dread and fear of customers.
But quality is above this sceptered sway.
It is enthroned in the hearts of NTDev;
It is an attribute of Cutler himself.
And earthly power doth then show like God’s
When drivers have no BSODs.

>>Since two big names in this list are being so sure about the existence of WithTag variants on ALL NT, I was determined to prove or disprove my memory. And here it goes: Insert my NT OEM install CD to d: drive and: <<

Being none of these two names, I still wait for the answer to my question about “2k and higher OS” which have no tag version of the function.

> I’ll be very surprised if you can find ExFreePoolWithTag on NT4.

Sorry, ExAllocatePoolWithTag was there in NT4. About ExFreePoolWithTag, you’re correct.

And yes, most people here forgot NT4 some years ago, some even forgot it in 2006 when it was officially out of support, and some were working on non-NT4-compat products (thus forgetting NT4 OS) since 2004.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

PROTECTED_POOL is not documented on purpose. It’s been deprecated and starting with WS03 it is completely ignored by the kernel. We probably can’t just remove it from WDK headers right away but I’ll make sure it is at least marked as deprecated.

Similarly, the tag passed to ExFreePoolWithTag is completely ignored on current OS versions. Of course, you shouldn’t rely on the fact that it is ignored, because theoretically the kernel (or driver verifier) could starting enforcing this in the future.

Thanks,
Pavel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Thursday, October 28, 2010 7:27 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?

I would pull up the MSDN page for ExAllocatePoolWithTag and use the feedback link to make a note of this, that will get this over to the right folks who can make the doc change.

• S

-----Original Message-----
From: Bill Wandel
Sent: Thursday, October 28, 2010 19:22
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?

Thanks. This is not in the WDK documentation.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Thursday, October 28, 2010 10:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?

From ntddk.h:

//
// If high order bit in Pool tag is set, then must use ExFreePoolWithTag to free //

#define PROTECTED_POOL 0x80000000

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Thursday, October 28, 2010 6:53 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?

Don,

What is the PROTECTED_POOL flag?

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Thursday, October 28, 2010 7:16 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?

Do you use ExFreePoolWithTag and the PROTECTED_POOL flag on the tag? I forgot this on my previous list, but this is an excellent model for being sure the memory you free is what you think you are freeing.

It worked fine in Windows Server 2003, and in the beta’s Server 2008 I
haven’t forced a bug lately. Now since that was a while ago, it may
have been checked build but it definitely worked.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“Pavel Lebedynskiy” wrote in message
news:xxxxx@ntdev:

> PROTECTED_POOL is not documented on purpose. It’s been deprecated and starting with WS03 it is completely ignored by the kernel. We probably can’t just remove it from WDK headers right away but I’ll make sure it is at least marked as deprecated.
>
> Similarly, the tag passed to ExFreePoolWithTag is completely ignored on current OS versions. Of course, you shouldn’t rely on the fact that it is ignored, because theoretically the kernel (or driver verifier) could starting enforcing this in the future.

>
> Thanks,
> Pavel
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
> Sent: Thursday, October 28, 2010 7:27 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?
>
> I would pull up the MSDN page for ExAllocatePoolWithTag and use the feedback link to make a note of this, that will get this over to the right folks who can make the doc change.
>
> - S
>
> -----Original Message-----
> From: Bill Wandel
> Sent: Thursday, October 28, 2010 19:22
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?
>
>
> Thanks. This is not in the WDK documentation.
>
> Bill Wandel
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
> Sent: Thursday, October 28, 2010 10:02 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?
>
> From ntddk.h:
>
> //
> // If high order bit in Pool tag is set, then must use ExFreePoolWithTag to free //
>
> #define PROTECTED_POOL 0x80000000
>
> - S
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
> Sent: Thursday, October 28, 2010 6:53 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?
>
> Don,
>
> What is the PROTECTED_POOL flag?
>
> Bill Wandel
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: Thursday, October 28, 2010 7:16 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Quality of kernel drivers of well-known vendors like VMWare, McAfee, Juniper. Why does it suck so much?
>
> Do you use ExFreePoolWithTag and the PROTECTED_POOL flag on the tag? I forgot this on my previous list, but this is an excellent model for being sure the memory you free is what you think you are freeing.

Contiuing on the subject of quality of drivers. This time about OSR (DBGSYS.sys):

BugCheck A, {10ac, ff, 0, 80a60250}

*** ERROR: Module load completed but symbols could not be loaded for DBGSYS.SYS
Page 125fbf not present in the dump file. Type ".hh dbgerr004" for details
Page 126193 not present in the dump file. Type ".hh dbgerr004" for details

Followup: MachineOwner

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000010ac, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80a60250, address which referenced memory

Debugging Details:

Page 125fbf not present in the dump file. Type ".hh dbgerr004" for details
Page 126193 not present in the dump file. Type ".hh dbgerr004" for details

READ_ADDRESS: 000010ac

CURRENT_IRQL: 0

FAULTING_IP:
hal!HalpLowerIrqlHardwareInterrupts+5c
80a60250 8a0e mov cl,byte ptr [esi]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: msiexec.exe

TRAP_FRAME: b60aacc8 -- (.trap 0xffffffffb60aacc8)
ErrCode = 00000000
eax=0000037c ebx=b60b8be0 ecx=000000e0 edx=00000003 esi=000010ac edi=0000005c
eip=80a60250 esp=b60aad3c ebp=b60aad58 iopl=0 nv up di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=003b gs=0000 efl=00010006
hal!HalpLowerIrqlHardwareInterrupts+0x5c:
80a60250 8a0e mov cl,byte ptr [esi] ds:0023:000010ac=??
Resetting default scope

LAST_CONTROL_TRANSFER: from 80a60250 to 8088c9cb

STACK_TEXT:
b60aacc8 80a60250 badb0d00 00000003 00000000 nt!KiTrap0E+0x2a7
b60aad58 80a6044d b60b8b00 000000e0 b60aad70 hal!HalpLowerIrqlHardwareInterrupts+0x5c
b60aad68 b60b7605 b60aad90 b60b7693 b60b8b00 hal!KfLowerIrql+0x59
WARNING: Stack unwind information not available. Following frames may be wrong.
b60aad70 b60b7693 b60b8b00 000000e0 00000000 DBGSYS+0x605
b60aad90 b60b76fc 0083e8e0 0000005c 0083e838 DBGSYS+0x693
b60aada0 b60b748c 00000000 00000200 0083e838 DBGSYS+0x6fc
b60aada4 00000000 00000200 0083e838 b60aadc8 DBGSYS+0x48c

STACK_COMMAND: kb

FOLLOWUP_IP:
DBGSYS+605
b60b7605 5d pop ebp

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: DBGSYS+605

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: DBGSYS

IMAGE_NAME: DBGSYS.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 4c86939e

FAILURE_BUCKET_ID: 0xA_DBGSYS+605

BUCKET_ID: 0xA_DBGSYS+605

Followup: MachineOwner

kd> lmv m DBGSYS
start end module name
b60b7000 b60b9480 DBGSYS (no symbols)
Loaded symbol image file: DBGSYS.SYS
Image path: ??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBGSYS.SYS
Image name: DBGSYS.SYS
Timestamp: Tue Sep 07 21:33:50 2010 (4C86939E)
CheckSum: 0000FE33
ImageSize: 00002480
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Ah! You’re complaining about the quality of a driver that’s (a) free, (b) that’s restricted to use for diagnostics and debugging on a test computer??

We have a (rather strange) saying in English for this: “Looking a gift horse in the mouth” (see http://www.phrases.org.uk/meanings/dont-look-a-gift-horse-in-the-mouth.html).

Will you feel better if we remove the utility from download? Cuz I’ll be happy to do that if that’s what the community prefers,

Peter
OSR

Hello Peter,

>Ah! You’re complaining about the quality of a driver that’s (a) free, (b) that’s restricted to use for diagnostics and debugging on a test computer??

We have a (rather strange) saying in English for this: “Looking a gift horse in the mouth” (see http://www.phrases.org.uk/meanings/dont-look-a-gift-horse-in-the-mouth.html). <<

The same exist I guess in any languages Well, I forgot to add smile when writing about OSR :). I agree that it is free, and there is nothing to complain, just wrote here so you guys may be interested in fixing it.

(I have a minidump and dump files)