Question about KeSetEvent

OSR_Community_User · June 26, 2003, 10:26pm

Hi All,

I am developping a FS filter driver based filespy sample,and i define
myself private IOCTL “FILESPY_SetOk”.I have added some code in
IRP_MJ_DEVICE_CONTROL dispatch routine:

NTSTATUS
SpyControl(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PIO_STACK_LOCATION irpStack;
PVOID ioBuffer;
ULONG InputBufferLength;
ULONG OutputBufferLength;
PDEVICE_EXTENSION deviceExtension;
ULONG ioControlCode;
KIRQL oldIrql;

PWSTR deviceName = NULL;

#if DBG
DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
#endif
//
// Get a pointer to the current location in the Irp. This is where
// the function codes and parameters are located.
//
deviceExtension = (PDEVICE_EXTENSION)
DeviceObject->DeviceExtension;

// Can’t accept a new io request if:
// 1) device is removed,
// 2) has never been started,
// 3) is stopped,
// 4) has a remove request pending,
// 5) has a stop device pending
irpStack = IoGetCurrentIrpStackLocation (Irp);

Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;

// get pointers and lengths of the caller’s (user’s) IO buffer
ioBuffer = Irp->AssociatedIrp.SystemBuffer;
InputBufferLength =
irpStack->Parameters.DeviceIoControl.InputBufferLength;
OutputBufferLength =
irpStack->Parameters.DeviceIoControl.OutputBufferLength;

ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
switch( ioControlCode)
{
…
//the following is my code
case FILESPY_SetOk:
KeAcquireSpinLock( &gPassOkLock, &oldIrql );
KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
KeReleaseSpinLock( &gPassOkLock, oldIrql );

ntStatus = STATUS_SUCCESS;
break;
}
IoCompleteRequest( Irp, IO_NO_INCREMENT );

return ntStatus;
}

I have Added code in USER MODE App:

bResult = DeviceIoControl(
hDevice,
FILESPY_SetOk,
NULL,
0,
NULL,
0,
&bytesReturned,
NULL);

However,My OS reboot when I running Program.Why?

Thanks a lot!

sailing_an

Alexei_Jelvis-2 · June 26, 2003, 11:37pm

If you asking why OS reboot instead of displaying blue screen - there are
setting in control panel that control this behavior. You need to change
those settings and attach kernel debugger if you want to analyze why it
crashes.
There is absolutely no point to acquire spinlock when you set event although
it doesn’t cause crash.
There are some things that are absent in the code fragment and may be done
wrong:

you may fail to initialize event
you may allocate event in paged memory
you may fail to initialize spinlock
you may allocate spinlock in paged memory

Alexei.

“beginner_an” wrote in message news:xxxxx@ntfsd…
>
> Hi All,
>
> I am developping a FS filter driver based filespy sample,and i define
> myself private IOCTL “FILESPY_SetOk”.I have added some code in
> IRP_MJ_DEVICE_CONTROL dispatch routine:
>
> NTSTATUS
> SpyControl(
> IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp)
> {
> NTSTATUS ntStatus = STATUS_SUCCESS;
> PIO_STACK_LOCATION irpStack;
> PVOID ioBuffer;
> ULONG InputBufferLength;
> ULONG OutputBufferLength;
> PDEVICE_EXTENSION deviceExtension;
> ULONG ioControlCode;
> KIRQL oldIrql;
>
> PWSTR deviceName = NULL;
>
> #if DBG
> DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> #endif
> //
> // Get a pointer to the current location in the Irp. This is where
> // the function codes and parameters are located.
> //
> deviceExtension = (PDEVICE_EXTENSION)
> DeviceObject->DeviceExtension;
>
>
> // Can’t accept a new io request if:
> // 1) device is removed,
> // 2) has never been started,
> // 3) is stopped,
> // 4) has a remove request pending,
> // 5) has a stop device pending
> irpStack = IoGetCurrentIrpStackLocation (Irp);
>
> Irp->IoStatus.Status = STATUS_SUCCESS;
> Irp->IoStatus.Information = 0;
>
> // get pointers and lengths of the caller’s (user’s) IO buffer
> ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> InputBufferLength =
> irpStack->Parameters.DeviceIoControl.InputBufferLength;
> OutputBufferLength =
> irpStack->Parameters.DeviceIoControl.OutputBufferLength;
>
> ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
> switch( ioControlCode)
> {
> …
> //the following is my code
> case FILESPY_SetOk:
> KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> KeReleaseSpinLock( &gPassOkLock, oldIrql );
>
> ntStatus = STATUS_SUCCESS;
> break;
> }
> IoCompleteRequest( Irp, IO_NO_INCREMENT );
>
> return ntStatus;
> }
>
> I have Added code in USER MODE App:
>
> bResult = DeviceIoControl(
> hDevice,
> FILESPY_SetOk,
> NULL,
> 0,
> NULL,
> 0,
> &bytesReturned,
> NULL);
>
>
> However,My OS reboot when I running Program.Why?
>
> Thanks a lot!
>
> sailing_an
>
>

OSR_Community_User · June 27, 2003, 1:56am

Hi Alexei,

Thank you for your advice!

I have got rid of spinlock,but OS still blue screen,and the screen print"
stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
KMODE_EXCEPTION_NOT_HANDLED"

The Event of gPassOk is a global variable,so it is allocated in nonpaged
memory.

“- you may allocate event in paged memory”,can you elorbrate this?

I have’t way to debug program because I have only one computer.

can you tell me how to debug program on my computer?

Thanks a lot!

sailing_an

If you asking why OS reboot instead of displaying blue screen - there are
setting in control panel that control this behavior. You need to change
those settings and attach kernel debugger if you want to analyze why it
crashes.
There is absolutely no point to acquire spinlock when you set event although
it doesn’t cause crash.
There are some things that are absent in the code fragment and may be done
wrong:

you may fail to initialize event

you may allocate event in paged memory

you may fail to initialize spinlock

you may allocate spinlock in paged memory

Alexei.

“beginner_an” wrote in message news:xxxxx@ntfsd…
> >
> > Hi All,
> >
> > I am developping a FS filter driver based filespy sample,and i define
> > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > IRP_MJ_DEVICE_CONTROL dispatch routine:
> >
> > NTSTATUS
> > SpyControl(
> > IN PDEVICE_OBJECT DeviceObject,
> > IN PIRP Irp)
> > {
> > NTSTATUS ntStatus = STATUS_SUCCESS;
> > PIO_STACK_LOCATION irpStack;
> > PVOID ioBuffer;
> > ULONG InputBufferLength;
> > ULONG OutputBufferLength;
> > PDEVICE_EXTENSION deviceExtension;
> > ULONG ioControlCode;
> > KIRQL oldIrql;
> >
> > PWSTR deviceName = NULL;
> >
> > #if DBG
> > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > #endif
> > //
> > // Get a pointer to the current location in the Irp. This is where
> > // the function codes and parameters are located.
> > //
> > deviceExtension = (PDEVICE_EXTENSION)
> > DeviceObject->DeviceExtension;
> >
> >
> > // Can’t accept a new io request if:
> > // 1) device is removed,
> > // 2) has never been started,
> > // 3) is stopped,
> > // 4) has a remove request pending,
> > // 5) has a stop device pending
> > irpStack = IoGetCurrentIrpStackLocation (Irp);
> >
> > Irp->IoStatus.Status = STATUS_SUCCESS;
> > Irp->IoStatus.Information = 0;
> >
> > // get pointers and lengths of the caller’s (user’s) IO buffer
> > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > InputBufferLength =
> > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > OutputBufferLength =
> > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> >
> > ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
> > switch( ioControlCode)
> > {
> > …
> > //the following is my code
> > case FILESPY_SetOk:
> > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> >
> > ntStatus = STATUS_SUCCESS;
> > break;
> > }
> > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> >
> > return ntStatus;
> > }
> >
> > I have Added code in USER MODE App:
> >
> > bResult = DeviceIoControl(
> > hDevice,
> > FILESPY_SetOk,
> > NULL,
> > 0,
> > NULL,
> > 0,
> > &bytesReturned,
> > NULL);
> >
> >
> > However,My OS reboot when I running Program.Why?
> >
> > Thanks a lot!
> >
> > sailing_an
> >
> >

Alexey_Logachyov · June 27, 2003, 4:35am

How do you define FILESPY_SetOk?

-htfv

----- Original Message -----
From: “beginner_an”
To: “File Systems Developers”
Sent: Friday, June 27, 2003 8:56 AM
Subject: [ntfsd] Re: Question about KeSetEvent

> Hi Alexei,
>
> Thank you for your advice!
>
> I have got rid of spinlock,but OS still blue screen,and the screen print"
> stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
> KMODE_EXCEPTION_NOT_HANDLED"
>
> The Event of gPassOk is a global variable,so it is allocated in nonpaged
> memory.
>
> “- you may allocate event in paged memory”,can you elorbrate this?
>
> I have’t way to debug program because I have only one computer.
>
> can you tell me how to debug program on my computer?
>
> Thanks a lot!
>
> sailing_an
>
> > If you asking why OS reboot instead of displaying blue screen - there
are
> > setting in control panel that control this behavior. You need to change
> > those settings and attach kernel debugger if you want to analyze why it
> > crashes.
> > There is absolutely no point to acquire spinlock when you set event
although
> > it doesn’t cause crash.
> > There are some things that are absent in the code fragment and may be
done
> > wrong:
> > - you may fail to initialize event
> > - you may allocate event in paged memory
> > - you may fail to initialize spinlock
> > - you may allocate spinlock in paged memory
> >
> > Alexei.
> >
> > “beginner_an” wrote in message
news:xxxxx@ntfsd…
> > >
> > > Hi All,
> > >
> > > I am developping a FS filter driver based filespy sample,and i define
> > > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > > IRP_MJ_DEVICE_CONTROL dispatch routine:
> > >
> > > NTSTATUS
> > > SpyControl(
> > > IN PDEVICE_OBJECT DeviceObject,
> > > IN PIRP Irp)
> > > {
> > > NTSTATUS ntStatus = STATUS_SUCCESS;
> > > PIO_STACK_LOCATION irpStack;
> > > PVOID ioBuffer;
> > > ULONG InputBufferLength;
> > > ULONG OutputBufferLength;
> > > PDEVICE_EXTENSION deviceExtension;
> > > ULONG ioControlCode;
> > > KIRQL oldIrql;
> > >
> > > PWSTR deviceName = NULL;
> > >
> > > #if DBG
> > > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > > #endif
> > > //
> > > // Get a pointer to the current location in the Irp. This is where
> > > // the function codes and parameters are located.
> > > //
> > > deviceExtension = (PDEVICE_EXTENSION)
> > > DeviceObject->DeviceExtension;
> > >
> > >
> > > // Can’t accept a new io request if:
> > > // 1) device is removed,
> > > // 2) has never been started,
> > > // 3) is stopped,
> > > // 4) has a remove request pending,
> > > // 5) has a stop device pending
> > > irpStack = IoGetCurrentIrpStackLocation (Irp);
> > >
> > > Irp->IoStatus.Status = STATUS_SUCCESS;
> > > Irp->IoStatus.Information = 0;
> > >
> > > // get pointers and lengths of the caller’s (user’s) IO buffer
> > > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > > InputBufferLength =
> > > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > > OutputBufferLength =
> > > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> > >
> > > ioControlCode =
irpStack->Parameters.DeviceIoControl.IoControlCode;
> > > switch( ioControlCode)
> > > {
> > > …
> > > //the following is my code
> > > case FILESPY_SetOk:
> > > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> > >
> > > ntStatus = STATUS_SUCCESS;
> > > break;
> > > }
> > > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> > >
> > > return ntStatus;
> > > }
> > >
> > > I have Added code in USER MODE App:
> > >
> > > bResult = DeviceIoControl(
> > > hDevice,
> > > FILESPY_SetOk,
> > > NULL,
> > > 0,
> > > NULL,
> > > 0,
> > > &bytesReturned,
> > > NULL);
> > >
> > >
> > > However,My OS reboot when I running Program.Why?
> > >
> > > Thanks a lot!
> > >
> > > sailing_an
> > >
> > >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User · June 27, 2003, 4:43am

Hi htfv

I define FILESPY_SetOk in MyFileSpy.h file:

#define FILESPY_SetOk (ULONG) CTL_CODE( FILESPY_DEVICE_TYPE, 0x07,
METHOD_BUFFERED, FILE_ANY_ACCESS )

Thank you !

sailing_an

How do you define FILESPY_SetOk?

-htfv

----- Original Message -----
From: “beginner_an”
> To: “File Systems Developers”
> Sent: Friday, June 27, 2003 8:56 AM
> Subject: [ntfsd] Re: Question about KeSetEvent
>
>
> > Hi Alexei,
> >
> > Thank you for your advice!
> >
> > I have got rid of spinlock,but OS still blue screen,and the screen print"
> > stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
> > KMODE_EXCEPTION_NOT_HANDLED"
> >
> > The Event of gPassOk is a global variable,so it is allocated in nonpaged
> > memory.
> >
> > “- you may allocate event in paged memory”,can you elorbrate this?
> >
> > I have’t way to debug program because I have only one computer.
> >
> > can you tell me how to debug program on my computer?
> >
> > Thanks a lot!
> >
> > sailing_an
> >
> > > If you asking why OS reboot instead of displaying blue screen - there
> are
> > > setting in control panel that control this behavior. You need to change
> > > those settings and attach kernel debugger if you want to analyze why it
> > > crashes.
> > > There is absolutely no point to acquire spinlock when you set event
> although
> > > it doesn’t cause crash.
> > > There are some things that are absent in the code fragment and may be
> done
> > > wrong:
> > > - you may fail to initialize event
> > > - you may allocate event in paged memory
> > > - you may fail to initialize spinlock
> > > - you may allocate spinlock in paged memory
> > >
> > > Alexei.
> > >
> > > “beginner_an” wrote in message
> news:xxxxx@ntfsd…
> > > >
> > > > Hi All,
> > > >
> > > > I am developping a FS filter driver based filespy sample,and i define
> > > > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > > > IRP_MJ_DEVICE_CONTROL dispatch routine:
> > > >
> > > > NTSTATUS
> > > > SpyControl(
> > > > IN PDEVICE_OBJECT DeviceObject,
> > > > IN PIRP Irp)
> > > > {
> > > > NTSTATUS ntStatus = STATUS_SUCCESS;
> > > > PIO_STACK_LOCATION irpStack;
> > > > PVOID ioBuffer;
> > > > ULONG InputBufferLength;
> > > > ULONG OutputBufferLength;
> > > > PDEVICE_EXTENSION deviceExtension;
> > > > ULONG ioControlCode;
> > > > KIRQL oldIrql;
> > > >
> > > > PWSTR deviceName = NULL;
> > > >
> > > > #if DBG
> > > > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > > > #endif
> > > > //
> > > > // Get a pointer to the current location in the Irp. This is where
> > > > // the function codes and parameters are located.
> > > > //
> > > > deviceExtension = (PDEVICE_EXTENSION)
> > > > DeviceObject->DeviceExtension;
> > > >
> > > >
> > > > // Can’t accept a new io request if:
> > > > // 1) device is removed,
> > > > // 2) has never been started,
> > > > // 3) is stopped,
> > > > // 4) has a remove request pending,
> > > > // 5) has a stop device pending
> > > > irpStack = IoGetCurrentIrpStackLocation (Irp);
> > > >
> > > > Irp->IoStatus.Status = STATUS_SUCCESS;
> > > > Irp->IoStatus.Information = 0;
> > > >
> > > > // get pointers and lengths of the caller’s (user’s) IO buffer
> > > > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > > > InputBufferLength =
> > > > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > > > OutputBufferLength =
> > > > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> > > >
> > > > ioControlCode =
> irpStack->Parameters.DeviceIoControl.IoControlCode;
> > > > switch( ioControlCode)
> > > > {
> > > > …
> > > > //the following is my code
> > > > case FILESPY_SetOk:
> > > > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > > > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > > > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> > > >
> > > > ntStatus = STATUS_SUCCESS;
> > > > break;
> > > > }
> > > > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> > > >
> > > > return ntStatus;
> > > > }
> > > >
> > > > I have Added code in USER MODE App:
> > > >
> > > > bResult = DeviceIoControl(
> > > > hDevice,
> > > > FILESPY_SetOk,
> > > > NULL,
> > > > 0,
> > > > NULL,
> > > > 0,
> > > > &bytesReturned,
> > > > NULL);
> > > >
> > > >
> > > > However,My OS reboot when I running Program.Why?
> > > >
> > > > Thanks a lot!
> > > >
> > > > sailing_an
> > > >
> > > >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >

Alexey_Logachyov · June 27, 2003, 4:47am

How do you declare gPassOk? Are you sure that you pass a pointer to KEVENT
structure to KeSetEvent routine and not the structure itself? Are you sure
that you declare KEVENT structure and not PKEVENT pointer to nowhere? Are
you sure that you initialize youe KEVENT structure with KeInitializeEvent?
Are you sure that KeSetEvent is bugchecking and not the code after
KeWaitForSingleObject?

Setup WinDBG and analyze crashdump. If you setup WinDBG properly it will
show you stack trace and faulting source line. Analyzing of crashdumps is
very easy (if you have symbol files of course).

-htfv

----- Original Message -----
From: “beginner_an”
To: “File Systems Developers”
Sent: Friday, June 27, 2003 8:56 AM
Subject: [ntfsd] Re: Question about KeSetEvent

> Hi Alexei,
>
> Thank you for your advice!
>
> I have got rid of spinlock,but OS still blue screen,and the screen print"
> stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
> KMODE_EXCEPTION_NOT_HANDLED"
>
> The Event of gPassOk is a global variable,so it is allocated in nonpaged
> memory.
>
> “- you may allocate event in paged memory”,can you elorbrate this?
>
> I have’t way to debug program because I have only one computer.
>
> can you tell me how to debug program on my computer?
>
> Thanks a lot!
>
> sailing_an
>
> > If you asking why OS reboot instead of displaying blue screen - there
are
> > setting in control panel that control this behavior. You need to change
> > those settings and attach kernel debugger if you want to analyze why it
> > crashes.
> > There is absolutely no point to acquire spinlock when you set event
although
> > it doesn’t cause crash.
> > There are some things that are absent in the code fragment and may be
done
> > wrong:
> > - you may fail to initialize event
> > - you may allocate event in paged memory
> > - you may fail to initialize spinlock
> > - you may allocate spinlock in paged memory
> >
> > Alexei.
> >
> > “beginner_an” wrote in message
news:xxxxx@ntfsd…
> > >
> > > Hi All,
> > >
> > > I am developping a FS filter driver based filespy sample,and i define
> > > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > > IRP_MJ_DEVICE_CONTROL dispatch routine:
> > >
> > > NTSTATUS
> > > SpyControl(
> > > IN PDEVICE_OBJECT DeviceObject,
> > > IN PIRP Irp)
> > > {
> > > NTSTATUS ntStatus = STATUS_SUCCESS;
> > > PIO_STACK_LOCATION irpStack;
> > > PVOID ioBuffer;
> > > ULONG InputBufferLength;
> > > ULONG OutputBufferLength;
> > > PDEVICE_EXTENSION deviceExtension;
> > > ULONG ioControlCode;
> > > KIRQL oldIrql;
> > >
> > > PWSTR deviceName = NULL;
> > >
> > > #if DBG
> > > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > > #endif
> > > //
> > > // Get a pointer to the current location in the Irp. This is where
> > > // the function codes and parameters are located.
> > > //
> > > deviceExtension = (PDEVICE_EXTENSION)
> > > DeviceObject->DeviceExtension;
> > >
> > >
> > > // Can’t accept a new io request if:
> > > // 1) device is removed,
> > > // 2) has never been started,
> > > // 3) is stopped,
> > > // 4) has a remove request pending,
> > > // 5) has a stop device pending
> > > irpStack = IoGetCurrentIrpStackLocation (Irp);
> > >
> > > Irp->IoStatus.Status = STATUS_SUCCESS;
> > > Irp->IoStatus.Information = 0;
> > >
> > > // get pointers and lengths of the caller’s (user’s) IO buffer
> > > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > > InputBufferLength =
> > > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > > OutputBufferLength =
> > > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> > >
> > > ioControlCode =
irpStack->Parameters.DeviceIoControl.IoControlCode;
> > > switch( ioControlCode)
> > > {
> > > …
> > > //the following is my code
> > > case FILESPY_SetOk:
> > > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> > >
> > > ntStatus = STATUS_SUCCESS;
> > > break;
> > > }
> > > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> > >
> > > return ntStatus;
> > > }
> > >
> > > I have Added code in USER MODE App:
> > >
> > > bResult = DeviceIoControl(
> > > hDevice,
> > > FILESPY_SetOk,
> > > NULL,
> > > 0,
> > > NULL,
> > > 0,
> > > &bytesReturned,
> > > NULL);
> > >
> > >
> > > However,My OS reboot when I running Program.Why?
> > >
> > > Thanks a lot!
> > >
> > > sailing_an
> > >
> > >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User · June 27, 2003, 5:12am

Hi htfv,

Thank you for your advice!

unfortunately,I can’t use WinDbg because I have only one computer.

regards:

sailing_an

How do you declare gPassOk? Are you sure that you pass a pointer to KEVENT
structure to KeSetEvent routine and not the structure itself? Are you sure
that you declare KEVENT structure and not PKEVENT pointer to nowhere? Are
you sure that you initialize youe KEVENT structure with KeInitializeEvent?
Are you sure that KeSetEvent is bugchecking and not the code after
KeWaitForSingleObject?

Setup WinDBG and analyze crashdump. If you setup WinDBG properly it will
show you stack trace and faulting source line. Analyzing of crashdumps is
very easy (if you have symbol files of course).

-htfv

----- Original Message -----
From: “beginner_an”
> To: “File Systems Developers”
> Sent: Friday, June 27, 2003 8:56 AM
> Subject: [ntfsd] Re: Question about KeSetEvent
>
>
> > Hi Alexei,
> >
> > Thank you for your advice!
> >
> > I have got rid of spinlock,but OS still blue screen,and the screen print"
> > stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
> > KMODE_EXCEPTION_NOT_HANDLED"
> >
> > The Event of gPassOk is a global variable,so it is allocated in nonpaged
> > memory.
> >
> > “- you may allocate event in paged memory”,can you elorbrate this?
> >
> > I have’t way to debug program because I have only one computer.
> >
> > can you tell me how to debug program on my computer?
> >
> > Thanks a lot!
> >
> > sailing_an
> >
> > > If you asking why OS reboot instead of displaying blue screen - there
> are
> > > setting in control panel that control this behavior. You need to change
> > > those settings and attach kernel debugger if you want to analyze why it
> > > crashes.
> > > There is absolutely no point to acquire spinlock when you set event
> although
> > > it doesn’t cause crash.
> > > There are some things that are absent in the code fragment and may be
> done
> > > wrong:
> > > - you may fail to initialize event
> > > - you may allocate event in paged memory
> > > - you may fail to initialize spinlock
> > > - you may allocate spinlock in paged memory
> > >
> > > Alexei.
> > >
> > > “beginner_an” wrote in message
> news:xxxxx@ntfsd…
> > > >
> > > > Hi All,
> > > >
> > > > I am developping a FS filter driver based filespy sample,and i define
> > > > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > > > IRP_MJ_DEVICE_CONTROL dispatch routine:
> > > >
> > > > NTSTATUS
> > > > SpyControl(
> > > > IN PDEVICE_OBJECT DeviceObject,
> > > > IN PIRP Irp)
> > > > {
> > > > NTSTATUS ntStatus = STATUS_SUCCESS;
> > > > PIO_STACK_LOCATION irpStack;
> > > > PVOID ioBuffer;
> > > > ULONG InputBufferLength;
> > > > ULONG OutputBufferLength;
> > > > PDEVICE_EXTENSION deviceExtension;
> > > > ULONG ioControlCode;
> > > > KIRQL oldIrql;
> > > >
> > > > PWSTR deviceName = NULL;
> > > >
> > > > #if DBG
> > > > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > > > #endif
> > > > //
> > > > // Get a pointer to the current location in the Irp. This is where
> > > > // the function codes and parameters are located.
> > > > //
> > > > deviceExtension = (PDEVICE_EXTENSION)
> > > > DeviceObject->DeviceExtension;
> > > >
> > > >
> > > > // Can’t accept a new io request if:
> > > > // 1) device is removed,
> > > > // 2) has never been started,
> > > > // 3) is stopped,
> > > > // 4) has a remove request pending,
> > > > // 5) has a stop device pending
> > > > irpStack = IoGetCurrentIrpStackLocation (Irp);
> > > >
> > > > Irp->IoStatus.Status = STATUS_SUCCESS;
> > > > Irp->IoStatus.Information = 0;
> > > >
> > > > // get pointers and lengths of the caller’s (user’s) IO buffer
> > > > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > > > InputBufferLength =
> > > > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > > > OutputBufferLength =
> > > > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> > > >
> > > > ioControlCode =
> irpStack->Parameters.DeviceIoControl.IoControlCode;
> > > > switch( ioControlCode)
> > > > {
> > > > …
> > > > //the following is my code
> > > > case FILESPY_SetOk:
> > > > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > > > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > > > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> > > >
> > > > ntStatus = STATUS_SUCCESS;
> > > > break;
> > > > }
> > > > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> > > >
> > > > return ntStatus;
> > > > }
> > > >
> > > > I have Added code in USER MODE App:
> > > >
> > > > bResult = DeviceIoControl(
> > > > hDevice,
> > > > FILESPY_SetOk,
> > > > NULL,
> > > > 0,
> > > > NULL,
> > > > 0,
> > > > &bytesReturned,
> > > > NULL);
> > > >
> > > >
> > > > However,My OS reboot when I running Program.Why?
> > > >
> > > > Thanks a lot!
> > > >
> > > > sailing_an
> > > >
> > > >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >

OSR_Community_User · June 27, 2003, 7:08am

Hello beginner_an,

b> unfortunately,I can’t use WinDbg because I have only one computer.
You can use one PC with VMWare virtual computer installed for this
purposes (create virtual machine, install any OS, install WinDbg on
both virtual and real PC as described in one of OSR’s NT Insider
issues)

–
Best regards,
liga_asu mailto:xxxxx@perm.raid.ru

Alexey_Logachyov · June 27, 2003, 7:22am

You may use WindDBG for analyzing crashdumps. That works well though not so
efficient as using 2 computers. I used to work like this when my target
computer was under repair.

-htfv

----- Original Message -----
From: “beginner_an”
To: “File Systems Developers”
Sent: Friday, June 27, 2003 12:12 PM
Subject: [ntfsd] Re: Question about KeSetEvent

> Hi htfv,
>
> Thank you for your advice!
>
> unfortunately,I can’t use WinDbg because I have only one computer.
>
> regards:
>
> sailing_an
> > How do you declare gPassOk? Are you sure that you pass a pointer to
KEVENT
> > structure to KeSetEvent routine and not the structure itself? Are you
sure
> > that you declare KEVENT structure and not PKEVENT pointer to nowhere?
Are
> > you sure that you initialize youe KEVENT structure with
KeInitializeEvent?
> > Are you sure that KeSetEvent is bugchecking and not the code after
> > KeWaitForSingleObject?
> >
> > Setup WinDBG and analyze crashdump. If you setup WinDBG properly it will
> > show you stack trace and faulting source line. Analyzing of crashdumps
is
> > very easy (if you have symbol files of course).
> >
> > -htfv
> >
> >
> >
> > ----- Original Message -----
> > From: “beginner_an”
> > To: “File Systems Developers”
> > Sent: Friday, June 27, 2003 8:56 AM
> > Subject: [ntfsd] Re: Question about KeSetEvent
> >
> >
> > > Hi Alexei,
> > >
> > > Thank you for your advice!
> > >
> > > I have got rid of spinlock,but OS still blue screen,and the screen
print"
> > > stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
> > > KMODE_EXCEPTION_NOT_HANDLED"
> > >
> > > The Event of gPassOk is a global variable,so it is allocated in
nonpaged
> > > memory.
> > >
> > > “- you may allocate event in paged memory”,can you elorbrate this?
> > >
> > > I have’t way to debug program because I have only one computer.
> > >
> > > can you tell me how to debug program on my computer?
> > >
> > > Thanks a lot!
> > >
> > > sailing_an
> > >
> > > > If you asking why OS reboot instead of displaying blue screen -
there
> > are
> > > > setting in control panel that control this behavior. You need to
change
> > > > those settings and attach kernel debugger if you want to analyze why
it
> > > > crashes.
> > > > There is absolutely no point to acquire spinlock when you set event
> > although
> > > > it doesn’t cause crash.
> > > > There are some things that are absent in the code fragment and may
be
> > done
> > > > wrong:
> > > > - you may fail to initialize event
> > > > - you may allocate event in paged memory
> > > > - you may fail to initialize spinlock
> > > > - you may allocate spinlock in paged memory
> > > >
> > > > Alexei.
> > > >
> > > > “beginner_an” wrote in message
> > news:xxxxx@ntfsd…
> > > > >
> > > > > Hi All,
> > > > >
> > > > > I am developping a FS filter driver based filespy sample,and i
define
> > > > > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > > > > IRP_MJ_DEVICE_CONTROL dispatch routine:
> > > > >
> > > > > NTSTATUS
> > > > > SpyControl(
> > > > > IN PDEVICE_OBJECT DeviceObject,
> > > > > IN PIRP Irp)
> > > > > {
> > > > > NTSTATUS ntStatus = STATUS_SUCCESS;
> > > > > PIO_STACK_LOCATION irpStack;
> > > > > PVOID ioBuffer;
> > > > > ULONG InputBufferLength;
> > > > > ULONG OutputBufferLength;
> > > > > PDEVICE_EXTENSION deviceExtension;
> > > > > ULONG ioControlCode;
> > > > > KIRQL oldIrql;
> > > > >
> > > > > PWSTR deviceName = NULL;
> > > > >
> > > > > #if DBG
> > > > > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > > > > #endif
> > > > > //
> > > > > // Get a pointer to the current location in the Irp. This is
where
> > > > > // the function codes and parameters are located.
> > > > > //
> > > > > deviceExtension = (PDEVICE_EXTENSION)
> > > > > DeviceObject->DeviceExtension;
> > > > >
> > > > >
> > > > > // Can’t accept a new io request if:
> > > > > // 1) device is removed,
> > > > > // 2) has never been started,
> > > > > // 3) is stopped,
> > > > > // 4) has a remove request pending,
> > > > > // 5) has a stop device pending
> > > > > irpStack = IoGetCurrentIrpStackLocation (Irp);
> > > > >
> > > > > Irp->IoStatus.Status = STATUS_SUCCESS;
> > > > > Irp->IoStatus.Information = 0;
> > > > >
> > > > > // get pointers and lengths of the caller’s (user’s) IO buffer
> > > > > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > > > > InputBufferLength =
> > > > > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > > > > OutputBufferLength =
> > > > > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> > > > >
> > > > > ioControlCode =
> > irpStack->Parameters.DeviceIoControl.IoControlCode;
> > > > > switch( ioControlCode)
> > > > > {
> > > > > …
> > > > > //the following is my code
> > > > > case FILESPY_SetOk:
> > > > > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > > > > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > > > > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> > > > >
> > > > > ntStatus = STATUS_SUCCESS;
> > > > > break;
> > > > > }
> > > > > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> > > > >
> > > > > return ntStatus;
> > > > > }
> > > > >
> > > > > I have Added code in USER MODE App:
> > > > >
> > > > > bResult = DeviceIoControl(
> > > > > hDevice,
> > > > > FILESPY_SetOk,
> > > > > NULL,
> > > > > 0,
> > > > > NULL,
> > > > > 0,
> > > > > &bytesReturned,
> > > > > NULL);
> > > > >
> > > > >
> > > > > However,My OS reboot when I running Program.Why?
> > > > >
> > > > > Thanks a lot!
> > > > >
> > > > > sailing_an
> > > > >
> > > > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Alexei_Jelvis-2 · June 27, 2003, 6:45pm

You need to check that you call KeInitializeEvent for your enent and that
gPassOk points to the event you initialized.

Alexei.

“beginner_an” wrote in message news:xxxxx@ntfsd…
>
> Hi Alexei,
>
> Thank you for your advice!
>
> I have got rid of spinlock,but OS still blue screen,and the screen print"
> stop:0x0000001e(0x0000005,0x8042c925,0x00000001,0x00000000)
> KMODE_EXCEPTION_NOT_HANDLED"
>
> The Event of gPassOk is a global variable,so it is allocated in nonpaged
> memory.
>
> “- you may allocate event in paged memory”,can you elorbrate this?
>
> I have’t way to debug program because I have only one computer.
>
> can you tell me how to debug program on my computer?
>
> Thanks a lot!
>
> sailing_an
>
> > If you asking why OS reboot instead of displaying blue screen - there
are
> > setting in control panel that control this behavior. You need to change
> > those settings and attach kernel debugger if you want to analyze why it
> > crashes.
> > There is absolutely no point to acquire spinlock when you set event
although
> > it doesn’t cause crash.
> > There are some things that are absent in the code fragment and may be
done
> > wrong:
> > - you may fail to initialize event
> > - you may allocate event in paged memory
> > - you may fail to initialize spinlock
> > - you may allocate spinlock in paged memory
> >
> > Alexei.
> >
> > “beginner_an” wrote in message
news:xxxxx@ntfsd…
> > >
> > > Hi All,
> > >
> > > I am developping a FS filter driver based filespy sample,and i define
> > > myself private IOCTL “FILESPY_SetOk”.I have added some code in
> > > IRP_MJ_DEVICE_CONTROL dispatch routine:
> > >
> > > NTSTATUS
> > > SpyControl(
> > > IN PDEVICE_OBJECT DeviceObject,
> > > IN PIRP Irp)
> > > {
> > > NTSTATUS ntStatus = STATUS_SUCCESS;
> > > PIO_STACK_LOCATION irpStack;
> > > PVOID ioBuffer;
> > > ULONG InputBufferLength;
> > > ULONG OutputBufferLength;
> > > PDEVICE_EXTENSION deviceExtension;
> > > ULONG ioControlCode;
> > > KIRQL oldIrql;
> > >
> > > PWSTR deviceName = NULL;
> > >
> > > #if DBG
> > > DebugPrint(“IRP_MJ_DEVICE_CONTROL\n”);
> > > #endif
> > > //
> > > // Get a pointer to the current location in the Irp. This is where
> > > // the function codes and parameters are located.
> > > //
> > > deviceExtension = (PDEVICE_EXTENSION)
> > > DeviceObject->DeviceExtension;
> > >
> > >
> > > // Can’t accept a new io request if:
> > > // 1) device is removed,
> > > // 2) has never been started,
> > > // 3) is stopped,
> > > // 4) has a remove request pending,
> > > // 5) has a stop device pending
> > > irpStack = IoGetCurrentIrpStackLocation (Irp);
> > >
> > > Irp->IoStatus.Status = STATUS_SUCCESS;
> > > Irp->IoStatus.Information = 0;
> > >
> > > // get pointers and lengths of the caller’s (user’s) IO buffer
> > > ioBuffer = Irp->AssociatedIrp.SystemBuffer;
> > > InputBufferLength =
> > > irpStack->Parameters.DeviceIoControl.InputBufferLength;
> > > OutputBufferLength =
> > > irpStack->Parameters.DeviceIoControl.OutputBufferLength;
> > >
> > > ioControlCode =
irpStack->Parameters.DeviceIoControl.IoControlCode;
> > > switch( ioControlCode)
> > > {
> > > …
> > > //the following is my code
> > > case FILESPY_SetOk:
> > > KeAcquireSpinLock( &gPassOkLock, &oldIrql );
> > > KeSetEvent(gPassOk,IO_NO_INCREMENT, FALSE);
> > > KeReleaseSpinLock( &gPassOkLock, oldIrql );
> > >
> > > ntStatus = STATUS_SUCCESS;
> > > break;
> > > }
> > > IoCompleteRequest( Irp, IO_NO_INCREMENT );
> > >
> > > return ntStatus;
> > > }
> > >
> > > I have Added code in USER MODE App:
> > >
> > > bResult = DeviceIoControl(
> > > hDevice,
> > > FILESPY_SetOk,
> > > NULL,
> > > 0,
> > > NULL,
> > > 0,
> > > &bytesReturned,
> > > NULL);
> > >
> > >
> > > However,My OS reboot when I running Program.Why?
> > >
> > > Thanks a lot!
> > >
> > > sailing_an
> > >
> > >
>
>

OSR_Community_User · June 27, 2003, 7:05pm

> I am developping a FS filter driver based filespy sample,and i
define

myself private IOCTL “FILESPY_SetOk”.I have added some code in

FILESPY is a wrong source for an FS filter, if you’re concerned with
reliability. SFILTER is correct.

Max

OSR_Community_User · June 29, 2003, 9:36pm

Hi liga_asu,

Thank you very much!!

regards,

beginner_an

Hello beginner_an,

b> unfortunately,I can’t use WinDbg because I have only one computer.
You can use one PC with VMWare virtual computer installed for this
purposes (create virtual machine, install any OS, install WinDbg on
both virtual and real PC as described in one of OSR’s NT Insider
issues)

–
Best regards,
liga_asu mailto:xxxxx@perm.raid.ru