I am facing a problem that I have trouble debugging. I have a filter where
I have attached a FLT_FILE_CONTEXT to files in Post-IRP_MJ_CREATE. I
cleanup the context in Pre-IRP_MJ_CLEANUP. I use verifier with 0xbfb flags.
The issue is that when I restart, I get the ‘Launch Startup Repair’ boot
menu. I am nt able to figure out what’s going on. To debug this, since
there is no driver unload during Shutdown, I added a callback to
IRP_MJ_SHUTDOWN and saw that there were many contexts that I had created
(as expected).
Here are some facts:
The filter unloads cleanly when I use ‘fltmc unload’ and there are no
errors
If I unload the filter and restart, there are no issues.
If I choose ‘Start Windows Normally’ in the boot menu, there are no
issues.
I use driver verifier throughout and a debugger is attached throughout.
There are no issues reported.
When I remove driver-verifier and Windbg from the scenario the issue
persists.
How can I determine what could be going on ? Event Viewer mentions a
critical error with the following details.
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 10/23/2014 4:50:05 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: ak-win7x64-test
Description:
The system has rebooted without cleanly shutting down first. This error
could be caused if the system stopped responding, crashed, or lost power
unexpectedly.
Event Xml:
I suspect you have ruined the writes to bootstat.dat file by your filter.
“Arun M. Krishnakumar” wrote in message news:xxxxx@ntfsd… Hi,
I am facing a problem that I have trouble debugging. I have a filter where I have attached a FLT_FILE_CONTEXT to files in Post-IRP_MJ_CREATE. I cleanup the context in Pre-IRP_MJ_CLEANUP. I use verifier with 0xbfb flags.
The issue is that when I restart, I get the ‘Launch Startup Repair’ boot menu. I am nt able to figure out what’s going on. To debug this, since there is no driver unload during Shutdown, I added a callback to IRP_MJ_SHUTDOWN and saw that there were many contexts that I had created (as expected).
Here are some facts:
1. The filter unloads cleanly when I use ‘fltmc unload’ and there are no errors 2. If I unload the filter and restart, there are no issues. 3. If I choose ‘Start Windows Normally’ in the boot menu, there are no issues. 4. I use driver verifier throughout and a debugger is attached throughout. There are no issues reported. 5. When I remove driver-verifier and Windbg from the scenario the issue persists.
How can I determine what could be going on ? Event Viewer mentions a critical error with the following details.
Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 10/23/2014 4:50:05 PM Event ID: 41 Task Category: (63) Level: Critical Keywords: (2) User: SYSTEM Computer: ak-win7x64-test Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event Xml:
On Thu, Oct 23, 2014 at 5:44 PM, Maxim S. Shatskih wrote:
> I suspect you have ruined the writes to bootstat.dat file by your > filter. > > > “Arun M. Krishnakumar” wrote in message > news:xxxxx@ntfsd… > Hi, > > I am facing a problem that I have trouble debugging. I have a filter where > I have attached a FLT_FILE_CONTEXT to files in Post-IRP_MJ_CREATE. I > cleanup the context in Pre-IRP_MJ_CLEANUP. I use verifier with 0xbfb flags. > > The issue is that when I restart, I get the ‘Launch Startup Repair’ boot > menu. I am nt able to figure out what’s going on. To debug this, since > there is no driver unload during Shutdown, I added a callback to > IRP_MJ_SHUTDOWN and saw that there were many contexts that I had created > (as expected). > > Here are some facts: > > 1. The filter unloads cleanly when I use ‘fltmc unload’ and there are no > errors > 2. If I unload the filter and restart, there are no issues. > 3. If I choose ‘Start Windows Normally’ in the boot menu, there are no > issues. > 4. I use driver verifier throughout and a debugger is attached throughout. > There are no issues reported. > 5. When I remove driver-verifier and Windbg from the scenario the issue > persists. > > How can I determine what could be going on ? Event Viewer mentions a > critical error with the following details. > > Log Name: System > Source: Microsoft-Windows-Kernel-Power > Date: 10/23/2014 4:50:05 PM > Event ID: 41 > Task Category: (63) > Level: Critical > Keywords: (2) > User: SYSTEM > Computer: ak-win7x64-test > Description: > The system has rebooted without cleanly shutting down first. This error > could be caused if the system stopped responding, crashed, or lost power > unexpectedly. > Event Xml: > > > > Guid=“{331C3B3A-2005-44C2-AC5E-77220C37D6B4}” /> > 41 > 2 > 1 > 63 > 0 > 0x8000000000000002 > > 3112 > > > System > ak-win7x64-test > > > > 0 > 0x0 > 0x0 > 0x0 > 0x0 > false > 0 > > > > Thanks, > > > — > NTFSD is sponsored by OSR > > OSR is hiring!! Info at http://www.osr.com/careers > > For our schedule of debugging and file system seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >