ret = READ_REGISTER_ULONG((PULONG)fdoData->CSRAddress + 0x8004360);
Are you asking the system to read 0x8004360 ulongs past CSRAddress?
I believe that cast takes precedence over ‘+’ and that your pointer
arithmetic is wrong.
How about (PULONG)( (PUCHAR)fdoData->CSRAddress + 0x8004360)
Also are you sure that the length returned for the resource descriptor
was actually 256MB?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Markus
Sent: Tuesday, April 18, 2006 3:24 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] READ_REGISTER_ULONG -> BugCheck
Here is the analysis with Symbols:
************************************************************************
****
***
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
****
***
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain
bad or
it
is pointing at freed memory.
Arguments:
Arg1: b7d2ad80, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8050d084, If non-zero, the instruction address which referenced
the
bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
READ_ADDRESS: b7d2ad80
FAULTING_IP:
nt!READ_REGISTER_ULONG+4
8050d084 8b02 mov eax,[edx]
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
MANAGED_STACK: !dumpstack -EE
No export dumpstack found
LAST_CONTROL_TRANSFER: from 8051a00c to 804fc1bb
STACK_TEXT:
a82c8ac0 8051a00c 00000050 b7d2ad80 00000000 nt!KeBugCheckEx+0x19
a82c8b0c 804d7a5b 00000000 b7d2ad80 00000000 nt!MmAccessFault+0x6cb
a82c8b0c 8050d084 00000000 b7d2ad80 00000000 nt!KiTrap0E+0xb8
a82c8b94 a7e54a04 b7d2ad80 00000000 00001008 nt!READ_REGISTER_ULONG+0x4
a82c8bb0 a7d5579b 7e7151e8 7da6dfe8 00000004 basic!EvtDeviceIoRead+0x74
[e:\programmieren\treiber\wdf\wdf_kmdf_pci\deviceio.c @ 54]
WARNING: Stack unwind information not available. Following frames may be
wrong.
a82c8bcc a7d5677e 7e7151e8 7da6dfe8 00000004 Wdf01000+0x3b79b
a82c8bfc a7d586ba 82592010 82592010 818eae10 Wdf01000+0x3c77e
a82c8c1c a7d599af 818eae00 826ccf90 818eae10 Wdf01000+0x3e6ba
a82c8c38 a7d5ba37 00000000 81d2ba50 82819ca8 Wdf01000+0x3f9af
a82c8c60 a7d4adf7 82592010 a82c8c90 804ec04f Wdf01000+0x41a37
a82c8c6c 804ec04f 819166c8 818f5008 806b743c Wdf01000+0x30df7
a82c8c7c 80571c0a 818f509c 818f5008 81933bf8 nt!IopfCallDriver+0x31
a82c8c90 8057c4be 819166c8 818f5008 81933bf8
nt!IopSynchronousServiceTail+0x5e
a82c8d38 804d4e91 00000138 00000000 00000000 nt!NtReadFile+0x559
a82c8d38 7ffe0304 00000138 00000000 00000000 nt!KiSystemService+0xc4
0012f608 77f6ef2f 77e58bf1 00000138 00000000
SharedUserData!SystemCallStub+0x4
0012f60c 77e58bf1 00000138 00000000 00000000 ntdll!NtReadFile+0xc
0012f6e0 791ec57b 0012f778 7925858e 0012f734 KERNEL32!ReadFile+0x16c
0012f6e8 7925858e 0012f734 00000000 0012f70c
mscorwks!GetCompileInfo+0x277c
0012f7bc 004015ae 00000001 02f934d8 02f93568
mscorwks!CoEEShutDownCOM+0x1c8c6
0012f8a0 003ea09f 00000000 00000000 0012f90c
pci_wdf_access!mainCRTStartup+0x17e
[f:\vs70builds\9466\vc\crtbld\crt\src\crt0.c @ 259]
0012f8d0 791eb5d6 0012f91c 00000000 0012f8f4 0x3ea09f
0012f9e4 791f3e2e 003f53c3 0015c550 0012fa04
mscorwks!GetCompileInfo+0x17d7
0012fa90 791f3dec 003f53c3 0015c550 0041ab10
mscorwks!GetCompileInfo+0xa02f
0012fab8 79233d43 0012fb24 00000000 00150070
mscorwks!GetCompileInfo+0x9fed
0012fb70 79233888 003f53c8 00000001 00000000
mscorwks!DllCanUnloadNowInternal+0x7497
0012fc88 792336db 0015c550 00000000 7904153c
mscorwks!DllCanUnloadNowInternal+0x6fdc
0012fca0 7923366f 00000000 0012fd78 00000000
mscorwks!DllCanUnloadNowInternal+0x6e2f
0012fd68 791b17c4 00158f50 0012fd90 0012ffe0
mscorwks!DllCanUnloadNowInternal+0x6dc3
0012ffa4 791b1616 00400000 00000000 7917d0b8 mscorwks!CorExeMain+0x1dc
0012ffc0 77e5eb69 00000000 00000000 7ffdf000 mscorwks!CorExeMain+0x2e
0012fff0 00000000 7917d08c 00000000 78746341
KERNEL32!BaseProcessStart+0x23
STACK_COMMAND: kb
FOLLOWUP_IP:
basic!EvtDeviceIoRead+74
[e:\programmieren\treiber\wdf\wdf_kmdf_pci\deviceio.c @ 54]
a7e54a04 8945f4 mov [ebp-0xc],eax
FAULTING_SOURCE_CODE:
50: return;
51: }
52:
53: // Read the data from the hardware Mem
54: ret = READ_REGISTER_ULONG((PULONG)fdoData->CSRAddress +
0x8004360);
// 0x8004360 –> BugCheck –> Warum?
55:
56: // Copy Read Data to User Buffer
57: KdPrint((__DRIVER_NAME “READ_REGISTER - Value: %x”, ret));
58:
59: // Complete the Request
SYMBOL_STACK_INDEX: 4
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: basic!EvtDeviceIoRead+74
MODULE_NAME: basic
IMAGE_NAME: basic.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 444511b3
FAILURE_BUCKET_ID: 0x50_basic!EvtDeviceIoRead+74
BUCKET_ID: 0x50_basic!EvtDeviceIoRead+74
Followup: MachineOwner
“Markus” schrieb im Newsbeitrag news:xxxxx@ntdev…
> ok; it works; but only “sometimes”
>
> when I want to read from offset = 0x8004360 it bugchecks with the
following:
>
> FAULTING_MODULE: 804d0000 nt
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 438e21be
>
> READ_ADDRESS: unable to get nt!MmSpecialPoolStart
> unable to get nt!MmSpecialPoolEnd
> unable to get nt!MmPoolCodeStart
> unable to get nt!MmPoolCodeEnd
> b7d2ad80
>
> FAULTING_IP:
> nt!READ_REGISTER_ULONG+4
> 8050d084 8b02 mov eax,[edx]
>
> MM_INTERNAL_CODE: 0
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x50
>
> MANAGED_STACK: !dumpstack -EE
> No export dumpstack found
>
> LAST_CONTROL_TRANSFER: from 8051a00c to 804fc1bb
>
> STACK_TEXT:
> WARNING: Stack unwind information not available. Following frames may
be
> wrong.
> a82c8ac0 8051a00c 00000050 b7d2ad80 00000000 nt!KeBugCheckEx+0x19
> a82c8b0c 804d7a5b 00000000 b7d2ad80 00000000 nt!ExRaiseStatus+0x9ddf
> a82c8b28 a7d38211 a7d221bf a82c8b5c a7d4440d nt!Kei386EoiHelper+0x23a1
> 00000000 00000000 00000000 00000000 00000000 Wdf01000+0x1e211
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> Wdf01000+1e211
> a7d38211 8bf8 mov edi,eax
>
>
> PAGE_FAULT_IN_NONPAGED_AREA (50)
> Invalid system memory was referenced. This cannot be protected by
> try-except,
> it must be protected by a Probe. Typically the address is just plain
bad
or
> it
> is pointing at freed memory.
> Arguments:
> Arg1: b7d2ad80, memory referenced.
> Arg2: 00000000, value 0 = read operation, 1 = write operation.
> Arg3: 8050d084, If non-zero, the instruction address which referenced
the
> bad memory
> address.
> Arg4: 00000000, (reserved)
>
> Are 256MB for a mapped device to large?
>
> “Markus” schrieb im Newsbeitrag
news:xxxxx@ntdev…
> > I think
> >
> > PFDO_DATA fdoData = FdoGetData(WdfIoQueueGetDevice(Queue));
> >
> > should work, thanks for this.
> >
> > At least there is no bugcheck when I try “read”.
> > I’ll see …
> >
> >
> > “Scott Noone” schrieb im Newsbeitrag
news:xxxxx@ntdev…
> > > You should really provide more information, like full !analyze -v
> > output…
> > >
> > > Without that, my guess is that this is your problem:
> > >
> > > PFDO_DATA fdoData = FdoGetData(Request);
> > >
> > > Try this instead:
> > >
> > > PFDO_DATA fdoData = FdoGetData(WdfIoQueueGetDevice(Queue));
> > >
> > > And see if that helps.
> > >
> > > -scott
> > >
> > > –
> > > Scott Noone
> > > Software Engineer
> > > OSR Open Systems Resources, Inc.
> > > http://www.osronline.com
> > >
> > > “Markus” wrote in message news:xxxxx@ntdev…
> > > > Hallo!
> > > >
> > > > I’m currently trying to access a PCI Card with Memory Resources.
> > > > I’m able to Map 256 MB with MmMapIoSpace. But when I use
> > > > READ_REGISTER_ULONG
> > > > at any offset, the driver BugChecks with “STOP”.
> > > >
> > > > Here the specific code:
> > > >
> > > > VOID
> > > > EvtDeviceIoRead(
> > > > IN WDFQUEUE Queue,
> > > > IN WDFREQUEST Request,
> > > > IN size_t Length
> > > > )
> > > > {
> > > > ULONG ret;
> > > > NTSTATUS status = STATUS_SUCCESS;
> > > > WDFMEMORY Memory;
> > > > PFDO_DATA fdoData = FdoGetData(Request);
> > > >
> > > > UNREFERENCED_PARAMETER(Queue);
> > > > UNREFERENCED_PARAMETER(Length);
> > > >
> > > > KdPrint((__DRIVER_NAME “–> EvtDeviceIoRead\n”));
> > > >
> > > > status = WdfRequestRetrieveOutputMemory(Request, &Memory);
> > > > if(!NT_SUCCESS(status))
> > > > {
> > > > KdPrint((__DRIVER_NAME “----- Error at
> > > > WdfRequestRetrieveOutputMemory\n”));
> > > > WdfRequestComplete(Request, STATUS_INSUFFICIENT_RESOURCES);
> > > > }
> > > >
> > > > // Read the data from the hardware Mem
> > > > ret = READ_REGISTER_ULONG((PULONG)fdoData->CSRAddress + 0x00);
> > > > // BUG-CHECKS: 0x8E
> > > >
> > > > // Copy Read Data to User Buffer
> > > > KdPrint((__DRIVER_NAME “READ_REGISTER - Value: %x”, ret));
> > > >
> > > > // Complete the Request
> > > > WdfRequestComplete(Request, STATUS_SUCCESS);
> > > >
> > > > KdPrint((__DRIVER_NAME “<– EvtDeviceIoRead\n”));
> > > > }
> > > >
> > > > NTSTATUS
> > > > EvtDevicePrepareHardware(
> > > > IN WDFDEVICE Device,
> > > > IN WDFCMRESLIST Resources,
> > > > IN WDFCMRESLIST ResourcesTranslated
> > > > )
> > > > {
> > > > NTSTATUS status = STATUS_SUCCESS;
> > > > PCM_PARTIAL_RESOURCE_DESCRIPTOR descriptor;
> > > > ULONG i;
> > > > PFDO_DATA fdoData = FdoGetData(Device);
> > > >
> > > > KdPrint((__DRIVER_NAME “–> EvtDevicePrepareHardware\n”));
> > > >
> > > > UNREFERENCED_PARAMETER(Device);
> > > > UNREFERENCED_PARAMETER(Resources);
> > > >
> > > > for(i=0; i> > > > {
> > > > descriptor =
WdfCmResourceListGetDescriptor(ResourcesTranslated,
i);
> > > >
> > > > if(!descriptor)
> > > > {
> > > > KdPrint((__DRIVER_NAME “–X Error GetDesc”));
> > > > return STATUS_DEVICE_CONFIGURATION_ERROR;
> > > > }
> > > >
> > > > switch(descriptor->Type)
> > > > {
> > > > case CmResourceTypePort:
> > > > KdPrint((__DRIVER_NAME “PORT Resources found –> not used”));
> > > > break;
> > > > case CmResourceTypeMemory:
> > > > KdPrint((__DRIVER_NAME “MEMORY Resources found”));
> > > >
> > > > KdPrint((__DRIVER_NAME “FdoAddress = %x”, fdoData));
> > > >
> > > > KdPrint((__DRIVER_NAME “MemPhysAddress = %x”,
> > > > descriptor->u.Memory.Start));
> > > > fdoData->MemPhysAddress = descriptor->u.Memory.Start;
> > > > KdPrint((__DRIVER_NAME “MemLength = %x”,
> > descriptor->u.Memory.Length));
> > > > fdoData->MemLength = descriptor->u.Memory.Length;
> > > > fdoData->CSRAddress = MmMapIoSpace(descriptor->u.Memory.Start,
> > > > descriptor->u.Memory.Length, MmNonCached);
> > > > KdPrint((__DRIVER_NAME “CSRAddress = %x”,
fdoData->CSRAddress));
> > > > break;
> > > > case CmResourceTypeInterrupt:
> > > > KdPrint((__DRIVER_NAME “INTERRUPT Resources found –> not
used”));
> > > > break;
> > > > default:
> > > > KdPrint((__DRIVER_NAME “OTHER Resources found –> not used”));
> > > > break;
> > > > }
> > > > }
> > > >
> > > > KdPrint((__DRIVER_NAME “<– EvtDevicePrepareHardware\n”));
> > > >
> > > > return status;
> > > > }
> > > >
> > > > Is there an error in it?
> > > > (I’m using WDF/KMDF)
> > > >
> > > > Markus
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer