Regarding Bugcheck IRQL_NOT_LESS_OR_EQUAL

NTDEV
1

Hi,
I am facing a peculiar problem with my driver.

I tried loading my driver in a fresh 2k/xp PC, the machine crashes
with IRQL_NOT_LESS_OR_EQUAL consistently.

I installed softice to debug the issue and tried installing the driver

again but the problem disappeared. I am unable to reproduce the problem
once i install SoftIce in my PC.

The bugcheck code i am getting is 0xD1.

What are the possible reasons for this Bugcheck…Why does it
disappear when i install softice. Did anybody face such problem earlier…?

Thanks in advance.

with Regards
D.Nagarajan.

2

Hi,

I’m not sure, but suspect you driver uses kind of kernel image patching.
When started on NT4.0 it works OK, but Win2k and XP has an kernel image
Write Protection. SoftIce disables kernel image protection through the
registry, thats why you have not crash after installing SoftIce.

So you have two choices:

  1. Like SoftIce create in a key
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
    Management
    dword value named EnforceWriteProtection = 0.
  2. Disable WP from driver before applying patch like the following:
    // Disable kernel image protection (Windows 2000/XP specific)
    __asm
    {
    mov ebx , cr0 ; get Cr0 regiter
    push ebx ; save it
    and ebx , ~0x10000 ; clear WP bit
    mov cr0 , ebx ; efectivly disable write protection
    }

// Put your patching code here

// Reenable kernel image protection
__asm
{
pop ebx ; restore it
mov cr0 , ebx ; enable previous CPU state.
}

BR,
Vadim
http://www.ntndis.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Nagarajan Duraisamy -
CTD, Chennai.
Sent: Friday, April 05, 2002 5:17 PM
To: NT Developers Interest List
Subject: [ntdev] Regarding Bugcheck IRQL_NOT_LESS_OR_EQUAL

Hi,
I am facing a peculiar problem with my driver.

I tried loading my driver in a fresh 2k/xp PC, the machine crashes
with IRQL_NOT_LESS_OR_EQUAL consistently.

I installed softice to debug the issue and tried installing the driver

again but the problem disappeared. I am unable to reproduce the problem
once i install SoftIce in my PC.

The bugcheck code i am getting is 0xD1.

What are the possible reasons for this Bugcheck…Why does it
disappear when i install softice. Did anybody face such problem earlier…?

Thanks in advance.

with Regards
D.Nagarajan.

You are currently subscribed to ntdev as: xxxxx@pcausa.com
To unsubscribe send a blank email to %%email.unsub%%

3

I’d agree it can be related to write protection which SoftICE turns off (I
don’t understand why it doesn’t use below trick which is known for years).
However, it seems driver tries to rewrite something by accident so it should
be found and fixed. Below workarounds would only conceal problem. Note
bugcheck D1 should display all info necessary to find what causes the
problem. Turn on memory dump, let driver to crash and analyze dump using
windbg.

Best regards,

Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]

From: xxxxx@pcausa.com[SMTP:xxxxx@pcausa.com]
Reply To: xxxxx@lists.osr.com
Sent: Friday, April 05, 2002 3:41 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: Regarding Bugcheck IRQL_NOT_LESS_OR_EQUAL

Hi,

I’m not sure, but suspect you driver uses kind of kernel image patching.
When started on NT4.0 it works OK, but Win2k and XP has an kernel image
Write Protection. SoftIce disables kernel image protection through the
registry, thats why you have not crash after installing SoftIce.

So you have two choices:

  1. Like SoftIce create in a key
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
    Management
    dword value named EnforceWriteProtection = 0.
  2. Disable WP from driver before applying patch like the following:
    // Disable kernel image protection (Windows 2000/XP specific)
    __asm
    {
    mov ebx , cr0 ; get Cr0 regiter
    push ebx ; save it
    and ebx , ~0x10000 ; clear WP bit
    mov cr0 , ebx ; efectivly disable write protection
    }

// Put your patching code here

// Reenable kernel image protection
__asm
{
pop ebx ; restore it
mov cr0 , ebx ; enable previous CPU state.
}

BR,
Vadim
http://www.ntndis.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Nagarajan Duraisamy -
CTD, Chennai.
Sent: Friday, April 05, 2002 5:17 PM
To: NT Developers Interest List
Subject: [ntdev] Regarding Bugcheck IRQL_NOT_LESS_OR_EQUAL

Hi,
I am facing a peculiar problem with my driver.

I tried loading my driver in a fresh 2k/xp PC, the machine crashes
with IRQL_NOT_LESS_OR_EQUAL consistently.

I installed softice to debug the issue and tried installing the
driver

again but the problem disappeared. I am unable to reproduce the problem
once i install SoftIce in my PC.

The bugcheck code i am getting is 0xD1.

What are the possible reasons for this Bugcheck…Why does it
disappear when i install softice. Did anybody face such problem earlier…?

Thanks in advance.

with Regards
D.Nagarajan.

You are currently subscribed to ntdev as: xxxxx@pcausa.com
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to %%email.unsub%%