Hi,
I am able to successfully register my Miniport using NdisRegisterDeviceEx and open a handle to Miniport from user mode application through CreateFile.
But the CreateFile in user mode application fails (Error 50: The request is not supported) if I initialize the Device Extension as soon as NdisRegisterDeviceEx returns.
Also, instead of accessing DeviceExtension directly, I tried to use NdisGetDeviceReservedExtension. But system crashes as soon as this call is made (debugger output at the end of mail). When I looked into DeviceObject, I found out that the DeviceExtension pointer has the same value as NdisDeviceHandle returned by NdisRegisterDeviceEx. Is this OK?
Thanks,
Aniketa
=======================================================
*** Fatal System Error: 0x0000007e
(0xC0000005,0x8527A7FC,0x855F4254,0x855F3F50)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows Vista 6000 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols
…
Loading User Symbols
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {c0000005, 8527a7fc, 855f4254, 855f3f50}
Probably caused by : enic.sys ( enic!EmuMpCreateIoctlInterface+1a1 )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
81c35688 cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8527a7fc, The address that the exception occurred at
Arg3: 855f4254, Exception Record Address
Arg4: 855f3f50, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
ndis!NdisGetDeviceReservedExtension+b
8527a7fc 8b4014 mov eax,dword ptr [eax+14h]
EXCEPTION_RECORD: 855f4254 – (.exr ffffffff855f4254)
ExceptionAddress: 8527a7fc (ndis!NdisGetDeviceReservedExtension+0x0000000b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000014
Attempt to read from address 00000014
CONTEXT: 855f3f50 – (.cxr ffffffff855f3f50)
eax=00000000 ebx=83e1e488 ecx=83dc46cc edx=83dc4650 esi=a01e6f98 edi=855f467c
eip=8527a7fc esp=855f431c ebp=855f431c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
ndis!NdisGetDeviceReservedExtension+0xb:
8527a7fc 8b4014 mov eax,dword ptr [eax+14h] ds:0023:00000014=???
Resetting default scope
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
READ_ADDRESS: 00000014
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LOCK_ADDRESS: 81d24aa0 – (!locks 81d24aa0)
Resource @ nt!PiEngineLock (0x81d24aa0) Exclusively owned
Contention Count = 2
Threads: 82e7e020-01<*>
1 total locks, 1 locks currently held
PNP_TRIAGE:
Lock address : 0x81d24aa0
Thread Count : 1
Thread address: 0x82e7e020
Thread wait : 0x67bb
LAST_CONTROL_TRANSFER: from 81cad13f to 81c35688
STACK_TEXT:
855f431c 854b1fc1 838deed0 00680066 854b4de0 ndis!NdisGetDeviceReservedExtension+0xb
855f4448 854ac72e 83dc4650 855f4970 8335ea0c enic!EmuMpCreateIoctlInterface+0x1a1 [z:\perforce\nic\driver\nic\windows\ndis60\enic_pnp.c @ 513]
855f45cc 92009c0a 83e1e488 00000000 855f4654 enic!EmuMpInitialize+0x66e [z:\perforce\nic\driver\nic\windows\ndis60\enic_main.c @ 591]
855f4620 8531bc6a 83e1e488 997f4edc 855f4654 EmuNDIS_PCIeTunnel!tunnelMiniportInitialize+0x3da
[z:\perforce\nic\driver\emulation\pcie\tlp_generator\src\windows\pcietunnel_main.c @ 2049]
855f48c0 853236aa 83b2cdf0 83e1e488 8afd28a0 ndis!ndisMInitializeAdapter+0x6c4
855f48f8 85323525 83b2cdf0 83e1e3d0 83ca27a8 ndis!ndisInitializeAdapter+0x109
855f4920 8531eedc 83e1e3d0 00000000 a03def00 ndis!ndisPnPStartDevice+0xf3
855f4970 81ec2681 83e1e3d0 a03def00 a03defd4 ndis!ndisPnPDispatch+0x697
855f4994 81c67c80 81ed419d a03deff8 83e1e3d0 nt!IovCallDriver+0x252
855f49a8 81ed419d a03def00 83dbfef0 8346b998 nt!IofCallDriver+0x1b
855f49c0 81ec2681 83dbfef0 83e1e3d0 a03df000 nt!ViFilterDispatchPnp+0x120
855f49e4 81c67c80 81d5ecaf 855f4a5c 83dbfef0 nt!IovCallDriver+0x252
855f49f8 81d5ecaf 00000000 83c5dc30 83c05e98 nt!IofCallDriver+0x1b
855f4a14 81c0fccd 855f4a38 81c0faf8 83c05e98 nt!PnpAsynchronousCall+0x96
855f4a60 81d5f0fe 81c0faf8 83c05e98 83bcd848 nt!PnpStartDevice+0xb0
855f4abc 81d5efb9 83c05e98 0000000d 00000000 nt!PnpStartDeviceNode+0x13a
855f4ad8 81d5dd9a 00000000 00000000 83bcd848 nt!PipProcessStartPhase1+0x65
855f4cd4 81e51401 83bcd848 83a99678 855f4d00 nt!PipProcessDevNodeTree+0x18d
855f4d08 81c0f6f1 81cf55fc 82e7e020 81d23ce0 nt!PiRestartDevice+0x8a
855f4d44 81c6b8aa 00000000 00000000 82e7e020 nt!PnpDeviceActionWorker+0x1ae
855f4d7c 81dafbfd 00000000 855ff680 00000000 nt!ExpWorkerThread+0xfd
855f4dc0 81c9a396 81c6b7ad 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
enic!EmuMpCreateIoctlInterface+1a1 [z:\perforce\nic\driver\nic\windows\ndis60\enic_pnp.c @ 513]
854b1fc1 89855cffffff mov dword ptr [ebp-0A4h],eax
FAULTING_SOURCE_CODE:
509:
510: Remove the device object and the associated symbolic link from the system
511: that was created by a call to NdisRegisterDeviceEx. Applications will no
512: longer be able to open handles to the miniport driver once this is returned.
513:
514: Arguments:
515:
516: Adapter Pointer to our adapter
517:
518: Return Value:
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: enic
IMAGE_NAME: enic.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 46a05518
SYMBOL_NAME: enic!EmuMpCreateIoctlInterface+1a1
STACK_COMMAND: .cxr 0xffffffff855f3f50 ; kb
FAILURE_BUCKET_ID: 0x7E_VRFOCA_enic!EmuMpCreateIoctlInterface+1a1
BUCKET_ID: 0x7E_VRFOCA_enic!EmuMpCreateIoctlInterface+1a1