video display driver crashes..

NTDEV
1

hi all,
i am developing video display driver for simple VGA type device and miniport driver, my device successfully came under video apapters and can see its configuration data(modes) also.

when i will select use as default desktop checkbox , windows GDI calls my DDI's EnablePDev function,
in that function i m allocating, initalizing my device memory and fills the gdiinfo and pdevinfo structures in response to this call and returning memory of newly allocated device pointer

after returning from this call windows crashes with following dump info:

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: win32k

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 41107f7a

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k!EngDeleteSemaphore+2391
bf86f788 837e1400 cmp dword ptr [esi+14h],0

TRAP_FRAME: eea5d7d8 -- (.trap 0xffffffffeea5d7d8)
ErrCode = 00000000
eax=eea5d860 ebx=eea5da90 ecx=bc400000 edx=00000008 esi=00000000 edi=00000003
eip=bf86f788 esp=eea5d84c ebp=eea5da14 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
win32k!EngDeleteSemaphore+0x2391:
bf86f788 837e1400 cmp dword ptr [esi+14h],0 ds:0023:00000014=????????
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from 805333be to 804e3b25

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
eea5cfa0 805333be 00000003 00000000 eea5d784 nt!DbgBreakPointWithStatus+0x4
eea5d380 805339ae 0000008e c0000005 bf86f788 nt!KeDeregisterBugCheckReasonCallback+0x6c7
eea5d3a0 8051dea6 0000008e c0000005 bf86f788 nt!KeBugCheckEx+0x1b
eea5d768 804dfada eea5d784 00000000 eea5d7d8 nt!PoSetSystemState+0x58eb
eea5d7e4 bf8b253b e3882008 00000000 00000000 nt!Kei386EoiHelper+0x1df
eea5da14 bf8b27b0 e3538888 e36c4c30 00000000 win32k!EngLoadImage+0x1868
eea5da70 bf8b3272 e354d3e0 e137f2d0 e36c4c30 win32k!EngLoadImage+0x1add
eea5dbe8 bf8b9b84 00000000 00000000 00000001 win32k!EngQueryPerformanceFrequency+0x6e6
eea5dcdc bf8bbe20 00000000 e175f008 00000000 win32k!EngFreeModule+0x2212
eea5dd20 bf8bbd13 00000000 00000000 00000000 win32k!EngGetLastError+0x6e2
eea5dd48 804df06b 00000000 00000000 00000000 win32k!EngGetLastError+0x5d5
eea5dddc 804fa477 f83edb85 82024438 00000000 nt!ZwYieldExecution+0xb96
eea5de8c 7c9106eb 00000000 00000000 607a6040 nt!KeInitializeTimer+0x10c
00000000 00000000 00000000 00000000 00000000 ntdll!RtlAllocateHeap+0x117

STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!EngDeleteSemaphore+2391
bf86f788 837e1400 cmp dword ptr [esi+14h],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!EngDeleteSemaphore+2391

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: win32k.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

can anybody guide something ?, will help a lot....

2

xxxxx@slscorp.com wrote:

i am developing video display driver for simple VGA type device and miniport driver, my device successfully came under video apapters and can see its configuration data(modes) also.

when i will select use as default desktop checkbox , windows GDI calls my DDI’s EnablePDev function,
in that function i m allocating, initalizing my device memory and fills the gdiinfo and pdevinfo structures in response to this call and returning memory of newly allocated device pointer

after returning from this call windows crashes with following dump info:

TRAP_FRAME: eea5d7d8 – (.trap 0xffffffffeea5d7d8)
ErrCode = 00000000
eax=eea5d860 ebx=eea5da90 ecx=bc400000 edx=00000008 esi=00000000 edi=00000003
eip=bf86f788 esp=eea5d84c ebp=eea5da14 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
win32k!EngDeleteSemaphore+0x2391:
bf86f788 837e1400 cmp dword ptr [esi+14h],0 ds:0023:00000014=???

So, something you have done has caused win32k to dereference a NULL
pointer. My first guess was that the table of function pointers you
returned in DrvEnableDriver was badly formed. For example, you passed a
NULL function pointer instead of removing the entry, or the number of
entries you passed back was incorrect, or perhaps you omitted an entry
point that is required.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

3

my function pointers table is as follows:

static DRVFN drv_interfaces={
{INDEX_DrvEnablePDEV, (PFN)SdispDrvEnablePDev},
{INDEX_DrvCompletePDEV, (PFN)SdispDrvComplPDEV},
{INDEX_DrvDisablePDEV, (PFN)SdispDrvDisablePDEV},
{INDEX_DrvEnableSurface, (PFN)SdispDrvEnableSurface},
{INDEX_DrvDisableSurface, (PFN)SdispDrvDisableSurface},
{INDEX_DrvDisableDriver, (PFN)SdispDrvDisableDriver},
{INDEX_DrvAssertMode, (PFN)SdispDrvAssertMode},
{INDEX_DrvGetModes, (PFN)SdispDrvGetModes},
{INDEX_DrvNotify, (PFN)SdispDrvNotify},
/*{INDEX_DrvCopyBits, (PFN)SdispCopyBits},
{INDEX_DrvBitBlt, (PFN)SdispBitBlt},
{INDEX_DrvTextOut, (PFN)SdispTextOut},
{INDEX_DrvDeleteDeviceBitmap, (PFN)SdispDeleteDeviceBitmap},
{INDEX_DrvCreateDeviceBitmap, (PFN)SdispCreateDeviceBitmap},*/
};

and another undefined behaviour i found is when i will reboot my os

it successfully completes this SdispDrvEnablePDev function and also asks for enabling surface…

but when i will try to apply setting of enabling expanding of desktop or use my new adapter as default monitor , my os crashed…

4

xxxxx@slscorp.com wrote:

my function pointers table is as follows:

static DRVFN drv_interfaces={
{INDEX_DrvEnablePDEV, (PFN)SdispDrvEnablePDev},
{INDEX_DrvCompletePDEV, (PFN)SdispDrvComplPDEV},
{INDEX_DrvDisablePDEV, (PFN)SdispDrvDisablePDEV},
{INDEX_DrvEnableSurface, (PFN)SdispDrvEnableSurface},
{INDEX_DrvDisableSurface, (PFN)SdispDrvDisableSurface},
{INDEX_DrvDisableDriver, (PFN)SdispDrvDisableDriver},
{INDEX_DrvAssertMode, (PFN)SdispDrvAssertMode},
{INDEX_DrvGetModes, (PFN)SdispDrvGetModes},
{INDEX_DrvNotify, (PFN)SdispDrvNotify},
/*{INDEX_DrvCopyBits, (PFN)SdispCopyBits},
{INDEX_DrvBitBlt, (PFN)SdispBitBlt},
{INDEX_DrvTextOut, (PFN)SdispTextOut},
{INDEX_DrvDeleteDeviceBitmap, (PFN)SdispDeleteDeviceBitmap},
{INDEX_DrvCreateDeviceBitmap, (PFN)SdispCreateDeviceBitmap},*/
};

and another undefined behaviour i found is when i will reboot my os

What hooks did you specify when you associated your surface? Did you
create a GDI-managed surface? If you have a device-managed surface, you
are required to implement DrvCopyBits at least.

it successfully completes this SdispDrvEnablePDev function and also asks for enabling surface…

but when i will try to apply setting of enabling expanding of desktop or use my new adapter as default monitor , my os crashed…

Where does it crash?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

5

hi tim ,

problem solved as you said that something is given null to GDI , i was returning null pointer in defaultpallete member of devinfo structure, so i created defaultpallete space and returning it to gdi.

thanks for this one,

ok now i have few questions more,

i want to implement simple VGA device functionality and wants that all graphics processing should be handled by GDI , i know this much:

i have to create surface for data processing area in EnableSurface( ).

is there a way that i can create device managed surface and inform GDI for handling that surface instead of my driver ?

can give me idea how many hooks i have to implement for graphics capability ?,

i thought for this one i only need to implement bitblt and copybits only… all other stuff will be done by GDI itself. am i right ?

thnx in advance…

6

xxxxx@slscorp.com wrote:

i want to implement simple VGA device functionality and wants that all graphics processing should be handled by GDI , i know this much:

i have to create surface for data processing area in EnableSurface( ).

is there a way that i can create device managed surface and inform GDI for handling that surface instead of my driver ?

Your requirements are in conflict. If you want GDI to do all of the
drawing, then you don’t want a device-managed surface.

can give me idea how many hooks i have to implement for graphics capability ?,

i thought for this one i only need to implement bitblt and copybits only… all other stuff will be done by GDI itself. am i right ?

If you call EngCreateDeviceSurface to create a device-managed surface,
then EngModifySurface to tell GDI that it really is in a familiar
format, but leave pvScan0 NULL, then theoretically GDI will call your
DrvCopyBits hook to copy chunks in and out every time it needs to do
drawing. Predictably, this is not a very good way to build a
high-performance graphics device.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

7

tnks tim,
i m developing one usb vga device…
for that as per ur suggetion,
i decided to create GDI managed bitmap and associate some hooks like bitblt / bitcopy on that surface.

so that whenever i will get call for bitblt or bitscopy i will transfer it over usb as per the flow i thought and wants to implement…

if anything wrong then can suggest me another alternative path ?

for using usb device in miniport i decided to create one export_driver type driver…

now i m testing example export_driver ( with only one function which gives me reply of multiplication) and wants to use it in my miniport driver but i was not able to do that,(my library doen’t called and getting an error while installing device code -39),

but when i created static( driver_library) for miniport i get call in library successfully

i don’t know whether it make sense or not so i m asking can we call our export_driver in miniport driver except videoport driver…

or any other alternative will give me a broad idea…

8

It sounds like it might be failing to install because it can’t find your export driver. You might want to try running ‘depends’ on your other driver to see what it’s looking for.

Good luck,

mm

9

xxxxx@slscorp.com wrote:

i m developing one usb vga device…

It’s not a VGA. It is a display adapter, or a graphics adapter. VGA
has a very specific meaning.

for that as per ur suggetion,
i decided to create GDI managed bitmap and associate some hooks like bitblt / bitcopy on that surface.

so that whenever i will get call for bitblt or bitscopy i will transfer it over usb as per the flow i thought and wants to implement…

if anything wrong then can suggest me another alternative path ?

Should be fine, assuming you can make the performance acceptable.

for using usb device in miniport i decided to create one export_driver type driver…

now i m testing example export_driver ( with only one function which gives me reply of multiplication) and wants to use it in my miniport driver but i was not able to do that,(my library doen’t called and getting an error while installing device code -39),

but when i created static( driver_library) for miniport i get call in library successfully

i don’t know whether it make sense or not so i m asking can we call our export_driver in miniport driver except videoport driver…

or any other alternative will give me a broad idea…

Why do you think you need an export driver? Your miniport will be a USB
driver, right?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

10

tim wrote:
Why do you think you need an export driver? Your miniport will be a USB
driver, right?

hi tim ,

i was also thinking that topology before one decribed in previous post, but i got so many errors when i want to use any functions declared in wdm.h(whenever i include wdm.h/ntddk.h in my miniport driver
i will got errors like:

redeclarations of so many structures like _PROCESS_NUMBER,_QUAD etc…)

11

also is there any way to tell videoport driver that call after some time for findAdapter() ?

12

xxxxx@slscorp.com wrote:

also is there any way to tell videoport driver that call after some time for findAdapter() ?

I don’t understand the question. Are you asking if there’s a way to
have the video port wait for a while before it calls your HwFindAdapter
routine? Why would you want to do that, and for how long? You can
certainly call KeDelayExecutionThread to hold off for a while, but if
you do that at boot time, you’ll hold up the whole boot process.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

13

xxxxx@slscorp.com wrote:

tim wrote:
Why do you think you need an export driver? Your miniport will be a USB
driver, right?

hi tim ,

i was also thinking that topology before one decribed in previous post, but i got so many errors when i want to use any functions declared in wdm.h(whenever i include wdm.h/ntddk.h in my miniport driver
i will got errors like:

redeclarations of so many structures like _PROCESS_NUMBER,_QUAD etc…)

Yes. That’s not hard to work around. You just need to separate the
source files in your driver. Some of the files will only use display
miniport APIs, and some of the files will use normal WDM APIs.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

14

thanks,

my topology is:

my display driver -> miniport driver -> usb driver.

i want to telll device (adapter) present only after loading of usb device driver.

i thought folllowing way:

create usb device object with name X and find that object during call to findAdapter(by using IoGetDeviceObjectPointer( ) ). i will return ERROR_NO_DEVICE till i not found the usb device. whenever i will find device i will return success. but whenever i will return ERROR_NO_DEVICE videoport will not call findAdapter function again…

15

xxxxx@slscorp.com wrote:

my topology is:

my display driver -> miniport driver -> usb driver.

i want to telll device (adapter) present only after loading of usb device driver.

Your miniport driver and your USB driver should be one and the same.
What is triggering the loading of your miniport right now? Are you
root-enumerated?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

16

yes currently my miniport driver is root enumerated but now i want to move it for usb base.

from discussion with you

i thought i have to integrate bus driver into my usb device function driver and then
using IoInvalidateDevice() i will inform kernel about child devices . and will load my current
miniport and display driver as a function driver for my child devices…and the problem will
be solved for dependencies. Am I right ?