WDK - build a driver example

raj_r · January 31, 2013, 5:24am

in one of the earlier post i asked about the way the Dispatch
Functions Should be annotated
and posted that the way the doc has a named them sint available in wd7

it seems the annotation is specific to windows 8 and wdk 8 and sal 2

though it doesnt seem to be clear on first sight

the cancel.h in wdk samples that are online
http://code.msdn.microsoft.com/windowshardware/Cancel-127e43b6/sourcecode?fileId=42716&pathId=1536758034

is annotated with

Dispatch_type(IRP_MJ_CREATE)
Dispatch_type(IRP_MJ_CLOSE)
DRIVER_DISPATCH CsampCreateClose;

while

in wdk it is named differently
well an indication somewhere in that page that this applies only to
wdk8 and for all other old crap go here link would have been helpful
and might have saved a google trips to me

one small wrinkle still exist

is _Dispatch_type_other
or __drv_dispatch_type_other
the right annotation to lump all the unhandled IRP_MJ_XXXX

On 1/31/13, raj_r wrote:
> On 1/31/13, Wilkinson, Alex wrote:
>> Do you mean this one:
>>
>> http://www.osronline.com/article.cfm?article=390
>
> yes
>

raj_r · January 31, 2013, 7:06am

@carlo
if and when you are finished with compiling that sample warning /
error free you should run it with verifier enabled and fix these too

an article that might help in fixing the issues might be
http://www.osronline.com/article.cfm?article=21

verifier stops follow

*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for EDriverEntry Called
Example_Create Called

***********************************************************************
* THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
* WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
***********************************************************************

WDM DRIVER ERROR: [Example.sys @ 0xFCA18B20] An IRP dispatch handler has
returned without passing down or completing this Irp or
someone forgot to return STATUS_PENDING. (Irp = 82748F68
).
IRP_MJ_CREATE
[ DevObj=00000000, FileObject=FFB4BAC8, Parameters=F93CDA88 01000060
00000000 00000000 ]
http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9

Break, Ignore, Zap, Remove, Disable all (bizrd)? i
i
Example_WriteNeither Called
Hello from user mode!
***********************************************************************
* THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
* WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
***********************************************************************

WDM DRIVER ERROR: [Example.sys @ 0xFCA18CE0] An IRP dispatch handler has
returned without passing down or completing this Irp or
someone forgot to return STATUS_PENDING. (Irp = 82768F68
).
IRP_MJ_WRITE
[ DevObj=00000000, FileObject=FFB4BAC8, Parameters=00000016 00000000
00000000 00000000 ]
http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9

Break, Ignore, Zap, Remove, Disable all (bizrd)? i
i
Example_UnSupportedFunction Called

***********************************************************************
* THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
* WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
***********************************************************************

WDM DRIVER ERROR: [Example.sys @ 0xFCA18E20] An IRP dispatch handler has
returned without passing down or completing this Irp or
someone forgot to return STATUS_PENDING. (Irp = 826E4F68
).
IRP_MJ_CLEANUP
[ DevObj=00000000, FileObject=FFB4BAC8, Parameters=00000000 00000000
00000000 00000000 ]
http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9

Break, Ignore, Zap, Remove, Disable all (bizrd)? i
i
Example_Close Called

***********************************************************************
* THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
* WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
***********************************************************************

WDM DRIVER ERROR: [Example.sys @ 0xFCA18B90] An IRP dispatch handler has
returned without passing down or completing this Irp or
someone forgot to return STATUS_PENDING. (Irp = 82740F68
).
IRP_MJ_CLOSE
[ DevObj=00000000, FileObject=FFB4BAC8, Parameters=00000000 00000000
00000000 00000000 ]
http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9

Break, Ignore, Zap, Remove, Disable all (bizrd)? i
i
watchdog!WdUpdateRecoveryState: Recovery enabled.

On 1/31/13, raj_r wrote:
> in one of the earlier post i asked about the way the Dispatch
> Functions Should be annotated
> and posted that the way the doc has a named them sint available in wd7
>
> it seems the annotation is specific to windows 8 and wdk 8 and sal 2
>
> though it doesnt seem to be clear on first sight
>
> the cancel.h in wdk samples that are online
> http://code.msdn.microsoft.com/windowshardware/Cancel-127e43b6/sourcecode?fileId=42716&pathId=1536758034
>
> is annotated with
>
> Dispatch_type(IRP_MJ_CREATE)
> Dispatch_type(IRP_MJ_CLOSE)
> DRIVER_DISPATCH CsampCreateClose;
>
> while
>
> in wdk it is named differently
> well an indication somewhere in that page that this applies only to
> wdk8 and for all other old crap go here link would have been helpful
> and might have saved a google trips to me
>
> one small wrinkle still exist
>
> is _Dispatch_type_other
> or __drv_dispatch_type_other
> the right annotation to lump all the unhandled IRP_MJ_XXXX
>
>
>
> On 1/31/13, raj_r wrote:
>> On 1/31/13, Wilkinson, Alex wrote:
>>> Do you mean this one:
>>>
>>> http://www.osronline.com/article.cfm?article=390
>>
>> yes
>>
>

Carlo_Cianfarani · January 31, 2013, 7:42am

@raj

__drv_dispatch_Type(type) where type = IRP_MJ_XXXX and __drv_dispatch_Type_other for Example_Unsupported function

In example.h I cut all that stuff:

NTSTATUS Example_Create(PDEVICE_OBJECT DeviceObject, PIRP Irp);
NTSTATUS Example_Close(PDEVICE_OBJECT DeviceObject, PIRP Irp);

…

pasting:

__drv_dispatchType (IRP_MJ_CREATE) DRIVER_DISPATCH Example_Create;
__drv_dispatchType (IRP_MJ_CLOSE) DRIVER_DISPATCH Example_Close;
__drv_dispatchType (IRP_MJ_DEVICE_CONTROL) DRIVER_DISPATCH Example_IoControl;
__drv_dispatchType (IRP_MJ_READ) DRIVER_DISPATCH Example_Read;
__drv_dispatchType (IRP_MJ_WRITE) DRIVER_DISPATCH Example_WriteBufferedIO;
__drv_dispatchType (IRP_MJ_WRITE) DRIVER_DISPATCH Example_WriteDirectIO;
__drv_dispatchType (IRP_MJ_WRITE) DRIVER_DISPATCH Example_WriteNeither;
__drv_dispatchType_other DRIVER_DISPATCH Example_UnSupportedFunction;

then, adding the PAGE_CODE; macro, it seems prefast/oacr is happy (no warnings annotations and PAGED code related)…

> use osrloader to load the .sys file as loaddriver doesnt create the registry keys though it seems to succeed DriverEntry called dbgprint should be visible in kd

I can successfully load & start example.sys in the Win 7 target (using osrloader there…) but I can not see any DbgPrint message in the WinDbg kd running on the host…

Maybe something is wrong in my setup…Any insight ?

Don_Burn · January 31, 2013, 8:41am

Have you enabled DbgPrints on the test system? Use either
http://www.osronline.com/article.cfm?article=506 or better yet
http://www.osronline.com/article.cfm?article=537 to set up the test
environment.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“xxxxx@alice.it” wrote in message
news:xxxxx@ntdev:

> @raj
>
> > __drv_dispatch_Type(type) where type = IRP_MJ_XXXX and__drv_dispatch_Type_other for Example_Unsupported function
>
> In example.h I cut all that stuff:
>
> NTSTATUS Example_Create(PDEVICE_OBJECT DeviceObject, PIRP Irp);
> NTSTATUS Example_Close(PDEVICE_OBJECT DeviceObject, PIRP Irp);
>
> …
>
> pasting:
>
> __drv_dispatchType (IRP_MJ_CREATE) DRIVER_DISPATCH Example_Create;
>__drv_dispatchType (IRP_MJ_CLOSE) DRIVER_DISPATCH Example_Close;
> __drv_dispatchType (IRP_MJ_DEVICE_CONTROL) DRIVER_DISPATCH Example_IoControl;
>__drv_dispatchType (IRP_MJ_READ) DRIVER_DISPATCH Example_Read;
> __drv_dispatchType (IRP_MJ_WRITE) DRIVER_DISPATCH Example_WriteBufferedIO;
>__drv_dispatchType (IRP_MJ_WRITE) DRIVER_DISPATCH Example_WriteDirectIO;
> __drv_dispatchType (IRP_MJ_WRITE) DRIVER_DISPATCH Example_WriteNeither;
>__drv_dispatchType_other DRIVER_DISPATCH Example_UnSupportedFunction;
>
> then, adding the PAGE_CODE; macro, it seems prefast/oacr is happy (no warnings annotations and PAGED code related)…
>
>
> > use osrloader to load the .sys file as loaddriver doesnt create the registry keys though it seems to succeed DriverEntry called dbgprint should be visible in kd
>
> I can successfully load & start example.sys in the Win 7 target (using osrloader there…) but I can not see any DbgPrint message in the WinDbg kd running on the host…
>
> Maybe something is wrong in my setup…Any insight ?

Carlo_Cianfarani · January 31, 2013, 8:44am

> I can successfully load & start example.sys in the Win 7 target (using osrloader there…) but I can not see any DbgPrint message in the WinDbg kd running on the host…

update: I can see messages in host kd only when DebugView tools (sysinternals) is running on the target…

kd>
DriverEntry Called
Example_Unload Called
DriverEntry Called
Example_Unload Called
DriverEntry Called

kd> lm a example.sys
start end module name
8239a000 823a1000 example (private pdb symbols) c:\users\20144620\documents\sw-dev\drv\example\objchk_win7_x86\i386\example.pdb

Don_Burn · January 31, 2013, 8:47am

Yes because DebugView does the registry modification.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“xxxxx@alice.it” wrote in message
news:xxxxx@ntdev:

> > I can successfully load & start example.sys in the Win 7 target (using osrloader there…) but I can not see any DbgPrint message in the WinDbg kd running on the host…
>
> update: I can see messages in host kd only when DebugView tools (sysinternals) is running on the target…
>
> kd>
> DriverEntry Called
> Example_Unload Called
> DriverEntry Called
> Example_Unload Called
> DriverEntry Called
>
> kd> lm a example.sys
> start end module name
> 8239a000 823a1000 example (private pdb symbols) c:\users\20144620\documents\sw-dev\drv\example\objchk_win7_x86\i386\example.pdb

Carlo_Cianfarani · January 31, 2013, 9:41am

Thanks all !

Same test on a XP target shows DbgPrint messages without registry modification needed (as expected)

Now I’m going to begin again using KMDF as recommended !

Carlo_Cianfarani · February 4, 2013, 8:20am

> @carlo if and when you are finished with compiling that sample warning / error free you should

run it with verifier enabled and fix these too

Only now I’ve tried to use Driver Verifier with it. When Example_Close is called (upon IRP_MJ_CLOSE packet) I get this error

Break, Ignore, Zap, Remove, Disable all (bizrd)? i
i
Example_Close Called

***********************************************************************
* THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
* WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
***********************************************************************

WDM DRIVER ERROR: [example.sys @ 0xFB0EEB50] An IRP dispatch handler has
returned without passing down or completing this Irp or
someone forgot to return STATUS_PENDING. (Irp = 8134AF68
).
IRP_MJ_CLOSE
[DevObj=00000000, FileObject=80E97DF0, Parameters=00000000 00000000 00000000 00000000]
http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9

Break, Ignore, Zap, Remove, Disable all (bizrd)? i
i
A driver has leaked 4096 bytes of physical memory. <--------------------
Break instruction exception - code 80000003 (first chance)
nt!DbgBreakPoint:
804e3586 cc int 3

It seems with the I/O_DIRECT method a 4KB page remain locked when IRP is dismissed and control return to user mode (usedriver.exe)

kd> !process
PROCESS ff924d20 SessionId: 0 Cid: 03dc Peb: 7ffd5000 ParentCid: 05b4
DirBase: 01496000 ObjectTable: 00000000 HandleCount: 0.
Image: usedriver.exe
VadRoot 00000000 Vads 0 Clone 0 Private 0. Modified 3. Locked 1.
DeviceMap e16b1b70

kd> dt nt!_EPROCESS ff924d20
+0x000 Pcb : _KPROCESS
+0x06c ProcessLock : _EX_PUSH_LOCK
+0x070 CreateTime : _LARGE_INTEGER 0x1ce02d7bca181fe<br> +0x078 ExitTime : _LARGE_INTEGER 0x1ce02d7bceca0da
+0x080 RundownProtect : _EX_RUNDOWN_REF
+0x084 UniqueProcessId : 0x000003dc Void
+0x088 ActiveProcessLinks : _LIST_ENTRY [0x80561358 - 0xff8f0670]
+0x090 QuotaUsage : [3] 0x2000
+0x09c QuotaPeak : [3] 0x2348
+0x0a8 CommitCharge : 0
+0x0ac PeakVirtualSize : 0x54d000
+0x0b0 VirtualSize : 0x53d000
+0x0b4 SessionProcessLinks : _LIST_ENTRY [0xfb074014 - 0xff8f069c]
+0x0bc DebugPort : (null)
+0x0c0 ExceptionPort : 0xe1561e68 Void
+0x0c4 ObjectTable : (null)
+0x0c8 Token : _EX_FAST_REF
+0x0cc WorkingSetLock : _FAST_MUTEX
+0x0ec WorkingSetPage : 0x5c59
+0x0f0 AddressCreationLock : _FAST_MUTEX
+0x110 HyperSpaceLock : 0
+0x114 ForkInProgress : (null)
+0x118 HardwareTrigger : 0
+0x11c VadRoot : (null)
+0x120 VadHint : (null)
+0x124 CloneRoot : (null)
+0x128 NumberOfPrivatePages : 0
+0x12c NumberOfLockedPages : 1 <--------------

Don_Burn · February 4, 2013, 8:40am

If you look at the code you will see that NO IRP’s are completed. This
totally violates the rules for Windows, and it part of the reason this
sample is considered crap. Try running static driver verifier on the
sample, if would be amusing to see the number of failures. But, in
general it is time to move to KMDF. You have been trying to build a
sample driver and get it to run for close to a week now, that should
tell you something of the quality of the sample.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“xxxxx@alice.it” wrote in message
news:xxxxx@ntdev:

> > @carlo if and when you are finished with compiling that sample warning / error free you should
> > run it with verifier enabled and fix these too
>
> Only now I’ve tried to use Driver Verifier with it. When Example_Close is called (upon IRP_MJ_CLOSE packet) I get this error
>
>
> Break, Ignore, Zap, Remove, Disable all (bizrd)? i
> i
> Example_Close Called
>
>
> * THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
> * WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
>
>
> WDM DRIVER ERROR: [example.sys @ 0xFB0EEB50] An IRP dispatch handler has
> returned without passing down or completing this Irp or
> someone forgot to return STATUS_PENDING. (Irp = 8134AF68
> ).
> IRP_MJ_CLOSE
> [DevObj=00000000, FileObject=80E97DF0, Parameters=00000000 00000000 00000000 00000000]
> http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9
>
> Break, Ignore, Zap, Remove, Disable all (bizrd)? i
> i
> A driver has leaked 4096 bytes of physical memory. <--------------------
> Break instruction exception - code 80000003 (first chance)
> nt!DbgBreakPoint:
> 804e3586 cc int 3
>
> It seems with the I/O_DIRECT method a 4KB page remain locked when IRP is dismissed and control return to user mode (usedriver.exe)
>
> kd> !process
> PROCESS ff924d20 SessionId: 0 Cid: 03dc Peb: 7ffd5000 ParentCid: 05b4
> DirBase: 01496000 ObjectTable: 00000000 HandleCount: 0.
> Image: usedriver.exe
> VadRoot 00000000 Vads 0 Clone 0 Private 0. Modified 3. Locked 1.
> DeviceMap e16b1b70
>
>
> kd> dt nt!_EPROCESS ff924d20
> +0x000 Pcb : _KPROCESS
> +0x06c ProcessLock : _EX_PUSH_LOCK
> +0x070 CreateTime : _LARGE_INTEGER 0x1ce02d7bca181fe<br>> +0x078 ExitTime : _LARGE_INTEGER 0x1ce02d7bceca0da
> +0x080 RundownProtect : _EX_RUNDOWN_REF
> +0x084 UniqueProcessId : 0x000003dc Void
> +0x088 ActiveProcessLinks : _LIST_ENTRY [0x80561358 - 0xff8f0670]
> +0x090 QuotaUsage : [3] 0x2000
> +0x09c QuotaPeak : [3] 0x2348
> +0x0a8 CommitCharge : 0
> +0x0ac PeakVirtualSize : 0x54d000
> +0x0b0 VirtualSize : 0x53d000
> +0x0b4 SessionProcessLinks : _LIST_ENTRY [0xfb074014 - 0xff8f069c]
> +0x0bc DebugPort : (null)
> +0x0c0 ExceptionPort : 0xe1561e68 Void
> +0x0c4 ObjectTable : (null)
> +0x0c8 Token : _EX_FAST_REF
> +0x0cc WorkingSetLock : _FAST_MUTEX
> +0x0ec WorkingSetPage : 0x5c59
> +0x0f0 AddressCreationLock : _FAST_MUTEX
> +0x110 HyperSpaceLock : 0
> +0x114 ForkInProgress : (null)
> +0x118 HardwareTrigger : 0
> +0x11c VadRoot : (null)
> +0x120 VadHint : (null)
> +0x124 CloneRoot : (null)
> +0x128 NumberOfPrivatePages : 0
> +0x12c NumberOfLockedPages : 1 <--------------
>

raj_r · February 4, 2013, 3:12pm

did you read the link i posted which explains how to complete the irp
with either a simple completion or with a completion routine and if
completion routine is used how to and where and when to mark the Irp
pending and return STATUS_PENDING

if you had done it the major C9 Minor 226 bugcheck stop should not be happening
iirc with IRP Completion the system should also cleanup the LockeD MDL
Read about Using MDLs it is explained there when MmUnlockPages()
MmUnmapLockedPages,IofreeMdl etc should be used

i know you wrote you are moving to KMDF but i would say mucking around
with debugger and driver verifier and getting acquainted with the
problems and resolving them now is a worthy investment of time in long
run

On 2/4/13, Don Burn wrote:
> If you look at the code you will see that NO IRP’s are completed. This
> totally violates the rules for Windows, and it part of the reason this
> sample is considered crap. Try running static driver verifier on the
> sample, if would be amusing to see the number of failures. But, in
> general it is time to move to KMDF. You have been trying to build a
> sample driver and get it to run for close to a week now, that should
> tell you something of the quality of the sample.
>
>
> Don Burn
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
>
> “xxxxx@alice.it” wrote in message
> news:xxxxx@ntdev:
>
>> > @carlo if and when you are finished with compiling that sample warning /
>> > error free you should
>> > run it with verifier enabled and fix these too
>>
>> Only now I’ve tried to use Driver Verifier with it. When Example_Close is
>> called (upon IRP_MJ_CLOSE packet) I get this error
>>
>>
>> Break, Ignore, Zap, Remove, Disable all (bizrd)? i
>> i
>> Example_Close Called
>>
>>
>> * THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
>> * WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
>>
>>
>> WDM DRIVER ERROR: [example.sys @ 0xFB0EEB50] An IRP dispatch handler has
>> returned without passing down or completing this Irp or
>> someone forgot to return STATUS_PENDING. (Irp =
>> 8134AF68
>> ).
>> IRP_MJ_CLOSE
>> [DevObj=00000000, FileObject=80E97DF0, Parameters=00000000 00000000
>> 00000000 00000000]
>> http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9
>>
>> Break, Ignore, Zap, Remove, Disable all (bizrd)? i
>> i
>> A driver has leaked 4096 bytes of physical memory. <--------------------
>> Break instruction exception - code 80000003 (first chance)
>> nt!DbgBreakPoint:
>> 804e3586 cc int 3
>>
>> It seems with the I/O_DIRECT method a 4KB page remain locked when IRP is
>> dismissed and control return to user mode (usedriver.exe)
>>
>> kd> !process
>> PROCESS ff924d20 SessionId: 0 Cid: 03dc Peb: 7ffd5000 ParentCid:
>> 05b4
>> DirBase: 01496000 ObjectTable: 00000000 HandleCount: 0.
>> Image: usedriver.exe
>> VadRoot 00000000 Vads 0 Clone 0 Private 0. Modified 3. Locked 1.
>> DeviceMap e16b1b70
>>
>>
>> kd> dt nt!_EPROCESS ff924d20
>> +0x000 Pcb : _KPROCESS
>> +0x06c ProcessLock : _EX_PUSH_LOCK
>> +0x070 CreateTime : _LARGE_INTEGER 0x1ce02d7bca181fe<br>>> +0x078 ExitTime : _LARGE_INTEGER 0x1ce02d7bceca0da
>> +0x080 RundownProtect : _EX_RUNDOWN_REF
>> +0x084 UniqueProcessId : 0x000003dc Void
>> +0x088 ActiveProcessLinks : _LIST_ENTRY [0x80561358 - 0xff8f0670]
>> +0x090 QuotaUsage : [3] 0x2000
>> +0x09c QuotaPeak : [3] 0x2348
>> +0x0a8 CommitCharge : 0
>> +0x0ac PeakVirtualSize : 0x54d000
>> +0x0b0 VirtualSize : 0x53d000
>> +0x0b4 SessionProcessLinks : _LIST_ENTRY [0xfb074014 - 0xff8f069c]
>> +0x0bc DebugPort : (null)
>> +0x0c0 ExceptionPort : 0xe1561e68 Void
>> +0x0c4 ObjectTable : (null)
>> +0x0c8 Token : _EX_FAST_REF
>> +0x0cc WorkingSetLock : _FAST_MUTEX
>> +0x0ec WorkingSetPage : 0x5c59
>> +0x0f0 AddressCreationLock : _FAST_MUTEX
>> +0x110 HyperSpaceLock : 0
>> +0x114 ForkInProgress : (null)
>> +0x118 HardwareTrigger : 0
>> +0x11c VadRoot : (null)
>> +0x120 VadHint : (null)
>> +0x124 CloneRoot : (null)
>> +0x128 NumberOfPrivatePages : 0
>> +0x12c NumberOfLockedPages : 1 <--------------
>>
>
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Don_Burn · February 4, 2013, 3:20pm

Doing anything with that crappy sample (except maybe deleting it) is by
definition a waste of time.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“raj_r” wrote in message news:xxxxx@ntdev:

> did you read the link i posted which explains how to complete the irp
> with either a simple completion or with a completion routine and if
> completion routine is used how to and where and when to mark the Irp
> pending and return STATUS_PENDING
>
> if you had done it the major C9 Minor 226 bugcheck stop should not be happening
> iirc with IRP Completion the system should also cleanup the LockeD MDL
> Read about Using MDLs it is explained there when MmUnlockPages()
> MmUnmapLockedPages,IofreeMdl etc should be used
>
> i know you wrote you are moving to KMDF but i would say mucking around
> with debugger and driver verifier and getting acquainted with the
> problems and resolving them now is a worthy investment of time in long
> run
>
>
> On 2/4/13, Don Burn wrote:
> > If you look at the code you will see that NO IRP’s are completed. This
> > totally violates the rules for Windows, and it part of the reason this
> > sample is considered crap. Try running static driver verifier on the
> > sample, if would be amusing to see the number of failures. But, in
> > general it is time to move to KMDF. You have been trying to build a
> > sample driver and get it to run for close to a week now, that should
> > tell you something of the quality of the sample.
> >
> >
> > Don Burn
> > Windows Filesystem and Driver Consulting
> > Website: http://www.windrvr.com
> > Blog: http://msmvps.com/blogs/WinDrvr
> >
> >
> >
> > “xxxxx@alice.it” wrote in message
> > news:xxxxx@ntdev:
> >
> >> > @carlo if and when you are finished with compiling that sample warning /
> >> > error free you should
> >> > run it with verifier enabled and fix these too
> >>
> >> Only now I’ve tried to use Driver Verifier with it. When Example_Close is
> >> called (upon IRP_MJ_CLOSE packet) I get this error
> >>
> >>
> >> Break, Ignore, Zap, Remove, Disable all (bizrd)? i
> >> i
> >> Example_Close Called
> >>
> >>
> >> * THIS VALIDATION BUG IS FATAL AND WILL CAUSE THE VERIFIER TO HALT *
> >> * WINDOWS (BUGCHECK) WHEN THE MACHINE IS NOT UNDER A KERNEL DEBUGGER! *
> >>
> >>
> >> WDM DRIVER ERROR: [example.sys @ 0xFB0EEB50] An IRP dispatch handler has
> >> returned without passing down or completing this Irp or
> >> someone forgot to return STATUS_PENDING. (Irp =
> >> 8134AF68
> >> ).
> >> IRP_MJ_CLOSE
> >> [DevObj=00000000, FileObject=80E97DF0, Parameters=00000000 00000000
> >> 00000000 00000000]
> >> http://www.microsoft.com/hwdq/bc/default.asp?os=5.1.2600&major=0xc9&minor=0x226&lang=0x9
> >>
> >> Break, Ignore, Zap, Remove, Disable all (bizrd)? i
> >> i
> >> A driver has leaked 4096 bytes of physical memory. <--------------------
> >> Break instruction exception - code 80000003 (first chance)
> >> nt!DbgBreakPoint:
> >> 804e3586 cc int 3
> >>
> >> It seems with the I/O_DIRECT method a 4KB page remain locked when IRP is
> >> dismissed and control return to user mode (usedriver.exe)
> >>
> >> kd> !process
> >> PROCESS ff924d20 SessionId: 0 Cid: 03dc Peb: 7ffd5000 ParentCid:
> >> 05b4
> >> DirBase: 01496000 ObjectTable: 00000000 HandleCount: 0.
> >> Image: usedriver.exe
> >> VadRoot 00000000 Vads 0 Clone 0 Private 0. Modified 3. Locked 1.
> >> DeviceMap e16b1b70
> >>
> >>
> >> kd> dt nt!_EPROCESS ff924d20
> >> +0x000 Pcb : _KPROCESS
> >> +0x06c ProcessLock : _EX_PUSH_LOCK
> >> +0x070 CreateTime : _LARGE_INTEGER 0x1ce02d7bca181fe<br>> >> +0x078 ExitTime : _LARGE_INTEGER 0x1ce02d7bceca0da
> >> +0x080 RundownProtect : _EX_RUNDOWN_REF
> >> +0x084 UniqueProcessId : 0x000003dc Void
> >> +0x088 ActiveProcessLinks : _LIST_ENTRY [0x80561358 - 0xff8f0670]
> >> +0x090 QuotaUsage : [3] 0x2000
> >> +0x09c QuotaPeak : [3] 0x2348
> >> +0x0a8 CommitCharge : 0
> >> +0x0ac PeakVirtualSize : 0x54d000
> >> +0x0b0 VirtualSize : 0x53d000
> >> +0x0b4 SessionProcessLinks : _LIST_ENTRY [0xfb074014 - 0xff8f069c]
> >> +0x0bc DebugPort : (null)
> >> +0x0c0 ExceptionPort : 0xe1561e68 Void
> >> +0x0c4 ObjectTable : (null)
> >> +0x0c8 Token : _EX_FAST_REF
> >> +0x0cc WorkingSetLock : _FAST_MUTEX
> >> +0x0ec WorkingSetPage : 0x5c59
> >> +0x0f0 AddressCreationLock : _FAST_MUTEX
> >> +0x110 HyperSpaceLock : 0
> >> +0x114 ForkInProgress : (null)
> >> +0x118 HardwareTrigger : 0
> >> +0x11c VadRoot : (null)
> >> +0x120 VadHint : (null)
> >> +0x124 CloneRoot : (null)
> >> +0x128 NumberOfPrivatePages : 0
> >> +0x12c NumberOfLockedPages : 1 <--------------
> >>
> >
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > OSR is HIRING!! See http://www.osr.com/careers
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >