Right, if you are running on a non-2000 build with this dispatch handler you
need to filter out the REGINFO_EX minor call. It will come in but you need
to fail it.
Sounds like this may not be what you are hitting though. I did encounter
crashes before I filtered the EX minor code on XP and 2K3 systems though.
What I did to resolve much of this was to look at the ‘default’ dispatch
handler which can be found in the 2K template file. From here I massaged the
two versions together and it did work but it did not work right out of the
box with the handler provided in the article. The two changes included the
above exclusion of the EX minor code and the zero-ing out of the WMI buffer
for the ‘normal’ REGINFO structure.
Pete
Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Friday, June 10, 2005 1:43 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WPP tracing weird bug
Peter,
As I said in my original post, I am basing this on the OSR WPP code.
In particular my SystemControl function is:
static NTSTATUS SystemControl( PDEVICE_OBJECT DeviceObject,
PIRP Irp)
{
NTSTATUS status;
PDEVICE_EXTENSION deviceExtension;
PIO_STACK_LOCATION currentIrpStack;
ULONG bytesRet;
currentIrpStack = IoGetCurrentIrpStackLocation(Irp);
deviceExtension = ( PDEVICE_EXTENSION ) DeviceObject->DeviceExtension;
if ( DeviceObject ==
(PDEVICE_OBJECT) currentIrpStack->Parameters.WMI.ProviderId )
{
status = WPP_TRACE_CONTROL(currentIrpStack->MinorFunction,
currentIrpStack->Parameters.WMI.Buffer,
currentIrpStack->Parameters.WMI.BufferSize, bytesRet );
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = bytesRet;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
}
else
{
IoSkipCurrentIrpStackLocation ( Irp );
status = IoCallDriver( deviceExtension->TargetDeviceObject, Irp );
}
return status;
}
I am getting a IRP_MN_REGINFO with messed up parameters in particular a huge
GuidCount, that blows up in the .tmh file from the call to WPP_TRACE_CONTROL
at.
case IRP_MN_REGINFO:
{
PWMIREGINFOW wmiRegInfo;
PCUNICODE_STRING regPath;
PWCHAR stringPtr;
ULONG registryPathOffset;
ULONG bufferNeeded;
#if defined(WPP_TRACE_W2K_COMPATABILITY)
wmiRegInfo = (PWMIREGINFO)Buffer;
// Replace the null with the driver’s trace control GUID
// regGuid is initialized the first time, so the GUID is saved for the
next
// IRP_MN_REGINFO call
if (regGuid == NULL) {
regGuid = cb->Registration.ControlGuid;
}
if (wmiRegInfo->GuidCount >= 1) {
// Replace the null trace GUID with the driver’s trace control GUID
wmiRegInfo->WmiRegGuid[wmiRegInfo->GuidCount-1].Guid = *regGuid;
…
Which blows up in the line above since GuidCount is a very large number.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
----- Original Message -----
From: “Peter Scott”
To: “Windows System Software Devs Interest List”
Sent: Friday, June 10, 2005 3:23 PM
Subject: RE: [ntdev] WPP tracing weird bug
>
> Don,
>
> Are you failing the minor function IRP_MN_REGINFO_EX requests? If you are
> supporting back to 2K then you will need to fail this minor function on XP
> and later platforms and you will then get the minor code IRP_MN_REGINFO
> back
> immediately. The other thing I noticed there was that you will only zero
> the
> WMI.Buffer when the minor function code is this latter minor code then
> call
> into the WPP_TRACE_CONTROL macro.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: Friday, June 10, 2005 11:49 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] WPP tracing weird bug
>
> I’m putting together a simple disk filter driver for a customer and have
> encountered a weird problem. I used OSR’s SystemControl routine from
> their
> article “WPP Tracing Part 1, Supporting Windows 2000 and beyond”. When I
> run it on Windows Server 2003 SP1 with driver verifier on, I am getting
> crash from WPP_TRACE_CONTROL because it appears the buffer from the
> SystemContol Irp is corrurupted with a GuidCount of 0x82091000
>
> Anyone seen something like this, or have any suggestions?
>
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com