KeSetEvent

NTDEV
1

Hi,

I have a question about KeSetEvent.

I called KeSetEvent at DISPATCH_LEVEL and KeWaitForSingleObject is in a
thread that runs at
PASSIVE_LEVEL. why it cause a page fault?
both routine are locked by MmLockPagableCodeSection. And all variables are
in non-paged pool memory.

thanks.

NTSTATUS DRV4ReadIoCompletion(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PIO_STACK_LOCATION pStackLoc;
NTSTATUS status;

DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"++. IRP %p", Irp);

if (Irp->PendingReturned) {

IoMarkIrpPending( Irp );
}
pStackLoc = IoGetCurrentIrpStackLocation(Irp);
if(pStackLoc->Parameters.Read.Length)
{
while(mine->g_WaitForWritingToFile == TRUE && mine->g_IsThreadRunning ==
TRUE);

mine->g_WaitForWritingToFile = TRUE;
RtlZeroMemory(mine->g_TstBuff,100);
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". Readed Length
%x",pStackLoc->Parameters.Read.Length );

RtlCopyMemory(mine->g_TstBuff,Irp->AssociatedIrp.SystemBuffer,pStackLoc->Par
ameters.Read.Length);
mine->g_ReadedLength = pStackLoc->Parameters.Read.Length;

/*************************PROBLEM********************/
KeSetEvent(&mine->g_ThreadEvent,IO_NO_INCREMENT,FALSE);
/******************************************************/

// DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". Readed String
%S",tstBuff );

}
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"–. IRP %p STATUS %x",
Irp, STATUS_CONTINUE_COMPLETION);
return STATUS_CONTINUE_COMPLETION;

}

VOID DRV4Thread(
IN PVOID StartContext
)
{
NTSTATUS status;
OBJECT_ATTRIBUTES fileObjectAttributes;
HANDLE fileHandle;
IO_STATUS_BLOCK fileIoStatusBlock;
UNICODE_STRING fileUnicodeString;
int sw = TRUE;

PAGED_CODE();
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"++.");

KeInitializeEvent(&mine->g_ThreadEvent,SynchronizationEvent,FALSE);
//KeInitializeEvent(&mine->g_WaitForWriteEvent,SynchronizationEvent,FALSE);

//KeSetEvent(&mine->g_WaitForWriteEvent,IO_NO_INCREMENT,FALSE);

RtlInitUnicodeString(&fileUnicodeString,L"\DosDevices\C:\tstdrv.txt");

InitializeObjectAttributes(
&fileObjectAttributes,
&fileUnicodeString,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,NULL
);
status = ZwOpenFile(
&fileHandle,
FILE_APPEND_DATA,
&fileObjectAttributes,
&fileIoStatusBlock,
FILE_SHARE_WRITE | FILE_SHARE_READ,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_ALERT
);
if(status != STATUS_SUCCESS)
{
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"Failed to open file.
STATUS %x",status);
mine->g_WaitForWritingToFile = FALSE;
mine->g_IsThreadRunning = FALSE;
return;

}
//mine->g_WaitForWritingToFile = TRUE;
while(sw == TRUE)
{
status = KeWaitForSingleObject(
&mine->g_ThreadEvent,
Executive,
UserMode,
FALSE,
NULL
);
if(!mine->g_ShouldContinue){
sw = FALSE;
}
if(status == STATUS_SUCCESS)
{
status = ZwWriteFile(
fileHandle,
NULL,NULL,NULL,
&fileIoStatusBlock,
mine->g_TstBuff,
mine->g_ReadedLength,
NULL,NULL
);
if(fileIoStatusBlock.Status == STATUS_SUCCESS )
{
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". ZwWriteFile
Written bytes : %x",fileIoStatusBlock.Information);
}
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". ZwWriteFile STATUS
%x",status);
}
mine->g_WaitForWritingToFile = FALSE;
//KeSetEvent(&mine->g_WaitForWriteEvent,IO_NO_INCREMENT,FALSE);
}
ZwClose(fileHandle);

mine->g_IsThreadRunning = FALSE;
DRV4DebugPrint(DBG_INIT, DBG_TRACE, FUNCTION"–.");

}

2

Why does WHAT cause a “page fault”?

C’mon dude… How can we help you if you don’t tell us where you’re page faulting, is it the page fault that’s the problem, or is the page fault causing a BSOD that’s you’re problem. WHAT are you “locking”?

Please, we’re happy to help, but please take the time and effort to form a nice complete question,

Peter
OSR

3

My guess is that the ReadIoCompletion call is occurring before the
DRV4Thread function has initialized the event. The event needs to be
initialized before you perform whatever call you did that resulted in
your ReadIoCompletion executing.

Where does the structure “mine” get intialized? Initialize the event
there.

Beverly

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of david whiteman
Sent: Saturday, August 12, 2006 10:33 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] KeSetEvent

Hi,

I have a question about KeSetEvent.

I called KeSetEvent at DISPATCH_LEVEL and KeWaitForSingleObject is in a
thread that runs at PASSIVE_LEVEL. why it cause a page fault?
both routine are locked by MmLockPagableCodeSection. And all variables
are in non-paged pool memory.

thanks.

NTSTATUS DRV4ReadIoCompletion(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PIO_STACK_LOCATION pStackLoc;
NTSTATUS status;

DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"++. IRP %p", Irp);

if (Irp->PendingReturned) {

IoMarkIrpPending( Irp );
}
pStackLoc = IoGetCurrentIrpStackLocation(Irp);
if(pStackLoc->Parameters.Read.Length)
{
while(mine->g_WaitForWritingToFile == TRUE && mine->g_IsThreadRunning
== TRUE);

mine->g_WaitForWritingToFile = TRUE;
RtlZeroMemory(mine->g_TstBuff,100);
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". Readed Length
%x",pStackLoc->Parameters.Read.Length );

RtlCopyMemory(mine->g_TstBuff,Irp->AssociatedIrp.SystemBuffer,pStackLoc-

Par
ameters.Read.Length);
mine->g_ReadedLength = pStackLoc->Parameters.Read.Length;

/*************************PROBLEM********************/
KeSetEvent(&mine->g_ThreadEvent,IO_NO_INCREMENT,FALSE);
/******************************************************/

// DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". Readed
String
%S",tstBuff );

}
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"–. IRP %p STATUS
%x", Irp, STATUS_CONTINUE_COMPLETION); return
STATUS_CONTINUE_COMPLETION;

}

VOID DRV4Thread(
IN PVOID StartContext
)
{
NTSTATUS status;
OBJECT_ATTRIBUTES fileObjectAttributes;
HANDLE fileHandle;
IO_STATUS_BLOCK fileIoStatusBlock;
UNICODE_STRING fileUnicodeString;
int sw = TRUE;

PAGED_CODE();
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"++.");

KeInitializeEvent(&mine->g_ThreadEvent,SynchronizationEvent,FALSE);

//KeInitializeEvent(&mine->g_WaitForWriteEvent,SynchronizationEvent,FALS
E);

//KeSetEvent(&mine->g_WaitForWriteEvent,IO_NO_INCREMENT,FALSE);

RtlInitUnicodeString(&fileUnicodeString,L"\DosDevices\C:\tstdrv.txt")
;

InitializeObjectAttributes(
&fileObjectAttributes,
&fileUnicodeString,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,NULL
);
status = ZwOpenFile(
&fileHandle,
FILE_APPEND_DATA,
&fileObjectAttributes,
&fileIoStatusBlock,
FILE_SHARE_WRITE | FILE_SHARE_READ,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_ALERT
);
if(status != STATUS_SUCCESS)
{
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"Failed to open
file.
STATUS %x",status);
mine->g_WaitForWritingToFile = FALSE;
mine->g_IsThreadRunning = FALSE;
return;

}
//mine->g_WaitForWritingToFile = TRUE;
while(sw == TRUE)
{
status = KeWaitForSingleObject(
&mine->g_ThreadEvent,
Executive,
UserMode,
FALSE,
NULL
);
if(!mine->g_ShouldContinue){
sw = FALSE;
}
if(status == STATUS_SUCCESS)
{
status = ZwWriteFile(
fileHandle,
NULL,NULL,NULL,
&fileIoStatusBlock,
mine->g_TstBuff,
mine->g_ReadedLength,
NULL,NULL
);
if(fileIoStatusBlock.Status == STATUS_SUCCESS )
{
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". ZwWriteFile
Written bytes : %x",fileIoStatusBlock.Information);
}
DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". ZwWriteFile
STATUS %x",status);
}
mine->g_WaitForWritingToFile = FALSE;
//KeSetEvent(&mine->g_WaitForWriteEvent,IO_NO_INCREMENT,FALSE);
}
ZwClose(fileHandle);

mine->g_IsThreadRunning = FALSE;
DRV4DebugPrint(DBG_INIT, DBG_TRACE, FUNCTION"–.");

}

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

What is “mine”? Is it a global?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “david whiteman”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Saturday, August 12, 2006 6:32 PM
Subject: [ntdev] KeSetEvent

> Hi,
>
> I have a question about KeSetEvent.
>
> I called KeSetEvent at DISPATCH_LEVEL and KeWaitForSingleObject is in a
> thread that runs at
> PASSIVE_LEVEL. why it cause a page fault?
> both routine are locked by MmLockPagableCodeSection. And all variables are
> in non-paged pool memory.
>
> thanks.
>
> NTSTATUS DRV4ReadIoCompletion(
> IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp,
> IN PVOID Context
> )
> {
> PIO_STACK_LOCATION pStackLoc;
> NTSTATUS status;
>
>
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"++. IRP %p", Irp);
>
>
> if (Irp->PendingReturned) {
>
> IoMarkIrpPending( Irp );
> }
> pStackLoc = IoGetCurrentIrpStackLocation(Irp);
> if(pStackLoc->Parameters.Read.Length)
> {
> while(mine->g_WaitForWritingToFile == TRUE && mine->g_IsThreadRunning ==
> TRUE);
>
> mine->g_WaitForWritingToFile = TRUE;
> RtlZeroMemory(mine->g_TstBuff,100);
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". Readed Length
> %x",pStackLoc->Parameters.Read.Length );
>
> RtlCopyMemory(mine->g_TstBuff,Irp->AssociatedIrp.SystemBuffer,pStackLoc->Par
> ameters.Read.Length);
> mine->g_ReadedLength = pStackLoc->Parameters.Read.Length;
>
> / *****PROBLEM /
> KeSetEvent(&mine->g_ThreadEvent,IO_NO_INCREMENT,FALSE);
> / ****************************************************** /
>
>
> // DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". Readed String
> %S",tstBuff );
>
> }
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"–. IRP %p STATUS %x",
> Irp, STATUS_CONTINUE_COMPLETION);
> return STATUS_CONTINUE_COMPLETION;
>
> }
>
>
>
>
>
>
> VOID DRV4Thread(
> IN PVOID StartContext
> )
> {
> NTSTATUS status;
> OBJECT_ATTRIBUTES fileObjectAttributes;
> HANDLE fileHandle;
> IO_STATUS_BLOCK fileIoStatusBlock;
> UNICODE_STRING fileUnicodeString;
> int sw = TRUE;
>
> PAGED_CODE();
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"++.“);
>
>
> KeInitializeEvent(&mine->g_ThreadEvent,SynchronizationEvent,FALSE);
> //KeInitializeEvent(&mine->g_WaitForWriteEvent,SynchronizationEvent,FALSE);
>
>
>
> //KeSetEvent(&mine->g_WaitForWriteEvent,IO_NO_INCREMENT,FALSE);
>
>
> RtlInitUnicodeString(&fileUnicodeString,L”\DosDevices\C:\tstdrv.txt");
>
>
> InitializeObjectAttributes(
> &fileObjectAttributes,
> &fileUnicodeString,
> OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
> NULL,NULL
> );
> status = ZwOpenFile(
> &fileHandle,
> FILE_APPEND_DATA,
> &fileObjectAttributes,
> &fileIoStatusBlock,
> FILE_SHARE_WRITE | FILE_SHARE_READ,
> FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_ALERT
> );
> if(status != STATUS_SUCCESS)
> {
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION"Failed to open file.
> STATUS %x",status);
> mine->g_WaitForWritingToFile = FALSE;
> mine->g_IsThreadRunning = FALSE;
> return;
>
> }
> //mine->g_WaitForWritingToFile = TRUE;
> while(sw == TRUE)
> {
> status = KeWaitForSingleObject(
> &mine->g_ThreadEvent,
> Executive,
> UserMode,
> FALSE,
> NULL
> );
> if(!mine->g_ShouldContinue){
> sw = FALSE;
> }
> if(status == STATUS_SUCCESS)
> {
> status = ZwWriteFile(
> fileHandle,
> NULL,NULL,NULL,
> &fileIoStatusBlock,
> mine->g_TstBuff,
> mine->g_ReadedLength,
> NULL,NULL
> );
> if(fileIoStatusBlock.Status == STATUS_SUCCESS )
> {
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". ZwWriteFile
> Written bytes : %x",fileIoStatusBlock.Information);
> }
> DRV4DebugPrint(DBG_GENERAL, DBG_TRACE, FUNCTION". ZwWriteFile STATUS
> %x",status);
> }
> mine->g_WaitForWritingToFile = FALSE;
> //KeSetEvent(&mine->g_WaitForWriteEvent,IO_NO_INCREMENT,FALSE);
> }
> ZwClose(fileHandle);
>
> mine->g_IsThreadRunning = FALSE;
> DRV4DebugPrint(DBG_INIT, DBG_TRACE, FUNCTION"–.");
>
> }
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

5

Hi,

this code is for a filter driver for buffered I/O that write read data to
file for some analysis. in beginning of running the driver
DRV4ReadIoCompletion is in PASSIVE_LEVEL but after number of request it
context changes to DISPATCH_LEVEL and I recieve a page fault in KeSetEvent.

mine is structure that is in the non-paged pool memory and all of used
variables are defined in that.

thanks.

6

How about a dump with !analyze -v showing where the crash actually occurs?
There is lots of code there, and guessing which instruction hits the fault
isn’t productive.

Loren

7

Thanks all.

I found that the problem was for something else.