Jump-start your project by learning from devs who
write Windows drivers and file systems every day.
Take an OSR seminar!

OSR is Hiring! Click here to find out more.

Upcoming OSR Seminars:
Windows Internals & Software Drivers Lab, Santa Clara, CA 5-9 August, 2013
Kernel Debugging & Crash Analysis for Windows Lab, Santa Clara, CA 9-13 September, 2013
Writing WDF Drivers for Windows Lab, Boston, MA 7-11 October, 2013
Developing File Systems for Windows, Seattle, WA 5-8 November, 2013

Go Back   OSR Online Lists > ntfsd
link STATUS_PENDING and IoMarkIrpPending BSOD
Welcome, Guest
You must login to post to this list
  Message 1 of 11  
22 Aug 12 12:31
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
STATUS_PENDING and IoMarkIrpPending BSOD
Hi All, I have written a file system driver (not a filter driver). When I get the IRP_MJ_READ call, pass it to lower level driver and it returns me STATUS_PENDING. So I queue the IRP, and mark the IRP with IoMarkIrpPending. At the deque of the IRP_MJ_READ, I get a BSOD on IoCompleteRequest. Am I missing something here? I don't know what am I doing wrong
  Message 2 of 11  
22 Aug 12 13:08
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 586
List Moderator
Re: STATUS_PENDING and IoMarkIrpPending BSOD
You're not processing the IRP correctly. It's a long story, but this article on OSR Online should make it clear why what you are doing is incorrect: http://www.osronline.com/article.cfm?article=83 -scott wrote in message news:94482@ntfsd... Hi All, I have written a file system driver (not a filter driver). When I get the IRP_MJ_READ call, pass it to lower level driver and it returns me STATUS_PENDING. So I queue the IRP, and mark the IRP with IoMarkIrpPending. At the deque of the IRP_MJ_READ, I get a BSOD on IoCompleteRequest. Am I missing something here? I don't know what am I doing wrong
  Message 3 of 11  
23 Aug 12 04:23
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
RE: STATUS_PENDING and IoMarkIrpPending BSOD
Hi Scott, I have done it the same priding the Completion routine, and it works fine for almost all files (text, doc, video etc) The problem I found recently on opening the powerpoint files only I don't know but it seems some sort of exception to me, and the IRP seems garbage as well. Here is the IRP values Irp 0x8439c218 Type 0n-25088 (I never seen this) Size 0x8444 MdlAdress 0x00000000 ThreadListEntry [0x8439c228 - [0x8439c228] IoStatus Status 0n0 Pointer 0x00000000 Information 0 RequestorMode 0n1 PendingReturned 0x00 StackCount 0n11 CurrentLocation 0n11 Cancel 0x00 CancelIrql 0x00 ApcEnvironment 0n0 AllocationFlags 0x01 UserIosb 0x0020e030 Status <Memory access error> Pointer <Memory access error> Information <Memory access error> UserEvent 0x00000000 Overlay CancelRoutine 0x00000000 UserBuffer 0x0020e0e8 Tail and here is the CALL STACK, upon which I get the BSOD: FSDriver!FSDriverReadFile+0xa63 FSDriver!_NLG_Return2 FSDriver!_local_unwind4+0x80 FSDriver!_EH4_LocalUnwind+0x10 FSDriver!_except_handler4+0x14f WARNING: Stack unwind information not available. Following frames may be wrong. nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0x1c6 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0x198 FSDriver!_EH4_GlobalUnwind+0x15 FSDriver!_except_handler4+0xe7 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0x1c6 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0x198 nt!ExRaiseStatus+0x47 nt!IoGetDeviceObjectPointer+0x1c6 nt!CcCopyRead+0x107 FSDriver!FSDriverReadFile+0x821 FSDriver!FSDriverRead+0x162 FSDriver!FSDriverDispatchRequest+0x84 FSDriver!FSDriverDequeueRequest+0xe2 nt!KeInsertQueueDpc+0x36e nt!PsGetProcessSecurityPort+0xb5 nt!KeTestAlertThread+0x15a
  Message 4 of 11  
23 Aug 12 09:26
rod widdowson
xxxxxx@steadingsoftware.com
Join Date: 11 Sep 2006
Posts To This List: 614
Re: STATUS_PENDING and IoMarkIrpPending BSOD
Sounds like double completion or the other things which happen when you don't get pending right. If you have not done so, do run with verifier. It has become quite good at catching most of these bugs.
  Message 5 of 11  
23 Aug 12 12:53
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
RE: STATUS_PENDING and IoMarkIrpPending BSOD
Hi Rod, Which verifier, how can I check verifier. Can you please explain.
  Message 6 of 11  
23 Aug 12 14:06
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
RE: STATUS_PENDING and IoMarkIrpPending BSOD
ok, thanks I know now you're talking about verifier.exe in system32 :) I have never used it before, but it is really helpful. Let me check if I can fix the problem, or otherwise i'll post for more issues here.
  Message 7 of 11  
28 Aug 12 03:09
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
RE: STATUS_PENDING and IoMarkIrpPending BSOD
Hi All, I have found a couple of messages like "Driver Verifier detected violation: An IRP dispatch handler has returned without passing down or completing this Irp or someone forgot to return STATUS_PENDING. CulpritAddress = 8F170A80, Irp = 99CDAE00" How can I find out the problematic IRP or code from this?
  Message 8 of 11  
28 Aug 12 08:07
rod widdowson
xxxxxx@steadingsoftware.com
Join Date: 11 Sep 2006
Posts To This List: 614
Re: STATUS_PENDING and IoMarkIrpPending BSOD
I'm confused: > How can I find out the problematic IRP I'd say that > Irp = 99CDAE00" is a pretty good start. try kd> !irp 99CDAE00 > or code from this? CulpritAddress = 8F170A80 Seems pretty obvious. try kd> .open -a 8F170A80
  Message 9 of 11  
28 Aug 12 08:42
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
RE: STATUS_PENDING and IoMarkIrpPending BSOD
!irp 99CDAE00 says "could not read IRP"???
  Message 10 of 11  
28 Aug 12 12:19
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 586
List Moderator
Re: STATUS_PENDING and IoMarkIrpPending BSOD
The IRP is probably already completed and freed back to special pool, so you'll no longer be able to look at the contents of the IRP. Your IRP handling is clearly incorrect. If the I/O completion article didn't make the bug clear, try referring to the the MSDN, "IRP handling cheat sheets" for code samples: http://support.microsoft.com/kb/320275 http://support.microsoft.com/kb/326315 -scott wrote in message news:94510@ntfsd... !irp 99CDAE00 says "could not read IRP"???
  Message 11 of 11  
28 Aug 12 13:25
adnan
xxxxxx@gmail.com
Join Date: 08 Mar 2012
Posts To This List: 113
RE: STATUS_PENDING and IoMarkIrpPending BSOD
> The IRP is probably already completed and freed back to special pool Yes because the verifier informs me about the IRP when I return from the IRPDispatcher routine. I am following the scenario listed in MSDN article. But it is missing somewhere. anyway thanks for your valuable comments.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 17:06.

Contact Us - Osr Online Homepage - Top

Copyright ©2012, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license