xxxxx@gmail.com wrote:
When i run my driver application in windows . After Sometimes it goes to blue screen . I took Debug report using Windbg as follows :
**********************************************************************
…
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff98015188e20, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880038411a9, address which referenced memory
Debugging Details:
CURRENT_IRQL: 2
FAULTING_IP:
nsvnet!CMiniport::SendNetBufferLists+1d [c:\driver\vnet\windows\ndis62\miniport.cpp @ 748]
fffff880`038411a9 488b1a mov rbx,qword ptr [rdx]
…
and when i use !pool fffff880038411a9 i got :
…
Why can’t i get the pool ? is this pool corrupted ? any idea why this blue screen ?
What did you think that command was going to do? That’s the address of
the line of code that failed. It’s not in a pool – it’s in your
driver. The address it couldn’t read is fffff98015188e20.
FAULTING_SOURCE_CODE:
744: pNextNetBufferList = NET_BUFFER_LIST_NEXT_NBL(pNetBufferList);
745:
746: m_ul64XmitOk ++;
747:
> 748: NET_BUFFER_LIST_STATUS(pNetBufferList) = m_ulPausedState ? NDIS_STATUS_PAUSED : NDIS_STATUS_SUCCESS;
749: NdisMSendNetBufferListsComplete(m_hAdapter, pNetBufferList, SendFlags);
750:
751: pNetBufferList = pNextNetBufferList;
752: }
753:
…
Without knowing the circumstances that caused this and seeing more of
the disassembly, it’s impossible to know which part of the statement
failed. There are several fetches in that statement. It could be that
your driver was unloading, and it failed trying to fetch
m_ulPausedState. Or it could be the pNetBufferList is the bad value.
Why were you looking at !pool? That’s almost never useful. It would
have been MORE useful to dump the net buffer list structure to see what
looked bad.
dt NET_BUFFER_LIST pNetBufferList
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
xxxxx@gmail.com wrote:
The scenario happens when i running my filter several times . When i connect 5 - 7 times it’s working fine . But after that the crash happens sometimes at the
sendbufferlistComplete () function in " Filter file " and some times in sendbufferlist () function in
“miniport” file .
Have you done any actual debugging, or are you just running this over
and over and hoping something changes? We’ve talked about potential
debug strategies, but probably the most useful is to break into the
debugger and dump the data structures involved, to see if they LOOK
reasonable. Are you getting random memory, are you getting a structure
where one or two things has been overwritten, are you getting someone
else’s list? YOU have to do that, on a live system. We can’t.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
ok . But i am still confused because of 2 scenarios . Got crashes alternatively on
filter.cpp file
DATA_CONTEXT_START()
and
miniport.cpp file .
****************
NET_BUFFER_LIST_STATUS(pNetBufferList) = m_ulPausedState ? NDIS_STATUS_PAUSED : NDIS_STATUS_SUCCESS;
So should i break() on both sides ?
xxxxx@gmail.com wrote:
ok . But i am still confused because of 2 scenarios . Got crashes alternatively on
filter.cpp file
DATA_CONTEXT_START()
and
miniport.cpp file .
NET_BUFFER_LIST_STATUS(pNetBufferList) = m_ulPausedState ? NDIS_STATUS_PAUSED : NDIS_STATUS_SUCCESS;
So should i break() on both sides ?
Why not? Breakpoints don’t cost any money.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
So what are the possibility should I check ? Because I am new in debugging
dt NET_BUFFER_LIST will fetch all details ? Or any other commands should I check for context , paused state ??
xxxxx@gmail.com wrote:
So what are the possibility should I check ? Because I am new in debugging
dt NET_BUFFER_LIST will fetch all details ? Or any other commands should I check for context , paused state ??
Just taking a brief side trip, have you done much programming before
digging into network drivers? Debugging a kernel driver is not that
much different from debugging a standard application. The only real
difference is that you are handling requests from others, rather than
being in full control yourself.
A big part of debugging is pattern recognition – knowing when something
looks normal and when something looks fishy. That takes experience.
You’re going to want to look at some NET_BUFFER_LISTs during normal
operation, just to get a feel for what they look like. Follow the
pointers yourself, so you can see how the context structure really
works. Then, when you get a bad one, you’ll know that it looks wrong.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.