Problem running .wmv , when a file system filter driver is install

Hi all.

We have installed a custom file system filter driver, where we do
file-system hooking, (including Fast-IO calls). We are using WinDDK
6001.18000.

Now, when the driver is installed on a Vista Business x86 machine, and we
try to play a .wmv file with Windows Media Player, it fails to play it. When
we disable our driver, the wmv file plays effortlessly.

We have gone through the document at the link :

http://blogs.msdn.com/mediasdkstuff/...hta-files.aspx

Also, we took a sequence of loaded DLLs, in both the success and failure
cases.

------------------------------------------------------------------------------------------------------------

Success Case - wmv file plays successfully. Following is the tail of the
sequence

------------------------------------------------------------------------------------------------------------

ModLoad: 6dea0000 6deee000 C:\Windows\System32\wmpeffects.dll
eax=00000001 ebx=00000000 ecx=0020c101 edx=00000000 esi=7ffdf000 edi=20000000
eip=77735e74 esp=0020c118 ebp=0020c16c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
77735e74 c3 ret
0:000> g
ModLoad: 6fd70000 6fd7b000 C:\Windows\System32\msdmo.dll
eax=76df020d ebx=00000000 ecx=00000001 edx=76dd1860 esi=7ffdf000 edi=20000000
eip=77735e74 esp=0020bdd4 ebp=0020be28 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
77735e74 c3 ret
0:000> g
ModLoad: 6e9b0000 6e9e0000 C:\Windows\system32\mlang.dll
eax=00000001 ebx=00000000 ecx=05ffe201 edx=00000000 esi=7ffd3000 edi=20000000
eip=77735e74 esp=05ffe238 ebp=05ffe28c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
77735e74 c3 ret
0:016> g
ModLoad: 6e2f0000 6e30b000 C:\Windows\System32\mfps.dll
eax=00000001 ebx=00000000 ecx=05ffe701 edx=00000000 esi=7ffd3000 edi=20000000
eip=77735e74 esp=05ffe748 ebp=05ffe79c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
77735e74 c3 ret
0:016> g
ModLoad: 04990000 04999000 MFPMP.exe
eax=05ffef70 ebx=05ffea60 ecx=00000004 edx=00000000 esi=00000000 edi=05ffee34
eip=77735e74 esp=05ffe9c0 ebp=05ffea18 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
77735e74 c3 ret





------------------------------------------------------------------------------------------------------------

Failure Case - wmv file plays does not play. Following is the tail of the
sequence

------------------------------------------------------------------------------------------------------------

ModLoad: 6ab50000 6ab9e000 C:\Windows\System32\wmpeffects.dll
eax=0006d460 ebx=00000000 ecx=00000004 edx=00000010 esi=7ffdf000 edi=20000000
eip=778e5e74 esp=0006c338 ebp=0006c38c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
778e5e74 c3 ret
0:000> g
ModLoad: 74340000 7434b000 C:\Windows\System32\msdmo.dll
eax=762e020d ebx=00000000 ecx=00000001 edx=762c1860 esi=7ffdf000 edi=20000000
eip=778e5e74 esp=0006bff4 ebp=0006c048 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
778e5e74 c3 ret
0:000> g
ModLoad: 701a0000 701d0000 C:\Windows\system32\mlang.dll
eax=0000005c ebx=00000000 ecx=0006b862 edx=778e5e74 esi=7ffdf000 edi=20000000
eip=778e5e74 esp=0006b698 ebp=0006b6ec iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
778e5e74 c3 ret
0:000> g
ModLoad: 74330000 74332000 C:\Windows\system32\wmerror.dll
eax=00000000 ebx=00000000 ecx=00000000 edx=67bf72a2 esi=7ffdf000 edi=20000000
eip=778e5e74 esp=0006d204 ebp=0006d258 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
778e5e74 c3 ret

----------------------------------------------------------------------------------------------------------

As can be seen, there is a difference in DLL loading after mlang.dll.





So, what should be done so that the wmv media can be played, even in the
presence of the driver?

Looking forward to some light.



Regards

Ajay

Use Process Monitor or FileSpy to watch the operations in the failure case
and the successful case. Look for operations failing or, in the more
difficult case, returning different data.

-scott

--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com


"Ajay" <> wrote in message
news:8BDC4A01-4DBE-4592-8998-...
> Hi all.
>
> We have installed a custom file system filter driver, where we do
> file-system hooking, (including Fast-IO calls). We are using WinDDK
> 6001.18000.
>
> Now, when the driver is installed on a Vista Business x86 machine, and we
> try to play a .wmv file with Windows Media Player, it fails to play it.
> When
> we disable our driver, the wmv file plays effortlessly.
>
> We have gone through the document at the link :
>
> http://blogs.msdn.com/mediasdkstuff/...hta-files.aspx
>
> Also, we took a sequence of loaded DLLs, in both the success and failure
> cases.
>
> ------------------------------------------------------------------------------------------------------------
>
> Success Case - wmv file plays successfully. Following is the tail of the
> sequence
>
> ------------------------------------------------------------------------------------------------------------
>
> ModLoad: 6dea0000 6deee000 C:\Windows\System32\wmpeffects.dll
> eax=00000001 ebx=00000000 ecx=0020c101 edx=00000000 esi=7ffdf000
> edi=20000000
> eip=77735e74 esp=0020c118 ebp=0020c16c iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 77735e74 c3 ret
> 0:000> g
> ModLoad: 6fd70000 6fd7b000 C:\Windows\System32\msdmo.dll
> eax=76df020d ebx=00000000 ecx=00000001 edx=76dd1860 esi=7ffdf000
> edi=20000000
> eip=77735e74 esp=0020bdd4 ebp=0020be28 iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 77735e74 c3 ret
> 0:000> g
> ModLoad: 6e9b0000 6e9e0000 C:\Windows\system32\mlang.dll
> eax=00000001 ebx=00000000 ecx=05ffe201 edx=00000000 esi=7ffd3000
> edi=20000000
> eip=77735e74 esp=05ffe238 ebp=05ffe28c iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 77735e74 c3 ret
> 0:016> g
> ModLoad: 6e2f0000 6e30b000 C:\Windows\System32\mfps.dll
> eax=00000001 ebx=00000000 ecx=05ffe701 edx=00000000 esi=7ffd3000
> edi=20000000
> eip=77735e74 esp=05ffe748 ebp=05ffe79c iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 77735e74 c3 ret
> 0:016> g
> ModLoad: 04990000 04999000 MFPMP.exe
> eax=05ffef70 ebx=05ffea60 ecx=00000004 edx=00000000 esi=00000000
> edi=05ffee34
> eip=77735e74 esp=05ffe9c0 ebp=05ffea18 iopl=0 nv up ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000202
> ntdll!KiFastSystemCallRet:
> 77735e74 c3 ret
>
>
>
>
>
> ------------------------------------------------------------------------------------------------------------
>
> Failure Case - wmv file plays does not play. Following is the tail of the
> sequence
>
> ------------------------------------------------------------------------------------------------------------
>
> ModLoad: 6ab50000 6ab9e000 C:\Windows\System32\wmpeffects.dll
> eax=0006d460 ebx=00000000 ecx=00000004 edx=00000010 esi=7ffdf000
> edi=20000000
> eip=778e5e74 esp=0006c338 ebp=0006c38c iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 778e5e74 c3 ret
> 0:000> g
> ModLoad: 74340000 7434b000 C:\Windows\System32\msdmo.dll
> eax=762e020d ebx=00000000 ecx=00000001 edx=762c1860 esi=7ffdf000
> edi=20000000
> eip=778e5e74 esp=0006bff4 ebp=0006c048 iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 778e5e74 c3 ret
> 0:000> g
> ModLoad: 701a0000 701d0000 C:\Windows\system32\mlang.dll
> eax=0000005c ebx=00000000 ecx=0006b862 edx=778e5e74 esi=7ffdf000
> edi=20000000
> eip=778e5e74 esp=0006b698 ebp=0006b6ec iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 778e5e74 c3 ret
> 0:000> g
> ModLoad: 74330000 74332000 C:\Windows\system32\wmerror.dll
> eax=00000000 ebx=00000000 ecx=00000000 edx=67bf72a2 esi=7ffdf000
> edi=20000000
> eip=778e5e74 esp=0006d204 ebp=0006d258 iopl=0 nv up ei pl zr na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000246
> ntdll!KiFastSystemCallRet:
> 778e5e74 c3 ret
>
> ----------------------------------------------------------------------------------------------------------
>
> As can be seen, there is a difference in DLL loading after mlang.dll.
>
>
>
>
>
> So, what should be done so that the wmv media can be played, even in the
> presence of the driver?
>
> Looking forward to some light.
>
>
>
> Regards
>
> Ajay
>

Hi.

The complete list is way too long. I am copying the two interesting portions
(failure case).

-----------------------------------------------------------------------------------------------
2:46:43.9955888
PM wmplayer.exe 3908 RegOpenKey HKLM\Software\Microsoft\Windows Media
Foundation\PEAuth NAME NOT FOUND Desired Access: Query Value
2:46:44.0023165 PM wmplayer.exe 3908 Thread Create SUCCESS Thread ID: 3348
2:46:44.0028662
PM wmplayer.exe 3908 RegOpenKey HKLM\Software\Microsoft\Windows Media
Foundation\PEAuth NAME NOT FOUND Desired Access: Query Value
2:46:44.0116031 PM wmplayer.exe 3908 QueryOpen C:\Program Files\Windows
Media Player\mfpmp.exe FAST IO DISALLOWED
2:46:44.0158729 PM wmplayer.exe 3908 CreateFile C:\Program Files\Windows
Media Player\mfpmp.exe NAME NOT FOUND Desired Access: Read Attributes,
Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode:
Read, Write, Delete, AllocationSize: n/a
2:46:44.0219315 PM wmplayer.exe 3908 QueryNameInformationFile C:\Program
Files\Windows Media Player SUCCESS Name: \Program Files\Windows Media Player
2:46:44.0276236 PM wmplayer.exe 3908 QueryOpen C:\Program Files\Windows
Media Player\mfpmp.exe FAST IO DISALLOWED
2:46:44.0278155 PM wmplayer.exe 3908 QueryNameInformationFile C:\Program
Files\Windows Media Player SUCCESS Name: \Program Files\Windows Media Player
2:46:44.0322739 PM wmplayer.exe 3908 CreateFile C:\Program Files\Windows
Media Player\mfpmp.exe NAME NOT FOUND Desired Access: Read Attributes,
Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode:
Read, Write, Delete, AllocationSize: n/a
2:46:44.0417768
PM wmplayer.exe 3908 QueryOpen C:\Windows\System32\mfpmp.exe FAST IO
DISALLOWED
2:46:44.0462028
PM wmplayer.exe 3908 CreateFile C:\Windows\System32\mfpmp.exe SUCCESS Desired
Access: Read Attributes, Disposition: Open, Options: Open Reparse Point,
Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a,
OpenResult: Opened
2:46:44.0473118
PM wmplayer.exe 3908 QueryBasicInformationFile C:\Windows\System32\mfpmp.exe SUCCESS CreationTime:
4/11/2009 6:50:20 PM, LastAccessTime: 4/11/2009 6:50:20 PM, LastWriteTime:
4/11/2009 6:50:20 PM, ChangeTime: 4/18/2010 2:15:33 AM, FileAttributes: A
2:46:44.0482189
PM wmplayer.exe 3908 CloseFile C:\Windows\System32\mfpmp.exe SUCCESS
2:46:44.0524823
PM wmplayer.exe 3908 QueryOpen C:\Windows\System32\mfpmp.exe FAST IO
DISALLOWED
2:46:44.0549195
PM wmplayer.exe 3908 CreateFile C:\Windows\System32\mfpmp.exe SUCCESS Desired
Access: Read Attributes, Disposition: Open, Options: Open Reparse Point,
Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a,
OpenResult: Opened
2:46:44.0586708
PM wmplayer.exe 3908 QueryBasicInformationFile C:\Windows\System32\mfpmp.exe SUCCESS CreationTime:
4/11/2009 6:50:20 PM, LastAccessTime: 4/11/2009 6:50:20 PM, LastWriteTime:
4/11/2009 6:50:20 PM, ChangeTime: 4/18/2010 2:15:33 AM, FileAttributes: A
2:46:44.0593550
PM wmplayer.exe 3908 CloseFile C:\Windows\System32\mfpmp.exe SUCCESS
2:46:44.0681307
PM wmplayer.exe 3908 CreateFile C:\Windows\System32\mfpmp.exe SUCCESS Desired
Access: Read Data/List Directory, Execute/Traverse, Read Attributes,
Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert,
Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize:
n/a, OpenResult: Opened
2:46:44.0786468
PM wmplayer.exe 3908 QueryStandardInformationFile C:\Windows\System32\mfpmp.exe SUCCESS AllocationSize:
24,576, EndOfFile: 24,576, NumberOfLinks: 2, DeletePending: False, Directory:
False
2:46:44.1758969
PM wmplayer.exe 3908 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\mfpmp.exe NAME NOT
FOUND Desired Access: Query Value, Enumerate Sub Keys
2:46:44.1990912
PM wmplayer.exe 3908 QuerySecurityFile C:\Windows\System32\mfpmp.exe SUCCESS Information: Label
2:46:44.2718750
PM wmplayer.exe 3908 QueryNameInformationFile C:\Windows\System32\mfpmp.exe SUCCESS Name: \Windows\System32\mfpmp.exe
2:46:44.2910735 PM Idle 0 Process Profiling SUCCESS User Time: 0.0000000
seconds, Kernel Time: 3.2947376 seconds, Private Bytes: 0, Working Set: 12,288
2:46:44.2943471 PM System 4 Process Profiling SUCCESS User Time: 0.0000000
seconds, Kernel Time: 62.9405040 seconds, Private Bytes: 0, Working Set:
2,732,032
2:46:44.2943661 PM smss.exe 428 Process Profiling SUCCESS User Time:
0.0000000 seconds, Kernel Time: 0.8111664 seconds, Private Bytes: 249,856,
Working Set: 610,304
2:46:44.2974188 PM csrss.exe 496 Process Profiling SUCCESS User Time:
0.1001440 seconds, Kernel Time: 3.0944496 seconds, Private Bytes: 1,564,672,
Working Set: 4,579,328
2:46:44.2974682
PM wmplayer.exe 3908 QueryNameInformationFile C:\Windows\System32\mfpmp.exe SUCCESS Name: \Windows\System32\mfpmp.exe
2:46:44.3783849 PM wmplayer.exe 3908 Process
Create C:\Windows\system32\mfpmp.exe SUCCESS PID: 3036, Command line:
mfpmp.exe /43eebaf0b8c9034a_504b9c0/PMPServer
{CA091E7B-DBEA-4100-84B3-E892468430B3} 3908
=C:\Users\abhinav\AppData\Local\Temp=C:\ProgramDat a
2:46:44.3786352 PM mfpmp.exe 3036 Process Start SUCCESS Parent PID: 3908
2:46:44.3812154 PM mfpmp.exe 3036 Thread Create SUCCESS Thread ID: 3332
2:46:44.3968839
PM wmplayer.exe 3908 CloseFile C:\Windows\System32\mfpmp.exe SUCCESS
2:46:44.4172689 PM mfpmp.exe 3036 Thread Exit SUCCESS Thread ID: 3332, User
Time: 0.0000000, Kernel Time: 0.0000000
2:46:44.4290721
PM mfpmp.exe 3036 QueryNameInformationFile C:\Windows\System32\mfpmp.exe SUCCESS Name: \Windows\System32\mfpmp.exe
2:46:44.4321725
PM mfpmp.exe 3036 QueryNameInformationFile C:\Windows\System32\ntdll.dll SUCCESS Name: \Windows\System32\ntdll.dll
2:46:45.0061907
PM wmplayer.exe 3908 RegQueryValue HKCU\Software\Microsoft\MediaPlayer\Preferences\La stLicenseRefresh SUCCESS Type: REG_DWORD, Length: 4, Data: 325753032
2:46:45.0064393
PM wmplayer.exe 3908 RegQueryValue HKCU\Software\Microsoft\MediaPlayer\Preferences\Li censeRefreshInterval NAME NOT FOUND Length: 144
2:46:45.0066285
PM wmplayer.exe 3908 RegQueryValue HKCU\Software\Microsoft\MediaPlayer\Preferences\Di sableLicenseRefresh NAME NOT FOUND Length: 144
2:46:45.2258837 PM Idle 0 Process Profiling SUCCESS User Time: 0.0000000
seconds, Kernel Time: 3.2947376 seconds, Private Bytes: 0, Working Set: 12,288
2:46:45.2259035 PM System 4 Process Profiling SUCCESS User Time: 0.0000000
seconds, Kernel Time: 62.9905760 seconds, Private Bytes: 0, Working Set:
2,723,840
2:46:45.2259217 PM smss.exe 428 Process Profiling SUCCESS User Time:
0.0000000 seconds, Kernel Time: 0.8111664 seconds, Private Bytes: 249,856,
Working Set: 610,304
2:46:45.2259396 PM csrss.exe 496 Process Profiling SUCCESS User Time:
0.1001440 seconds, Kernel Time: 3.0944496 seconds, Private Bytes: 1,564,672,
Working Set: 4,571,136
-------------------------------------------------------------------------------------------------

As can be seen, MFPMP.exe thread dies immediately after creation. (Please
refer to the log at "2:46:44.4172689").


I will be glad for any help.

Regards
Ajay



"anshul makkar" wrote:

> Hi,
>
> there seems some issue after loading mlang.dll . Do you see some crash
> media application or not.
>
> May be you are not handling some calls that a media player requires.
>
> As Scott suggested, please show the output of process-mon and file-
> mon.
>
> Thanks
> Anshul Makkar
> www.justkernel.com
>
> On May 4, 9:33 am, Ajay <A...@discussions.microsoft.com> wrote:
> > Hi all.
> >
> > We have installed a custom file system filter driver, where we do
> > file-system hooking, (including Fast-IO calls). We are using WinDDK
> > 6001.18000.
> >
> > Now, when the driver is installed on a Vista Business x86 machine, and we
> > try to play a .wmv file with Windows Media Player, it fails to play it. When
> > we disable our driver, the wmv file plays effortlessly.
> >
> > We have gone through the document at the link :
> >
> > http://blogs.msdn.com/mediasdkstuff/...exception-play...
> >
> > Also, we took a sequence of loaded DLLs, in both the success and failure
> > cases.
> >
> > ------------------------------------------------------------------------------------------------------------
> >
> > Success Case - wmv file plays successfully. Following is the tail of the
> > sequence
> >
> > ------------------------------------------------------------------------------------------------------------
> >
> > ModLoad: 6dea0000 6deee000 C:\Windows\System32\wmpeffects.dll
> > eax=00000001 ebx=00000000 ecx=0020c101 edx=00000000 esi=7ffdf000 edi=20000000
> > eip=77735e74 esp=0020c118 ebp=0020c16c iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 77735e74 c3 ret
> > 0:000> g
> > ModLoad: 6fd70000 6fd7b000 C:\Windows\System32\msdmo.dll
> > eax=76df020d ebx=00000000 ecx=00000001 edx=76dd1860 esi=7ffdf000 edi=20000000
> > eip=77735e74 esp=0020bdd4 ebp=0020be28 iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 77735e74 c3 ret
> > 0:000> g
> > ModLoad: 6e9b0000 6e9e0000 C:\Windows\system32\mlang.dll
> > eax=00000001 ebx=00000000 ecx=05ffe201 edx=00000000 esi=7ffd3000 edi=20000000
> > eip=77735e74 esp=05ffe238 ebp=05ffe28c iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 77735e74 c3 ret
> > 0:016> g
> > ModLoad: 6e2f0000 6e30b000 C:\Windows\System32\mfps.dll
> > eax=00000001 ebx=00000000 ecx=05ffe701 edx=00000000 esi=7ffd3000 edi=20000000
> > eip=77735e74 esp=05ffe748 ebp=05ffe79c iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 77735e74 c3 ret
> > 0:016> g
> > ModLoad: 04990000 04999000 MFPMP.exe
> > eax=05ffef70 ebx=05ffea60 ecx=00000004 edx=00000000 esi=00000000 edi=05ffee34
> > eip=77735e74 esp=05ffe9c0 ebp=05ffea18 iopl=0 nv up ei pl nz na po nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
> > ntdll!KiFastSystemCallRet:
> > 77735e74 c3 ret
> >
> > ------------------------------------------------------------------------------------------------------------
> >
> > Failure Case - wmv file plays does not play. Following is the tail of the
> > sequence
> >
> > ------------------------------------------------------------------------------------------------------------
> >
> > ModLoad: 6ab50000 6ab9e000 C:\Windows\System32\wmpeffects.dll
> > eax=0006d460 ebx=00000000 ecx=00000004 edx=00000010 esi=7ffdf000 edi=20000000
> > eip=778e5e74 esp=0006c338 ebp=0006c38c iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 778e5e74 c3 ret
> > 0:000> g
> > ModLoad: 74340000 7434b000 C:\Windows\System32\msdmo.dll
> > eax=762e020d ebx=00000000 ecx=00000001 edx=762c1860 esi=7ffdf000 edi=20000000
> > eip=778e5e74 esp=0006bff4 ebp=0006c048 iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 778e5e74 c3 ret
> > 0:000> g
> > ModLoad: 701a0000 701d0000 C:\Windows\system32\mlang.dll
> > eax=0000005c ebx=00000000 ecx=0006b862 edx=778e5e74 esi=7ffdf000 edi=20000000
> > eip=778e5e74 esp=0006b698 ebp=0006b6ec iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 778e5e74 c3 ret
> > 0:000> g
> > ModLoad: 74330000 74332000 C:\Windows\system32\wmerror.dll
> > eax=00000000 ebx=00000000 ecx=00000000 edx=67bf72a2 esi=7ffdf000 edi=20000000
> > eip=778e5e74 esp=0006d204 ebp=0006d258 iopl=0 nv up ei pl zr na pe nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > ntdll!KiFastSystemCallRet:
> > 778e5e74 c3 ret
> >
> > ----------------------------------------------------------------------------------------------------------
> >
> > As can be seen, there is a difference in DLL loading after mlang.dll.
> >
> > So, what should be done so that the wmv media can be played, even in the
> > presence of the driver?
> >
> > Looking forward to some light.
> >
> > Regards
> >
> > Ajay
>
> .
>

Anyone from Microsoft?
Don Burn?

Even a slightest of insight will help. If the query-situation is an expected
one, please let us know.

Regards
Ajay

"Ajay" wrote:

> Hi.
>
> The complete list is way too long. I am copying the two interesting portions
> (failure case).
>
> -----------------------------------------------------------------------------------------------
> 2:46:43.9955888
> PM wmplayer.exe 3908 RegOpenKey HKLM\Software\Microsoft\Windows Media
> Foundation\PEAuth NAME NOT FOUND Desired Access: Query Value
> 2:46:44.0023165 PM wmplayer.exe 3908 Thread Create SUCCESS Thread ID: 3348
> 2:46:44.0028662
> PM wmplayer.exe 3908 RegOpenKey HKLM\Software\Microsoft\Windows Media
> Foundation\PEAuth NAME NOT FOUND Desired Access: Query Value
> 2:46:44.0116031 PM wmplayer.exe 3908 QueryOpen C:\Program Files\Windows
> Media Player\mfpmp.exe FAST IO DISALLOWED
> 2:46:44.0158729 PM wmplayer.exe 3908 CreateFile C:\Program Files\Windows
> Media Player\mfpmp.exe NAME NOT FOUND Desired Access: Read Attributes,
> Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode:
> Read, Write, Delete, AllocationSize: n/a
> 2:46:44.0219315 PM wmplayer.exe 3908 QueryNameInformationFile C:\Program
> Files\Windows Media Player SUCCESS Name: \Program Files\Windows Media Player
> 2:46:44.0276236 PM wmplayer.exe 3908 QueryOpen C:\Program Files\Windows
> Media Player\mfpmp.exe FAST IO DISALLOWED
> 2:46:44.0278155 PM wmplayer.exe 3908 QueryNameInformationFile C:\Program
> Files\Windows Media Player SUCCESS Name: \Program Files\Windows Media Player
> 2:46:44.0322739 PM wmplayer.exe 3908 CreateFile C:\Program Files\Windows
> Media Player\mfpmp.exe NAME NOT FOUND Desired Access: Read Attributes,
> Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode:
> Read, Write, Delete, AllocationSize: n/a
> 2:46:44.0417768
> PM wmplayer.exe 3908 QueryOpen C:\Windows\System32\mfpmp.exe FAST IO
> DISALLOWED
> 2:46:44.0462028
> PM wmplayer.exe 3908 CreateFile C:\Windows\System32\mfpmp.exe SUCCESS Desired
> Access: Read Attributes, Disposition: Open, Options: Open Reparse Point,
> Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a,
> OpenResult: Opened
> 2:46:44.0473118
> PM wmplayer.exe 3908 QueryBasicInformationFile C:\Windows\System32\mfpmp.exe SUCCESS CreationTime:
> 4/11/2009 6:50:20 PM, LastAccessTime: 4/11/2009 6:50:20 PM, LastWriteTime:
> 4/11/2009 6:50:20 PM, ChangeTime: 4/18/2010 2:15:33 AM, FileAttributes: A
> 2:46:44.0482189
> PM wmplayer.exe 3908 CloseFile C:\Windows\System32\mfpmp.exe SUCCESS
> 2:46:44.0524823
> PM wmplayer.exe 3908 QueryOpen C:\Windows\System32\mfpmp.exe FAST IO
> DISALLOWED
> 2:46:44.0549195
> PM wmplayer.exe 3908 CreateFile C:\Windows\System32\mfpmp.exe SUCCESS Desired
> Access: Read Attributes, Disposition: Open, Options: Open Reparse Point,
> Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a,
> OpenResult: Opened
> 2:46:44.0586708
> PM wmplayer.exe 3908 QueryBasicInformationFile C:\Windows\System32\mfpmp.exe SUCCESS CreationTime:
> 4/11/2009 6:50:20 PM, LastAccessTime: 4/11/2009 6:50:20 PM, LastWriteTime:
> 4/11/2009 6:50:20 PM, ChangeTime: 4/18/2010 2:15:33 AM, FileAttributes: A
> 2:46:44.0593550
> PM wmplayer.exe 3908 CloseFile C:\Windows\System32\mfpmp.exe SUCCESS
> 2:46:44.0681307
> PM wmplayer.exe 3908 CreateFile C:\Windows\System32\mfpmp.exe SUCCESS Desired
> Access: Read Data/List Directory, Execute/Traverse, Read Attributes,
> Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert,
> Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize:
> n/a, OpenResult: Opened
> 2:46:44.0786468
> PM wmplayer.exe 3908 QueryStandardInformationFile C:\Windows\System32\mfpmp.exe SUCCESS AllocationSize:
> 24,576, EndOfFile: 24,576, NumberOfLinks: 2, DeletePending: False, Directory:
> False
> 2:46:44.1758969
> PM wmplayer.exe 3908 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Image File Execution Options\mfpmp.exe NAME NOT
> FOUND Desired Access: Query Value, Enumerate Sub Keys
> 2:46:44.1990912
> PM wmplayer.exe 3908 QuerySecurityFile C:\Windows\System32\mfpmp.exe SUCCESS Information: Label
> 2:46:44.2718750
> PM wmplayer.exe 3908 QueryNameInformationFile C:\Windows\System32\mfpmp.exe SUCCESS Name: \Windows\System32\mfpmp.exe
> 2:46:44.2910735 PM Idle 0 Process Profiling SUCCESS User Time: 0.0000000
> seconds, Kernel Time: 3.2947376 seconds, Private Bytes: 0, Working Set: 12,288
> 2:46:44.2943471 PM System 4 Process Profiling SUCCESS User Time: 0.0000000
> seconds, Kernel Time: 62.9405040 seconds, Private Bytes: 0, Working Set:
> 2,732,032
> 2:46:44.2943661 PM smss.exe 428 Process Profiling SUCCESS User Time:
> 0.0000000 seconds, Kernel Time: 0.8111664 seconds, Private Bytes: 249,856,
> Working Set: 610,304
> 2:46:44.2974188 PM csrss.exe 496 Process Profiling SUCCESS User Time:
> 0.1001440 seconds, Kernel Time: 3.0944496 seconds, Private Bytes: 1,564,672,
> Working Set: 4,579,328
> 2:46:44.2974682
> PM wmplayer.exe 3908 QueryNameInformationFile C:\Windows\System32\mfpmp.exe SUCCESS Name: \Windows\System32\mfpmp.exe
> 2:46:44.3783849 PM wmplayer.exe 3908 Process
> Create C:\Windows\system32\mfpmp.exe SUCCESS PID: 3036, Command line:
> mfpmp.exe /43eebaf0b8c9034a_504b9c0/PMPServer
> {CA091E7B-DBEA-4100-84B3-E892468430B3} 3908
> =C:\Users\abhinav\AppData\Local\Temp=C:\ProgramDat a
> 2:46:44.3786352 PM mfpmp.exe 3036 Process Start SUCCESS Parent PID: 3908
> 2:46:44.3812154 PM mfpmp.exe 3036 Thread Create SUCCESS Thread ID: 3332
> 2:46:44.3968839
> PM wmplayer.exe 3908 CloseFile C:\Windows\System32\mfpmp.exe SUCCESS
> 2:46:44.4172689 PM mfpmp.exe 3036 Thread Exit SUCCESS Thread ID: 3332, User
> Time: 0.0000000, Kernel Time: 0.0000000
> 2:46:44.4290721
> PM mfpmp.exe 3036 QueryNameInformationFile C:\Windows\System32\mfpmp.exe SUCCESS Name: \Windows\System32\mfpmp.exe
> 2:46:44.4321725
> PM mfpmp.exe 3036 QueryNameInformationFile C:\Windows\System32\ntdll.dll SUCCESS Name: \Windows\System32\ntdll.dll
> 2:46:45.0061907
> PM wmplayer.exe 3908 RegQueryValue HKCU\Software\Microsoft\MediaPlayer\Preferences\La stLicenseRefresh SUCCESS Type: REG_DWORD, Length: 4, Data: 325753032
> 2:46:45.0064393
> PM wmplayer.exe 3908 RegQueryValue HKCU\Software\Microsoft\MediaPlayer\Preferences\Li censeRefreshInterval NAME NOT FOUND Length: 144
> 2:46:45.0066285
> PM wmplayer.exe 3908 RegQueryValue HKCU\Software\Microsoft\MediaPlayer\Preferences\Di sableLicenseRefresh NAME NOT FOUND Length: 144
> 2:46:45.2258837 PM Idle 0 Process Profiling SUCCESS User Time: 0.0000000
> seconds, Kernel Time: 3.2947376 seconds, Private Bytes: 0, Working Set: 12,288
> 2:46:45.2259035 PM System 4 Process Profiling SUCCESS User Time: 0.0000000
> seconds, Kernel Time: 62.9905760 seconds, Private Bytes: 0, Working Set:
> 2,723,840
> 2:46:45.2259217 PM smss.exe 428 Process Profiling SUCCESS User Time:
> 0.0000000 seconds, Kernel Time: 0.8111664 seconds, Private Bytes: 249,856,
> Working Set: 610,304
> 2:46:45.2259396 PM csrss.exe 496 Process Profiling SUCCESS User Time:
> 0.1001440 seconds, Kernel Time: 3.0944496 seconds, Private Bytes: 1,564,672,
> Working Set: 4,571,136
> -------------------------------------------------------------------------------------------------
>
> As can be seen, MFPMP.exe thread dies immediately after creation. (Please
> refer to the log at "2:46:44.4172689").
>
>
> I will be glad for any help.
>
> Regards
> Ajay
>
>
>
> "anshul makkar" wrote:
>
> > Hi,
> >
> > there seems some issue after loading mlang.dll . Do you see some crash
> > media application or not.
> >
> > May be you are not handling some calls that a media player requires.
> >
> > As Scott suggested, please show the output of process-mon and file-
> > mon.
> >
> > Thanks
> > Anshul Makkar
> > www.justkernel.com
> >
> > On May 4, 9:33 am, Ajay <A...@discussions.microsoft.com> wrote:
> > > Hi all.
> > >
> > > We have installed a custom file system filter driver, where we do
> > > file-system hooking, (including Fast-IO calls). We are using WinDDK
> > > 6001.18000.
> > >
> > > Now, when the driver is installed on a Vista Business x86 machine, and we
> > > try to play a .wmv file with Windows Media Player, it fails to play it. When
> > > we disable our driver, the wmv file plays effortlessly.
> > >
> > > We have gone through the document at the link :
> > >
> > > http://blogs.msdn.com/mediasdkstuff/...exception-play...
> > >
> > > Also, we took a sequence of loaded DLLs, in both the success and failure
> > > cases.
> > >
> > > ------------------------------------------------------------------------------------------------------------
> > >
> > > Success Case - wmv file plays successfully. Following is the tail of the
> > > sequence
> > >
> > > ------------------------------------------------------------------------------------------------------------
> > >
> > > ModLoad: 6dea0000 6deee000 C:\Windows\System32\wmpeffects.dll
> > > eax=00000001 ebx=00000000 ecx=0020c101 edx=00000000 esi=7ffdf000 edi=20000000
> > > eip=77735e74 esp=0020c118 ebp=0020c16c iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 77735e74 c3 ret
> > > 0:000> g
> > > ModLoad: 6fd70000 6fd7b000 C:\Windows\System32\msdmo.dll
> > > eax=76df020d ebx=00000000 ecx=00000001 edx=76dd1860 esi=7ffdf000 edi=20000000
> > > eip=77735e74 esp=0020bdd4 ebp=0020be28 iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 77735e74 c3 ret
> > > 0:000> g
> > > ModLoad: 6e9b0000 6e9e0000 C:\Windows\system32\mlang.dll
> > > eax=00000001 ebx=00000000 ecx=05ffe201 edx=00000000 esi=7ffd3000 edi=20000000
> > > eip=77735e74 esp=05ffe238 ebp=05ffe28c iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 77735e74 c3 ret
> > > 0:016> g
> > > ModLoad: 6e2f0000 6e30b000 C:\Windows\System32\mfps.dll
> > > eax=00000001 ebx=00000000 ecx=05ffe701 edx=00000000 esi=7ffd3000 edi=20000000
> > > eip=77735e74 esp=05ffe748 ebp=05ffe79c iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 77735e74 c3 ret
> > > 0:016> g
> > > ModLoad: 04990000 04999000 MFPMP.exe
> > > eax=05ffef70 ebx=05ffea60 ecx=00000004 edx=00000000 esi=00000000 edi=05ffee34
> > > eip=77735e74 esp=05ffe9c0 ebp=05ffea18 iopl=0 nv up ei pl nz na po nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
> > > ntdll!KiFastSystemCallRet:
> > > 77735e74 c3 ret
> > >
> > > ------------------------------------------------------------------------------------------------------------
> > >
> > > Failure Case - wmv file plays does not play. Following is the tail of the
> > > sequence
> > >
> > > ------------------------------------------------------------------------------------------------------------
> > >
> > > ModLoad: 6ab50000 6ab9e000 C:\Windows\System32\wmpeffects.dll
> > > eax=0006d460 ebx=00000000 ecx=00000004 edx=00000010 esi=7ffdf000 edi=20000000
> > > eip=778e5e74 esp=0006c338 ebp=0006c38c iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 778e5e74 c3 ret
> > > 0:000> g
> > > ModLoad: 74340000 7434b000 C:\Windows\System32\msdmo.dll
> > > eax=762e020d ebx=00000000 ecx=00000001 edx=762c1860 esi=7ffdf000 edi=20000000
> > > eip=778e5e74 esp=0006bff4 ebp=0006c048 iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 778e5e74 c3 ret
> > > 0:000> g
> > > ModLoad: 701a0000 701d0000 C:\Windows\system32\mlang.dll
> > > eax=0000005c ebx=00000000 ecx=0006b862 edx=778e5e74 esi=7ffdf000 edi=20000000
> > > eip=778e5e74 esp=0006b698 ebp=0006b6ec iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 778e5e74 c3 ret
> > > 0:000> g
> > > ModLoad: 74330000 74332000 C:\Windows\system32\wmerror.dll
> > > eax=00000000 ebx=00000000 ecx=00000000 edx=67bf72a2 esi=7ffdf000 edi=20000000
> > > eip=778e5e74 esp=0006d204 ebp=0006d258 iopl=0 nv up ei pl zr na pe nc
> > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
> > > ntdll!KiFastSystemCallRet:
> > > 778e5e74 c3 ret
> > >
> > > ----------------------------------------------------------------------------------------------------------
> > >
> > > As can be seen, there is a difference in DLL loading after mlang.dll.
> > >
> > > So, what should be done so that the wmv media can be played, even in the
> > > presence of the driver?
> > >
> > > Looking forward to some light.
> > >
> > > Regards
> > >
> > > Ajay
> >
> > .
> >