NDIS Miniport Crash in NDIS!ndisMSendComplete

Discussion in 'Windows Vista Drivers' started by Michael, Jan 23, 2008.

  1. Michael

    Michael Guest

    My miniport driver is crashing when it calls NdisMSendComplete. I'm
    validating the AdapterHandle and Packet parameters, so I know I'm not calling
    it with bad pointers. After the crash, I look at the packet in the WinDbg,
    and the only thing that I see that looks suspicious is that
    Packet->Private->Head is apparently incorrect. It's pointing to a
    MappedSystemVa of 0x4, and StartVa of 0x2. Tail however looks like it has a
    good list. My code never touches anything in the Packet->Private since it is
    supposed to be opaque to the miniport. How do I go about debugging an issue
    like this?

    Thanks,
    Michael


    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000008, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: f724cc00, address which referenced memory

    Debugging Details:
    ------------------
    READ_ADDRESS: 00000008

    CURRENT_IRQL: 2

    FAULTING_IP:
    NDIS!ndisMSendCompleteX+71
    f724cc00 8b7808 mov edi,dword ptr [eax+8]

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0xD1

    PROCESS_NAME: System

    TRAP_FRAME: a0ca6c7c -- (.trap 0xffffffffa0ca6c7c)
    ErrCode = 00000000
    eax=00000000 ebx=84953470 ecx=ffffffff edx=84960964 esi=84960968 edi=00000000
    eip=f724cc00 esp=a0ca6cf0 ebp=a0ca6d00 iopl=0 nv up ei ng nz ac po cy
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010293
    NDIS!ndisMSendCompleteX+0x71:
    f724cc00 8b7808 mov edi,dword ptr [eax+8]
    ds:0023:00000008=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER: from f724cc00 to 805436d0
     
    Michael, Jan 23, 2008
    #1
    1. Advertisements

  2. Set a breakpoint in your MiniportSend[Packets]().
    Get the address of some Packet->Private->Head field.
    Set a "write access" breakpoint (trap) on that address.

    The breakoint should be hit when the packet's head pointer gets
    modified.

    Stephan
     
    Stephan Wolf [MVP], Jan 25, 2008
    #2
    1. Advertisements

  3. Michael

    Michael Guest

    Can you provide an example of how to set a write access breakpoint in
    WindDbg? Thanks!

     
    Michael, Jan 25, 2008
    #3
  4. ba w4 ffeed000

    --
    Maxim Shatskih, Windows DDK MVP
    StorageCraft Corporation

    http://www.storagecraft.com

     
    Maxim S. Shatskih, Jan 25, 2008
    #4
  5. Michael

    Michael Guest

    It looks like the miniport is receiving the same packet twice before it
    returns the packet. The first time the miniport driver attempts to return
    the packet everything works fine, but then it tries to return it a second
    time because it received it twice, and then it crashes. What would cause it
    to receive the same packet multiple times?

     
    Michael, Jan 25, 2008
    #5
  6. Is your miniport a serialized or a deserialized one? The return value
    of MiniportSend() and the 'Status' of each NDIS_PACKET for
    MiniportSendPackets() have a different meaning for serialized vs.
    deserialized.

    You are probably somehow (and unwillingly) telling NDIS that you are
    already done with handling the packet although you are still handling
    it.

    This way, the protocol that sent the packet can re-use the packet
    while you are still handling it.

    Stephan
     
    Stephan Wolf [MVP], Jan 26, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.