[pso] [tema2][windows] KeSetEvent IRQL_NOT_LESS_OR_EQUAL

Orasanu Eduard edi_o2001 at yahoo.com
Thu Apr 23 18:33:17 EEST 2009 


Cand faci "int flag=*((int*)arg1);" sigur ce dereferentiezi mai e in memorie - cand inserezi DPC-ul in coada nu cumva dai adresa la o variabila de pe stiva functiei/handlerului de intrerupere care "curatata" dupa terminarea apelului?

Edi

--- On Thu, 4/23/09, alexandra gherghina <alexa.gherghina at gmail.com> wrote:

> From: alexandra gherghina <alexa.gherghina at gmail.com>
> Subject: Re: [pso] [tema2][windows] KeSetEvent IRQL_NOT_LESS_OR_EQUAL
> To: "Proiectarea Sistemelor de Operare" <pso at cursuri.cs.pub.ro>
> Date: Thursday, April 23, 2009, 8:01 AM
> Salut,
> 
> Am incercat si varianta cu ExAllocatePool si tot asa da.
> In functia de DPC fac doar:
> 
>     struct dev_info * di=(struct dev_info*)ctx;
> 
>     int flag=*((int*)arg1);
> 
>     switch (flag){
> 
>         case READ:
> 
>             KeSetEvent(&(di->read_event),
> IO_NO_INCREMENT, FALSE);
> 
>             break;
>         case WRITE:
> 
>             KeSetEvent(&(di->write_event),
> IO_NO_INCREMENT, FALSE);
> 
>             break;
>     }
> 
> E posibil ca eroarea sa vina din alta parte, desi kd-ul
> zice ca e de la KeSetEvent?
> 
> Alexandra
> 
> 2009/4/23 Bercea Gabriel <gamitech at gmail.com>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Buna Alexandra,
> 
> Ca
> sa poti da set event trebuie mai intai sa il initializezi
> din
> nonpaged pool.
> 
> Poti face asta in 2 moduri
> 
> 1)     
> PKEVENT
> myEvent = Exallocatepool -> nonpagedpool sizeof(KEVENT);
> KeInitializeEvent()
> 
> 2)     
> KeInitializeEvent(&myEvent) la un event declarat
> intr-o
> functie sau global de tipul KEVENT.
> 
> Ruleaza-ti driverul cu verifierul pornit.
> 
>  
> 
>  
> 
> Cu
> respect,
> 
> Bercea Gabriel 342 C2
> 
> Mobile contact:  (+40)0740049634
> 
> eMail: gamitech at gmail.com
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> 
> From: pso-bounces at cursuri.cs.pub.ro
> [mailto:pso-bounces at cursuri.cs.pub.ro]
> On Behalf Of alexandra gherghina
> 
> Sent: Wednesday, April 22, 2009 11:36 PM
> 
> To: Proiectarea Sistemelor de Operare
> 
> Subject: [pso] [tema2][windows] KeSetEvent
> IRQL_NOT_LESS_OR_EQUAL
> 
> 
> 
>  
> 
> Salut!
> 
> 
> 
> Am urmat schema:
> 
> 
> 
> - wait pe un cate event in rutina de write, respectiv read
> 
> - planificat cate un dpc in handlerul de intrerupere ce
> face KeSetEvent
> 
> 
> 
> Problema este ca la acel KeSetEvent imi da blue screen. Any
> ideas de la ce
> vine?
> 
> 
> 
> Multumesc!
> 
> Alexandra
> 
> 
> 
> kd> !analyze -v
> 
> *******************************************************************************
> 
> *                                                                            
> *
> 
> *                       
> Bugcheck
> Analysis                                   
> *
> 
> *                                                                            
> *
> 
> *******************************************************************************
> 
> 
> 
> IRQL_NOT_LESS_OR_EQUAL (a)
> 
> An attempt was made to access a pageable (or completely
> invalid) address at an
> 
> interrupt request level (IRQL) that is too high.  This is
> usually
> 
> caused by drivers using improper addresses.
> 
> If a kernel debugger is available get the stack backtrace.
> 
> Arguments:
> 
> Arg1: fa037098, memory referenced
> 
> Arg2: 00000002, IRQL
> 
> Arg3: 00000000, bitfield :
> 
>     bit 0 : value 0 = read operation, 1 = write
> operation
> 
>     bit 3 : value 0 = not an execute operation, 1 =
> execute
> operation (only on chips which support this level of
> status)
> 
> Arg4: 808269e6, address which referenced memory
> 
> 
> 
> Debugging Details:
> 
> ------------------
> 
> 
> 
> 
> 
> READ_ADDRESS:  fa037098 
> 
> 
> 
> CURRENT_IRQL:  2
> 
> 
> 
> FAULTING_IP: 
> 
> nt!KeSetEvent+e
> 
> 808269e6 803e00         
> cmp     byte ptr [esi],0
> 
> 
> 
> DEFAULT_BUCKET_ID:  DRIVER_FAULT
> 
> 
> 
> BUGCHECK_STR:  0xA
> 
> 
> 
> PROCESS_NAME:  Idle
> 
> 
> 
> TRAP_FRAME:  80894510 -- (.trap 0xffffffff80894510)
> 
> ErrCode = 00000000
> 
> eax=00000001 ebx=00000001 ecx=fa037098 edx=00000009
> esi=fa037098 edi=ffdffa40
> 
> eip=808269e6 esp=80894584 ebp=80894590
> iopl=0         nv up ei pl nz na po nc
> 
> cs=0008  ss=0010  ds=0023  es=0023  fs=0030 
> gs=0000            
> efl=00010202
> 
> nt!KeSetEvent+0xe:
> 
> 808269e6 803e00         
> cmp     byte ptr
> [esi],0          
> ds:0023:fa037098=??
> 
> Resetting default scope
> 
> 
> 
> LAST_CONTROL_TRANSFER:  from 808269e6 to 80886099
> 
> 
> 
> STACK_TEXT:  
> 
> 80894510 808269e6 badb0d00 00000009 00000000
> nt!KiTrap0E+0x2a1
> 
> 80894590 f9fa805b fa037098 00000000 00000000
> nt!KeSetEvent+0xe
> 
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 
> 808945b0 8082f582 816479cc fa036c6c 81647e38
> uart16550+0x105b
> 
> 80894600 808873c7 00000000 0000000e 00000000
> nt!KiRetireDpcList+0xca
> 
> 80894604 00000000 0000000e 00000000 00000000
> nt!KiIdleLoop+0x2f
> 
> 
> 
> 
> 
> STACK_COMMAND:  kb
> 
> 
> 
> FOLLOWUP_IP: 
> 
> uart16550+105b
> 
> f9fa805b eb0d           
> jmp     uart16550+0x106a (f9fa806a)
> 
> 
> 
> SYMBOL_STACK_INDEX:  2
> 
> 
> 
> SYMBOL_NAME:  uart16550+105b
> 
> 
> 
> FOLLOWUP_NAME:  MachineOwner
> 
> 
> 
> MODULE_NAME: uart16550
> 
> 
> 
> IMAGE_NAME:  uart16550.sys
> 
> 
> 
> DEBUG_FLR_IMAGE_TIMESTAMP:  49ef7a54
> 
> 
> 
> FAILURE_BUCKET_ID:  0xA_uart16550+105b
> 
> 
> 
> BUCKET_ID:  0xA_uart16550+105b
> 
> 
> 
> Followup: MachineOwner
> 
> ---------
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> 
> pso mailing list
> 
> pso at cursuri.cs.pub.ro
> 
> http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso
> 
> 
> 
> 
> 
> -----Inline Attachment Follows-----
> 
> _______________________________________________
> pso mailing list
> pso at cursuri.cs.pub.ro
> http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso
>

More information about the pso mailing list