none
WinDbg not is showing FAULTING_SOURCE_CODE RRS feed

  • Question

  • Hello,

    i'm trying list all files in a specific directory, but i receives BSOD.

    I already tried check for erros on source code with WinDbg ( with .dump file ), but not is showed the field FAULTING_SOURCE_CODE

    Here is my .dump file after !analyze -v and follow my source code.

    Driver.c

    #include "Driver.h"
    
    NTSTATUS ListFiles() {
    
        WCHAR Buffer[8192];
        UNICODE_STRING DirectoryName;
        OBJECT_ATTRIBUTES DirectoryAttributes;
        NTSTATUS Status;
        HANDLE DirectoryHandle;
        IO_STATUS_BLOCK Iosb;
        PFILE_BOTH_DIR_INFORMATION DirInformation;
    
        RtlInitUnicodeString(&DirectoryName, L"\\??\\C:\\Windows");
    
            InitializeObjectAttributes(&DirectoryAttributes,
                &DirectoryName,
                OBJ_CASE_INSENSITIVE,
                0,          // absolute open, no relative directory handle
                0);         // no security descriptor necessary
    
        Status = ZwCreateFile(&DirectoryHandle,
            (FILE_LIST_DIRECTORY | SYNCHRONIZE),
            &DirectoryAttributes,
            &Iosb,
            0,
            0,
            FILE_SHARE_VALID_FLAGS, // FULL sharing
            FILE_OPEN,          // MUST already exist
            (FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE),   // MUST be a directory
            0,
            0);
    
        if (!NT_SUCCESS(Status)) {
            DbgPrint("Unable to open %.*S, error = 0x%x\n", DirectoryName.Length / sizeof(WCHAR), DirectoryName.Buffer, Status);
            return Status;
        }
    
        //
        // We pass NO NAME which is the same as *.*
        //
        Status = ZwQueryDirectoryFile(DirectoryHandle,
            NULL,
            0,
            // No APC routine
            0,
            // No APC context
            &Iosb,
            Buffer,
            sizeof(Buffer),
    
            FileBothDirectoryInformation,
            TRUE,
            NULL,
            FALSE);
    
        if (!NT_SUCCESS(Status)) {
            DbgPrint("Unable to query directory contents, error 0x%x\n", Status);
            return Status;
        }
    
        DirInformation = (PFILE_BOTH_DIR_INFORMATION)Buffer;
    
        // Loop over all files
        for (;;) {
            //
            // Dump the full name of the file.  We could dump the other information
            // here as well, but we'll keep the example shorter instead.
            //
            DbgPrint("  %.*S\n", DirInformation->FileNameLength / sizeof(WCHAR), &DirInformation->FileName[0]);
    
            //
            // If there is no offset in the entry, the buffer has been exhausted.
            //
            if (DirInformation->NextEntryOffset == 0) {
                // Re-fill buffer
                Status = ZwQueryDirectoryFile(DirectoryHandle,
                    NULL,
                    0,
                    // No APC routine
                    0,
                    // No APC context
                    &Iosb,
                    Buffer,
                    sizeof(Buffer),
    
                    FileBothDirectoryInformation,
                    FALSE,
                    NULL,
                    FALSE);
    
                if (!NT_SUCCESS(Status)) {
                    if (Status == STATUS_NO_MORE_FILES) break;
                    DbgPrint("Unable to query directory contents, error 0x%x\n", Status);
                    return Status;
                }
    
                DirInformation = (PFILE_BOTH_DIR_INFORMATION)Buffer;
                continue;
            }
            //
            // Advance to the next entry.
            //
            DirInformation = (PFILE_BOTH_DIR_INFORMATION)(((PUCHAR)DirInformation) + DirInformation->NextEntryOffset);
    
        }
    
         ZwClose(DirectoryHandle);
        return Status;
    }
    
    VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) {
    
        DbgPrint("DriverUnload()!\\n");
        return;
    
    }
    
    NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath) {
    
        NTSTATUS NtStatus = STATUS_SUCCESS;
        pDriverObject->DriverUnload = /*(PDRIVER_UNLOAD)*/DriverUnload;
        DbgPrint("DriverEntry()!\\n");
        ListFiles();
        return NtStatus;
    
    }

    Driver.h

    #pragma once
    
    #ifndef _DRIVER_H_
    #define _DRIVER_H_
    
    #include <ntifs.h>
    
    #ifndef OBJ_KERNEL_HANDLE
    #define OBJ_KERNEL_HANDLE 0x00000200
    #endif //OBJ_KERNEL_HANDLE
    
    #endif //_DRIVER_H_


    • Edited by FLASHCODER Wednesday, January 18, 2017 7:23 PM
    Wednesday, January 18, 2017 7:19 PM

All replies

  • Make sure your symbols are correct, and use !analyze -v then give this forum the data.  


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Proposed as answer by FL4SHC0D3R Wednesday, January 25, 2017 2:30 AM
    Wednesday, January 18, 2017 10:26 PM
  • Make sure your symbols are correct, and use !analyze -v then give this forum the data.  


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    I have sure that are correct.

    Below are the steps followed:

    1- Download symbols to C:\symbols ( Ctrl + S ): 

    SRV*C:\symbols*http://msdl.microsoft.com/download/symbols

    2- Open my .dump file ( Ctrl + D )

    3- .sympath c:\symbols

    4- .reload /f

    5- .srcpath c:\myproject\myproject

    6- !analyze -v




    Wednesday, January 18, 2017 11:40 PM
  • How about cutting and pasting the output of !analyze -v into a post?  Without it there is no way we can even guess what your problem is.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, January 19, 2017 12:27 AM
  • How about cutting and pasting the output of !analyze -v into a post?  Without it there is no way we can even guess what your problem is.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    The output of !analyze -v is "Bugcheck Analysis" session and mainly all content inside "Debugging Details" ?


    • Edited by FLASHCODER Thursday, January 19, 2017 1:10 AM
    Thursday, January 19, 2017 1:10 AM