none
Registry hardware key access and custom entries RRS feed

  • Question

  • Hi,

    I have kernel driver that works in exclusive mode. In user space I have device instance manager and client program. Manager setup driver initially and after client program starts using driver. I am looking for a way to pass some information to the manager. Due to exclusive mode I am not able to open device handle and communicate using IOCTLs. I thought about using registry to pass some flags. I have few device instances and I have tried to use hardware key however driver instantly crash when opening key. How can I maintain communication between my manager and device instances when client program occupy device handle?

    Cheers,

    nb3m

    Tuesday, September 17, 2019 2:03 PM

Answers

  • Your I/O completion routine KMDFVirtualSerial!SocketCreateAndConnectComplete was called at DISPATCH_LEVEL, as evidenced here:

    fffff800`6ff2aa50 fffff800`6d7cca6a : 00000000`00000000 fffff800`6c426180 00000000`00000000 fffff800`6db75400 : nt!KiRetireDpcList+0x4a7

    but it called WdfDeviceOpenRegistryKey, which requires PASSIVE_LEVEL. KMDF Verifier would have detected this mismatch.


    • Edited by ranta Tuesday, September 17, 2019 4:11 PM Don't mention of CURRENT_IRQL, because it does not reliably indicate what the IRQL was on entry to the I/O completion routine
    • Marked as answer by Brian CatlinModerator Tuesday, September 17, 2019 5:32 PM
    Tuesday, September 17, 2019 4:09 PM

All replies

  • Post the code that tries to open the hw key. Post the output of !analyze -v. You can also use WMI to pass information without opening a file handle.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, September 17, 2019 2:20 PM
  • WDFKEY				key;
    WDFDEVICE			device;
    
    device = socketContext->deviceContext->Device;
    status = WdfDeviceOpenRegistryKey(device, PLUGPLAY_REGKEY_DEVICE, KEY_READ, WDF_NO_OBJECT_ATTRIBUTES, &key);

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    INVALID_PROCESS_ATTACH_ATTEMPT (5)
    Arguments:
    Arg1: ffff9507003bd080
    Arg2: ffff950700287040
    Arg3: 0000000000000001
    Arg4: 0000000000000001

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1


    STACKHASH_ANALYSIS: 1

    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 0

    BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

    DUMP_TYPE:  0

    BUGCHECK_P1: ffff9507003bd080

    BUGCHECK_P2: ffff950700287040

    BUGCHECK_P3: 1

    BUGCHECK_P4: 1

    CPU_COUNT: 4

    CPU_MHZ: c79

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3c

    CPU_STEPPING: 3

    CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 25'00000000 (cache) 25'00000000 (init)

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  0x5

    PROCESS_NAME:  System

    CURRENT_IRQL:  2

    ANALYSIS_SESSION_HOST:  DESKTOP-474CGUQ

    ANALYSIS_SESSION_TIME:  09-17-2019 14:46:50.0920

    ANALYSIS_VERSION: 10.0.17763.132 amd64fre

    LAST_CONTROL_TRANSFER:  from fffff8006d8a5dd2 to fffff8006d7d0cc0

    STACK_TEXT:  
    fffff800`6ff27898 fffff800`6d8a5dd2 : ffff9507`003bd080 00000000`00000003 fffff800`6ff27a00 fffff800`6d770640 : nt!DbgBreakPointWithStatus
    fffff800`6ff278a0 fffff800`6d8a5557 : 00000000`00000003 fffff800`6ff27a00 fffff800`6d7dd0e0 00000000`00000005 : nt!KiBugCheckDebugBreak+0x12
    fffff800`6ff27900 fffff800`6d7c9147 : fffff800`6e6c5000 fffff800`6e2668a3 fffff800`6db75400 fffff800`6e6c5480 : nt!KeBugCheck2+0x957
    fffff800`6ff28020 fffff800`6d7469ee : 00000000`00000005 ffff9507`003bd080 ffff9507`00287040 00000000`00000001 : nt!KeBugCheckEx+0x107
    fffff800`6ff28060 fffff800`6dcacbb1 : 00000000`fd6c62a4 ffffba07`00000000 fffff800`6ff28a88 ffffba07`cfe42ab8 : nt!KiStackAttachProcess+0x6e
    fffff800`6ff280e0 fffff800`6dc1152e : ffffba07`cfe42ab8 fffff800`6ff28320 fffff800`6ff282e0 fffff800`6ff28340 : nt!CmpWalkOneLevel+0x211
    fffff800`6ff28200 fffff800`6dc10a2a : 2dc27437`0000001c fffff800`6ff28520 fffff800`6ff284f0 00000000`00000000 : nt!CmpDoParseKey+0x4ce
    fffff800`6ff28470 fffff800`6dc32a29 : fffff800`6dc107c0 ffffba07`00000000 ffff9507`052a5660 00000000`00000000 : nt!CmpParseKey+0x26a
    fffff800`6ff28600 fffff800`6dc3102f : ffff9507`052a5600 fffff800`6ff28868 00000000`00000240 ffff9507`002f3400 : nt!ObpLookupObjectName+0x719
    fffff800`6ff287d0 fffff800`6dc2f6b8 : 00000000`00000001 ffff9507`002f3400 00000000`00000000 00000000`00000000 : nt!ObOpenObjectByNameEx+0x1df
    fffff800`6ff28910 fffff800`6dc2ec02 : fffff800`6ff28bf1 fffff800`6d813dbf ffffffff`ffffffff ffffba07`c78003ff : nt!CmOpenKey+0x298
    fffff800`6ff28b60 fffff800`6d7da308 : 00000000`000000ff 00000000`00000100 ffff574d`11394844 00000000`00000000 : nt!NtOpenKey+0x12
    fffff800`6ff28ba0 fffff800`6d7ccd50 : fffff800`6dcc036f 00000000`00000004 ffff9507`0471cda0 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
    fffff800`6ff28d38 fffff800`6dcc036f : 00000000`00000004 ffff9507`0471cda0 00000000`00000000 00000000`00000011 : nt!KiServiceLinkage
    fffff800`6ff28d40 fffff800`6dcc02b6 : 00000000`00000000 ffffffff`800000b0 00000000`00000011 00000000`00000011 : nt!_RegRtlOpenKeyTransacted+0xa3
    fffff800`6ff28de0 fffff800`6dcbf964 : 00000000`0000004c fffff800`6ff28ea0 00000000`00000011 00000000`00000000 : nt!SysCtxRegOpenKey+0x3a
    fffff800`6ff28e20 fffff800`6dcbf75f : 00000000`00000000 ffff9507`0471cda0 ffff9507`00000040 00000000`00000000 : nt!_CmOpenDeviceRegKeyWorker+0x1b4
    fffff800`6ff28ee0 fffff800`6dbcbbf8 : 00000000`00000000 fffff800`6ff28fd0 00000000`00000011 00000000`00000001 : nt!_CmOpenDeviceRegKey+0xef
    fffff800`6ff28f40 fffff800`70162ce5 : ffff9507`09e8d6c0 00000000`00000000 ffff9507`079f2e10 00000000`00000000 : nt!IoOpenDeviceRegistryKey+0xc8
    fffff800`6ff28f90 fffff800`70159e6b : ffff9507`00d8cdc0 00000000`00020019 fffff800`6ff29110 00000000`00000000 : Wdf01000!FxDevice::_OpenKey+0x165 [minkernel\wdf\framework\shared\core\km\fxdevicekm.cpp @ 794]
    fffff800`6ff29000 fffff800`76141fa4 : ffff9507`080df900 ffff9507`04cdc853 fffff800`6ff291d9 00000000`00000006 : Wdf01000!imp_WdfDeviceOpenRegistryKey+0xab [minkernel\wdf\framework\shared\core\fxdeviceapi.cpp @ 633]
    fffff800`6ff29060 fffff800`7614586d : 00006af8`f7f206f8 fffff800`00000001 00000000`00020019 00000000`00000000 : KMDFVirtualSerial!WdfDeviceOpenRegistryKey+0x74 [c:\program files (x86)\windows kits\10\include\wdf\kmdf\1.21\wdfdevice.h @ 2618]
    fffff800`6ff290c0 fffff800`6d6970bd : 00000000`00000000 ffff9507`04cdc780 ffff9507`09bc7720 fffff800`6ff29364 : KMDFVirtualSerial!SocketCreateAndConnectComplete+0x6d [c:\users\zuroz\documents\kmdfvirtualserial\kmdfvirtualserial\kmdfvirtualserial\socket.c @ 593]
    fffff800`6ff29130 fffff800`6d696ed7 : ffff9507`04cdc780 ffff9507`00000002 ffff9507`0a403076 ffff9507`04d11338 : nt!IopfCompleteRequest+0x1cd
    fffff800`6ff29240 fffff800`72292d85 : 00000000`00000010 00000000`00000000 ffff9507`0579a660 ffff9507`0805c902 : nt!IofCompleteRequest+0x17
    fffff800`6ff29270 fffff800`71117840 : 00000000`00000000 00000000`000008fb fffff800`6ff29400 00000000`00000000 : afd!WskProTLCreateConnectComplete+0xd5
    fffff800`6ff29300 fffff800`7115c88a : 00000000`aa665113 00000000`72c434a8 00000000`00001000 fffff800`6ff29670 : tcpip!TcpCreateAndConnectTcbComplete+0x394
    fffff800`6ff29540 fffff800`710f0218 : 00000000`00000001 fffff800`6ff29750 00000000`00000000 00000000`00000000 : tcpip!TcpSynchronizeTcbDelivery+0x5e
    fffff800`6ff29570 fffff800`710f246d : 00000000`00000000 fffff800`6ff299c0 00000000`00000000 00000000`00000000 : tcpip!TcpTcbCarefulDatagram+0xce8
    fffff800`6ff296f0 fffff800`710f1833 : ffff9507`00e2c000 fffff800`71aa5769 ffff0000`00000000 ffff9507`00c98c80 : tcpip!TcpTcbReceive+0x2dd
    fffff800`6ff29940 fffff800`710f08e4 : ffff9507`00bae9e0 00000000`00000000 00000000`9d97f6f9 00000005`c5e92f77 : tcpip!TcpMatchReceive+0x213
    fffff800`6ff29c10 fffff800`711483a2 : ffff9507`00bae9e0 00000000`000014cd ffff9507`00000000 ffff9507`00eeb901 : tcpip!TcpReceive+0x304
    fffff800`6ff29d10 fffff800`710ee6f1 : ffff9507`040f9288 ffff9507`04f0a780 ffff9507`00eeb8a0 fffff800`726b2192 : tcpip!TcpNlClientReceiveDatagrams+0x22
    fffff800`6ff29d50 fffff800`710ee2a2 : 00000004`00000000 ffff9507`07f97561 00000000`00000000 00000000`00000000 : tcpip!IppDeliverListToProtocol+0x61
    fffff800`6ff29e20 fffff800`710ed59a : 00000000`00000000 ffff9507`055355a0 ffff9507`00e441d0 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
    fffff800`6ff29e90 fffff800`710eea63 : fffff800`712db290 ffff9507`00e4c8c0 00000000`00000000 ffff9507`07e91b00 : tcpip!IppReceiveHeaderBatch+0x22a
    fffff800`6ff29f90 fffff800`7114847c : ffff9507`07f7b910 ffff9507`04f0a780 00000000`00000001 ffff9507`07fd4900 : tcpip!IppFlcReceivePacketsCore+0x323
    fffff800`6ff2a0b0 fffff800`7114d710 : ffff9507`04f0a780 ffff9507`07fd49a0 fffff800`6ff2a140 fffff800`6ff2a144 : tcpip!IpFlcReceivePackets+0xc
    fffff800`6ff2a0e0 fffff800`7114cc73 : 00008fe7`01800001 ffff9507`07fd4900 fffff800`71133de0 fffff800`6ff2a438 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x290
    fffff800`6ff2a1e0 fffff800`6d6f5a88 : fffff800`6ff2a4d0 00000000`00000002 fffff800`6db75400 fffff800`6ff2a450 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x173
    fffff800`6ff2a320 fffff800`6d6f59fd : fffff800`7114cb00 fffff800`6ff2a450 ffff9507`00b903c0 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
    fffff800`6ff2a390 fffff800`71131063 : ffff9507`0754ad10 00000000`00000000 ffff9507`075db600 fffff800`713c14cb : nt!KeExpandKernelStackAndCalloutEx+0x1d
    fffff800`6ff2a3d0 fffff800`71aa2780 : 00000000`00000000 fffff800`6ff2a6d0 00000000`00000001 ffff9507`04f0e760 : tcpip!FlReceiveNetBufferListChain+0x2c3
    fffff800`6ff2a5d0 fffff800`71aa239d : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x220
    fffff800`6ff2a6a0 fffff800`71aa78d7 : 00000000`00000001 fffff800`00000000 00000000`00000000 00000000`00000001 : ndis!ndisMTopReceiveNetBufferLists+0x23d
    fffff800`6ff2a730 fffff800`71aa5087 : 00000000`00026be1 fffff800`6ff2a880 fffff800`71aa2160 00000000`00989680 : ndis!ndisCallReceiveHandler+0xc7
    fffff800`6ff2a780 fffff800`726b263d : ffff9507`00eeb8a0 00000000`00000000 fffff800`6e27e600 fffff800`6ff2aa10 : ndis!NdisMIndicateReceiveNetBufferLists+0x5b7
    fffff800`6ff2a900 fffff800`6d68d129 : 00000000`00000002 0000d37b`2f6a0064 fffff800`6db75400 00000000`00000008 : kdnic!RxReceiveIndicateDpc+0x1dd
    fffff800`6ff2a960 fffff800`6d68e077 : 00000000`00000004 00000000`00989680 fffff800`6db75400 00000000`00000019 : nt!KiProcessExpiredTimerList+0x159
    fffff800`6ff2aa50 fffff800`6d7cca6a : 00000000`00000000 fffff800`6c426180 00000000`00000000 fffff800`6db75400 : nt!KiRetireDpcList+0x4a7
    fffff800`6ff2ac60 00000000`00000000 : fffff800`6ff2b000 fffff800`6ff25000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a


    THREAD_SHA1_HASH_MOD_FUNC:  1ba7d8d4228a5124588a7275dc6f7dcaaa40e8d7

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  31d3d21b98883ef2b048732367acd982ae811536

    THREAD_SHA1_HASH_MOD:  9c9d19e2f83f20042e02eccc2072ee61444618a4

    FOLLOWUP_IP:
    nt!KiStackAttachProcess+6e
    fffff800`6d7469ee cc              int     3

    FAULT_INSTR_CODE:  b881f7cc

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  nt!KiStackAttachProcess+6e

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  2e8b5a19

    STACK_COMMAND:  .thread ; .cxr ; kb

    BUCKET_ID_FUNC_OFFSET:  6e

    FAILURE_BUCKET_ID:  0x5_nt!KiStackAttachProcess

    BUCKET_ID:  0x5_nt!KiStackAttachProcess

    PRIMARY_PROBLEM_CLASS:  0x5_nt!KiStackAttachProcess

    TARGET_TIME:  2019-09-17T12:46:33.000Z

    OSBUILD:  17763

    OSSERVICEPACK:  0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  1

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 10

    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  1994-09-30 02:21:45

    BUILDDATESTAMP_STR:  180914-1434

    BUILDLAB_STR:  rs5_release

    BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

    ANALYSIS_SESSION_ELAPSED_TIME:  5285

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:0x5_nt!kistackattachprocess

    FAILURE_ID_HASH:  {c0641935-a82e-4438-ed30-75979159ba4e}

    Followup:     MachineOwner
    ---------

    Tuesday, September 17, 2019 2:25 PM
  • Your I/O completion routine KMDFVirtualSerial!SocketCreateAndConnectComplete was called at DISPATCH_LEVEL, as evidenced here:

    fffff800`6ff2aa50 fffff800`6d7cca6a : 00000000`00000000 fffff800`6c426180 00000000`00000000 fffff800`6db75400 : nt!KiRetireDpcList+0x4a7

    but it called WdfDeviceOpenRegistryKey, which requires PASSIVE_LEVEL. KMDF Verifier would have detected this mismatch.


    • Edited by ranta Tuesday, September 17, 2019 4:11 PM Don't mention of CURRENT_IRQL, because it does not reliably indicate what the IRQL was on entry to the I/O completion routine
    • Marked as answer by Brian CatlinModerator Tuesday, September 17, 2019 5:32 PM
    Tuesday, September 17, 2019 4:09 PM
  • If you need access from multiple clients, then why use "exclusive" mode?  If there are certain activities that need to be restricted to one client only, you can track that within your driver.  If, for example, only one client can do ReadFile, then have your ReadFile callback check to see whether a reader is registered.  If it is, then reject it.

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.


    • Edited by Tim Roberts Tuesday, September 17, 2019 5:02 PM
    Tuesday, September 17, 2019 5:01 PM
  • Also, WdfDeviceOpenRegistryKey requires a pnp WDFDEVICE

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, September 17, 2019 7:02 PM