Machine freeze RRS feed

  • Question

  • In English language :


    For 3 times: When I load my driver on my guest machine Windows 10 2015,
    the guest  machine freeze after 30 40 60 seconds WITHOUT BSOD, alt-ctrl-suppr not respond.

    I am unable to determine if it is my driver is involved, and I can not reproduce anymore
    this problem.

    I am looking for a utility (microsoft preferably) to track runtime memory eg. 'RtlCopyMemory' 'RtlZeroMemory') ) operation incorrect size or too big size (
    I mean the memory transfer (eg.'RtlCopyMemory '' RtlZeroMemory ') of size too big or incorrect that would make freeze ....
    I would need this utility to fix this bug if the problem comes from my driver.

    There is 8 years ago, I had already had this problem similary because an incorrect size memory transfer in my driver,

    it's solved since.

    Thank you

    In french language :


    Pendant 3 fois : Quand j'ai charger mon driver sur ma machine guest Windows 10 2015,
    la machine guest freeze au bout de 30 ,40 ,60 secondes SANS BSOD , alt-ctrl-suppr ne repond pas.

    Je suis incapable de déterminer si c'est mon driver est en cause , et je n'arrive plus à reproduire
    ce probléme.

    Je cherche un utilitaire (microsoft de préférence) pour tracker un (eg. 'RtlCopyMemory' 'RtlZeroMemory' de taille too big)
    je veux dire les transfert de mémoire (eg.'RtlCopyMemory' 'RtlZeroMemory') de taille too big ou incorrect qui ferais freeze ....
    J'aurais besoin de cet utilitaire pour corriger ce bug si le probléme vient de mon drivers

    Il y a 8 années , J'avais  déjà eu ce probléme similaire c'est due à une transfert de mémoire de  taille incorrect dans mon driver,

    c'est corriger depuis.


    • Edited by Sizy458 Sunday, August 18, 2019 7:56 PM
    Sunday, August 18, 2019 7:48 PM

All replies

  • A copy running at IRQL < DISPATCH_LEVEL can't freeze the entire VM; just the thread it is running on. If you're copying more than a page or two at IRQL >= DISPATCH_LEVEL, then you should re-think how your driver is implemented.

    In any event, what you want is the Windows Performance Recorder (WPR) and the Windows Performance Analyzer (WPA), which are part of the Windows Performance Toolkit (part of the Assessment and Deployment Kit (ADK)). There are lots of videos on how to use these tools on Channel9 (search for 'WPA'). It will require detailed knowledge of Windows internals to solve your problem with WPA, which you can acquire by reading both volumes of the Windows Internals books (the second volume of the 7th edition isn't available, yet, but both volumes of the 6th edition is sufficient).


    Azius Developer Training Windows device driver, internals, security, & forensics training and consulting. Blog at

    Sunday, August 18, 2019 8:04 PM