none
System crash - IRQL_NOT_LESS_OR_EQUAL - Keyboard driver RRS feed

  • Question

  • Microsoft (R) Windows Debugger Version 10.0.17134.1 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\King\Desktop\090918-18109-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: srv*
    Executable search path is: 
    Windows 8.1 Kernel Version 9600 UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17415.x86fre.winblue_r4.141028-1500
    Machine Name:
    Kernel base = 0x81209000 PsLoadedModuleList = 0x81408418
    Debug session time: Sun Sep  9 13:50:30.037 2018 (UTC + 6:00)
    System Uptime: 0 days 1:17:13.573
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ................................
    Loading User Symbols
    Loading unloaded module list
    ..................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000000A, {0, 2, 1, 81308cf4}
    
    Probably caused by : kbdclass.sys ( kbdclass!KeyboardClassServiceCallback+e8 )
    
    Followup:     MachineOwner
    ---------
    
    kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, bitfield :
    	bit 0 : value 0 = read operation, 1 = write operation
    	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: 81308cf4, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
    
    TIMELINE_ANALYSIS: 1
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  9600.17415.x86fre.winblue_r4.141028-1500
    
    DUMP_TYPE:  2
    
    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump
    
    BUGCHECK_P1: 0
    
    BUGCHECK_P2: 2
    
    BUGCHECK_P3: 1
    
    BUGCHECK_P4: ffffffff81308cf4
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from 814376f4
    Unable to get MmSystemRangeStart
    GetUlongPtrFromAddress: unable to read from 81437f38
    GetUlongPtrFromAddress: unable to read from 81437a90
    Unable to get NonPagedPoolStart
    Unable to get PagedPoolStart
     00000000 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!memmove+124
    81308cf4 89448ff4        mov     dword ptr [edi+ecx*4-0Ch],eax
    
    CPU_COUNT: 1
    
    CPU_MHZ: 899
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3d
    
    CPU_STEPPING: 4
    
    CPU_MICROCODE: 6,3d,4,0 (F,M,S,R)  SIG: 1F'00000000 (cache) 0'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    BUGCHECK_STR:  AV
    
    PROCESS_NAME:  System
    
    ANALYSIS_SESSION_HOST:  DESKTOP-NDA48UI
    
    ANALYSIS_SESSION_TIME:  09-09-2018 13:55:29.0502
    
    ANALYSIS_VERSION: 10.0.17134.1 x86fre
    
    LAST_CONTROL_TRANSFER:  from 8fefea65 to 81308cf4
    
    STACK_TEXT:  
    82743988 8fefea65 00000000 9b13fe2c 0000000c nt!memmove+0x124
    827439c4 8fee91d5 953a5240 9b13fe2c 8f916e28 kbdclass!KeyboardClassServiceCallback+0xe8
    82743a28 812579a6 91f0cc64 01f0ca00 00000000 i8042prt!I8042KeyboardIsrDpc+0x197
    82743ae0 812575c6 82743b28 00000000 89bfabc0 nt!KiExecuteAllDpcs+0x216
    82743c04 8131a3d0 00000000 00000000 00000000 nt!KiRetireDpcList+0xf6
    82743c08 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x38
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  558f74cd3a91bcbe19983f1b7c0528b4b6e14e68
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  161173af8eb4dad35d375cfca10e81c430366625
    
    THREAD_SHA1_HASH_MOD:  96f30bfb09b4cbb871d97a7ed1a187f4d9e602f3
    
    FOLLOWUP_IP: 
    kbdclass!KeyboardClassServiceCallback+e8
    8fefea65 8b4510          mov     eax,dword ptr [ebp+10h]
    
    FAULT_INSTR_CODE:  3310458b
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  kbdclass!KeyboardClassServiceCallback+e8
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: kbdclass
    
    IMAGE_NAME:  kbdclass.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  543353ac
    
    IMAGE_VERSION:  6.3.9600.17393
    
    STACK_COMMAND:  .thread ; .cxr ; kb
    
    BUCKET_ID_FUNC_OFFSET:  e8
    
    FAILURE_BUCKET_ID:  AV_kbdclass!KeyboardClassServiceCallback
    
    BUCKET_ID:  AV_kbdclass!KeyboardClassServiceCallback
    
    PRIMARY_PROBLEM_CLASS:  AV_kbdclass!KeyboardClassServiceCallback
    
    TARGET_TIME:  2018-09-09T07:50:30.000Z
    
    OSBUILD:  9600
    
    OSSERVICEPACK:  17415
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  784
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x86
    
    OSNAME:  Windows 8.1
    
    OSEDITION:  Windows 8.1 WinNt TerminalServer SingleUserTS Personal
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2014-10-29 06:32:39
    
    BUILDDATESTAMP_STR:  141028-1500
    
    BUILDLAB_STR:  winblue_r4
    
    BUILDOSVER_STR:  6.3.9600.17415.x86fre.winblue_r4.141028-1500
    
    ANALYSIS_SESSION_ELAPSED_TIME:  d87
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:av_kbdclass!keyboardclassservicecallback
    
    FAILURE_ID_HASH:  {2397e1a0-177a-792e-7553-d9653a04afd0}
    
    Followup:     MachineOwner
    ---------
    
    

    Source code:

    #include "ntddk.h""
    
    
    typedef struct {
    	PDEVICE_OBJECT LowerKbdDevice;
    }DEVICE_EXTENSION,*PDEVICE_EXTENSION;
    
    typedef struct _KEYBOARD_INPUT_DATA {
    	USHORT UnitId;
    	USHORT MakeCode;
    	USHORT Flags;
    	USHORT Reserved;
    	ULONG  ExtraInformation;
    } KEYBOARD_INPUT_DATA, *PKEYBOARD_INPUT_DATA;
    
    PDEVICE_OBJECT MyKbdDevice = NULL;
    //ULONG pendingkey = 0;
    
    void Unload(IN PDRIVER_OBJECT DriverObject) {
    	
    	LARGE_INTEGER interval = { 0 };
    
    	PDEVICE_OBJECT DeviceObject = DriverObject->DeviceObject;
    	interval.QuadPart = -10 * 1000 * 1000;
    	IoDetachDevice(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice);
    	/*while (pendingkey) {
    		KeDelayExecutionThread(KernelMode, FALSE, &interval);
    	}*/
    	IoDeleteDevice(MyKbdDevice);
    	DbgPrint("driver Unload \r\n");
    
    
    }
    
    NTSTATUS DispatchPass(PDEVICE_OBJECT DeviceObject, PIRP Irp) {
    
    	IoCopyCurrentIrpStackLocationToNext(Irp);
    	return IoCallDriver((((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice), Irp);
    
    }
    
    NTSTATUS ReadComplete(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context) {
    
    	PKEYBOARD_INPUT_DATA Keys = (PKEYBOARD_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;
    	int structnum = Irp->IoStatus.Information / sizeof(PKEYBOARD_INPUT_DATA);
    	int i;
    	if (Irp->IoStatus.Status == STATUS_SUCCESS) {
    		for (i = 0; i < structnum; i++) {
    			DbgPrint("The Key Is %x\n", Keys[i].MakeCode);
    		}
    	 }
    	if(Irp->PendingReturned) {
    		IoMarkIrpPending(Irp);
    	}
    	
    	//pendingkey--;
    	return Irp->IoStatus.Status;
    }
    
    NTSTATUS DispatchRead(PDEVICE_OBJECT DeviceObject, PIRP Irp) {
    	
    	IoCopyCurrentIrpStackLocationToNext(Irp);
    
    	IoSetCompletionRoutine(Irp, ReadComplete, NULL, TRUE, TRUE, TRUE);
    	 
    	//pendingkey++;
    	return IoCallDriver((((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice), Irp); 
    	
    }
    
    NTSTATUS MyAttachDevice(PDRIVER_OBJECT DriverObject) {
    	NTSTATUS status;
    	
    
    	UNICODE_STRING TargetDevice = RTL_CONSTANT_STRING(L"\\Device\\KeyboardClass0");
    	status = IoCreateDevice(DriverObject,
    		sizeof(DEVICE_EXTENSION), 
    		NULL, FILE_DEVICE_KEYBOARD,
    		0, FALSE, &MyKbdDevice);
    
    	if (!NT_SUCCESS(status)) {
    		return status;
    	}
    
    	MyKbdDevice->Flags |= DO_BUFFERED_IO;
    	MyKbdDevice->Flags &= DO_DEVICE_INITIALIZING;
    	
    	RtlZeroMemory(MyKbdDevice->DeviceExtension, sizeof(DEVICE_EXTENSION));
    	
    	status = IoAttachDevice(MyKbdDevice, &TargetDevice, &((PDEVICE_EXTENSION)MyKbdDevice->DeviceExtension)->LowerKbdDevice);
    
    	if (!NT_SUCCESS(status)) {
    		IoDeleteDevice(MyKbdDevice);
    		return status; 
    	}
    	return STATUS_SUCCESS;
    }
    
    extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) {
    
    	UNREFERENCED_PARAMETER(RegistryPath);
    	UNREFERENCED_PARAMETER(DriverObject);
    
    	NTSTATUS status;
    	int i;
    	DriverObject->DriverUnload = Unload;
    
    	for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++) {
    
    		DriverObject->MajorFunction[i] = DispatchPass;
    	}
    
    		DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
    
    
    
    	DbgPrint("Hello Driver\r\n");
    	status = MyAttachDevice(DriverObject);
    
    	if (!NT_SUCCESS(status)) {
    		DbgPrint("attaching is failing");
    		return status;
    	}
    	else {
    		KdPrint(("Attaching Succeeds \r\n"));
    	}
    
    	return status;
    }

    Sunday, September 9, 2018 8:01 AM

Answers

  • The actual failure is a trying to copy to a NULL pointer.   But looking at your code, it is more obvious that you are writing a filter that is not plug and play for a plug and play device.    Bottom line, even if we fixed this specific bug for you the next few 1000 would still be waiting.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Nabil_ Tuesday, September 11, 2018 5:28 AM
    Sunday, September 9, 2018 3:23 PM
  • Write a new driver in KMDF that reflects good practice.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Nabil_ Tuesday, September 11, 2018 5:28 AM
    Sunday, September 9, 2018 4:24 PM

All replies

  • The actual failure is a trying to copy to a NULL pointer.   But looking at your code, it is more obvious that you are writing a filter that is not plug and play for a plug and play device.    Bottom line, even if we fixed this specific bug for you the next few 1000 would still be waiting.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Nabil_ Tuesday, September 11, 2018 5:28 AM
    Sunday, September 9, 2018 3:23 PM
  • The actual failure is a trying to copy to a NULL pointer.   But looking at your code, it is more obvious that you are writing a filter that is not plug and play for a plug and play device.    Bottom line, even if we fixed this specific bug for you the next few 1000 would still be waiting.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    How do i fix this ? 

    You mean the following NULL? 

    PDEVICE_OBJECT MyKbdDevice = NULL;
    Sunday, September 9, 2018 3:38 PM
  • Write a new driver in KMDF that reflects good practice.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Nabil_ Tuesday, September 11, 2018 5:28 AM
    Sunday, September 9, 2018 4:24 PM
  • Write a new driver in KMDF that reflects good practice.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Is it impossible to solve the issue here ? Why not WDM driver model ? Why KMDF ? 

    Help me to solve this issue. i wanna write wdm driver. I don't know how to write KMDF.

    Please help me to fix this issue if possible.

    Sunday, September 9, 2018 4:39 PM
  • First you have written a legacy filter for a PnP device this will not work.   Yes, you can add all the code for to support PnP in a WDM driver, but you are talking a lot of work, and from your current code you don't know how to write a PnP driver.   Since you would spend significantly more time learning how to write a correct PnP driver in WDM than it takes to learn and write a driver in KMDF, why would you write WDM.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Sunday, September 9, 2018 5:56 PM
  • First you have written a legacy filter for a PnP device this will not work.   Yes, you can add all the code for to support PnP in a WDM driver, but you are talking a lot of work, and from your current code you don't know how to write a PnP driver.   Since you would spend significantly more time learning how to write a correct PnP driver in WDM than it takes to learn and write a driver in KMDF, why would you write WDM.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    what's your suggestion ? should i learn KMDF and develop keyboard filter driver? 

    Or How to write PnP Driver ? what should i go with ? i am confuse.

    i think there is a sample keyboard filter driver by Microsoft ? 

    Sunday, September 9, 2018 6:10 PM
  • There is a kbfltr sample from Microsoft, it is a KMDF driver.   KMDF takes care of PnP for you which means that most of the code you would write for a WDM driver is not needed.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Sunday, September 9, 2018 6:14 PM
  • Can I develop Ndis and wfp driver with KMDF ? 
    Sunday, September 9, 2018 6:17 PM
  • WFP definitely can be done in KMDF. For NDIS it depends on the type of NDIS driver.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Sunday, September 9, 2018 6:22 PM
  • WFP definitely can be done in KMDF. For NDIS it depends on the type of NDIS driver.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Yes, NDIS filter driver. Can i get reference To develop WFP driver using KMDF?
    Sunday, September 9, 2018 6:25 PM