HELP! Calling old DrvEnablePDEV in the MS mirror driver, bluescreened when rebooting,

[lucy]

Dear all,

I compiled the MSDDK mirror driver sample, and installed it and it all runs
ok.

Then I added just a few lines in the "enable.c", after update to this new
compiled driver, it failed to reboot and bluescreened when rebooting, saying
something like paged memory fault stuff...

Can anybody help me out and see what's wrong with my addition to the code?

---// Added type definition for pointer to old DrvEnablePDEV
function----------

typedef DHPDEV (*OLDDRVENABLEPDEV)(
DEVMODEW *pDevmode, // Pointer to DEVMODE
PWSTR pwszLogAddress, // Logical address
ULONG cPatterns, // number of patterns
HSURF *ahsurfPatterns, // return standard patterns
ULONG cjGdiInfo, // Length of memory pointed to by pGdiInfo
ULONG *pGdiInfo, // Pointer to GdiInfo structure
ULONG cjDevInfo, // Length of following PDEVINFO structure
DEVINFO *pDevInfo, // physical device information structure
HDEV hdev, // HDEV, used for callbacks
PWSTR pwszDeviceName, // DeviceName - not used
HANDLE hDriver); // Handle to base driver


---// The original DrvEnablePDEV in enable.c----------

DHPDEV DrvEnablePDEV(
DEVMODEW *pDevmode, // Pointer to DEVMODE
PWSTR pwszLogAddress, // Logical address
ULONG cPatterns, // number of patterns
HSURF *ahsurfPatterns, // return standard patterns
ULONG cjGdiInfo, // Length of memory pointed to by pGdiInfo
ULONG *pGdiInfo, // Pointer to GdiInfo structure
ULONG cjDevInfo, // Length of following PDEVINFO structure
DEVINFO *pDevInfo, // physical device information structure
HDEV hdev, // HDEV, used for callbacks
PWSTR pwszDeviceName, // DeviceName - not used
HANDLE hDriver) // Handle to base driver
{

// ... some other original enable.c code...

---// Added call to old DrvEnablePDEV function----START------
hh=EngLoadImage((LPWSTR)"atidrae.dll");
DISPDBG((0,"DISP Load old atidrae.dll %d\n", hh));

pOldDrvEnablePDEV=(OLDDRVENABLEPDEV)EngFindImageProcAddress(hh,
"DrvEnablePDEV");
DISPDBG((0,"DISP Load DrvEnablePDEV in old atidrae.dll %d\n",
pOldDrvEnablePDEV));

ppdev=(PPDEV)(pOldDrvEnablePDEV)(pDevmode, // Pointer to DEVMODE
pwszLogAddress, // Logical address
cPatterns, // number of patterns
ahsurfPatterns, // return standard patterns
cjGdiInfo, // Length of memory pointed to by pGdiInfo
pGdiInfo, // Pointer to GdiInfo structure
cjDevInfo, // Length of following PDEVINFO structure
pDevInfo, // physical device information structure
hdev, // HDEV, used for callbacks
pwszDeviceName, // DeviceName - not used
hDriver); // Handle to base driver



DISPDBG((0,"DISP DrvEnablePDEV GDIINFO %d\n", ((GDIINFO
*)pGdiInfo)->ulPhysicalPixelGamma));


EngUnloadImage(hh);

---// Added call to old DrvEnablePDEV function END--------

// ... some other original enable.c code...

}

 

[Calvin Guan]

Lucy,

When asking question like "Why my driver BSOD", you would get more replies
if you can attach the output from windbg command "!analyze -v".

Anyways, I would try to remove the line:

EngUnloadImage(hh);

Calvin
-
Calvin Guan Software Engineer
ATI Technologies Inc. www.ati.com

 

[lucy]

Lucy,

When asking question like "Why my driver BSOD", you would get more replies
if you can attach the output from windbg command "!analyze -v".

Anyways, I would try to remove the line:


Calvin

Hi Calvin,

Thank you very much for your help. But where to download the "windbg"
program?

Also if I do not do EngUnloadImage(hh), there will be two dipslay card
driver running in system, the original ATI, and the other one I called from
my mirror driver... are these two drivers going to conflict?

Thanks a lot,



-----------------------------------------

 

[Calvin Guan]

For WindBag:
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

As for your question, sorry, I'm not expert in mirror driver. I couldn't be
helpful here.

Good luck,
Calvin
-
Calvin Guan Software Engineer
ATI Technologies Inc. www.ati.com

 

[lucy]

Error message of the blue screen reads as follows:

Caused by WIN32K.SYS

PAGE_FAULT_IN_NONPAGED_AREA

*** STOP: 0X00000050(0XE2C3F304, 0X00000001, 0XBF84E4F8, 0X00000002)
*** WIN32K.SYS -- address BF84E4F8 base at BF8000000, Datestamp 3F73195D

 

[lucy]

output from windbg command "!analyze -v". complete information attached...
anybody saves me? Tahnk you so much

---------------------------------------------------------------------------

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini082304-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp2.031208-2000
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054c230
Debug session time: Mon Aug 23 15:39:38 2004
System Uptime: 0 days 0:00:22.093
Loading Kernel Symbols
.............................................................................
..................................
Loading unloaded module list
...
Loading User Symbols
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {e2c3f304, 1, bf84e4f8, 2}


Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!PDEVOBJ:DEVOBJ+16e )

Followup: MachineOwner
---------

0: kd> !analyze -v
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad or
it
is pointing at freed memory.
Arguments:
Arg1: e2c3f304, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: bf84e4f8, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

WRITE_ADDRESS: e2c3f304

FAULTING_IP:
win32k!PDEVOBJ:DEVOBJ+16e
bf84e4f8 898104030000 mov [ecx+0x304],eax

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from bf808788 to bf84e4f8

STACK_TEXT:
a6037a48 bf808788 e1864628 e1c35178 00000000 win32k!PDEVOBJ:DEVOBJ+0x16e
a6037a9c bf8048e3 e16f66c0 e197d758 e1c35178 win32k!hCreateHDEV+0x2cb
a6037c00 bf804245 00000000 00000000 00000001 win32k!DrvCreateMDEV+0x3ea
a6037cf4 bf809cda 00000000 00000000 00000000
win32k!DrvChangeDisplaySettings+0x29e
a6037d4c bf809d98 80531244 00050000 00000064 win32k!InitVideo+0x31
a6037ddc 80535986 8060368c 00000004 00000000 win32k!NtUserInitialize+0x86
a6037df0 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP:
win32k!PDEVOBJ:DEVOBJ+16e
bf84e4f8 898104030000 mov [ecx+0x304],eax

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: win32k!PDEVOBJ:DEVOBJ+16e

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3f73195d

STACK_COMMAND: kb

BUCKET_ID: 0x50_W_win32k!PDEVOBJ:DEVOBJ+16e

Followup: MachineOwner
---------

 

[Tim Roberts]

Dear all,

I compiled the MSDDK mirror driver sample, and installed it and it all runs
ok.

Then I added just a few lines in the "enable.c", after update to this new
compiled driver, it failed to reboot and bluescreened when rebooting, saying
something like paged memory fault stuff...

Can anybody help me out and see what's wrong with my addition to the code?

Where did you get this code?

The code snippet you posted is designed to be used in a FILTER driver, not
a MIRROR driver. A mirror driver gets loaded alongside the primary display
driver and gets its own driver handle and structures. You can't
arbitrarily call into another display driver like this; the likely cause
will be to screw up the original driver's structures.

In a FILTER driver, there is only one driver handle. You insert yourself
into the call tree so you can intercept the data.

 

[lucy]

code?

Where did you get this code?

The code snippet you posted is designed to be used in a FILTER driver, not
a MIRROR driver. A mirror driver gets loaded alongside the primary display
driver and gets its own driver handle and structures. You can't
arbitrarily call into another display driver like this; the likely cause
will be to screw up the original driver's structures.

In a FILTER driver, there is only one driver handle. You insert yourself
into the call tree so you can intercept the data.

I just added some lines into the MS DDK sample mirror driver code using my
imagination. I did not find sample code for filter driver, so how to insert
myself into the call tree so I can intercept the data?

Do you also mean that one mirror driver cannot call any functions from the
original display driver?

Thank you very much fo ryour help!

-Lucy

 

[vipin]

You can't simply call across drivers. You will have to rename your driver to
someother name, right a dummy driver dll which
will call EngLoadImage(...) and then call the corresponding points. Atleast
thats how I did for NT4 kernel mode printer driver.
Not sure if any additional steps are required for video driver.
thanks
vipin

 

[lucy]

You can't simply call across drivers. You will have to rename your driver to
someother name, right a dummy driver dll which
will call EngLoadImage(...) and then call the corresponding points. Atleast
thats how I did for NT4 kernel mode printer driver.
Not sure if any additional steps are required for video driver.
thanks
vipin

Hi Vipin,

Thank you so much for your help! But enable.c is inside the MSDDK mirror
driver sample.

It is inside the \mirror\disp\enable.c

And this is a dummy driver; its name after installation is Microsoft Mirror
Driver...

The enable.c, after compilation and linking, becomes mirror.dll,

I still cannot call EngLoadImage(...) in this mirror.dll in this dummy
mirror driver(which does nothing...)?

Please give me some more thoughts... Thank you so much!

-Lucy

 

[Jim Carlock]

"lucy" <[email protected]> asked some questions...

Anyone else seeing the dates on all the messages in this thread
end up as 7/16/2006 12:11AM ?

Jim Carlock
Post replies to the group.

 

[David J. Craig]

If you display all headers, you can see the dates from 2004. Whoever the
clueless person is, he/she back again.