DeviceQuestionsForMe
I have been getting quite a few personal emails with specific questions on how to write a driver or how to a specific technology works or how to fix a particular problem. I welcome the emails, but I want these discussions to be public so that they are searchable by others (and I can't be having personal email discussions all the time, I need to do my job ;) ! ). \Device\Suggestsions doesn't seem to fit that need, so I am creating this topic to allow folks to post their questions and I will answer them here.
Comments
Anonymous
July 10, 2006
Hello Doron,
I'm trying to understand the NDIS, and especially it power management facility.
We are a starup company, which develops device and driver for wireless netwroks. We need to integrate our WDM miniport NDIS driver in the Windows XP driver stack. The target is NDIS 5.1 (and higher for Vista). We encounterd a problem to add Power Management facilities to our our driver. That is extermely important for mobile systems.
The problem is that NDIS is only Power Policy Owner in the driver stack. But it is not aware the device specific idle states. Our WDM minport device driver is familiar with the device specific facilities and states, but it is not ALLOWED to manage the device power states. Our device has USB interface, and we are going to use USB Selective Suspend power save mode while the device is idle.
Could you advise how the NDIS driver as Power Policy Owner can detect a device
idle state? Is there any special/ function/method in NDIS? Is there any other
facility that can help to resolve the problem?
Thanks in addvance and hope for productive cooperation,
Avi
System EngineerAnonymous
July 11, 2006
Avi, this is not possible currently with the way NDIS works. It will not idle out the device while the machine is running. It is more complicated then just sending a Dx irp, you would also need NDIS to send a wait wake irp to the device so that it can wake up from the selective suspend state. Furthermore, as you noted, you cannot send a power irp to the stack because you are not the power policy owner.
One way around this problem is to have 2 separate device stacks. One enumerated by the USB host controller. The 2nd a virtual NDIS miniport. the virtual NDIS miniport then opens up the USB enumerate device (by using device interface notifications) and then redirects i/o from NDIS to the other stack. You will have to deal with the situations where either
the USB device is not enumerated because it is not plugged in (the ndis virtual miniport will always be enumerated)the usb device is plugged in, but currently powered off and cannot respond to the NDIS request.By splitting this up into 2 stacks, you are now the power policy owner for the usb enumerated device and you can selectively suspend whenever you want.
you can implement this solution with KMDF rather easily. There is the pcidrv sample which shows how to create an NDIS-WDM driver and use WDFIOTARGET to send I/O (in its case down the stack vs another stack, but that is easy to change). The toastmon sample shows how to register for a device interface notification and open it up. KMDF also has implemented selective suspend for you, it is not something you should implement on your own in WDM (it is very very complicated).Anonymous
July 11, 2006
Could the Windows ACPI driver be used for such purposes?
There are a few advantages for such approach:
1. ACPI driver stack works "transparently" to rest of OS environment.
2. ACPI driver is nativelly handles power management issues.
3. The target is very specific operations, which are lack at NDIS level, can be handled by a vendor provided ACPI stack device driver.
Please comment that.Anonymous
July 12, 2006
The comment has been removedAnonymous
July 12, 2006
The comment has been removedAnonymous
July 12, 2006
John, you can only mark a request as cancelable if you own the request and have pended it in a queue. You are misusing or misunderstanding the purpose of the DDI.
As soon as you send the request to a WDFIOTARGET (or call IoCallDriver in WDM), you are no longer the owner of the request and cannot pend it. The driver you are sending the request to (HIDClass in this case) now has ownership of the request and is the entity who can mark it cancelable.
If you want to cancel a request that you sent, call WdfRequestCancelSentRequest. Hope that helps
dAnonymous
July 12, 2006
Doron,
When you say "own the request and have pended it in a queue" do you mean something more than registering an evtIoRead via WdfIoQueueCreate?
JohnAnonymous
July 12, 2006
Sorry for not being clear, it is not the creation of the queue that matters, it is the current stack location in the request. Every driver in the stack has a stack location in the irp. When the request is presented to your driver, the current stack location belongs to your device. When you send the request to a WDFIOTARGET, the current stack location in the request changes to the WDFIOTARGET's device and you don't have the current stack location anymore. You are only allowed to set a cancel routine if the current stack location is set to your device.
dAnonymous
July 12, 2006
By " send the request to a WDFIOTARGET" do you mean, for example, calling
WdfRequestSend( Request, WdfDeviceGetIoTarget(Device), NULL);
?
JohnAnonymous
July 12, 2006
yesAnonymous
July 12, 2006
The comment has been removedAnonymous
July 12, 2006
there can be only one cancel routine on the request. As the current stack location on the request, you have the ability to set a cancel routine. as soon as you send the request, you relinquish the right to the cancel routine. you are not allowed to send a request with a cancel routine set, nor are you allowed to set a cancel routine on a request that has already been sent.
When EvtIoRead is called, the current stack locations belongs to your device, but as i said, when you send a request, you relinquish the ability to own the cancel routine on the request. If you want to be notified when a request that has been sent has been canceled (and is being completed), set a completion routine before you send the request to the WDFIOTARGET.
dAnonymous
July 19, 2006
Thanks for the info.
In another driver:
When I unplug my device, my completion routine gets called a few times with Params->IoStatus.Status== STATUS_CANCELLED, which I pass on to WdfRequestComplete(Request,Params->IoStatus.Status);
After this it gets called (seemingly infinitely) with Params->IoStatus.Status == STATUS_DEVICE_NOT_CONNECTED which seems reasonable, except that it continues to eat up CPU time and the driver doesn't unload.
Is there anything that I should be doing in my completion routine to ensure that when my device gets unplugged that all of the activity for the newly unplugged device gets concluded? If not in the completion routine, then where?
JohnAnonymous
July 19, 2006
are you resubmitting the i/o from the completion routine? if so, you need to back off when you get an error and maintain state about the device. you could implement EvtDeviceSelfManagedIoInit/Suspend/Restart and implement a flag which the completion routine will look at when it decides to resend I/O or not.
what type of device are sending I/O to? a usb device?Anonymous
July 20, 2006
It turns out that we were implementing EvtDeviceSelfManagedIoInit without implementing any of the other callbacks.
Implementing EvtDeviceSurpriseRemoval and draining the queue seems to cure the problem.
BTW, is there anything else that we should be doing, for example, draining the queue when the system shuts down with the device still plugged in?Anonymous
July 20, 2006
You should really evaluate your usage of EvtDeviceSurpriseRemoval (), it is there for completeness rather then integration into the callback model. Why can't you move the functionality you have in EvtDeviceSurpriseRemoval () to EvtDeviceSelfManageIoSuspend()? This way you behave properly on all types of device power down (system power down, graceful remove, surprise remove, idle, etc)
I don't know the design of your driver or the device class you are in to answer your 2nd question.Anonymous
July 21, 2006
Hi Doron,
I have been doing some digging around on in-stack queued spinlocks and thought you might have an opinion on their use. I frequently find myself in the situation of acquiring a spinlock at DISPATCH_LEVEL which on the face of it seems to be a pretty efficient operation - just three instructions to acquire it and two to release it if the spinlock is not being contended for. In-stack queued spinlocks require 13 instructions to acquire and release in these situations. So if you think contention is a theoritical possibility but very rare it would seem to make sense to use normal spinlocks and use queued spinlocks when contention is expected. Of course there is a large grey area that is more difficult to decide. What is very difficult to assess is the impact on the cache of normal spinlocks when being contended. Do you have a general recommendation when to use queued spinlocks.
Best wishes
Chris KellyAnonymous
July 21, 2006
I would not measure this is in such a micro fashion. the difference between the 3 and 13 instructions is pretty much nil, what is going to cost you is the IRQL change.
First, since you are already at DISPATCH_LEVEL, you should use the AtDpcLevel acquisition routines. This will remove the attempted IRQL raise. Note that you must absolutely know apriori that you are at dispatch level, checking the current IRQL is as big of a hit as calling the non "AtDpcLevel" version. In pure WDM, this means that you can only call the AtDpcLevel versions in a DPC or while holding another spinlock. Completion routines do not have a guaranteed IRQL of DISPATCH_LEVEL so you can't assume the KIRQL there.
Second, if you want to run on Win2k, you have to use the old style spinlocks, queued spinlocks are only supported on XP and later.
Third, I would use the queued spinlocks whereever I could instead of the normal spinlock. In the non contention case, the perf is the same and in the case of contention, the queued locks behave much better with respect to cache coherency. Spinning on a queued spinlock will not invalidate each of the other CPUs cache lines, while the older style spinlock will cause each of the other CPUs cache to be invalidated b/c of the memory access.
Finally, i would use the queued spinlocks even if the lock was not highly contended for. Why? Because it might be highly contended in the future and then you would have to change all the callsites (which is problematic b/c the C type for the spinlock is the same so it is hard to catch the callers who acquire it w/the wrong acquisition function)Anonymous
July 21, 2006
Many thanks Doron - that was very helpful.
Needless to say I do use the "AtDpcLevel" routines and am very careful to ensure that I am dispatch level. With some driver technologies (e.g. NDIS) you know you are at dispatch level much of the time and for example in NDIS6 there is additional support to tell you what IRQL you are at with APIs that are not always at dispatch level.
I have always been a bit puzzled at why there is such a hit on changing the IRQL - on the face of it (examining in Windbg) this just consists of a read and write of the APIC TPR (at least on the HAL I am using) followed by a table lookup through HalpVectorToIRQL. Is there something here that is more expensive that I imagine or is the problem with other HALs?Anonymous
July 22, 2006
No, that's it. Reading and then writing to the APIC is not cheap. There were HALs previously that implemented a "lazy" IRQL, essentially it maintained the IRQL in software and only touched the APIC when it to change it. There was talk of adding this back into the ACPI HAL, but I don't know what was implemented.Anonymous
July 24, 2006
I have a USB composite keyboard/trackpad device. It works fine in its basic HID-boot mode, but we want to take advantage of some firmware features of the trackpad to enhance user experience. Accessing this requires sending a USB command to a different interface (not the one that the trackpad uses). It also means reading a proprietary HID report instead of the standard mouse-type report. To do all this, I've written a replacement for the usbccgp driver. (That may not be the right thing, but I can't think of a way to access the other interface AND read the non-standard reports) I want the driver to initialize the trackpad to read the proprietary reports, translate them to standard mouse reports and pass them on (as well as passing on the other device reports as-is). I have everything working fine in terms of device enumeration and initialization, except that the upper HID stack URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER request never gets to my code. All other IOCTL_INTERNAL_USB_SUBMIT_URB requests come through just fine. It appears that the HIDCLASS driver is either not sending them (because it thinks there's a problem) or that the foundation is intercepting them. Maybe a PASSIVE_LEVEL problem? Something else? Suggestions?
Thanks,
PaulAnonymous
July 24, 2006
The comment has been removedAnonymous
July 24, 2006
All enumerated devices showed up fine (no "!").
The interface I need to access is the keyboard interface.
I didn't really want to replace usbccgp. Thanks for the suggestion -- I'm working on filters for usbgccp and usbhid/usbhidclass.
PaulAnonymous
July 24, 2006
you could put a device lower filter on the keyboard stack, but then you have sibling enumeration issues (what if the keyboard enumerates after your mouse, what if the keyboard is disabled and you can't get at it). putting the filter below the usbgccp FDO solves both problems b/c it is always present & started when the mouse filter device starts. you still have the issue if the mouse starts before the keyboard part starts and selects its config/interface. I guess you could solve that by calling select interface on your own in the usbgccp filter device, but that might muck with the assumed state in the above stacks, don't know.Anonymous
August 03, 2006
Can you point me to any resource to learn how to debug memory dumps. Something more advanced than just !analyze -v. Maybe to find processes in critical sections and other things!
Thank you
SaravakAnonymous
August 03, 2006
saravak, there are 3 things i can recommend. unfortunately there are no books on this
1) join the OSR Windbg and NTDEV aliases. the debugger team answers questions on the windbg alias and the NTDEV alias has many people who can answer debugging questions. see http://www.osronline.com/page.cfm?name=ListServer
2) goto WHDC (http://www.microsoft.com/whdc). the debugger page, http://www.microsoft.com/whdc/devtools/debugging/resources.mspx also has good info to read
3) look up the help for !process (.hh !process in a kd or windbg window will bring up the help, otherwise c:debuggersdebugger.chm), it can list every process and every thread in it, including irps on each thread and dispatcher objects being waited on
dAnonymous
August 09, 2006
I am trying to learn driver programming using the PCIDRV sample from
KMDF 1.1. I built the PCIDRV sample driver and the NdisEdge driver both
from KMDF 1.1. Then I installed them, using the netdrv.inf file from
PCIDRV example, on to my system where I actually have the Intel 82558
based ethernet adapter. The install seems to go fine, although in the
WinDebug I see NdisReadConfiguration failure, as shown below. The device
manager reports the ethernet device as 'working properly' in the
properties. When I hook up this system with another system and do a
basic network setup with crossover ethernet cable, the Network
Connection dialog shows the 'cable unplugged' for my ethernet card.
However, if I use the driver that came with Windows XP on this machine
for this same ethernet card, I am able to do networking just fine. I am
not sure if I am missing some step in installation or what. Please
help. Thank you.
PCIDRV Sample - Driver Framework Edition
[...] - log truncated by doron
NDISWDM.SYS:WdfIoTargetOpen failed 0xc0000034
NDISWDM.SYS:Target device doesn't exist at this time c0000034
[...]- log truncated by doronAnonymous
August 09, 2006
The comment has been removedAnonymous
August 23, 2006
hi,
maybe you can help me on this topic.
im trying to implement two mousefilters to control the cursor with two mice.
one for x axis, the other for y axis.
i took the example from ddk and fared quite well.
unfortunately lately i'm getting the this error, when installing the filter driver:
"The name is already in use as either a service name or a service display name."
i've changed everything in the moufiltr.inf and moufiltr.rc to create a different service name, but somehow this doesnt work.
can you point me into the right direction?
btw. i'm doing this for my diploma, to replace an expensive electromagnetic tracker with cheap hardware.
thanks a lot,
jan
ps: whats the proper way to get rid of a filter driver? for test purposes i think i installed mine 50+ timesAnonymous
August 25, 2006
you get the error message because 2 services cannot have the same name....but why are you creating 2 differenct services? the name in the rc file doesn't matter, it is the name specified in the INF in the .Services section, specifically the DisplayName value in the service install section. Did you reboot before trying the rename? if you modified the services key of the registry by hand, you will need to reboot for the service control manager (SCM) to pick up your changes.
why can't the same driver run on both mice, where the driver has a mode to do X or Y manipulation. also, have you looked into WM_INPUT in windows XP and later? it allows you to see each mouse independently.
to get rid of the driver, just install the inbox INF on the device and the driver should unload if the stack can be stopped (for ps2 devices, you will need to reboot for the unload).
dAnonymous
August 29, 2006
Hi Doran,
In onw of your posts recently you mentioned traceview. And I was hopping you could help me with an issue that I have with it.
I'm using the TraceView application version 2.0.15 to do a trace session. After a while running I has created a somewhat respectable file in size. The strange thing is that if I open it with an Hex Editor it's mostly filled with (0xFFFF). So for example, for a 19Mb file if I choose to compress using NTFS compression mechanist it will occupies on disk only 2/4Mb.
I'm doing the ETW output using WPP Preprocessor. Although the same issue occurs for other traces, for example a Kernel Trace.
So my question is, why is does it generate this big file, can it be "fixed" by some sort of configuration? For now I'm not using all of the defaults Traceview presents.Anonymous
August 29, 2006
I asked the ETW devs and they had this to say:
Do not use FlushTimer when starting a trace session. FlushTimer causes partially filled buffers to be written out to disk and because ETL files are written in BufferSize increments this can cause a lot of waisted space. Unused part of the buffer is filled with 0xFF to allow for better compression.Anonymous
September 11, 2006
Hi All,
Help me, please.
I dont know how I can build my File System Driver from VS2003 environment. I created "Makefile Project". Early (in DDK 3790.1830) I used these lines (global paths for understanding):
cd $(ConfigurationName)
C:WINDDK5600binx86nmake -nologo -D ..Makefile DEBUG=1
But now (in WDK 5600) we should use build.exe utility and setenv.bat file (for setting environment). I tried to use these lines (global paths for understanding):
rem C:WinDDK5600binsetenv.cmd C:WinDDK5600 fre WXP
cd C:ProjectsMiniSpyMiniSpy
C:WinDDK5600binx86build.exe
but it's not correct. Help me, please!!!
Edward.Anonymous
September 11, 2006
The comment has been removedAnonymous
September 11, 2006
The comment has been removedAnonymous
September 12, 2006
frankly, it doesn't matter what the VS team thinks b/c the WDK/DDK is not their product. The policy of not supporting drivers built in VS comes from the WDK/DDK team. furthermore, if you ever want MSFT product support for a driver issue, it needs to be built in the WDK/DDK.
dAnonymous
September 14, 2006
The comment has been removedAnonymous
September 15, 2006
using windbg is good. my point is that the WDK/DDK team supports a very narrow view of how things should be built and that it must be from a DDK build env and not something cobbled together in VS. If you can get VS to use the DDK build env wholesale, great. personally, i would just use ddkbuild from hollistech.com b/c someone (and alot of the community) has invested alot more time then I would be willing to put into such an effort.
dAnonymous
October 02, 2006
I have a Very Important Question for you: How do you pronounce your name? I just watched Nar's Channel9 video and the guy asking the questions was saying it one way while Nar was saying it another. Neither of them match what I thought I heard you say last year at the MVP summit. Thanks. :-) -SteveAnonymous
October 22, 2006
The comment has been removedAnonymous
October 22, 2006
what does your dispatch routine look like? are you calling WdfRequestFormatRequestUsingCurrentType() before calling WdfRequestSend? You need to format the next stack location if you are going set a completion routine (that is a WDM rule that leaks into KMDF). dAnonymous
October 23, 2006
Doron Thanks for your suggestion - that call seems to have done the trick! Strangely, none of the samples in %DDK_ROOT%srckmdf actually use this call (at least, a quick grep turns up nothing). Also I was using a filter sample from OSR (http://www.osronline.com/article.cfm?article=446), and although the Web page text specifically mentions this routine, unfortunately it's not in the downloaded source! Anyway, you've saved me probably days of hair-pulling :) Now I'm going to try to find the correct incantations to access and modify the buffer on its way back through the completion callback ... Thanks again, RichAnonymous
October 23, 2006
since KMDF didn't format the request using one of its WDFIOTARGET routines, you will need to go into the PIRP to get the resulting buffer, but you will still need to complete the WDFREQUEST using WdfRequestComplete(). Something like this to get the PURB PURB urb = (PURB) IoGetCurrentIrpStackLocation(WdfRequestWdmGetIrp(Request))->stack->Parameters.Others.Argument1; You don't see any of the samples making the call to WdfRequestFormatRequestUsingCurrentType() because none of them are filters passing requests down the stack, rather they are completing the requests at their level or sending the requests down the stack and forgetting about them (fire and forget). dAnonymous
October 24, 2006
That looks like the incantation! I have the source for a WDM driver which I am rewriting, and it does something similar to your code to access the data buffer. I wasn't sure whether I ought to be trying to use WDF routines instead of IoGetCurrentIrpStackLocation, but you've answered my question - thanks once more :) What you say about the samples makes sense, now I think about the ones I've looked at. Maybe there should be a sample that does completion of a forwarded request though - this would seem to be a standard use of a filter driver. Or maybe I'm doing something unusual as always :) Thanks for the help you provide on your blog - as a driver newbie I for one really appreciate it, and I'm sure there are others who will learn just by reading this thread. RichAnonymous
October 24, 2006
The comment has been removedAnonymous
October 24, 2006
Apologies, yes, the call is there in my file too. I don't know how I missed it as I remember checking specifically before posting. Must have been working too late :) I guess that WdfRequestFormatRequestUsingCurrentType is the replacement for some WDM call then? Not having used WDM, I probably missed the significance of it when I read the article. RichAnonymous
October 24, 2006
Also, if you ran your driver under the KMDF verifier (see http://blogs.msdn.com/doronh/archive/2006/05/17/600335.aspx), it would have broken in on the WdfRequestSend() call because you had not yet formatted the next stack location. dAnonymous
October 24, 2006
WdfRequestFormatRequestUsingCurrentType is the equivalent of IoCopyCurrentIrpStackLocationToNext.Anonymous
October 26, 2006
I have read your blog for a period of time and I get a lot from it. Recently, I made a research about the driver for mouse, because I found touchpad in some Notbooks that does not have the function of scroll bar on the right hand side of touchpad. Is it possibile to implement by driver? However, I got some Notebooks have the function as I described. I am curious about that the issue from H/W? I get the DDK sample about filter in the stack below mouclass and the delta information is sent through a function callback, called the service callback via an array of PMOUSE_INPUT_DATA elements. The upper is what I do right now. Do I in right path to do that?Anonymous
October 26, 2006
Yes, you are in the right spot, but I don't think you will be able to get the data you want. You can get delta information (E.g. the mouse moved 10 mickeys to the right), but from a filter you cannot get the position of the finger on the touchpad. The ability to use the touchpad's side as a scrolling surface is custom to the hardware and the vendor's (ALPS or Synaptics most likely) driver knows how to get this custom data. A mouse filter driver does not have access to such data. dAnonymous
October 29, 2006
O. Thanks Today, I got the notebook that has the function of scrolling on the right side of touchpad. I modified filter driver in PMOUSE_INPUT_DATA of service call back to converse up and down functions. I failed. Could you help about that?Anonymous
October 29, 2006
Like I said previosuly, you do not have enough context in the filter driver to know where on the touchpad the user is touching it. All you have in the mouse filter driver is X and Y delta information, not absolute positioning. You cannot do this from a filter, you must have access to the cumstom data that is only available to the manufacturer of the mouse to know where the user is touching the pad. dAnonymous
November 01, 2006
The ports class installer sample code included with the driver developement kits does not have details about installing the parallel port. It uses ERROR_DI_DO_DEFAULT. Is there a specific reason for not providing this code in the sample. How is the LPT number decided by the MSports.dll. We have COMDB for serial ports from where we can find which COM ports are free. I don't see anything similar to COMDB for a parallel port. If there is no parallel port in the system and I add a pci card with parallel port. MSPorts.dll always makes it LPT3. I want to make it LPT1 by default (if there is no parallel port in the system). how can this be done with out breaking any other functionality. If you have any pointer to this please let me know. SanjeevAnonymous
November 01, 2006
It is based on 2 things
- the name the BIOS assigned to the device
- the resources assigned to the device for the well known resources for LPT1 and LPT2 since your card has neither of these going for it, the CI picks LPT3. I guess you could write a device coinstaller and change the setting in the post device install path, although I have never done that so I don't know how affective it will be. If it does work, you will have to detect other LPT ports on the machine (HKEY_LOCAL_MACHINEHARDWAREDEVICEMAPPARALLEL PORTS will give you the currently running ports) to avoid a name conflict. d
Anonymous
November 02, 2006
hi,i am a chinese boy which wanna write a file system filter driver for encrypting the folders in windows system.i wrote a win32 application to get which folders that i wanna encrypt, then communicates with the kernel filter driver to notify which folders should be encrypted! if there is any accessing with these folders such as double_click the folders to open it,the driver heads off and pauses the IRP transfering , i finish this job in IRP_MJ_CREATE dispatch routines,then notifies the application to pop-up a dialog asking the right password with a textbox control.if it's the right password that call IoCopyCurrentIrpStackLocationToNext routine copies the IRP stack parameters from the current I/O stack location to the stack location of the next-lower driver so that the folder can be opened! now , i get a difficult problem!in windos system, if i click the folder ,then windows's desktop application called "explorer" will occur many ZwCreateFile event with other application so that many IRP with IRP_MJ_CREATE happened , then the dialog will be pop-up many times whether the password is right or wrong. how to solve this problem,thx!Anonymous
November 02, 2006
suheto, I think that design of asking for the password everytime is probably not the right approach to take. ideally you would want to ask it the first time adn then associate the authentication status of the current user with the correct password so that when the user opens another folder requiring the same password it is done silently. dAnonymous
November 02, 2006
the folder need to be encrypted that is decide in the win32 app!i use the SHBrowseForFolder and SHGetPathFromIDList routine of win32api to get the path of directory which the users wanna encrypt!when the app starts , the app dynamic loads the filter driver and communicates with the file filter driver to told it which FO(File_Object) us care!some part of the source base on IFS with DDK. [Code removed -Doron]Anonymous
November 02, 2006
sorry for i didn't catch your mind in previous.and sorry for make you in trouble again! i'm so sorry! ...if you use a thing and you don't know how it works,it's actuality not too wise.this is my motto!in China. it's short for the information of file system filter driver.chinese can find lew useful information about the development of file system filter at all! can you introuduce some books or information about file system filter to me?thank you unfeignedly! and i wanna ask another question. how to create a thread in kernel driver?using which routine and how to achieve?Anonymous
November 02, 2006
to create a thread, you can call PsCreateSystemThread...but having a dedicated driver thread is not usually the answer either. for short lived work, you can use work items (IoAllocateWorkItem/IoQueueWorkItem) dAnonymous
November 03, 2006
dear doronh. as you say previously! suheto, I think that design of asking for the password everytime is probably not the right approach to take. ideally you would want to ask it the first time adn then associate the authentication status of the current user with the correct password so that when the user opens another folder requiring the same password it is done silently. I think you means that I need to have a kind of mechanism to track all files or folders of the current user or maybe even current process to determin if they got authenticated or denied. And authentication always comes with authorization. That's why you mentioned "same password". is it right?but how to make it out?can you talk me more information! please :)Anonymous
November 13, 2006
Hi Doran, KMDF document clearly states that KMDF takes care of processing of IRPs. The driver need not process Power IRPs unless they need to perform any special functions in handling hardware etc.. I have got a driver for BD which is KMDF based that enumerates child devices which are NDIS drivers (ethernet controllers). When the system wakes up, apart from writing proper power state into a hardware device register, driver needs to program some volatile hardware registers to correct values basically to ensure that they remain programmed properly when they come out of sleep state. The KMDF Document talks about the following event callbacks. EvtDeviceArmWakeFromSx EvtDeviceD0Exit EvtDeviceD0 Entry EvtDeviceWakeFromSxTriggered EvtDeviceDisarmWakeFromSx EvtDeviceArmWakeFromS0 EvtDeviceD0Entry EvtDeviceWakeFromS0Triggered EvtDeviceDisarmWakeFromS0 Can you let me know which are the callback functions that I need to implement and which one should I use to basically program hardware registers with its correct values? As I said earlier, I am facing "Power IRP" not completion problem and not sure where the problem is. Thanks,Anonymous
November 13, 2006
With KMDF I assume that the driver no longer needs to call PoSetPowerState() to inform the Powermanage of the fact that device is entering lower power state. Please correct me if this assumption is wrong. The reason for this question is that I have not registered any evtcallback when the system goes to lower-powerstate either ebcause of shutdown/sleep state. But I am seeing a crash saying that DRIVER_POWER_STATE_FAILURE (9f) A driver is causing an inconsistent power state. Arguments: Arg1: 00000003, A device object has been blocking an Irp for too long a time Arg2: 82b48b98, Physical Device Object of the stack Arg3: 8330fbe0, Functional Device Object of the stack Arg4: 83432900, The blocked IRP kd> !irp 83432900 Irp is active with 4 stacks 3 is current (= 0x834329b8) No Mdl Thread 00000000: Irp stack trace. cmd flg cl Device File Completion-Context [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 >[ 16, 2] 0 e1 8330fbe0 00000000 8183beb7-918e2238 Success Error Cancel pending Driver<xyz> nt!PopRequestCompletion Args: 00016600 00000001 00000004 00000005 [ 0, 0] 0 0 00000000 00000000 00000000-918e2238 Args: 00000000 00000000 00000000 00000000 Wondering whether this is a Power IRP and whether it has something to do with not handling power-pnp IRPs. Appreciate your insights into this problem. Thanks, -PraveenAnonymous
November 13, 2006
The comment has been removedAnonymous
November 13, 2006
The comment has been removedAnonymous
November 13, 2006
Doran, kd> !devstack 0x82b48b98 !DevObj !DrvObj !DevExt ObjectName 8330fbe0 Driver<xyz> 830c7d18 82b4ef18 DriverACPI 838aca60 > 82b48b98 Driverpci 82b48c50 NTPNP_PCI0007 !DevNode 82b54be8 : DeviceInst is "PCIVEN_10DE&DEV_0450&SUBSYS_CB8410DE&REV_A13&2411e6fe&0&30" ServiceName is "<xyz>" This is all the information I get from "devstack" o/p. Can you pls let me know how to figure out whether the problem is not completing in-flight I/O or driver stuck synchronously waiting in a power down callback. I know for sure that its not latter becuse, I do not have any callback registered while the device goes to lower-power state. From your explanation it looks like I am not completing some other IRP (not a Power-IRP though). If thats the case, how do I ensure that in-flight IRP is completed given the fact that I do not have any callbacks. Will KMDF not take care of sending any new IRPs once Power-down IRP has been processed and also waiting for already sending IRPs to be completed before taking a device to lower power? But is it not true that KMDF takes care of seeing to that no new requests are delivered to the driver after it has entered low state. Following is that I see in KMDF Document: Also by default, KMDF handles power management for I/O queues, and each I/O queue inherits the power state of its associated device. During Plug and Play or power state transitions and any time the device is not in the working state, KMDF queues incoming I/O requests but does not dispatch them to the driver. Therefore, if the driver creates its queues before the device enters D0, the queues are in the WDF_IO_QUEUE_STOPPED state, and KMDF queues any I/O requests targeted at the device. When the device enters the working state, KMDF resumes presenting requests. A driver can change this default when it configures each queue by setting the PowerManaged field of the configuration structure to FALSE. A driver can also specify whether a queue accepts I/O requests that have a zero-length buffer. By default, KMDF does not dispatch such requests to the driver; instead, it completes them with STATUS_SUCCESS. BTW, I am using default settings for "powermanaged" and "AllowZeroLengthRequests " and did not make any changes to them Thanks a lot for your help, -PraveenAnonymous
November 13, 2006
The comment has been removedAnonymous
November 13, 2006
The comment has been removedAnonymous
November 13, 2006
Hi Doron, "I think what is happening is that you have existing in flight I/O in your power managed queue and we are waiting for you to acknowledge those requests." What do you mean by inflight I/O requests? Requests can be categorized for this purpose into four types:
- Requests that are going to come after device had been put to low-power state.
- Requests that came before device was put to low-power state and is being processed by kmdf driver or driver below in the stack but not yet completed.
- Requests that are present in the queue already but not yet processed by driver, when request to put device into lower-powerstate arrived. If I understand you correctly, KMDF takes care of request type #1 and #2. By In-flight I/O are you referring to I/O requests of type #3? If so, how do I clear all the I/O requests lying in my queue without processing them when I receive PnP goto lower power event to be processed. Infact I dont have any evt callback currently set that gets executed when I enter lower-power state. Does that mean I have to register a callback so that I can set a flag whereby all new I/O requests or inflight I/O requests will be cleared/completed/cancelled. How do I get current PowerState of my device from KMDF? Does KMDF provide a call by which driver can figure out current powerstate from any of its routines? WDF_DEVICE_PNP_STATE WdfDeviceGetDevicePnpState(IN WDFDEVICE Device); I see this ruotine, but not sure which value in enumeration WDF_DEVICE_PNP_STATE maps to device in "low power state - but started"? Thanks in advance, -Praveen
- Anonymous
November 14, 2006
Hi Doron, I completed the IRP requests from withing EvtIoStop. Now I dont see the crash. But I face another problem.
- Is there a way to cancel the IRPs that were pending when EvtIoStop() got called?
- Will calling WdfRequestStopAcknowledge() from within EvtIoStop() allow me to continue IRP processing to a later point when I wakeup. Thanks, -Praveen
Anonymous
November 14, 2006
In flight i/o is number 2...requests that have been presented to the driver but not yet completed. Any requests in the queue that have not yet been presented are not in flight. i don't understand what you mean by cancel the irps that were pending when EvtIoStop was called. do you mean that you want KMDF to complete them for you? you either need to acknowledge them or complete them. Yes, if you acknowledge them from within EvtIoStop, you can continue irp processing later when you wake up. > I see this ruotine, but not sure which value in enumeration WDF_DEVICE_PNP_STATE maps to device in "low power state - but started No such state is exposed. KMDF handles this for you. KMDF tracks the state, you just process the state change callbacks appopriately. dAnonymous
November 14, 2006
Hi Doron, When I unplug my USB receiver in the midst of a series of application calls to DeviceIoControl (with a valid handle to my device), the IOCTLs that normally succeed while the receiver is plugged in begin failing (to be expected) and GetLastError() returns ERROR_BAD_COMMAND. While it seems reasonable that if the device is disconnected, that the framework (without the help of the KMDF filter driver) would not recognize the IOCTL, I've not yet found a place in the documentation that tells me to expect ERROR_BAD_COMMAND in that scenario. Is ERROR_BAD_COMMAND to be expected for some period of time while the software removal process is in progress? JohnAnonymous
November 14, 2006
It is in the docs, but not in the form you expect it. WdfIoQueuePurge, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmdf_r/hh/KMDF_r/DFQueueObjectRef_611371f2-862e-41c5-9f8f-d0a61c7e731e.xml.asp, tells you that any new requests that are put into a purged WDFQUEUE will be completed with STATUS_INVALID_DEVICE_STATE. Power managed WDFQUEUEs are purged when the device is surprise removed. STATUS_INVALID_DEVICE_STATE resolves to ERROR_BAD_COMMAND in user mode. So, to answer the question, yes, it is to be expected that pended i/o and any i/o that are in flight right around the time of the surprise removal will fail with error and can arrive with error before the app is notified that the device has been surprise removed. dAnonymous
November 14, 2006
Is it possible to find from within a driver, all the in-flight requests that has not yet been completed by the driver? Thanks, -PraveenAnonymous
November 14, 2006
Short answer, no...but that is what EvtIoStop is for. If you need to act on active requests outside of that, then you need to track it yourself. Why do you need the current list at any given point in time? in the debugger, !wdfqueue will give you the list of inflight i/o.Anonymous
November 14, 2006
Needed that info for debugging purposes. BTW, is there a way I can figure out from PDEvtIoStop, whether we are entering a low-power state or whether the driver is getting disabled/uninstalled? The purpose is to take appropriate action accordingly, ie, if the driver is going to low-power state, I would like to acknowledge inflight i/o to resume it later when device returns to D0. If the device is getting disabled, would like to complete requests with cancelled status. When will OS/framework call cancellation routine registered for an IRP? Under what conditions? Regds, -PraveenAnonymous
November 15, 2006
I suggest you read the documentation on EvtIoStop, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmdf_r/hh/KMDF_r/dfqueueobjectref_b9df4689-1de5-4c08-b2a2-c9f126a7d0bc.xml.asp. From there you can answer your own question as to how to determine if it is a power down or remove. The framework will not explictily call the cancelation routine of a request on its own. The sender of the request will have to cancel the request first.Anonymous
November 15, 2006
Thanks d for the link. It answer my question. BTW, cancel routine is getting called. I think this is because the app which sent these IRPs is closing itself or explicitly calling the cancel request. Not sure which of this is happening. The problem I am facing is that PDEvtIoStop is not getting called for some reason. When I try to disable the driver, the app which is having either some handle or some other reference, gets to know this and tries to cancel the requests - I guess. But not all the cancel requests go through successfully. This is resulting in the operation of disabling my device to fail and also PDEvtIoStop is not getting called. Does this explanation sound possible?Anonymous
November 15, 2006
Do all of your pended requests have a cancel routine on them? if not, they will not be canceled. KMDF is not blocking the remove, something in your driver is not written properly. !wdfdevicequeues <WDFDEVICE> will give you the list of oustanding requests. you should run it after you get into this state where a query remove failed. EvtIoStop is called in the remove path itself (among many other paths, it is also called in surprise remove for instance) so to get to the graceful remove state, you need to properly handle cancelation in any pended requests in your driver.Anonymous
November 15, 2006
The comment has been removedAnonymous
November 16, 2006
Darwin, if a device is surprise removed, it will not move into the removed state until all open file handles have been closed. This is why you do not see an unload until your application closes the handle. As for the case where you close the handle and Windows still fails the graceful remove, could it be that your driver still has I/O (in the form of OIDs?) pended and that the file handle is not really closed? When you close a file handle, the outstanding I/O on the handle is canceled, but not necessarily completed. You could turn on setupapi logging (http://blogs.msdn.com/doronh/archive/2006/08/04/686662.aspx) and see if that gives you a better indicatio of what is going on. dAnonymous
November 16, 2006
Thanks D. Will turn on setupapi logging and see whats happening. But in the past, setupapi logging never gave much details for eg. like who is holding or what is blocking driver unload. All it would say is that "device install" failed or PROB_START_FAILED/PROB_LOAD_FAILED - not remember which one. Will try my luck this time.Anonymous
November 16, 2006
Regarding setupapi logging, by default I see that logging level specified by registry entry HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionSetupLogLevel is set to max level of 0x2000ffff. The last 2 bytes are set to 0xffff. I have always seen this to be the case by default. But apart from the mesg: "Device required reboot: Could not disable device". There is no other indiciatino of why device cannot be disabled.Anonymous
November 17, 2006
Well, there is not much else I can suggest. You can start removing functionality / running applications / scenarios until the disable succeeds and then start adding them back and seeing when the failure shows up again. This will give you a more narrow window to investigate.Anonymous
November 17, 2006
Doron, > As for the case where you close the handle and Windows still > fails the graceful remove, could it be that your driver still has I/O > (in the form of OIDs?) pended and that the file handle is not really > closed? I have been testing this. The app does receive all I/O (this is handled synchronously). Also, when the app closes the handle, there is no I/O being transferred. Setupapi logging did not shed any light on the problem. Our solution for now is to open a handle to the driver before each I/O, then close the handle when completed. We had to save the registry path to the driver after the 1st open, to save time during the following I/O's. thanks, darwinAnonymous
November 19, 2006
Doron, I would like to know if it is possible that a driver would handle several devices interrupts simultaneously. Lets say that I have writen a driver for a PCI board which holds several DSPs. The board itself and also each and every one of the DSPs are identified by the OS has a PCI devices. I wish to address a certain DSP only if it has generated an interrupt, is it possible ?, should I do that by calling WdfInterruptCreate in the DioEvtDeviceAdd ? Thanks for your help Tal ZurAnonymous
November 20, 2006
Hi Doron, I see this mesg when I use bpid command: kd> !bpid 0108 Finding wininit.exe (0)... Waiting for wininit.exe to break. This can take a couple of minutes... Break instruction exception - code 80000003 (first chance) Stepping to g_BreakinProcessId check... Unable to find g_BreakinProcessId load Any idea whats wrong? does it have anything to do with unavailability of user-symbols? I am sure that kernel symbols path is correct. O/p for process 0108 from "!process 0 0" command: PROCESS 8ebd3ad8 SessionId: 0 Cid: 0108 Peb: 7ffd5000 ParentCid: 021c DirBase: 0e2e73e0 ObjectTable: 96123e48 HandleCount: 95. Image: nSvcIp.exe I tried reloading symbols, it still did not work. Neither did .process /i <process name>. Any idea whats going wrong? Regds, -PraveenAnonymous
November 20, 2006
Tal, it sounds like each DSP is showing up as a separate PCI function. Is that correct? There are N devices in device manager that correspond to your single device? If so, each device can address its own interrupt, but you cannot easily share the interrupts across devices. If all of your DSPs are a part of one PCI function, you can easily use any of the interrupts assigned to your device since there are no sharing issues across different device stacks. You create WDFINTERRUPTs in your EvtDriverDeviceAdd routine, see the plx example in the WDK. You can create as many WDFINTERRUPTs as you think you will need. If there are fewer interrupts assigned to your device, the extra WDFINTERRUPTs remain unused without error. If you can clarify how your device is enumerated, then i can help further if this is not enough. dAnonymous
November 20, 2006
praveen, you need user mode symbols for the NT user mode DLLs. are you using the public symbol server and do you have symbols for these DLLs (like kernel32, user32, etc)?Anonymous
November 20, 2006
The comment has been removedAnonymous
November 20, 2006
The comment has been removedAnonymous
November 20, 2006
Yes. I am using the public symbol server only. Thanks, -PraveenAnonymous
November 20, 2006
Hi, Doron, I write a software driver and install it to Vista RC2. The below is catched from the setupapi.app.log. The driver work well. But the device ICON is shown a question symbol. If I install the same driver to WinXP sp2 or Win2K3, the ICON is well. Does something wrong in the ICON registry? Thanks. -Ted >>> [DIF_ADDPROPERTYPAGE_ADVANCED - ROOTUNKNOWN�000] >>> Section start 2002/01/01 00:08:21.328 cmd: "C:Windowssystem32mmc.exe" "C:Windowssystem32CompMgmt.msc" dvi: No class installer for 'WDF Gsensor Driver' dvi: Using exported function 'WdfCoInstaller' in module 'C:Windowssystem32wdfcoinstaller01005.dll'. dvi: CoInstaller 1 == wdfcoinstaller01005.dll,WdfCoInstaller dvi: CoInstaller 1: Enter 00:08:21.343 dvi: CoInstaller 1: Exit dvi: Default installer: Enter 00:08:21.343 dvi: Default installer: Exit <<< Section end 2002/01/01 00:08:21.343 <<< [Exit status: SUCCESS (DI_DO_DEFAULT)]Anonymous
November 21, 2006
The comment has been removedAnonymous
November 21, 2006
Hi, I would like to develop a USB KMDF-based driver. Before I start with the coding of the driver, I would like to know if the current KMDF version (which is based on the current WDM version) is stable enough and will work properly with Vista? I'm also intersted in doing a courseseminar in the subject. I saw on the web that Hilf!Gmbh (a german company)are doing a KMDF course, in cooperation with Datronic (a company from Portugal). I would like to know if you have heard about these companies, are their courses reliable? (OSR does not have a KMDF in the nearby future). Regards, GadiAnonymous
November 21, 2006
Dont see a evt callback fn for processing IRP_MN_CANCEL_REMOVE_DEVICE. Is it not reqd with kmdf? Does framework make this obsolete? Regds, -PraveenAnonymous
November 21, 2006
ted, I asked Jim Cavaliaris of the device management dev team and he said: In the ClassInstall32 AddReg of the INF below, an icon is specified that doesn’t actually exist. It can't be loaded, so the unknown icon is shown instead. specifically - the icon index is positive (HKR,,Icon,,2), which means it should come from the class installer or property page provider DLLs, but neither of those is added for this class. http://msdn.microsoft.com/library/en-us/devinst_r/hh/DevInst_r/inf-format_c94778a1-1aa1-42c5-8317-b1f689e4f0ab.xml.asp Such a class-specific add-registry section has the following general form: [SetupClassAddReg] HKR,,Icon,,"icon-number" The system uses the specified icon to represent your installer to the user. If the Icon value is positive, it represents a resource identifier for a resource. The resource will be extracted from the class installer DLL, if the Installer32 key is specified, or from the property page DLL, if the EnumPropPages32 key is specified. The value "0" represents the first icon in the DLL. The value "1" is reserved. If the Icon value is negative, the absolute value represents a predefined icon. See SetupDiDrawMiniIcon for a list of the predefined icons. For example, "-18" specifies the "Unknown" icon (18).Anonymous
November 21, 2006
The comment has been removedAnonymous
November 21, 2006
The comment has been removedAnonymous
November 21, 2006
Dear Doron, Thanks for your help. As you said, the specific icon does not exist. So I try to add my driver to system class and ignore the icon assign. Then it will show the system device icon well. But I try to write some Setup APIs in my device driver to show my private icon. I never do success. I search the samples of the Setup APIs. But I cannot find anything in DDK and SDK, even in the internet. Could you lead me to find some samples of the Setup APIs about the private icon? Thanks. -TedAnonymous
November 22, 2006
Ted, are you the resource identifier for the icon is 2 (and not "2") in your DLL? By default Visual Studio will pick the next available number, you either have to change the resource identifier for the icon to 2 or change the INF to refer to the resource identifier VS created for you. You can view the value in the resource manager or in resource.h for the project.Anonymous
November 22, 2006
As mentioned in the link below, I enabled trackhandles http://www.microsoft.com/whdc/driver/tips/KMDFVerifier.mspx. Now how do I see the information captured basically the references to objects? [ED: removed !wdfdevice output, not relevant]Anonymous
November 22, 2006
Praveen, the output of !wdfhandle will show you the current reference count. You should also read this post http://blogs.msdn.com/doronh/archive/2006/05/19/601286.aspx ... but you should never have to worry about these counts unless you add your own reference via WdfObjectReference(). The reference count definitely does not play a part in PnP state changes, especially query remove. What problem are you trying to solve?Anonymous
November 29, 2006
Hi, how do we find the cause of assertion failure for KMDF drivers after we turn on the KMDF verifier in Vista's registry? Are there commands or procedure we can use to find that info? I know OSR has an article on it, but it does not help too much. And during my driver testing, I found the following text from windbg: Assertion failure - code c0000420 (first chance) nt! ?? ::FNODOBFM::string'+0x4253: fffff80001836ca0 cd2c int 2Ch Thanks. AllenAnonymous
November 29, 2006
an INT 2CH is a NT_ASSERT. KMDF does not use NT_ASSERT, so this is coming from within the kernel itself. Can you post a callstack with the correct symbols for NT and wdf01000? Typically to debug a KMDF breakpoint you will need KMDF symbols and wdfkd.dll to view the KMDF log (http://blogs.msdn.com/doronh/archive/2006/07/31/684531.aspx) dAnonymous
December 06, 2006
The comment has been removedAnonymous
December 07, 2006
You cannot send all URBs subtypes at DISPATCH_LEVEL. Specifically, you can send URB_FUNCTION_RESET_PIPE (and i thought abort as well, but the docs don't say) only at PASSIVE_LEVEL, see http://msdn2.microsoft.com/en-us/library/ms793351.aspx. The fact that it worked on XP means you got away with it there ;). dAnonymous
December 08, 2006
When a driver receives and IOCTL that requires an output buffer and the OutputBufferLength is not large enough to contain the output data, what value of status should we pass to WdfRequestComplete(Request, status) ? JohnAnonymous
December 13, 2006
John, great question. I wrote about how to do this today, see http://blogs.msdn.com/doronh/archive/2006/12/12/how-to-return-the-number-of-bytes-required-for-a-subsequent-operation.aspx. Sorry it is a little long, I wanted to be thorough ;) dAnonymous
December 14, 2006
The comment has been removedAnonymous
December 15, 2006
The comment has been removedAnonymous
December 20, 2006
Alex, are you sure your symbols are correct for ntoskrnl? KeSetEvent does not call KeDelayExecutionThread in any path. dAnonymous
December 21, 2006
Hi Doron, I am trying to implement a virtual keyboard driver that can inject keystrokes into the system buffer. I implemented it as a HID minidriver. I realized that the driver should be registered with kbdclass in order to receive ioctls like IOCTL_INTERNAL_KEYBOARD_CONNECT (am I right?). My question is, how this could be done? Are there anything to specify in the inf file? Thanks, clayAnonymous
December 22, 2006
The comment has been removedAnonymous
December 22, 2006
The comment has been removedAnonymous
December 28, 2006
The comment has been removedAnonymous
December 28, 2006
The comment has been removedAnonymous
January 01, 2007
Hi Doron, It's the virtual keyboard driver again. Now I didn't go vkbd the HID miniport driver way. Instead I took kbfiltr sample and modify it. I created a control device object to let the client app talk to the device driver via IOCTL. Here is how I did it:
- Create a device object and attach it to the device stack. Pretty much like kbfiltr.
- Intercept the IOCTL_INTERNAL_KEYBOARD_CONNECT to keep the CONNECT_DATA pointer.
- Create a control device object. Define a custom IOCTL to let the application talk to the driver.
- When client application talks to the driver via IOCTL, I invoke the kept ClassService function pointer to send some KEYBOARD_INPUT_DATA to the stack. (I suppose this step actually inject something to the keyboard buffer, right?) No error occurs, but there are nothing happened. Here is the code block. void SendKey(PDEVICE_OBJECT device) { devExt->KeyData[0].MakeCode = 0x1e; devExt->KeyData[0].Flags = KEY_MAKE; devExt->KeyData[1].MakeCode = 0x1e; devExt->KeyData[1].Flags = KEY_BREAK; irql = KeRaiseIrqlToDpcLevel(); (*(PSERVICE_CALLBACK_ROUTINE) classService)( classDeviceObject, &devExt->KeyData[0], &devExt->KeyData[2], &inputDataConsumed); KeLowerIrql(irql); } inputDataConsumed is 2 after the call. Thanks. clay
Anonymous
January 02, 2007
The comment has been removedAnonymous
January 05, 2007
When my driver crashes, I would like to be able to see all the traces right upto the point of the crash. Using WPP tracing mechanism (http://www.osronline.com/article.cfm?id=200), I get all the traces that have been flushed to the log file. It seems that there is a way with WinDBG to see traces that were in-memory but not flushed to the file when the crash happened. I have tried using wmitrace dll with WinDBG as explained in this OSR article, but it does not seem to show/dump those in-memory buffer. Would you happen to have the details of how to do it? I will highly appreciate it. Thank you.Anonymous
January 07, 2007
Thks a lot for your help! You are really a good guy.These days the net connection is not very well so I have no chance to login,but it is OK now. Thanks once again :) ,happy day ,happy all the days to you.Anonymous
January 07, 2007
Hi Doron, I'm writing a driver for a pci board which contains a number of DSP's on it. Each DSP is identified as a pci device by the OS. I would like to give each of the DSP's a name, which would help me in approaching a specific DSP in order to perform different actions on each of the DSPs (specific action to each of the DSP's). I’m using the WDF function WdfDeviceCreate(...) in order to create a device for each of the DSP’s (I call it from the AddDevice function). In addition I use the function WdfDeviceCreateDeviceInterface(...) in order to give the device a name that would allow me interact with it. If I want to give each of the devices a unique name how can I do so from the AddDevice function ? , is there any information that I can use in order to concatenate it to the device name ? I thought of keeping a global variable that would keep the current number of devices add and to concatenate it to the device name but maybe there is a better way of doing so in the WDF. ThanksAnonymous
January 08, 2007
Tal, the device interface will give your device a name. Each instance of the device interface will be given a unique name by PnP. Your application would then iterate over all of the instances of the device interface, opening each one. Do you want to derive special attributes of the DSP from the name, or you just want to discover multiple DSPs? dAnonymous
January 08, 2007
Prabhakant, great question! I asked the ETW devs and they gave this advice: If your system crashes you should still be able to retrieve the content of ETW trace buffers which haven’t been written out to logfile via wmitrace KD extension. list running sessions, so that you can figure out logger id !wmitrace.strdump set the TMF search path !wmitrace.searchpath <TMF Location> dump events !wmitrace.logdump <LoggerId> Wmitrace is documented in the debugger help dAnonymous
January 09, 2007
Doron, I just want to discover multiple DSPs and there is no need to derive any special attributes of the DSP from the name. I thought of using WdfDeviceCreateDeviceInterface(...) in order to attach GUID to my device (using NULL as the ReferenceString parameter for the function). Later on in order to use a specific DSP I have to know the unique name which the OS gave to my device. Is using WdfDeviceRetrieveDeviceInterfaceString(...) or IoGetDeviceInterfaces(...) would help me doing so (using the same GUID I used when creating the device interface)? Thank, TalAnonymous
January 11, 2007
Doron, When I run the !wmitrace.strdump command, I get 64 lines that say - "Logger Id ....." as shown below. None of these lines show me the name of my log session while the crash happened. Is there some other command which will reveal the logger id, or is there a workaround this? Thanks a lot. kd> !wmitrace.strdump (WmiTracing)StrDump Generic LoggerContext Array @ 0x80569080 [64 Elements] Logger Id 0 @ 0x80569080 Named '' Logger Id 1 @ 0x80569084 Named '' Logger Id 2 @ 0x80569088 Named '' ...... Logger Id 3f @ 0x8056917C Named ''Anonymous
January 15, 2007
Hello Doron, I have a few questions somewhat off topic, which are regarding all the stuff related with WPP / ETW. By searching the groups your name keeps coming back associated with ETW and WPP and I haven’t found the guy in “charge” of WPP and ETW in Microsoft, so since you are using it (KMDF), you look like an expert to me on the subject so I hope you can help me. I would like to get some information on processing the ETL files in conjunction with TMF files, I searched and I cannot find any information on how to implement this. I use the Tracefmt and Traceview but I need to implement something that fires and event (email, …) when something really bad happens, and since I’m using WPP/ETW I would need this information. Additionally I would like to know how can I register my trace provider so that it shows up in the Nonsystem Providers of the Trace Logs Management Console (under Performance Logs and Alerts) I would be grateful if you could help on these subjects. Thanks Cláudio AlbuquerqueAnonymous
January 29, 2007
Hi Doronh, I am new to device driver programming.I am developing a usb driver.When I call IoSetDeviceInterfaceState(...,TRUE); it is returning Failed status(after starting the device and configuring). I am able to retrieve the symbolic link.Could you please suggest what might be the problem in registering and what all areas I need to recheck.IoRegisterDeviceInterface(called in Add device) is returning STATUS_SUCCESS and returning the correct symbolic link. OS : Windows 2003 Server using DDK kit for Driver development. Thanks nd Regards Gaurav VermaAnonymous
January 29, 2007
Hi doronh, I am working on WDM. Thanks ad Regards Gaurav VermaAnonymous
January 30, 2007
Guarav, any reason why you are not using KMDF? What type of device driver are you writing (what device class is it in)? This is one of the areas in which KMDF abstracts away the complexity of the problem. What is the specific NTSTATUS value that is being returned from IoSetDeviceInterfaceState? Are you deregistering the device interface in surprise removal, pls read http://blogs.msdn.com/doronh/archive/2006/02/20/535754.aspx and http://blogs.msdn.com/doronh/archive/2006/02/20/535763.aspx dAnonymous
January 31, 2007
Doron, I'm trying to track down an intermittent hang in my application/WDM driver. Using the kernel debugger I've narrowed it down to an IRP being sent down the driver stack and getting stuck. Admittedly I've only seen it on one machine so far. If I disable hyper-threading the hangs seem to go away. This is under Windows XP SP2. Any ideas on what might be the cause or how to track it down further? The output from !irp on the IRP in question is (my driver is called xjlink.sys): Irp is active with 3 stacks 2 is current (= 0x86479984) Mdl=862a4f88: No System Buffer: Thread 861fb618: Irp stack trace. Flags = 00000900 ThreadListEntry.Flink = 861fb828 ThreadListEntry.Blink = 86161b50 IoStatus.Status = 00000103 IoStatus.Information = 00000000 RequestorMode = 00000001 Cancel = 00 CancelIrql = 0 ApcEnvironment = 00 UserIosb = 00a17ed8 UserEvent = 00000000 Overlay.AsynchronousParameters.UserApcRoutine = 7c82bd84 Overlay.AsynchronousParameters.UserApcContext = 143026f0 Overlay.AllocationSize = 00000000 - 00000000 CancelRoutine = f6f2187a USBPORT!USBPORT_CancelActiveTransferIrp UserBuffer = 00000000 &Tail.Overlay.DeviceQueueEntry = 86479930 Tail.Overlay.Thread = 861fb618 Tail.Overlay.AuxiliaryBuffer = 00000000 Tail.Overlay.ListEntry.Flink = 860dad84 Tail.Overlay.ListEntry.Blink = 860dad84 Tail.Overlay.CurrentStackLocation = 86479984 Tail.Overlay.OriginalFileObject = 863ce588 Tail.Apc = 00000000 Tail.CompletionKey = 00000000 cmd flg cl Device File Completion-Context [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 >[ f, 0] 0 e1 85d95038 00000000 a7a7ac7c-861be690 Success Error Cancel >pending Driverusbehci xjlink!OnReadWriteComplete Args: 861be690 00000000 00220003 00000000 [ 3, 0] 0 1 860dac68 863ce588 00000000-00000000 pending DriverXJLINK Args: 00000864 00000000 00000000 00000000 Thanks, JohnAnonymous
January 31, 2007
Hi, Our product has several kernel mode drivers - file system drivers, process monitors, network redirectors, etc., because of which installing our product requires a reboot. For Longhorn certification, we need to eliminate reboots. Is there a way to do that? Will porting our drivers to KMDF or any other model help eliminate reboots? Thanks.Anonymous
January 31, 2007
John, it looks like you are talking the irp the i/o manager presented to your driver and then formatting the next location with a URB and sending it to the usb core. How do you define hang? the app won't go away? the irp never completes even though there is i/o for it to fulfill? If it never completes, are you sure your device is transfering packets over the usb wire? do you manually try to cancel the IRP that you sent when the app closes its handle? dAnonymous
January 31, 2007
The comment has been removedAnonymous
January 31, 2007
Hi Doron, Thanks for the quick response. One of the drivers we have is a network redirector driver (UNC provider). Right now when we reboot, the OS loads the driver and calls DriverOpen, then the driver registers devices, etc. After installation, if we don't reboot, how can these drivers be loaded? Who will call DriverOpen? Thanks!Anonymous
January 31, 2007
Hi Doron, Is it possible to trigger "Ctrl-Alt-Del" key sequence in a hid keyboard minidriver? clayAnonymous
February 01, 2007
hi doronh, Regarding IoSetDeviceInterfaceState return value I checked the return status Its c0000033 ->OBJECT_ NAME_INVALID But I checked the UNICODE_STRING and i am passing the same string that i got from IoRegisterDeviceInterface() routine. Why is it giving this error? Thanks and Regards Gaurav VermaAnonymous
February 01, 2007
The comment has been removedAnonymous
February 01, 2007
The comment has been removedAnonymous
February 01, 2007
Clay, yes you can send C+A+D from a HID minidriver if you have reported in your HID descriptor that there is a keyboard and push the data up to the keyboard collection. Did you write a HID minidriver purely to inject a C+A+D? If so, there are easier ways to do this. dAnonymous
February 01, 2007
Guarav, in what context are you calling IoSetDeviceInterfaceState? during start device? can you send a dump of the interface string? Did you manually delete any registry keys under HKLM...CurrentControlSetControl or HKLM...CurrentControlSetEnum? STATUS_OBJECT_NAME_INVALID is not explicitly returned in the implementation for IoSetDeviceInterfaceState, so I think it might be registry key related.Anonymous
February 01, 2007
John, glad I could get you going on the right track. dAnonymous
February 01, 2007
Timothy, the zzzzzz value, or device instance ID, is opaque. You are not allowed to parse it since its format is private the PnP manager. It just so happens that the USB hub driver uses the port number as a part of the device instance ID it reports, but how the PnP manager turns that into a unique instance ID is private. If a bus driver reports location information, it reports it by handling IRP_MN_QUERY_DEVICE_TEXT/DeviceTextLocationInformation. If you are interested in this information as a driver, you can query for it. You can get this string in user mode by calling SetupDiGetDeviceRegistryProperty(SPDRP_LOCATION_INFORMATION) Hope that helps. dAnonymous
February 01, 2007
VMan, i am not that familiar with the UNC architecture, but have you tried to net stop the driver? Upon DriverUnload you delete the device objects you created and then when the last references go away, you are unloaded. at least, that is how NT4 style drivers work. dAnonymous
February 01, 2007
VMan, i am not that familiar with the UNC architecture, but have you tried to net stop the driver? Upon DriverUnload you delete the device objects you created and then when the last references go away, you are unloaded. at least, that is how NT4 style drivers work. dAnonymous
February 01, 2007
Hi Doronh, Yes I manually deleted the keys.Coz after modification in the driver program,I had to again install it. w.ref.t bulkusb installation procedure given in DDK samples. Please suggest how can I correct this problem,and where to search in the registry? HKLM/...../enum/USB ->There is a key with VID and PID ,inside it the instance key is 123456789 HKLM/..../classes ->There is a key corresponding to USB class,inside it ,0016 key is there which contains driver details and in HKLM/.../DeviceClass there is a key corresponding to the guid i have declared symbolic link ?USB#Vid_045e&Pid_930a#123456789#{357b9ec8-0e5a-4fb8-aa5b-6701b742d15c} Thanks and Regards GauravAnonymous
February 01, 2007
There is one more key in HKLM/..../DeviceClasses with the entry a5dcbf10-6530-11d2-901f-00c04fb951ed which also contains the symbolic name having the same VID ,PID and instance. ?USB#Vid_045e&Pid_930a#123456789#{a5dcbf10-6530-11d2-901f-00c04fb951ed} I dont know from where it got generated. Thanks and Regards GauravAnonymous
February 02, 2007
Guarav, I hope you learned a valuable lesson here. Hacking at the registry to uninstall a device will lead to alot more lost time then just uninstalling it correctly (like uninstalling it via device manager or devcon). I would assume that {a5dcbf10-6530-11d2-901f-00c04fb951ed} is your device interface GUID. You might want to try delete the a5dcbf10-6530-11d2-901f-00c04fb951ed key and then reloading your driver. If that does not work, I would consider reinstalling the OS since you put it the machine into an undefined setup state by touching reg keys that you were not supposed to touch. dAnonymous
February 02, 2007
Hi Doronh, If {a5dcbf10-6530-11d2-901f-00c04fb951ed} is my interface guid,then if I install the original Bulkusb Driver , this guid should not be there in the registry, as the orig driver has defined some other GUID using DEFINE_GUID macro. But when I installed it(the orig driver) this guid was still there. How does this GUID{a5dcb.....} gets installed though I have not specified it anywhere? One more doubt,I am using Dsf Simulator to test my driver so when I press enter key in the commandprompt (which removes the device),the device no more appears in the Device manager.How do I uninstall the driver? Driver is installed in Target Computer and Debugger is running in Host Computer ,so as soon as the driver loads because of dbgbreakpoint() ,target computer will hang. Please suggest some solution. And please explain me at what time of installation the registry entry for interface guid gets added into the registry. Original BulkUsb is working fine,even after all these registry modifications. Thankyou for your crucial time. Regards, GauravAnonymous
February 04, 2007
Hi Doron, Yes I implemented a virtual HID keyboard minidriver with 2 top level collections. One is a keyboard TLC, the other is a custom TLC. The custom TLC is used to communicate with the client application. The client application sends data through the custom TLC to tell the keyboard to send keystrokes to the keyboard buffer. Everything works fine but I want to implement the C+A+D in the driver. The idea is the client application could send something and the driver should tell the system that C+A+D is pressed. How could I implement this? I tried to simply send the scan codes of these three keys, but it didn't succeed. ThanksAnonymous
February 05, 2007
Gaurav, the registry keys persist after the interface was created the first time. This key is private to the PnP manager so how it is created and managed is not a problem for you. If you uninstall the device (in device manager for instance), the PnP manager will clean up its own keys. YOu can uninstall the device before you press enter while it is still enumerated. I suggest you start from scratch and no not modify the registry so that you are in a clean state. As for the hang, attach a kernel debugger and see what is going on. I can't tell you more then that without knowing what is hanging. dAnonymous
February 05, 2007
Clay, you have to report the keys as usages in the keyboard TLC. Are you reporting usages or actual scan codes? The mapping from usage -> scancode happens above your driver (in kbdhid.sys) dAnonymous
February 05, 2007
Hi Doron, I'm not sure if you're dealing with the Device Simulation Framework (DSF), but I'm trying anyway :) I've ported the SoftUSBAudio example (scrtestdsfusb) in managed code (C#) and I'm able to plug/unplug the device correctly. However I'm not able to register to the USBEndPoints event sink . I'm always getting a cast exception, a null pointer or an target invocation binding error (depending on how I try to hook). From what I've observed it seems that the USBEndPointClass does not implement/inherit the UICOMConnectionContainer and this may be the root of my problem. I'm puzzled as the SoftUSBAudio sample is working fine in C++/ATL. It may be (certainly is) a COM Interop issue - but I'm out of ideas, and I do not know if it is coming from my code or the framework. I've posted a bug/question entry in the WDK/WDF with the source code. Any hint/suggestion will be apprieciated. Thks. SylvainAnonymous
February 05, 2007
DSF does not yet fully support managed code because ISoftUSBEndpoint is not a completely dual interface. We will be supplyng the necessary code to make this work in a coming release. Sorry, but no date yet. PeterAnonymous
February 05, 2007
Doron, Thanks for the reply. I reported the actual scan code to the TLC. How to report a usage to the TLC in my case? Thanks, clayAnonymous
February 05, 2007
Clay, how are you reporting other usages in either TLC? you need to complete a pended IOCTL_HID_READ_REPORT (which hidclass will send) with the data you want to report. see the vhidmini sample in either the WDK or server SP1 DDK dAnonymous
February 05, 2007
Hi Doronh, I tried running the code on another system. Now IoSetDeviceInterfaceState is returning status code = c00000d Now what should I do? :( Is it possible for you to review my code? Please,help me. After exiting from the DriverUnload routine an exception is raised exception code = 0x7e which results in a system crash. Is is possible that ,by not following the naming convention for InterfaceGuid,I am getting this error?My Interface GUID name is GUID_BULK_USB. Thanks and Regards, GauravAnonymous
February 06, 2007
Guarav, naming conventions do not matter. The OS does not see the name, it just sees the GUID value. 0xc000000d is STATUS_INVALID_PARAMETER. IoSetDeviceInterfaceState will return this value in a number of places, most having to do with the string passed in to the API. Are you sure you are passing a well formed UNICODE_STRING to the API? When you get the bugcheck 0x7e (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED), do you have a kernel debugger attached? If not, attach one. When you bugcheck, make sure that you have the correct NT symbols and then run !analyze -v. This should give you a better idea of what your driver is doing wrong. I would like to also restate that you should consider moving to KMDF in this driver. Many of these problems go away and you can deal with the value add you trying to create instead of these types of issues. dAnonymous
February 07, 2007
Hi Doronh, Now I am able to enable the interface.Thanks to you. I don't know why ,but the problem was in IoInitializeRemoveLock function in Add Device routine.When I passed the correct argument there,my startdevice function worked.Do you have any explanation for this? mistake: struct DeviceExtension_tag { PIO_REMOVE_LOCK RemoveLock; }DeviceExtension; corrected : struct DeviceExtension_tag { IO_REMOVE_LOCK RemoveLock; }DeviceExtension; One thing more,I have a doubt regarding usage of IoCompleteRequest().When to use it?I have already gone through DDK documentation. Why is it ,that we are using IoCompleteRoutine in IRP_MN_START_DEVICE and not in STOP_DEVICE. here both the routines are passing the IRP to the lower level driver(bus).Is it due to passing the same Irp using IoSkipCurrentIrpStackLocation and IoCopyCurrentIrpStackLocation,or something else? I tried one thing in IRP_SURPRISE_REMOVE I tried to complete the Irp using IoCompleteRequest. so I got 0xe2,because I was using already freed Irp Location. Please clarify my doubt. Thanks and Regards GauravAnonymous
February 08, 2007
The comment has been removedAnonymous
February 10, 2007
The comment has been removedAnonymous
February 11, 2007
(Monday, February 05, 2007 5:58 PM by pshier ) Hi Peter & Doron, thanks for the answer. Knowing that it was a limitation from the framework helped me writing down a work-around. I'm going native (C++/ATL) only to register the event sink of the ISoftUSBEndpointEvents and now all is working perfectly. I'm able to fully simulate any USB device in managed code (C#). This framework rocks ! Just a remaining strange behavior when I try to handle the generic SET_ADDRESS command (HandleStdRequest = false) - 1/ the doc example ISoftUSBEndpointEvents::OnSetupTransfer() is incorrect since it reference a non-existing API : put_Address() does not exist for ISoftUSBDevice, 2/ whatever I do, the full simulation works only if I throw an exception (or return NOT_IMPL) for this particular USB function command. Am I missing something ? or is it just another consequence of the current static version of the DSF framework ? By static, I mean that that I need to know the device configuration in advance, at least the endpoints config, prior attachment, and It seems the framework ignores the endpoints I create on-the-fly (according to device impl). I've worked around this by implementing a "re-enumeration" that I trigger if I detect a difference with a serialized state of the device config. Maybe I overlooked something here and it is not supposed to be a pb. Regards SylvainAnonymous
February 12, 2007
You are correct about the example in the doc. We will fix that. Can you clarify what you are trying to do here? Why do you need to handle SET_ADDRESS? Endpoints created after a device has been connected to the bus will be ignored. Why do you need to create endpoints after the device has been connected? At that point the host has already retrieved the device descriptor so how could it know about your new endpoints without re-enumeration? PeterAnonymous
February 13, 2007
Peter, I've got a software simulator for my device (a programmable device: .NET smart card). So far our device was not USB capable, but now it is. I want to simulate the USB capability (and also cross-validate our USB impl) using a software-only approach. In order to do so, I was thinking of implementing a lower filter host-controller and link it to my device simulator using IO_DeviceControl() technic, but the DSF came and it looked like a (nearly) perfect match for my need. I suspect I'm using the DSF in a way it has not been intended for (like setting HandleStdRequest to false for all the endpoints...), however beside my problem with the SET_ADDRESS command on endpoint 0, it works perfectly. Why do you need to handle SET_ADDRESS ? As such I do not want to "handle" it in the DSF device, but I want to forward the request to my simulator - I can do that, but when I try to ACK the setup request, the DSF hangs. So far, the only work-around I found has been to throw an exception (or ret NOT_IMPL). I suspect the DSF defaults on an internal implementation that allows the process to resume correctly !? I'd like to know if it is a "pb" coming from me, or from the DSF itself. Why do you need to create endpoints after... ? I do not want to assume any configuration for my simulated device (since it is a programmable device). So far, to solve that, I'm monitoring the device and configuration descriptor exchange on endpoint0 in the DSF device and if I detect a mismatch with the initial setup the DSF device, I unplug it, re-create an instance of it (using the previously retrieved device and config info) and then re-plug this new updated instance. At this point the DSF device is in sync with my simulator regarding the endpoints and I can hook to all messages possibly sent by the USB Drivers triggered (depending of the number of diff USB interfaces programmed in my device simulator) and forward USB transactions for processing to my device simulator. Maybe I've selected a wrong approach to an old time issue, and there is a better way to answer my need. If so let me know. Rgds and Thks. SylvainAnonymous
February 14, 2007
Was there every a hotfix issued by Microsoft for USBHUB.SYS for this issue ? http://www.osronline.com/showThread.CFM?link=89357 where you also commented here: http://blogs.msdn.com/doronh/archive/2006/03/20/556053.aspx We are seeing the exact problem reported when we get a SURPRISE_REMOVE event shortly after powering up the device. Thanks.Anonymous
February 14, 2007
The comment has been removedAnonymous
February 15, 2007
Hi Doronh, I read that book by Walter Oney,and hopefully now I have some idea about Iocompletion.Well I have completed my driver and now I am able to read and write data.Heartly thanks to you. I want to read about the working of bus drivers and the communication between the device and bus driver,where can I find information regarding it.Any sample bus driver code? I want to display what all files are there in the usb pendriver.Like a separate drive in the system. On which, if I click it displays me the files.How to start with it? please give me some initial direction. Regards GauravAnonymous
February 15, 2007
Rehan, there are already tools out there which let you specify the security on a device. read http://msdn2.microsoft.com/en-us/library/ms794728.aspx on what APIs you can use after the device has been installed to set security on the device. There is an important problem here though, you are mixing concepts. USB is a connectivity bus (just like PCI), there is no way to apply an ACL to all USB attached devices. CD/VCD are media, the CD/DCD drive itself is what is exposed an object which can be ACL'ed. Ethernet is a whole different problem since applications do not directly access the NIC, they go through several layers.Anonymous
February 15, 2007
Gaurav, if you are asking how to write a bus driver in WDM, Oney's book is the place to read. Writing one in WDM is a tremendous amount of time. You can easily write a minimally functional bus driver in KMDF in a day and fully functional one quickly after that. KMDF is definitely the way to go if you are writing a new bus driver from scratch. The toaster WDK sample has a driver, busenum, which is a bus driver and This sample is avaialable in both KMDF and WDM form. The KMDF version comes in 2 variations to demonstrate the 2 different models that KMDF presents to bus enumeration. The busenum sample shows one form of device to bus communication (a private direct call interface provided through IRP_MN_QUERY_INTERFACE). Typically the communication mechanism between device and bus is IRP based with some form of request block placed in the IRP, just like a USB URB. i am not sure what your end goal is. is it to write a driver that looks like a mass storage device (e.g. a disk) so that you can view files on it? dAnonymous
February 15, 2007
Hi! I'm trying to write a tdi port-blocking filter for w2k->vista. Somewhere around XP I can conditionally expect /device/tcp6 /device/udp6 to appear and I would like to be able to attach to these device stacks w/o requiring the user to reboot to get my drivers filtering functionality. Do you have any idea if I can detect the creation of those devices on XP and w2k3 via IoRegisterPlugPlayNotification()? Initial experiments have not been successful, but I'm not entirely certain I'm using this API correctly yet... Its also not entirely clear that things like protocol drivers have interface GUIDs, they seem to show up as legacy devices in the registry? I'd really like to avoid the obvious alternative of a polling thread or requiring the reboot. Thanks!Anonymous
February 15, 2007
Joe, IoRegisterPlugPlayNotification wont' work for you. IRPPN will only notify you of arrival of PnP device stacks. Devicetcp6 and Deviceudp6 are not PnP stacks. You either have to poll or have some kind of management interface that directs your driver to attempt to open these devices... ...but I don't know if these devices would every show up later after your driver is booted, or at all pre Vista. Isn't there an IPv6 release for XP already? Does it have these devices by these names as well? dAnonymous
February 15, 2007
XP has ipv6, you have to manually install it via 'ipv6 install' from a command shell. Vista obviously has it turned on all the time, which is my dilemma. Thanks for the info, though I was afraid PnP only was going to be the answer...Anonymous
February 16, 2007
The comment has been removedAnonymous
February 18, 2007
How I can allow only read access to a particular USB but not write access on that USB programmatically without manipulating registry settings?Anonymous
February 19, 2007
Hi Doron, I want to know why isn't safe to access locked paged memory at dispatch level through a user-mode virtual address (which is guaranteed to be valid, like the one returned by the MmGetMdlVirtualAddress function)? Thank you.Anonymous
February 19, 2007
Cristian, are you accessing the virtual address in an arbitrary context? or always in the context of the IRP from which you extracted the MDL or buffer? It is all about context here. The VA returned is valid at DISPATCH_LEVEL, but only in the context of that specifc process. If you want to use the VA in any arbitrary context, you must call MmGetSystemAddressForMdlSafe, which will give you a VA that is in sysstem space, which means it is valid in any arbitrary context. dAnonymous
February 19, 2007
akc, if you can control the INF in which the device is installed, you can change the access this way. If the USB device belongs to a particular device class, I am pretty sure you can setup the security on a class wide basis which means all devices in that class inherit those settings. dAnonymous
February 19, 2007
The comment has been removedAnonymous
February 20, 2007
I'm not accessing the virtual address in an arbitrary context, only in the context of the thread that sent the IRP. I asked if it is safe to access the memory through the virtual pointer, when I'm in the right context, on the NT OSR mailing list and they answered that no, it isn't, but nobody told me why.Anonymous
February 20, 2007
Doron, I have encountered the following problem regarding 64 bit and physical addresses using MDLs. Lets begin with the fact that I have a PCI board on which there is a number of DSP (PCI devices), the DSP has a DMA capabilities so in order to work on a certain buffer it needs to get the buffer address (physical address). The win32 application would send (using an IOCtl) a pointer to a buffer which was allocated in the user space virtual address (the buffer size is 4K), in the driver I take the pointer and use IoAllocateMdl (...) on it in order to create the Mdl from the buffer, after doing so I call MmProbeAndLockPages(...) in order to lock the buffer in the physical memory, this is done because the DSP in order to be able to access the buffer need it to be in the physical non paged memory. At this point I have noticed a serious problem, the MmProbeAndLockPages(...) can lock the buffer in an address higher then 32 bit, this is a big problem for the DSP because its PCI machine can only process 32 bit address, my question is if there is away to make sure that on a 64 bit machine I would still get physical address in the range of 32 bit ? Thanks for your help TalAnonymous
February 21, 2007
The comment has been removedAnonymous
February 21, 2007
Eric, are you running WinDbg as a kernel debugger or as a user mode debugger. For this to work you need to use WinDbg as a kernel debugger (e.g. a 2 machine setup over a serial or 1394 cable). Once you do this you can set ntoskrnl breakpoints as well as breakpoints in the driver. you can also use the debugger command, sxe ld <drivername.sys>, to set an automatic breakpoint when the driver image has been loaded but not yet executed. dAnonymous
February 25, 2007
Tal, you need to use the built in DMA APIs to build the SG list and use the logical addresses (LA) provided provided to you by the DMA interface. Rolling your own DMA will not work. Using the DMA interface is the only way to guarantee that you will get a LA that your hardware can decode (there are potentially other issues that could get in way that DMA accounts for). dAnonymous
February 25, 2007
Hi Doronh i want to set security (allow read only, allow write only or allow read/write both etc.) to USB without using registry changes and i have to achive using vista suppose i have an organisation and there are n number of users and centrally i have to control( who will avail only read permission of USB drive and who will avail Only write permission and who will avail both) basically it will protect from data stealing, means nobady will directly copy from their USB and nobady will write something to USB. please dear if you got the problem then give me some eyes to it. Thanks in advance R e h a nAnonymous
February 26, 2007
Hello Doron, I have some questions about the difference between threaded and non-threaded IRPs, and why we cannot allow that a non-threaded IRP be completed by the I/O Manager. You say in your post that the field Tail.Overlay.Thread of the IRP is set to NULL for the non-threaded IRPs. However, when we analyse the source code for Windows XP (available through Code Center Premium), we see the following statemente in the function IoBuildAsynchronousFsdRequest: +++ irp->Tail.Overlay.Thread = PsGetCurrentThread(); +++ More, the function IoBuildSynchronousFsdRequest (used to build threaded IRPs) calls IoBuildAsynchronousFsdRequest and then only sets the UserEvent field of the IRP with the event passed as argument, and inserts the IRP in the list of pending IRPs of the thread defined by the field Tail.Overlay.Thread of the IRP, calling IoQueueThreadIrp. I do not find anything in the code of IopfCompleteRequest (the implementation of IoCompleteRequest) that distinguishes thread and non-threaded IRPs. Apparently, if we let the IRP to be completed by the I/O Manager and the thread that called IoBuildAsynchronousFsdRequest still exists, the IRP should complete normally. I don't undestand why the kernel designers do not make a stronger distinction between threaded an non-threaded IRP in the code of IoBuildAsynchronousFsdRequest and IoCompleteRequest, because if we let a non-threaded IRP complete normally we get a bugcheck with the error code IRQL_NOT_LESS_OR_EQUAL, when the APC is inserted in the APC queue of the thread that created the IRP (in function KeInsertQueueApc), which is confuse. It was more friendly that the code distinguishes clearly the normal completion of a non-threaded IRP and bugckeck with a more suggestive error code. If you can tell me whether my analysis is right or wrong, and why this is designed this way, I would appreciate. Tanks in advance, Carlos MartinsAnonymous
February 26, 2007
Hi Doron, I saw som comments on this page regarding the Device Simulation Framework (DSF)... I'm modifying the SoftUSBAudio example (scrtestdsfusb) to simulate another device, and that part seems to be working fine. The problems come when I try to port the script that plugs in the simulated device, the part that is a VBscript in the SoftUSBAudio example. I just can't get it to work... what needs to be done to plug in the device using unmanaged C++? The test application is a dialog based MFC application, and I "connect" to the COM dll (the simulated device) using #import/CreateInstance(CLSID_...). Do you have any sample C++ code that can point me in the right direction? Any hints/suggestions will be appreciated! Thanks! StefanAnonymous
March 08, 2007
Hi Doron! i was studying this http://blogs.msdn.com/doronh/archive/2006/03/10/549036.aspx but can you guide me that how can i debug sys files better to be on Local PC or yes at remote LAN PC i am newbie although i am able to debug dll and exe files but i am stuck with the sys files. Please guide me how to start for it Thanks and Regards, JabeenAnonymous
March 08, 2007
Jabeen, you need a 2 machine setup to debug a kernel driver. The article you are referring to does not run the driver, it just loads it so that you can look at times and the assembly that was generated. For the 2 machine setup, you must use a serial or 1394 connection. Debugging over the network is not supported. If you don't have 2 machines and your driver does not control real hardware, you can use a virtual machine and debug it locally. dAnonymous
March 09, 2007
Hello sir, I want to write a vista sidebar application for my own personal use (at least for now) that tells me the temperature for my opteron cpu. To do this, I've found that I need to write a kernal mode driver. Is there some skeleton, or hello world type of sample that I could use for learning? In my ignorance, I feel that reading the value from 1 register should be pretty simple and safe, but the complexity and lack of information on writing a kernal mode driver for someone who has never done so is near impossible. I would appreciate any help you could offer. Thanks for your time, Darin FlippoAnonymous
March 09, 2007
Hi there, I'm from Rococo Software (www.rococosoft.com). For a long time, we've wanted to build a version of our JSR82 Java/Bluetooth implementation for Windows Mobile (and XP, Vista). However, there were no L2CAP APIs available, which was a showstopper for us. Now - I think there are new APIs in Vista for L2CAP, which is great. But what about Windows Moible? Any idea if there are APIs available, or due to be available for this, so that we can go ahead and create a new version of Impronto for Windows Mobile? Any help/direction/thoughts/etc. MUCH appreciated! Cheers, SeanAnonymous
March 12, 2007
The comment has been removedAnonymous
March 12, 2007
The comment has been removedAnonymous
March 12, 2007
sos100, I am pretty sure that Windows Mobile exposes L2CAP APIs as well. Windows Mobile is a speicialization of Windows CE, sop this link, http://msdn2.microsoft.com/en-us/library/ms890583.aspx, might help you get started. Note that on Vista, the L2CAP APIs are driver APIs, so if you are writing a java abstraction for L2CAP, you would need a driver to translate the user mode requests into kernel requests. dAnonymous
March 12, 2007
The comment has been removedAnonymous
March 13, 2007
Thanks. That answers my question - mostly. I think the key issue for me is this (from that link): "Extensions can be written to implement SCO, ACL protocols parallel to L2CAP, and controller management commands." In other words - there is no L2CAP support - but you can write your own. Am I correct in this understanding? Thanks again for the help, SeanAnonymous
March 13, 2007
Yes, you must write your own L2CAP abstraction before you can expose it in your Java class(es). dAnonymous
March 14, 2007
Hi doronh, the first argument of my completion routine does not have a valid pointer to the device object. I build my own IRP using IoBuildAsynchronousFsdRequest, do some stack initializations: IoGetNextIrpStackLocation(Irp); stack->Parameters.DeviceIoControl.IoControlCode = IOCTL_INTERNAL_USB_SUBMIT_URB; stack->Parameters.Others.Argument1 = (PVOID) &urb; stack->DeviceObject=DeviceObject; // has to be set here??? and then pass the IRP down to a USB driver. IoCallDriver(pdx->LowerDeviceObject, Irp); NTSTATUS OnBulkTransferComplete(PDEVICE_OBJECT fdo, PIRP Irp, PVOID urb) { fdo is NULL ??? } I often see in example code that people using the context of the completion routine to transfer important information, for example, the device extension, but i need the context for the urb. Why the fdo is NULL? What I'm doing wrong? Something missing by initializing the stack? cheers KarstenAnonymous
March 14, 2007
Hi Doronh i want to disable ethernet and internet on a work station through VC++.So can you help me out urgenly. some code would be appreciable Thansk in advance RYKAnonymous
March 15, 2007
Karsten, this was already covered ;). read http://blogs.msdn.com/doronh/archive/2006/07/25/677310.aspx. There is another technique you can use other then the extra stack location. You allocate extra space in your context for your device object. In this case, it would be typedef struct _CONTEXT { PDEVICE_OBJECT DeviceObject; URB Urb; } CONTEXT, *PCONTEXT; and then you initialize the DeviceObject field with your device object pointer and retrieve it from the context in the completion routine. You do not need to do this stack->DeviceObject=DeviceObject; // has to be set here??? because this is set by IoCallDriver() before it calls into the next driver in the stack. dAnonymous
March 15, 2007
Oh Doronh, thx for this both solutions. The extra stack location does make sense for me. But in case of your 2nd technique, how the usb driver underneath me know how to acess the own defined context? Hopefully it is not a stupid question, but I thought the lower driver (not my) is assuming a pointer to a URB?! KarstenAnonymous
March 15, 2007
Karsten, the context to your completion routine and the context URB value to the USB core are 2 different things and can be 2 different pointers. CONTEXT context; // assuming the call is synchronous, we can declare the context on the stack, otherwise this must come from ExAllocatePool context.DeviceObject = DeviceObject; ...format context.Urb .... IoSetCompletionRoutine(Irp, OnBulkTransferComplete, &context, TRUE, TRUE, TRUE); ... stack = IoGetNextIrpStackLocation(Irp); stack->Parameters.Others.Argument1 = (PVOID) &context.Urb; dAnonymous
March 15, 2007
VC_RYK, you can use the devcon sample in the WDK as a starting point if you want to use the C level APIs. it shows you can disable a NIC device. You can also use the Windows Driver Test Framework (WDTF), see http://msdn2.microsoft.com/en-us/library/aa973530.aspx for more information. For instance, you can write a JScript it looks like this: var WDTF = new ActiveXObject("WDTF.WDTF");var Device = WDTF.DeviceDepot.Query("class=NET AND Enumerator=PCI").Item(0);var DevMan = Device.GetInterface("DeviceManagement");DevMan.Disable();If you want the NIC enabled but want to disable tcp/ip's binding to the card, you can use the network configuration interfaces (which i think will let you disable the NIC as well), see http://msdn2.microsoft.com/en-us/library/ms805249.aspx dAnonymous
March 15, 2007
Carlos (from 2/27), sorry for getting back to you so late. IopfCompleteRequest requires a valid thread pointer on which to queue an APC. A non threaded IRP has no thread pointer and the implementation of IopfCompleteRqeuest does not check for a valid (in this case != NULL) thread pointer before attempting to queue the APC. Why was it designed this way? I don't know for sure (I guess I could go ask Darryl Havens who is in the next building and is the orignal I/O manager developer), but I would guess that this was never thought to be a problem. Furthermore, completing a non threaded IRP back to the i/o manager is an error since the I/O manager only knows where threaded IRPs were allocated from. Remember that a PIRP could come from a call to IoAllocateIrp or your own memory via IoInitializeIrp. How would the I/O manager return this error to your driver? As a return value to IoCompleteRequest? One of the driver factors in the I/O manager was to be as quick as possible with minimal overhead and heavily rely on drivers to do the right thing. This was a reasonable design decision at the time because everyone who was writing an NT driver was in the same building and could go ask Darryl what to do. This doesn't scale conceptually, but we are left with the repercussions of those decisions. dAnonymous
March 21, 2007
The comment has been removedAnonymous
March 22, 2007
Is it possible to have a driver built under the Server 2003 x64 build environment with 3790.1830 DDK signed for 64-bit Vista? Or does the driver have to have been built specifically for Vista? What about 32-bit Vista? I have a client who has bought and paid for such a driver and expects to get Vista for free. I'm not sure this is the case because the Vista driver signing documentation all refers to the Vista build environment and the 6000 DDK tools for creating a signature. Thanks, Greg P.S. I apologize for mis-posting this in the other blog area earlier this AM...Anonymous
March 22, 2007
Jabeen, I do not use VMware so I cannot help here, but there are many folks who do this type of thing all the time. Join the OSR NTDEV list and ask there. dAnonymous
March 22, 2007
gsemeraro, I am pretty sure that you can get a driver built in a previous DDK to be signed for Vista. I think the documentation referring to the signing in the WDK has to do with test signing and self signing your binaries. A driver that was signed for a previous OS (like WinXP or Server2003) will be treated as a signed driver by Vista. dAnonymous
March 22, 2007
Cristian (in response to the question asked on 2/20), better late then never. You cannot access the pointer at dispatch level. While the page itself is locked (e.g. the PTE), the PDE for the memory is not locked and can still be paged out. dAnonymous
March 22, 2007
Hello Doron, I'm trying to create a similar driver than the RamDisk driver, but the device is a PNP device. Everything worked right until I try to unplug the device. Then the debugger breaks on a breakpoint in Wdf01000.sys. The WdfLog gives the following information: FxFileObject::GetFileObjectFromWdm - Could not locate WDFFILEOBJECT for PFILE_OBJECT 0x86254948 FxFileObject::GetFileObjectFromWdm - Did a different PFILE_OBJECT get passed to the request than was to IRP_MJ_CREATE? This happens even if I set just a couple of callbacks. Remarks:
- If I remove SetDeviceType then the breakpoint will not break
- If I don't set the create callback then the breakpoint will not break
- If I use WdfDeviceInitAssignWdmIrpPreprocessCallback for IRP_MJ_CREATE/CLOSE requests, everything works but I think it should work with WdfDeviceInitSetFileObjectConfig as well... Adrian P.S. Create and Close callbacks are just stubs...
Anonymous
March 23, 2007
ButA, what version of KMDF are you using? I am guessing a v1.1 or v1.0. This issue has been fixed in v1.5. What is happening is that by setting your device type to FILE_DEVICE_DISK, the storage stack (primarily a file system) is loading on your device. File systems create lite file stream objects (by calling IoCreateStreamFileObjectLis, http://msdn2.microsoft.com/en-us/library/ms795446.aspx). When these file objects are created, IRP_MJ_CREATE/CLEANUP is not sent down to the disk, although IRP_MJ_CLOSE is sent down. FYI, if WdfDeviceInitSetFileObjectConfig is not called, KMDF will not create a WDFFILEOBJECT for a PFILE_OBJECT, but if it is called, we will create the WDF object. The dbg breaks you are seeing are because we are seeing a cleanup or close IRP that does not have a matching WDFFFILEOBJECT for the PFILE_OBJECT in the IRP. dAnonymous
March 25, 2007
Hi Doron, I have a question regarding the way to get device’s Vendor Id and Device ID. In the WDM functions like HalGetBusData(...) were used in order to get devices data. In my driver I need to know the device ID and VendorId of the device because my driver handles two types of devices. This data is needed in the AddDevice function in order to distinguish between the two devices types and act according to the type that caused the AddDevice function to be called. Is there a way to get such information in the AddDevice ? Thanks for your help Tal ZurAnonymous
March 26, 2007
Hello Doron, Thank you for your prompt answer. I'm using KMDF version 1.5. I've here just a short code snippet to reproduce the break... ::KMDF Version:: Kernel Mode Driver Framework (verifier on) version 01.005.6000 ::WdfLog:: FxFileObject::GetFileObjectFromWdm - Could not locate WDFFILEOBJECT for PFILE_OBJECT 0x86254948 FxFileObject::GetFileObjectFromWdm - Did a different PFILE_OBJECT get passed to the request than was to IRP_MJ_CREATE? ::Code:: DriverEntry: WDF_DRIVER_CONFIG_INIT( &DriverConfig, EvtDeviceAdd ); WdfDriverCreate( DriverObject, ... ); EvtDeviceAdd: WDF_FILEOBJECT_CONFIG_INIT( &FileConfig, EvtDeviceFileCreate, EvtFileClose, WDF_NO_EVENT_CALLBACK ); WdfDeviceInitSetFileObjectConfig( DeviceInit, &FileConfig, &FileAttributes ); WdfDeviceInitSetDeviceType( DeviceInit, FILE_DEVICE_DISK ); WdfDeviceInitAssignName( DeviceInit, &DeviceNameUnicode ); WdfDeviceInitAssignName( DeviceInit, &DeviceNameUnicode ); WdfDeviceCreate( &DeviceInit, &DeviceAttributes, &Device ); WdfDeviceCreateSymbolicLink( Device, &LinkNameUnicode ); EvtDeviceFileCreate: WdfRequestComplete( Request, STATUS_SUCCESS ); EvtFileClose: <empty>Anonymous
March 26, 2007
Tal, there are 2 ways to do this. The first way is to have 2 separate INF install sections. Each install section writes a value to the registry indicating the type (the 2 sections can share a value name, just the value itself is different). You then read the value out of the registry during AddDevice and switch on the value. The other way is to query the device config, see http://msdn2.microsoft.com/en-us/ms796135.aspx for documentation on BUS_INTERFACE_STANDARD, specificall the GetBusData function. Two other references to read are http://msdn2.microsoft.com/en-us/aa906253.aspx and http://msdn2.microsoft.com/en-us/ms806523.aspx. dAnonymous
March 26, 2007
ButA, this should not be happening with KMDF v1.5. Please enable the KMDF verifier on your driver. Set a bp on both EvtDeviceFileCreate and EvtFileClose. Also register for EvtFileCleanup and set a bp on it. Whenever your bp or the framework break hits, capture the calling stack with 'kb'. Send me the resluts to me using the email link (it is too large to put into a comment and be readable) in the blog. thx dAnonymous
March 26, 2007
Thanks for guidence now let me see how they guide coz' i am still stuck thereAnonymous
March 26, 2007
Thanks Doron, Querying the device config seems to be the way, I just wonder if there is a more “kmdf” way of getting the device config instead of the IRP_MN_READ_CONFIG. Thanks, TalAnonymous
March 27, 2007
Tal, there are a couple more "KMDF" ways to do this, but only after you have created a WDFDEVICE. After you have created a WDFDEVICE, you could call WdfFdoQueryForInterface to get BUS_INTERFACE_STANDARD or format an IO_STACK_LOCATION and use WdfRequestWdmFormatUsingStackLocation and send the request on the default WDFIOTARGET (WdfDeviceGetIoTarget). Since you wanted to do this before you created the WDFDEVICE, sending a PIRP manually is the only way. dAnonymous
March 28, 2007
Doron, Thanks for the quick response. TalAnonymous
April 02, 2007
Hi Doron, I'm trying to port the WDM version of Parallel Port driver to KMDF. In PptDetectChipFilter() function there is a call to build an IRP, Irp = IoBuildDeviceIoControlRequest( IOCTL_INTERNAL_PARCHIP_CONNECT, Fdx->ParentDeviceObject, &Fdx->ChipInfo, sizeof(PARALLEL_PARCHIP_INFO), &Fdx->ChipInfo, sizeof(PARALLEL_PARCHIP_INFO), TRUE, &Event, &IoStatus); and after that it is passing the IRP down. Actually, I'm not finding any replacement for this call in KMDF. Can you please throw some light like which function i should use for that. And it would be very helpful, if you can tell me some source from where I can get some help in porting Parallel Port driver to KMDF. Thanks, AnujAnonymous
April 03, 2007
Anuj, I don't think anyone has spent the time to convert the parallel port driver to KMDF, so you are on your own. But the port should not be too hard, it is not that complex of a driver if I remember correctly. In general, IoBuildXxxRequest() calls will be replaced with WdfIoTargetSendXxxSynchronously calls. To send the IOCTL in KMDF you would do this: WDF_MEMORY_DESCRIPTOR inDesc, outDesc;WDF_MEMORY_DESCRIPTOR_INIT_BUFFER(&inDesc, &Fdx->ChipInfo, sizeof(PARALLEL_PARCHIP_INFO));WDF_MEMORY_DESCRIPTOR_INIT_BUFFER(&outDesc, &Fdx->ChipInfo, sizeof(PARALLEL_PARCHIP_INFO));status = WdfIoTargetSendInternalIoctlSynchronously( WdfDeviceGetIoTarget(Device), WDF_NO_HANDLE, IOCTL_INTERNAL_PARCHIP_CONNECT, &inDesc, &outDesc, WDF_NO_SEND_OPTIONS, NULL );dAnonymous
April 05, 2007
Hello Doron I have to block write Privilege to floppy drive for a user using VC++ and i am using createfile to block the drive but not able to block writing privilage. so please can you help me out.it is very urgent. With regards RYKAnonymous
April 05, 2007
There are a number of tools out there that can set the ACL for the volume, I think will do what you want. Otherwise, filter on the floppy volume can block all writes (or a file system filter, but i think that might be a bit too heavy weight for what you want). What file are you opening in your call to CreateFile() ? dAnonymous
April 09, 2007
Hi Doron Yet i have not got any solution, can i have what what tools are there those i can use, now i am trying to use "SetEntriesInAcl" even this one is not working, Really it quite panic to resolve. in createfile i am passing ".A" as a file. Please dear try to help me out. Thanks RYKAnonymous
April 12, 2007
Hi, Doronh. I am a beginner in driver development. I am developing a USB device driver for a usb device. Today I encountered a problem in retieving the configuration descriptor of the device. I hope you could help me. According to WDK help, WdfUsbTargetDeviceRetrieveConfigDecriptor is available to get the configuration descriptor. But I just wonder how the function works if there are more than one configuration descriptors embeded in the device. Indeed, I want to specified the configuration descriptor index that I want. But I don't know how to do it. Thanks in advance... wsleeAnonymous
April 12, 2007
wslee, KMDF only supports the first config descriptor on a device. Devices with multiple config descriptors do not make much sense to me; for instance, no USB class driver in Windows supports mulitple configurations. dAnonymous
April 12, 2007
Thank you for your reply, Mr. doronh. In fact, I am writing a no USB class driver. So I want to get the specified config descriptor. Maybe I should try UsbBuildGetDescriptorRequest. OK, thanks once more... ^_^Anonymous
April 13, 2007
wslee, I realize you are not writing a class driver, otherwise you not have to write a driver ;). I was just pointing out that nearly all of the USB drivers in the OS do not support multiple configurations. Why does your device have multiple configurations? What value/functionality is it adding for your device? UsbBuildGetDescriptorRequest woudld be the macro you use to get the config descriptor yourself. dAnonymous
April 16, 2007
The comment has been removedAnonymous
April 17, 2007
Hello, I have been getting a strange KeSetEvent bugcheck. The architecture I am using is the following:
- a bus driver that manages 2 virtual COM ports
- a user mode application that communicates with the bus driver When the client app is launched, it creates a named evend and sends an IOCTL to the bus driver so that the driver opens the same event (with IoCreateSynchronizationEvent). Just before the client app quits, it sends another IOCTL to the driver to let the driver know that it is about to close the event in user mode (I am not sure if this is necessary...). Basically, I need to know in the client app if a VCom managed by the bus has been opened/closed. What I did was to sent IRPs from the VCom ports to the bus driver from their IRP_MJ_CREATE and IRP_MJ_CLOSE handling routines to the bus driver (using internal IOCTL between the drivers). The bus driver sets the forementioned named event in response to those IRPs. It works very well most of the time. Sometimes I get a strange bugcheck when the bus driver is trying to set the named event in response to a VCom driver being closed. Here's the corresponding code: ExAcquireFastMutex(&deviceData->ModemEvtMutex); KdPrint(("Event ptr: 0x%pn", deviceData->ModemEvent)); if(deviceData->ModemEvent != NULL) KeSetEvent(deviceData->ModemEvent, IO_NO_INCREMENT, FALSE); ExReleaseFastMutex(&deviceData->ModemEvtMutex); The KeSetEvent function is guarded with a fast mutex because I close the event (and nullify the pointer) when the client application is closed. Let's move to the Windbg log: Event ptr: 0x821FF1E8 *** Fatal System Error: 0x0000000a (0x00000016,0x00000002,0x00000000,0x804DBDA3) (...) Arg1: 00000016, memory referenced READ_ADDRESS: 00000016 CURRENT_IRQL: 2 FAULTING_IP: nt!KiWaitTest+30 804dbda3 6683781601 cmp word ptr [eax+16h],1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: hypertrm.exe TRAP_FRAME: f615b018 -- (.trap fffffffff615b018) ErrCode = 00000000 eax=00000000 ebx=821ff1f0 ecx=f615b098 edx=00000000 esi=821ff1e8 edi=00000000 eip=804dbda3 esp=f615b08c ebp=f615b0a8 iopl=0 nv up ei pl nz na po cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010203 nt!KiWaitTest+0x30: 804dbda3 6683781601 cmp word ptr [eax+16h],1 ds:0023:00000016=???? Resetting default scope LAST_CONTROL_TRANSFER: from 8053225b to 804e3592 STACK_TEXT: f615abcc 8053225b 00000003 f615af28 00000000 nt!RtlpBreakWithStatusInstruction f615ac18 80532d2e 00000003 00000016 804dbda3 nt!KiBugCheckDebugBreak+0x19 f615aff8 804e187f 0000000a 00000016 00000002 nt!KeBugCheck2+0x574 f615aff8 804dbda3 0000000a 00000016 00000002 nt!KiTrap0E+0x233 f615b0a8 804e39f2 82200c70 82200d64 8206fc18 nt!KiWaitTest+0x30 f615b0bc f88612f4 821ff1e8 00000000 00000000 nt!KeSetEvent+0x58 f615b0ec f7f5cba4 7ddff388 7df903e0 00000000 baracodabus!Bus_Pdo_EvtIoInternalDeviceControl+0x274 [h:baracodapencilvcombaracodabusbusdynamicbuspdo.c @ 516] So the pointer to the user-mode-created event is correct (I check its value right after it is created) but still Windbg believes there's a null pointer there. Would you have any idea about what is going on? The bus driver was based on the toaster KMDF example and the VCom drivers are WDM-based. Any help would be appreciated. Thanks a lot, Alex Palka
Anonymous
April 25, 2007
The comment has been removedAnonymous
May 03, 2007
angren, don't worry about the partical IRQ value. on a machine with an IOAPIC, the IRQ values exposed to the driver are not the exact IRQ values used in the hardware. The HAL encodes different values into the IRQ value. As for why you cannot assign a WDFINTERRUPT an interrupt vector, that is because the WDFINTERRUPT uses the resources assigned to the device. You as a driver, even in WDM, are not allowed to pick arbitrary vectors or values to pass to IoConnectInterrupt, you are supposed to use the values assigned to you by PnP. As for issue with the Command field in config space, I don't know. Are you sure you are reading at the right offset? dAnonymous
May 07, 2007
Hello, I have built and installed the KMDF drivers - 'ndisedge.sys' and 'pcidrv.sys' which I built using DDK 6000. I have an Intel 82557 controller based NIC on my system. That allowed me to load my driver(s). During my debug session when I have my target and host machines hooked up with Firewire cable, I see the following output when I right click on the NIC and choose properties in Control Panel->Networking window: NDISWDM.SYS:WdfIoTargetSendIoctlSynchronously failed 0xc00000bb NDISWDM.SYS:NICMakeSynchronousIoctl failed c00000bb NDISWDM.SYS:WdfIoTargetSendIoctlSynchronously failed 0xc00000bb NDISWDM.SYS:NICMakeSynchronousIoctl failed c00000bb NDISWDM.SYS:WdfIoTargetSendIoctlSynchronously failed 0xc00000bb NDISWDM.SYS:NICMakeSynchronousIoctl failed c00000bb NDISWDM.SYS:WdfIoTargetSendIoctlSynchronously failed 0xc00000bb NDISWDM.SYS:NICMakeSynchronousIoctl failed c00000bb NDISWDM.SYS:WdfIoTargetSendIoctlSynchronously failed 0xc00000bb NDISWDM.SYS:NICMakeSynchronousIoctl failed c00000bb At this point, I am not sure how to debug further. I will highly appreciate any suggestions/hints. Thank you.Anonymous
May 07, 2007
The comment has been removedAnonymous
May 08, 2007
Hi Doron, I'm writing a KMDF driver, I would like to call an IOCTL from a win32. Is it guaranteed that my driver has the context of the process that made the request ?. The IOCTL would be handled by my driver with no calls to other low level drivers. My purpose is to transfer a pointer (virtual user space) to a data buffer + meta data of the buffer in the IOCTL's In Buffer, in the kernel I would create an MDL from the pointer to data buffer (using ProbeAndLock (...) etc.). If the OS can make a context switch while the IOCTL is handled in the driver then the pointer to the data buffer which is virtual user mode address isn't pointing to the place of the data buffer. I thought of using direct IOCTL but this is a problem if I want to send the data buffer with the meta data in the same IOCTL. Thanks for your help Tal ZurAnonymous
May 08, 2007
Hi Doron, Thanks for the previous reply. Now, a different question: The Windows Driver Kit indicates that the following safe string functions must be executed at IRQL = PASSIVE_LEVEL. While the Device Driver Kit does not mention at what maximum IRQL the above safe string functions can be executed. RtlStringCbPrintfW ( ...) ; Status = RtlStringCbLengthW (...); Can the above safe string functions be executed at at IRQL <= DISPATCH_LEVEL? Thanks in advance for your help.Anonymous
May 08, 2007
Prabhakant, the answer is it depends on the particular function you are calling and the type of buffer. The bigger question is why are you manipulating or touching strings at raised IRQL?Anonymous
May 08, 2007
Tal, the I/O manager itself will not swap contexts between a user mode I/O call and the underlying sending of the IRP in the kernel mode driver. KMDF does not guarantee the caller's context though when a request is presented in a WDFQUEUE. To allow you to map buffers, KMDF allows you to specify a EvtIoInCallerContext via WdfDeviceInitSetIoInCallerContextCallback. The processing is now split. In EvtIoInCallerContext you map/copy the buffer and then in the WDFQUEUE callback, you process the request/data. To probe and lock the UM address you would call WdfRequestProbeAndLockUserBufferForRead/Write (note this do not make a copy, just probe/lock). By using these APIs, KMDF will automatically unlock the buffer upon completion of the request. dAnonymous
May 08, 2007
Hi Doron, From the DPC we would like to log a message to the system event log. So, we need to construct/manipulate the message string in the DPC. I am not sure what the problem with this approach is. Also, I wonder what alternatives we have here. Thanks again.Anonymous
May 08, 2007
You should have a fixed length string that you are putting into the error packet returned by IoAllocateErrorLogEntry(). As such, you really should not need any string manipulation functions, rather it will be a straight RtlCopyMemory into the right offset of the packet. dAnonymous
May 08, 2007
The comment has been removedAnonymous
May 09, 2007
akc, you would need to write a driver for this. i/o does not flow through windows messages. Ideally you write a filter on the volume which turns the volume into a read only volume. dAnonymous
May 09, 2007
Doron, thanks for the help Tal ZurAnonymous
May 14, 2007
Hello :) When we call WdfDmaEnablerCreate, we use "devExt->Device" for instance: status = WdfDmaEnablerCreate( devExt->Device, &dmaConfig, WDF_NO_OBJECT_ATTRIBUTES, &devExt->DmaEnabler ); Does "devExt" mean "deviceExtension"? And do we have to do something before using "devExt->Device" for instance? Thank you!Anonymous
May 15, 2007
DclsBOSS, well, this is your code, so it means whatever you defined it to be. In a WDM driver, you have a device extension (DeviceObject->DeviceExtension) which you define in the call to IoCreateDevice. In KMDF, you specify a context (vs an extension) on the WDFDEVICE when you create it. Since most driver writers are used to a device extension, they put their WDFDEVICE context in a local var called "devExt" or "ext" or something like that. > And do we have to do something before using "devExt->Device" for instance? You have to create the WDFDEVICE, which you already did, otherwise you would not have a valid devExt pointer or Device to begin with. Are you encountering some other issue that you cannot solve? is WdfDmaEnablerCreate failing? dAnonymous
May 16, 2007
I have never written a driver before, and I need to write a simple driver for a PCI card. All I need to do is be able to read the configuration space info and read/write to some registers on the card (offset from BAR 2). I have read through a LOT of the documentation that comes with the WDK install, and a few tutorials that reference the WDK samples. I have decided that writing a KMDF driver is the easiest/fastest way to get this completed. One of the questions that I am facing at the moment is how to tell the system which piece of hardware I am writing this driver for. Do I specify the Vendor ID and Device ID somewhere in the driver code, or is it something that is done through a .INF file? Where do I tell windows that my device is located on the PCI bus? I haven't been able to find much on writing .INF files yet... I was kinda hoping that if you couldn't help me directly, that you could at least point me to some good tutorials/samples/discussions that I can learn some of these basics from. Also, do you know how to read/write PCI registers from a KMDF driver?Anonymous
May 17, 2007
The comment has been removedAnonymous
May 19, 2007
vortical, the INF is what ties your driver to your hardware. Your PCI device will have a hardware ID (one of the IDs is in the format of PCIVEN_vvvv&DEV_dddd, others have subsys or revision in them as well). The best for you to start is with a sample driver, WinDDK6000srckmdfpcidrvsys is a good place to start. Look at genpci.inx (which is turned into an INF through some makefile magic). Accessing registers is also demonstrated in the sample dAnonymous
May 19, 2007
DclsBOSS, OK, thanks for the explanation. To test out DMA you do need to be enumerated by a bus that supports DMA interfaces (like PCI). You cannot use DMA for a root enumerated device for instance. As for interrupts, you should use the WDFINTERRUPT object to help you manage the interrupt's state. dAnonymous
May 20, 2007
doronh, I see that we define the driver context (aka extension) in the header file. I see and understand the WDF_DECLARE_CONTEXT_TYPE_WITH_NAME macro, in order to get the context and use it (devExt->Device for instance). But, how is the context filled? Automatically by the framework or "manually" by the driver*?for instance, in the context: WDFDMAENABLER DmaEnabler and in the driver: status = WdfDmaEnablerCreate( devExt->Device, &dmaConfig, WDF_NO_OBJECT_ATTRIBUTES, &devExt->DmaEnabler ); Thank you very much!
Anonymous
May 21, 2007
WDF_DECLARE_CONTEXT_TYPE_WITH_NAME will declare the context "type" and the necessary infrastructure for KMDF to create a context, but it doesn't not actually create any context memory. To create a context, you call WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE with an object attributes and specify the context type's name. You then pass this object attributes to a Create function (like WdfDeviceCreate). Upon success, the handle passed back to your driver will have the context associated with it. Upon creation, the context will be zero'ed out. In the example you gave, the DmaEnable will not have a context associated with it since you specified WDF_NOT_OBJECT_ATTRIBUTES in its Create function. dAnonymous
May 21, 2007
"In the example you gave, the DmaEnable will not have a context associated with it since you specified WDF_NOT_OBJECT_ATTRIBUTES in its Create function." Ok, but I will find "DmaEnabler" in the device extension, won't I? For instance, in AMCC5933.c: [AmccPciAddDevice] ... WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&fdoAttributes, AMCC_DEVICE_EXTENSION); fdoAttributes.EvtCleanupCallback = AmccPciContextCleanup; fdoAttributes.SynchronizationScope = WdfSynchronizationScopeDevice; status = WdfDeviceCreate( &DeviceInit, &fdoAttributes, &device ); ... [AmccPciEvtDevicePrepareHardware] ... devExt = AmccPciGetDevExt(Device); ... WDF_DMA_ENABLER_CONFIG_INIT( &dmaConfig, WdfDmaProfilePacket, devExt->MaximumTransferLength ); status = WdfDmaEnablerCreate( devExt->Device, &dmaConfig, WDF_NO_OBJECT_ATTRIBUTES, &devExt->DmaEnabler ); ... And, in AMCC5933.h: typedef struct _AMCC_DEVICE_EXTENSION { WDFDEVICE Device; WDFDMAENABLER DmaEnabler; // !!! WDFREQUEST CurrentRequest; WDFINTERRUPT WdfInterrupt; ULONG MaximumTransferLength; ULONG MaximumPhysicalPages; ULONG Intcsr; PREG5933 Regs; PUCHAR PortBase; ULONG PortCount; BOOLEAN PortMapped; } AMCC_DEVICE_EXTENSION, * PAMCC_DEVICE_EXTENSION; WDF_DECLARE_CONTEXT_TYPE_WITH_NAME(AMCC_DEVICE_EXTENSION, AmccPciGetDevExt) Do I have all code which shows that I understand the meaning of DmaEnabler in the device context (declaration, filling...)? Thank you! PS: a little question... Can I configure my interrupts and DMA both in EvtDevicePrepareHardware or must I configure only DMA in EvtDevicePrepareHardware and configure interrupts in AddDevice? :)Anonymous
May 23, 2007
I'm sorry to ask you so many questions... But I have two things which interest me: _ In the AMCC5953 sample, there is many source files. I saw the description in the WDK Documentation. I study AMCC5933.c (file for AMCC5933 PCI driver) and AMCC5933.h (prototype file for AMCC5933 PCI driver) but I saw that ISR, DPC and DMA are in Transfer.c! If I want to add these functionalities in my driver (based on the Toaster sample), can I code these callback functions in only one source file? (DriverEntry, EvtDeviceAdd... EvtInterruptIsr, etc.) _ A general question... Do you have a link that explains the creation of an INF file easily? Thanks a lot!!Anonymous
May 28, 2007
Hi Doron, I have noticed the following problem with the KMDF: I have written a driver which handles two types of devices, each device has its own set of Pnp and power events callbacks. While running in debug I have noticed that for all of my devices I call the same EvtDevicePrepareHardware function (the callback function which was registered first). I would like to know if several types of devices with several types of Pnp and power callbacks can be handled in the same driver or that the registration to the callbacks for the first device would influence all the later devices. Thanks for your help Tal ZurAnonymous
May 29, 2007
TAl, pnp callbacks are registered on a WDFDEVICE which means that each WDFDEVICE can have its own set of callbacks. same with power. How are you registering the callbacks for each device? Can you post some code? dAnonymous
May 29, 2007
Hi Doron, In the EvtDeviceAdd function I check the type of the device which was added to the system. My driver support two types of devices. According to the type of device that was found I call the appropriate XXX_DeviceAdd function. In each of this functions I register the Pnp and Power callback in the same way: WDF_PNPPOWER_EVENT_CALLBACKS_INIT ( &PnpPowerCallbacks); PnpPowerCallbacks.EvtDevicePrepareHardware = XXX_YYY_Pnp_EvtDevicePrepareHardware; WdfDeviceInitSetPnpPowerEventCallbacks ( DeviceInit, &PnpPowerCallbacks); All this is done before calling the WdfDeviceCreate function. It is important to mention that the phenomenon I have notice is has follows: I have two types of devices: board and DSP , the OS usually finds the board before it finds the DSP’s (which are mounted on the board), this means that the Pnp and power callbacks of the board are registered before the ones of the DSP. The DSP would register to its own set of callbacks but I notice that the framework calls the boards Pnp and power callbacks even for the DSP (this is quite easy to notice because the number of DSPs is significantly larger than the number of boards). Thanks for your help, Tal ZurAnonymous
May 29, 2007
Tal, are you sure that the WDFDEVICE passed to your EvtDevicePrepareHardware is incorrect? The order in which your devices are added is not necessarily the order in which they are started and in Vista, devices can be started asynchronously so you may be seeing 2 of your devices being started at the same time if you are printing debug logs. I would suggest that when you get a callback on the wrong WDFDEVICE, break in and run !wdfdevice <WDFDEVICE> fff !wdfhandle <WDFDEVICE> the first will dump all of the registered callbacks, the 2nd should dump the context (i am assuming you are using a different context for each device and !wdfhandle will show you the context type). Also, run !wdfdevice <WDFDEVICE> fff after you successfully call WdfDeviceCreate to make sure that the callbacks are registered as you think they should be. dAnonymous
May 29, 2007
Doron, I’m using windows server 2003, according to the number of times I get into my boards Prepare hardware function I can be sure that there is a problem. In addition I notice that I only enter the boards prepare hardware function with no entry what so ever to the DSP prepare hardware function. I tried to run the commands in the WinDbg but got ‘No export wdfhandle found’ and ‘No export wdfdevice found’, does it have any connection to the WinDbg version I’m running (6.6.0007.5) ? Thanks for your help, Tal ZurAnonymous
May 29, 2007
Doron, I have succeeded to use !wdfdevice <WDFDEVICE> fff and !wdfhandle <WDFDEVICE> , and was surprised to see that my prepare hardware callback wasn’t registered. The situation is quite interesting, in the board device I only register a prepare hardware callback. In the DSP I register EvtDevicePrepareHardware, EvtDeviceD0Entry and EvtDeviceD0Exit. After calling the WdfDeviceCreate for a DSP device if I call !wdfdevice <WDFDEVICE> fff I find out that the registered functions are (and this is the weird part) the DSP’s EvtDeviceD0Entry is the DSP’s D0Exit function and the DSP’s EvtDevicePrepareHardware is the boards prepare hardware function. NO callback is listed for the EvtDeviceD0Exit. Here is part of the dump: Power policy state history: [0] WdfDevStatePwrPolObjectCreated (0x500) EvtDeviceD0Entry: Adif4Mpda!ADIF4_Dsp_Pnp_EvtDeviceD0Exit (f764df80) EvtDevicePrepareHardware: Adif4Mpda!ADIF4_Board_Pnp_EvtDevicePrepareHardware (f764c2a0) Thanks for your help, Tal ZurAnonymous
May 30, 2007
The lack of a D0Exit in the output could be a sign of soemthing wrong, but could just be a bug in the wdfkd extension. I think you need to look at your code again and make sure you are not cross pollinating your device init routines. Internally, there are no cross reference links from one WDFDEVICE to another, so it is not possible for one set of callbacks to accidentally get set from another WDFDEVICE. It could also be that your functions for the DSP and the board are completely the same and the compiler folded them together. Turn on the KMDF verifier (not driver verifier) and see if anything is reported. dAnonymous
May 30, 2007
Doron, one more important thing that I have noticed using the !wdfdevice <WDFDEVICE> fff command and also looking at the WDF_PNPPOWER_EVENT_CALLBACKS PnpPowerCallbacks is that some of my functions that fill this data structure have the same address this could be a reason for the lack of some of my functions, they could be overruned by other functions. Do you have any idea how this can happend ? Thanks, Tal ZurAnonymous
May 30, 2007
Are the functions which share the same address functionally equivalent? For instance, WdfDeviceInterfaceReferenceNoOp and WdfDeviceInterfaceReferenceNoOp share the same address on an optimized build b/c they are exactly the same (same parameters, same implementation). Does this repro on a chk/unoptimized build? Function folding is only performed on optimized builds. dAnonymous
May 30, 2007
Doron, the reason that the function had the same address was that the functions were at this point empty, after adding content to them the address problem was solved. The only problem that I still encounter is that the EvtDeviceD0Exit can't be registed. I notice that the EvtDeviceD0Exit function is added to the WDF_PNPPOWER_EVENT_CALLBACKS PnpPowerCallbacks but after the device create while using the !wdfdevice <WDFDEVICE> fff I see that the event wasn't registered. Thanks, Tal ZurAnonymous
May 30, 2007
Doron, the problem was started because of empty functions that were considered as one by the optimizer. After adding the content to the function (which was different of course) the problem has finished. Thanks, Tal ZurAnonymous
June 05, 2007
Hi Doron, I have two questions. The first regarding device symbolic name and the second regrarding device PCI info.
- in my driver i assign a symbolic name to a device using the WdfDeviceCreateSymbolicLink method from the AddDevice routine. my question is if and how can i access/retrieve this name from other areas of my driver (kernel). the reason i want to access this name is that somewhere in the process i pass some symbolic names to win32 so an application would use the CreateFile method with the symbolic names previously created by me to access the device. i try to deal with using interfaces but i can't find any method to retrieve this name. when i use IogetDeviceInterfaces i get a system crash.
- for each device that my driver handles i need to extract the device's bus number and Device number(i.e slot number on the bus). i can successfuly access the bus number using the WdfDeviceAllocAndQueryProperty method and the DevicePropertyBusNumber property flag. i can't seem to find any flag that enables extracting the "slot" number. i can only get a string representing the PCI info using the DevicePropertyLocationInformation flag but as i said, i get a string back which i need to parse. is there a way of retrieving the "slot" number as a number ? thanks a lot, Kobi.
Anonymous
June 07, 2007
Hi! Doron, I write a software driver by WDF. I want it get the ICH7's smbus interrupt. Is it possible? I find a driver on my system. (Device Management) It is "Intel(R) 82801G(ICH7 Family) SMBus Controller-27DA". In the driver's detail, The Property "inf Section" is NO_DRV. The driver resource is IRQ4, (SMBus Interrupt setting) Could I write a software driver or filter driver to get the interrupt in? (SMBus Interrupt) If yes, where can I find the relate document? I research a long time, but I do not get any solution about it. Thanks.Anonymous
June 13, 2007
Hi Doronh i want to detect at run time what kind of device is connected to USB port(like if Digital camera is connected then it shows Digital camera etc.)like how our windows is showing(if you cannect scanner to USB port then in My computer you can see in "Type" Image scanner. i using "setupDiGetDeviceInterfaceDetail" can i have some idea. Thanks in advance RYKAnonymous
June 13, 2007
Kobi, what is the callstack and bugcheck parameters when IoGetDeviceInterfaces crashes? Device interfaces are the correct way to do this. By using device interfaces you do not need to pass any names to your application, the appliaction can enumerate the names on its own (and be dynamically notified when they arrive after initial enumeration). As for the slot number, i don't think there is a way to retrieve this as a number...but why do you want to get this value? It is very common for the software reported slot number to not match the number on the hardware itself. dAnonymous
June 13, 2007
Ted Lin, the only way you can get access to the SMBus interrupt is if you are in the PnP device stack for the root of the SMBus. It seems there is such a device, the "Intel(R) 82801G(ICH7 Family) SMBus Controller-27DA". What you need to do is install your driver on this device (and not as a filter since you will be the function driver). Once you install your driver on the correct device, you will get the interrupt information in EvtPrepareHardware in the translated resource list (WDFCMRESLIST) dAnonymous
June 13, 2007
VC_RYK, do you want to know about specific types of devices or all USB devices plugged into the usb controller? For specific types of devices, you must register for notifications on the appropriate device interface. If you want to be notified of any usb device that is plugged in, that is not really possible. why do you need to know about every usb device plugged into the machine? dAnonymous
June 13, 2007
i am able to notify the devices which are being pluged in on USB port but not able to recongnise which device it is. Like Digital camera, sanner etc. Thing is , How windows is recongnising these device.Anonymous
June 13, 2007
Windows does not recognize the device itself. What happens is that the device that is plugged in has a driver loaded for it. That driver then exposes one or more device interfaces. Specific parts of windows know how to listen for specific device interface events. This is how the scanner UI knows a new scanner shows up. it does not listen on usb events, it listens on device interface events. Given a random device that is plugged in, you can't know what it does until the driver that controls it loads and exposes the correct functionality. dAnonymous
June 13, 2007
"Specific parts of windows know how to listen for specific device interface events " Can i do this in my own application too? i.e. my application must be able to know which type of device is being plugged in to the usb. How should i go about it? How can i register with the various device drivers such that i get a notification whenever a device is plugged in.Anonymous
June 13, 2007
VC_RYK, on XP and later you can call RegisterDeviceNotification with DEVICE_NOTIFY_ALL_INTERFACE_CLASSES, this will tell you about all interface changes on all busses, see http://msdn2.microsoft.com/en-us/library/aa363431.aspx. you will have to know about each device interface GUID to know what the functionality it represents, there is no way to find a generic functional mapping at runtime. dAnonymous
June 13, 2007
Hi Doron, thank you very much for the answer. about the callstack and bugcheck parameters i will do some checking and get back to you. also, will it be correct to understand from your answer that, in general, passing a string (strings) from kernel to win32 is not a desirable operation ? should i prevent myself from doing so ? if not, can you please describe which string type is the best to use (a type known to both win32 and kernel) ? again, thanks a lot. Kobi.Anonymous
June 14, 2007
you can pass null terminated strings just fine, it is just a little hard to get it right and validation the buffers. But, my point is not that passing strings back and forth is hard, my point is that you are reinventing existing functionality. Device interfaces do everything you are trying to do and they do it in a better way. dAnonymous
June 17, 2007
Hi! Doron, I write a driver to control an I2C device via the ICH7's smbus. I am just polling the register to check the SMBUS ready or not. (My driver work well.) In the smbus control, I can set a interrupt for the smbus data ready. So I try to do that. The "Intel(R) 82801G(ICH7 Family) SMBus Controller-27DA" is installed when I install the Intel ICH7 driver. In this situation, could I write a driver to replace the above driver? Or is there any method to co-work with the "Intel(R) 82801G(ICH7 Family) SMBus Controller-27DA", like a filter druver? Thanks.Anonymous
June 20, 2007
The comment has been removedAnonymous
June 21, 2007
Hi Doron, I'm designing a driver that should work with a DMA device. The device is TI DSP. My requirement from the hardware engineers is that they will support hardware scattergather. I don’t want the system to use map registers since my solution needs to support hundreds of DMA transactions. The HW engineers ask two questions that I find it hard to give a straight answer:
- What is the maximum number of fragments that a 4K byte buffer can split into? The buffer was allocated via the user mode, and was part of a larger buffer (for example 1000 buffers of 4K in one malloc call).
- In case of fragmentation, what is the minimum size of a fragment? HW guys say that the DSP support minimum DMA transaction of 32 bits. I appreciate your help. Avi.
- Anonymous
June 21, 2007
Hi!
- Maybe, you can check the WDK: a) WdfDmaEnablerSetMaximumScatterGatherElements "If your driver does not call WdfDmaEnablerSetMaximumScatterGatherElements, the framework uses a default value of WDF_DMA_ENABLER_UNLIMITED_FRAGMENTS, which means that there is no limit to the number of scatter/gather elements." b) WdfDmaEnablerGetMaximumScatterGatherElements "The WdfDmaEnablerGetMaximumScatterGatherElements method returns the maximum number of scatter/gather elements that the device and driver support, for a specified DMA enabler object."
- I only know WdfDmaTransactionSetMaximumLength
Anonymous
June 22, 2007
The comment has been removedAnonymous
June 22, 2007
Ted, you could write a driver to replate the Intel driver but I don't know what side affects would result from such an action. I don't know what loss of functionality you will have. You will have to contact Intel to see if their driver exposes a way to work with the resources that it owns. dAnonymous
June 22, 2007
himanshup , I don't have enough context in which to answer you question. If you are taking a sample from the Vista WDK and trying to build it on the Server 2003 SP1 DDK, that will probably not work. dAnonymous
June 22, 2007
lousky, #1 - 2 fragments #2 - whatever the buffer alignment requirement is dictates the minimum size. If you make your alignment requirement 4-bytes then you’ll be fine. Without an alignment requirement set on the device the driver could easily find itself with a 1 byte fragment. You can set the alignment on the device by calling WdfDeviceSetAlignmentRequirement (http://msdn2.microsoft.com/en-us/library/aa491087.aspx) (thanks to peterwie for providing the answer) dAnonymous
June 22, 2007
DclsBOSS, i am not sure what your question(s) is. are you saying that the docs are referring to DDIs which do not exist? WdfDmaEnablerSetMaximumScatterGatherElements and WdfDmaEnablerGetMaximumScatterGatherElements are both documented and exported. dAnonymous
June 22, 2007
VC_RYK, it depends on how unique you want it and where the serial number comes from. A usb device can have a serial number which should make it unique on the usb bus. if the device is also connected over 1394, it won't have the same serial number at the connection layer. On the other hand, if you are getting a hard drive's serial number, it should be the same regardless of how it is connected to the PC. For other types of devices like scanners or cameras, if they don't have a USB serial number there is no way to get a unique ID for the device. this is the same problem the OS has when you move a device from port to port. If the OS can acquire a bus unique ID, the device will not be reinstalled when plugging into a different port, but if there is no unique ID, you get a found new hardware popup and reinstallation. dAnonymous
June 22, 2007
VC_RYK, it depends on how unique you want it and where the serial number comes from. A usb device can have a serial number which should make it unique on the usb bus. if the device is also connected over 1394, it won't have the same serial number at the connection layer. On the other hand, if you are getting a hard drive's serial number, it should be the same regardless of how it is connected to the PC. For other types of devices like scanners or cameras, if they don't have a USB serial number there is no way to get a unique ID for the device. this is the same problem the OS has when you move a device from port to port. If the OS can acquire a bus unique ID, the device will not be reinstalled when plugging into a different port, but if there is no unique ID, you get a found new hardware popup and reinstallation. dAnonymous
June 23, 2007
Thank you for your answer. Regarding the answer for the first question (number of fragments = 2) - does it based on map registers or actual fragmentation on the physical memory? Thanks, Avi.Anonymous
June 24, 2007
doronh: I tried to answer to lousky, sorry!Anonymous
July 02, 2007
Dear doron: I am writing the PCI bus storage WDM driver, and encountered a problem these days only in Vista. (the problem will not occur on XPSP2). And the operation is "copying files to the storage device (like MS/SD) , before finished, to enter power saving (sleep/Hibernet) mode, sometimes window will show error message as follow. error 0x800703EE: The volume for a file has been externally altered so that the opened file is no longer valid" Before power saving, what should we do first to avoid to copy file error(I think only one file will be error) ? This is my first time to ask question . I have no idea if it's decency. Thank you anyway. ykwangAnonymous
July 05, 2007
Hi Doron, I am having trouble using IoRaiseInformationalHardError in Vista. I stepped into the API implementation and was able to determine that a work item was queued successfully and IopHardErrorThread was invoked as expected and it was writing to the ALPC port. However, I didn't debug the listener port to determine whether it received the message and if so what it did with the message. I am starting to wonder if some vista security/configuration (possibly csrss process related) is blocking the message from getting displayed and thought I would check with you before I spend more time debugging this. As always, thanks for you time!
- Kamala
Anonymous
July 08, 2007
Hi Doron, I have contacted with Intel. They just tell me as below. We don't provide any method for ODM to implement their own drivers. If you would like to develop a standalone driver, you may be on your own risk. I have a question abiut the smbus interrupt. The interrupt is an inside interrupt of smbus controller. it is not design to a hardware pin or any register. How do I set the EvtPrepareHardware? I use create Interrupt object to my driver. But it seems to no wrok. Thanks.Anonymous
July 11, 2007
Will the driver built for XP32 work on Vista32? I have developed a driver for a PCI board which requires only memory & interrupt resources. I am using WDK6000 and KMDF1.5 to build the driver. I have following questions:
- Will the driver built for XP32 work on Vista32?
- Are the libraries used during build for XP32 and Vista32 different?
- Anonymous
July 11, 2007
- Yes, try with a WDK sample ;-)
Anonymous
July 11, 2007
Hi Doron, I have a WDM version of a driver for a PCI board. I have ported it to KMDF and built it with KMDF1.5. The original WDM driver loads fine on Vista32 and the application also runs well even with UAC enabled or as a non-administrator user. But with the new KMDF version driver, I get following issue: When UAC is enabled or I run as non-administrator user, the application gets 'Access Denied' error for CreateFile call. What could be the issue?Anonymous
July 12, 2007
The comment has been removedAnonymous
July 12, 2007
Ted, WDFINTERRUPT only works if there is a hardware interrupt assigned to your device in the CM_RESOURCE_LIST created by pnp. if the interrupt is not exposed to the OS and kept internal to the hardware, there is nothing you can do in a driver to get at it. dAnonymous
July 12, 2007
Kamala, i would guess that there are issues on Vista with IoRaiseInformationHardError due to all services running in session 0 and not having any logged on user running in that session (vs previous releases where the first logged on user would run in session 0 as well). Then again, this could be by design and explicitly broken. I don't know the definitive answer. dAnonymous
July 17, 2007
Hi Doron, Can we use SDV and PREfast for a WDM driver...?Anonymous
July 17, 2007
Yes, SDV and Prefast for drivers (PFD) can be used on a WDM driver. PFD can also be used on a KMDF driver, while SDV in the 6000 WDK is limited to only WDM drivers. The next version of SDV in the next WDK will support KMDF as well. dAnonymous
July 17, 2007
I have a general question regarding USB drivers that seems to not be covered anywhere that I can find. My question is regarding when two or more of our devices are plugged in. A typical scenario is that one instance of our user software will have an open handle to the interface of device0 (call this processA). ProcessB will be the second instance of our software that has an open handle to the interface of device 1. If ProcessB is communicating away and Device0 gets unplugged, Device1 inadvertently becomes Device0 and ProcessB has to reopen the handles to Device1 as if it was Device0. The driver writer tells me this is normal behavior for USB for the instances that are kept track in the USB stack to "move around". This sounds fundamentally wrong to me but I can't say that it is seeing as how I know little about the Windows USB core. Can anyone help me answer this question? Thank you for your time, Jeff WarrenAnonymous
July 17, 2007
jeff, this is expected behavior. if your device does not have a serial number, the usb core does not know that it is the same unique device moving from port to port. If it has a serial number, the device is installed once and remains the same device instance no matter which usb port it is plugged into. if you need your device to maintain identity wherever it is plugged in, report a serial number for the device. But why would the application have to reopen a handle to the 2nd device if the first is unplugged? Are the 2 devices interconnected/related? dAnonymous
July 17, 2007
The two devices do have unique serial numbers that follow the USB spec for serial numbers (e.g. "247070001"). The serial numbers are accurately shown by Windows under the enum USB key for our VID/PID pair. This is what is so confusing!? As far as the question of reopening the handle, I agree with you entirely the application should not have to reopen a handle when the other device it is NOT communicating with is removed. Yet this is not the case. The handle that is opened is to an interface and when two devices are plugged in and one is unplugged, the application with the open handle to the device that remains plugged in gets "moved". What I am told by our driver writer is that if instance 0 is removed and instance 1 is still active, the driver framework moves the resources from instance 1 to instance 0, which changes the symbolic links and therefore the handles that the application has open are no longer valid. This seems fundamentally wrong to me, but I have been told this is how the USB framework works. If I understand you, you are agreeing with what I am saying that there is something wrong with our driver. Regards, Jeff WarrenAnonymous
July 17, 2007
Hi! Doron, I try to find the interrupt of SmBus Controller. I boot in DOS mode. Then, I use the debug to modify the interrupt 6 to jump memry to 6000:0000. I write a simple code to clear screan in the memory. I set the smbus interrupt to 6. I call the SmBus command with the interrupt control. Then the screan is cleared. So I think this interrupt can work well. Sorry, I give you a wrong answer. I use the command "devcon install MySensor.inf PCIVEN_8086&DEV_27DA" to install the driver. Is it right? If I want to write MyDriver, I refer the sample of the folder WinDDK5384srckmdfpcidrv, does it suit me? Thanks.Anonymous
July 22, 2007
Hi Doronh, What has to be done with the PNP IRPs that a driver receives when the driver is in a PNP state at which it cannot accept the IRP? For example, Will START_DEVICE irp be issued when the device is at Stop pending or remove pending state? Can you provide a list of states for each IRP, at which the IRP can be occur? Regards, JoshAnonymous
July 23, 2007
josh, the table of transitions is quite large. in the particular case you asking about, when you are in a query remove state, the only 2 pnp irps you can recieve are remove device or query remove canceled. same applies for the query stop state, you either receive a stop device or a query stop canceled. dAnonymous
July 23, 2007
Hi Doronh, I hope, when in query stop state, a surprise remove irp can be received as well. It is not well documented on which IRPs can be received in which state. The state diagram in the DDK documentation under "State Transitions for PnP Devices" does not cover all states / state changes. Thanks, JoshAnonymous
July 23, 2007
in query stop/remote, you will only get a cancel query/stop or a stop/remove irp. if you fail the stop irp itself, you can get a surprise remove irp from that state, so i guess if an upper driver fails a stop irp (which it is not allowed to do, that is breaking the rules) i guess you could get a surprise remove in the query stop state. dAnonymous
July 24, 2007
Hi! Doronh, I modify my software driver. I add pnpPowerCallbacks in my DeviceAdd. Then register it by WdfDeviceInitSetPnpPowerEventCallbacks(). I add WDF_INTERRUPT_CONFIG_INIT in the same function. And I create interrupt object by WdfInterruptCreate(). In my PrepareHardware function. I use the WdfCmResourceListGetCount() to get list count. And use the WdfCmResourceListGetDescriptor() to get the Descriptor. Then I use "Devcon update mydriver.inf PCIVEN_8086&DEV_27DA" to replace the Intel's SmBus controller in the device management. It works, I have replace it, but the IRQ is changed from 4 to 17. Do the IRQ change is normal? I just show infomation in the PrepareHardware function. I found the WdfCmResourceListGetCount is 3. They are CmResourceTypePort, CmResourceTypeDevicePrivate and CmResourceTypeInterrupt. I am a new hand on this topic. Is it enough to receive the interrupt? Or I must to add some more to resupply about the interrupt? Thanks for your help.Anonymous
July 26, 2007
Hi! Doronh, I have a question about InterruptIsr and InterruptDpc. I find a entry into my InterruptIsr function, then I call the WdfInterruptQueueDpcForIsr(interrupt) function to send DPC. Then the InterruptDpc function works. Do I need to clear Interrupt? Or the sysytem will clear the interrupt automatically by my return is true? Thanks.Anonymous
July 26, 2007
Ted, in your EvtInterruptEnable you will need to enable the hw to generate interrupts. You will probably also need to register an EvtDeviceD0EntryPostInterruptsEnabled to do some passive level initialization of the hw. The IRQ changing should be fine and not an issue. As for clearing the interrupt, yes you need to disable the interrupt in the ISR and then enable it again in the DPC once have read all of the relevant state from the hw. Returning TRUE from the ISR tells the OS that you handled the interrupt and to stop calling other ISRs connected to the IRQ. Think about your question though, how would the OS know to turn off the interrupt by itself? Every piece of hardware has a different way of doing this and the OS does not have specific knowledge of any device (this is changing though, with PCI 3.0 there are standardized registers which the OS can use to change interrupt state on its own). dAnonymous
July 26, 2007
Hi! Doronh, It works. ^_^ In the interruptISR function, I must clear smbus interrupt first. Then I return true, and read data and clear the register in interruptDpc function. I won't do twice read by one interrupt again. Thanks.Anonymous
July 26, 2007
Hi Doronh, I am writing a KMDF driver ( Bus driver for pcie). The requirement is unique , the new device behaves as an End point, so the BISO/OS enumerates it as a normal device. But infact it is a bridge. So my driver will be loaded and my driver will enumerate all the devices attached to this bridge. The Pnp has assigned the H/W resoures (io/Mem). Now my job is to distribute this resources to the child devices. The problem is when I assign the resources to child devices , Pnp manager says, conflict of resources between parent and child device to which I have allocated. So How do I tell OS that I My driver(parent driver) will not use the resources but the resources will be passed down to the child devices. And also I observed that in Device manager PCI bus driver shows the resources which are used by the devices enumerated by it and those devices are also using that resources. Please help me out in this matter. I want see the the same resources shown in Device Manger for both my Bus driver and also child device. Thank You.Anonymous
July 27, 2007
Ted, great to hear! Glad you got it working. dAnonymous
July 27, 2007
Kiran, what you are trying to do (reassign resources assigned to your parent to your children) is called resource arbitration. Unfortunately, the interfaces to implement resource arbitration in a bus driver are not documented. This means that you cannot do this yourself in your driver. You have 2 choices to fix this. Your first choice is to correctly report your device as a bridge instead of an endpoint. If you do this, the OS will load the correct drivers with no INFs written by yourself and then things should work as expected. Your second choice is to use mf.sys to arbitrate the resources. MF.sys is an inbox driver which can be "scripted" to split up resources from a parent device to its children devices. For this to work properly you need to write an INF and tell MF.sys what to do. This is documented here, http://msdn2.microsoft.com/en-us/library/ms794936.aspx. I would guess that option one is not a choice for you, so i suggest you try to use mf.sys to accomplish your goal. dAnonymous
July 27, 2007
Dear Doronh, I have a question abou the delay in wdf driver. I use the WdfInterruptQueueDpcForIsr(Interrupt). Then I read data in the InterruptDpc function. But I must read I/O port to poll the status before the data is ready. (I always need to polling about total 1500 times, i use the block read in I2C mode.) Could I use something function to delay 50 microseconds in the DPC? And Coudl it will take effort on the system? I find a function KeStallExecutionProcessor() in WDM. Is there the same function in WDF? Thanks.Anonymous
July 28, 2007
Ted, WDF does not wrap all of the OS so there is not a one to one relationship between WDF and OS functionality. In this case, you can and should call KeStallExecutionProcessor to delay for 50 us. How many times are you going to call it? Your DPC should also be very short. If you are going to have any kind of delay i would suggest that you queue a work item and spin at passive level. dAnonymous
July 29, 2007
Dear Doronh, Thanks for replying. But my problem still persists. The problem is the device is Not exactly a bridge. It is a PCI-Express complient ROOT COMPLEX (RC). So I cannot use the mf.sys since it is not a Multifunction device. The board is still under development and requirement is to validate the functionality of RC. So the RC behaves during boot time as END POINT and it gets IO and Mem resources. After that, through my bus driver I have to pass the resources to child devices attached to RC. I will be very glad if you provice some information on ARBITER_INTERFACE and its usage. Thank You. Kiran SAnonymous
July 30, 2007
The comment has been removedAnonymous
July 30, 2007
Hi, i want to present a problem im trying to solve and then the solution im trying to implement, until now without success and i would love to hear if you see anything that i'm missing here. the requiremnets im facing are - allocate IObuffers in the kernel, each has a fixed size of 4k. these allocations must be alligned to seperate pages because my hardware currently does not support DMA or scatter-gather so in order to work properly all the data of a buffer must reside in a single memory page which must not be paged out. until today , this was done by allocating cached aligned pages from the nonPaged pool. today this won't be good since i will need more memory the the NonPaged pool has to offer. so, my solution for now will be to allocate these buffers from the paged pool using ExallocatePoolWithTag , then allocate MDL for each buffer and lock the buffer - MmProbeAndLock. i save all the MDLs (mdl per allocated memory buffer) in a list so i can free them when needed. until now i get system crashes. although it seems that the allocation passed the system crashes due to some page fault which is not a part of my flow. would be great to hear your opinion. thanks, kobi.Anonymous
August 04, 2007
The comment has been removedAnonymous
August 09, 2007
The comment has been removedAnonymous
August 14, 2007
The comment has been removedAnonymous
August 15, 2007
The comment has been removedAnonymous
August 19, 2007
Hi Doronh, I need to remap a Serial COM1 port to any other unused port number. Kindly give me direction to program it. I donot want to use GUI ->port settings.Anonymous
August 27, 2007
Hi Dorohn, good morning, i'm developing a simple parallel interface to communicate with a development board using the parallel port. For doing this i will need a full raw access to parallel port. I'm working on a device driver to do this and would like to know if you could give me a little tip on which way i should take. I'm thinking on developing a FDO driver over the system parallel drivers to acquire the parallel port control. I'm worried about IEEE 1284 standard. My hardware is very simple and will use only the data pins to comunicate with PC. Can i do it as a raw device, ignoring the IEEE 1284? regards, Otavio RibeiroAnonymous
August 28, 2007
Hallo Otavio, you might want to have a look into OpenCBM (URL: http://opencbm.sf.net/, and the URL which you get if you click on my name). It implements a custom protocol via raw access to the parallel port. It might not be the best driver ever, but it works. ;) HTH,
- strik
Anonymous
August 30, 2007
Hi doronh I am able to remap the serial port. Thanks to you (it was only because of your post in some other blog) that I founf the basics of port remapping. I have one more doubt i.e how to get the COM port number to which a serial mouse is connected?Anonymous
August 30, 2007
Strik, thanks for answering. I downloaded the code and at a first glance it is just what i need to know. Clear and well commented code. I'm going to look it deeply and use as base for my driver. thanks again, OtavioAnonymous
September 05, 2007
Hi, For installing drivers which are signed with SPC certificates, on Vista64:
- Do we need to ask users/clients to install the certificate on target machine?
- I have a certificate from Verisign. To which certificate stores should the users install the certificates on target machine?
- Is there a way to install certificates on target/client machines without user requiring to do it manually? Thanks.
Anonymous
September 17, 2007
Hi doronh , I'm a beginner in Device Driver Programing . I've implemented a small File system filter driver and consequently , i'm familier with Kernel mode programing . Today i want to have a device that can work with Physical Hard disk . The main point is that i want to read the HDD serial number , and , in order to do that i tried to open the physical Device by ZwCreateFile , some thing like this : if (Drive < 'A') swprintf (DriveName, L"\.\HarddiskVolume%d", Drive) ; else swprintf (DriveName, L"\DosDevices%c:", toupper(Drive)) ; RtlInitUnicodeString(&fileNameUnicodeString,(WCHAR *)DriveName); InitializeObjectAttributes( &objectAttributes, &fileNameUnicodeString, OBJ_CASE_INSENSITIVE, NULL, NULL ); ntStatus = ZwCreateFile( &hPhysicalDriveIOCTL, GENERIC_READ | GENERIC_WRITE , &objectAttributes, &IoStatusBlock, NULL, 0, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, FILE_NON_DIRECTORY_FILE, NULL, 0 ) ; .... The "Drive" is an input parameter . But it doesn't work! what's is wrong? the name of physical device or may be the ZwCreateFile parameters ? Help Plz... Regard, NedaAnonymous
September 20, 2007
Hi Doron, I have a basic doubt: Is it mandatory to use WDF (KMDF) to develop drivers for Vista 64 bits OS (also 32 bits OS)? Would drivers developed based on WDM (Windows Driver Model) compile & work fine? Thanks.Anonymous
September 24, 2007
Hello Doron, I want to customize MaximumTransferSize with KMDF for Win2k. (Because the default 4KB is too small for our USB device.) I think that there is a solution that mixes the code of WDM & KMDF. However, I want to know whether there is a solution that uses only KMDF. Could you teach? ex) the mixing code of WDM & KMDF. SelectInterfaces(IN WDFDEVICE Device) { //snip WDF_USB_DEVICE_SELECT_CONFIG_PARAMS_INIT_SINGLE_INTERFACE( &configParams); WdfUsbTargetDeviceSelectConfig( // snip { //snip urb = USBD_CreateConfigurationRequestEx( //snip //snip Interface->Pipes[i].MaximumTransferSize = (256 * 1024); //snip WdfUsbTargetDeviceSendUrbSynchronously( //snip //snip } } Thx phasyAnonymous
September 24, 2007
btw, there is the code HKR,"Parameters","MaximumTransferSize",0x10001,4096 in usbsamp.inx of the sample usbsamp of WDK6000. However, I believe that it doesn't work. If it is correct, it might be comprehensible to delete it. phasyAnonymous
September 26, 2007
Hi Doron, We've had previous experience developing BDA drivers, usually for USB-connected tv devices - essentially an avstream miniport driver. Planning a 'next generation' it seems that KMDF would clean up the USB side of things quite a bit, but is it in fact possible to create a BDA driver with KMDF or do we have to stick with the WDM route? Rgds, ColinAnonymous
October 03, 2007
[I am writing the PCI bus storage WDM driver, and encountered a problem these days only in Vista. (the problem will not occur on XPSP2). And the operation is "copying files to the storage device (like MS/SD) , before finished, to enter power saving (sleep/Hibernet) mode, sometimes window will show error message as follow. error 0x800703EE: The volume for a file has been externally altered so that the opened file is no longer valid"] ykwang, it depends on how deep in the storage stack you are. If you are at the HBA level you must complete processing any i/os in progress and queue any new I/Os before powering down. all of the storage drivers above the HBA assume that the HBA will deal with queue management with respect to power state. If you use KMDF power managed queues, you get this behavior for free. dAnonymous
October 03, 2007
tinylaser, i am not sure i udnerstand what you are saying. are you saying that both devices have the same serial number? i have no idea of what you mean by resource reassignment at the usb layer. usb devices consume endpoints, not hw resources. dAnonymous
October 03, 2007
kobi, I would need to see a callstack to make a guess as to what is going wrong. BUT, PagedPool is not an infinite resource either and you will eventually hit the same constraints. dAnonymous
October 03, 2007
ComPort, TDI has a hard coded limit for the number of stack locations it uses when allocating IRPs. I think the default max is 4, although there is a registry key to override this value. Allocating a new sub irp for the incoming irps works if and only if you have a valid stack location for the current irp or you do not want to support cancelation. dAnonymous
October 03, 2007
torque, you can use KDMF to write a ramdisk (in fact there is a WDK ramdisk sample in WINDDK6000srckmdframdisk).
- KMDF still exists in the NT kernel and you must play by the rules that the NT kernel memory manager gives you. If you can allocate 100 GB in a WDM driver, you can easily do the same in a KMDF driver.
- by stick of RAM i assume you mean DRAM and not a USB Memory stick or something off the main mobo. I do not think that the memory mamager allows for you to specify the physical addresses for an allocation, you might be able to play with a MDL and specify the physical addresses in the MDLs PFN list. I have no idea what you mean about each CPU controlling some amount of memory. CPUs do not own memory. d
Anonymous
October 03, 2007
The comment has been removedAnonymous
October 05, 2007
Hi, I can't use DebugView on Vista x64... I saw your article: http://blogs.msdn.com/doronh/archive/2006/11/14/where-did-my-debug-output-go-in-vista.aspx But I don't understand the first step ^^ Thank you for your explanation! CedricAnonymous
October 05, 2007
I add that my driver is a scanner minidriver... Thank you very much!Anonymous
October 11, 2007
The comment has been removedAnonymous
October 12, 2007
Hi, Doron: Now I know that the SCRM will always open the smartcard reader and wait other process to connect the reader. So what is the sharing mode of the open operation by the SCRM. Is there a possibility that the reader be opened by another process? I want to have one process to simulate the "virtual smartcard", which will share the "virtual reader" with the SCRM. When SCRM transmit data to reader, my driver will copy the data to a shareable space where the virtual smartcard process can also access. The virtual smartcard fetch data there, process it and then write the result back. Is it possible to open one device twice? Do I need to register two different interface for the device? Is there any reference and samples about this topic?Anonymous
October 18, 2007
The comment has been removedAnonymous
October 19, 2007
The comment has been removedAnonymous
October 19, 2007
After considering the problem for a day, I’m thinking that my best route is to have the ReadIrpCompletion routine reissue its Irp to read the next inbound message in a DPC. That way ReadIrpCompletion routine cannot be re-entered before it returns, thus making my design insensitive to the answers to the questions that I previously posed. I still would appreciate your thoughts though. Thanks, Bob FeretichAnonymous
October 23, 2007
I have signed my driver using Microsoft authenticode with test certificates. I have following 2 problems:
- On Windows XP, in the driver properties through Device manager, the 'Digital Signer' shows 'Not digitally signed'. If I check the .sys file & the .cat files, they have a 'Digital Signature' tab containing appropriate signature. How do I get appropriate values for 'Digital Signer' property for the driver as well as the driver file.
- On Vista 64, Device manager->Driver properties displays appropriate 'Digital Signer'. However, when 'Driver Details' button is clicked, for the driver file 'Digital Signer' displays 'Not digitally signed'. How do I get the correct value for the driver files property? Thanks.
- Anonymous
October 25, 2007
Hi Doronh, I have got this problem with DMA. My device DMA capabilities are
- Packet Based
- No ScatterGather Support
- Symultaneous Read & Write (Duplex) Operations
- 32 bit Addressing capability The Problem is since the device does not support ScatterGather , I have to go for "WdfDmaProfilePacket" option. If I take this option then I cannot take the full advantage of my device (Full Duplex) because only one Transaction can run at a time with this option. So, I tried to create two "WDFDMATRANSACTION objects" one Read and one for Write from two different "WDFDMAENABLER objects". Since transaction objects belongs to two different dmaenabler objects, I thought I can run two transactions at time because they belong to different dmaenbler objects. But I was getting this error "STATUS_WDF_BUSY". I failed to arrive at a proper solution. PLEASE HELP ME in this regard. Thank You, Kiran S
Anonymous
October 27, 2007
The comment has been removedAnonymous
October 30, 2007
The comment has been removedAnonymous
November 05, 2007
The comment has been removedAnonymous
December 05, 2007
Hi, Doron. There is a function I was not able to find in the WDF DDK. How can a child object get a reference of it's parent? Is it possible at all? I have a WDFMEMORY object and I want to retrieve it's parent. Thanks!Anonymous
December 09, 2007
Hello Doron. I'm fairly new to driver writing. I'm trying to mount a Virtual Volume by using the non-PnP IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION to let the mount manager know a new volume has arrived. I tried mounting the volume over an existing virtual volume, so they'd have the same starting/end offsets and Physical target device to write to. I've implemented all of the REQUIRED mount manager client IOCTL responses and just about every other IOCTL I received during debug. I started getting read/write requests for the beginning of my virtual volume and then some random read requests I couldn't make out (their destination was some where in the middle of my volume). I mounted my volume over an existing NTFS partition and over an existing FAT partition and there were some minor changes, but nothing seems to work. I can see that the Mount manager created a symbolic link to my volume,but I can't access it. I believe that some upper FS driver reads data from the physical disk, , finds out that there is already a mounted device over it and ignores my volume. The entire issue is very poorly documented and I couldn't find anything similar online. Have you ever dealt with this issue? Thanks a bunch, ArielAnonymous
January 07, 2008
Hi, Doron, Is true that the only proper way to write a NIC driver that uses NDIS and KMDF for USB to write two drivers (a KMDF USB driver with a NDIS Filter driver, similar to NDISEDGE over PCIDRV)? I think it is true for two reasons:
- It is not possible to create a pure KMDF driver inside of an NDIS driver since they both have competing initializaiton and framework requirements. (That is...it is possible to write WDM USB support in a NDIS driver, but not KMDF).
- To properly support Selective Suspend and have total control over power management, the USB driver has to have total control over power events. Is what am I saying correct? I beleive it is, but people are telling me that it is possible to to write a monolithic NDIS that uses KMDF. I think you covered this topic above, but I want to make absolutely certain that this is the proper approach.
Anonymous
February 01, 2008
Hello Doron, I'm trying to convert a legacy device driver, which was created with BlueWater's DriverWizard, to WDF. The legacy driver creates MyDriverName.Raw & MyDriverName.Translated resources under MACHINEHARDWARERESOURCEMAPPnP ManagerPnpManager, but the WDF driver does not. How do I make the WDF driver create these resources? /RussAnonymous
February 08, 2008
Hello Doron, I am developing a USB Client WDM driver for XP. I am using the selective suspend mechanism for idle mode and also for Wait-Wake. The driver works fine but the problem is when I installed the driver in VISTA , the idle mode works but the Remote wake up is not happening. The bus driver is not completing the Wait-Wake Irp after the reception of an extern signal. In WDK I found some details regarding the selective suspend enabling options (such as enabling the option in devicemanager ->USB Root hub ->properties-> power management ->Allow this device to turn off this device to save power). And also I enabled the option Control panel -> Power options -> Current "Power plan"->USB settings -> selective suspend and enabled all options (On Battery and Plugged In). Even after doing these, The Irp is not getting completed. What is the problem, Please help me in this regard. Thank You, Kiran SAnonymous
March 05, 2008
Hello Doron, I have a question about selective suspend and D2D3 issue. We develop Wireless LAN driver in Vista and encounter some challenge. Hope you can help me to solve. We use selective suspend function let device (our Wireless LAN card) enter D2 mode, Then we let system enter sleep (Start->Shut Down->Sleep). And wait a moment, we resume system. When system resume done, our device can not work (WLAN card can not scan to get AP list). In our WLAN driver, we can observe: When WLAN driver detects device is idle, then we call selective suspend function. The device power state will transfer from D0 to D2 (our WLAN driver MiniportPause will be called). Then WLAN driver detects device need to work, we call selective suspend function also. Then device power state transfers from D2 to D0 (our WLAN driver MiniportRestart will be called). It works fine. But if device power state transfers from D0 to D2, then we let system enter Sleep immediately (device power state will transfer from D2 to D3). When system resume, device power state transfers from D3 to D0 (our WLAN driver MiniportRestart will NOT be called). Device can not work. Could you help me power state transfers from D3 to D0, why our WLAN driver MiniportRestart does not be called?Anonymous
March 11, 2008
henrylin, the problem here is that you are acting as the power policy owner (PPO) for the NDIS stack as an NDIS miniport when you are not actually the PPO! You cannot manage the power state behind NDIS"s back like this because NDIS is not expecting random power irps to arrive outside of its own power logic. My guess with your D3 to D0 transition is that the initial D2->D3 transition is incorrect and that you need to transition from D2 -> D0 -> D3 on resume. If that does not help, you need to attach a kernel debugger and see where NDIS gets stuck. hth, dAnonymous
March 11, 2008
Dear Doron, thanks your response! Yes, i also want to let D2->D0->D3. But how to do ? When i press Start->Shut Down->Sleep. Our miniport driver handle OID's code will be run(OID_PNP_SET_POWER). At this point device power state changes(i don't know who changes this state, i guess is NDIS?) from D2 to D3. Could you tell me where to change state from D2 to D0 before someone changes devide power state from D2 to D3? thanks henryAnonymous
March 11, 2008
Sorry...typo Could you tell me where to change state from D2 to D0 before someone changes device power state from D2 to D3?Anonymous
March 14, 2008
henrylin, this is one of the many problems trying to implement USB SS in a miniport where you are not the power policy owner. In this case, the PPO does not track that the device is in Dx when it gets the Sx irp to it requests another Dx irp. How can you fix this? Well you can register for an ex callback which tells you about the Sx/S0 transition before it is sent to the driver stacks. I wrote about how to do this in this entry, http://blogs.msdn.com/doronh/archive/2006/06/13/630493.aspx. To get started, the docs on ExCreateCallback are here, http://msdn2.microsoft.com/en-us/library/aa489845.aspx. What you would do is disable USB SS and move back to D0 in the notification that the OS is going to Sx and then reenable the idling out (e.g. start your timer) when you get notified of going to S0. dAnonymous
March 16, 2008
Dear Doron, Thanks your big big big support!! It works well. henrylinAnonymous
April 01, 2008
Doron, I hear Vista's standard vga driver (vgapnp.sys) supports some level of power management. I would like to know what that "some level" is. Powercfg -a when run under Vista (standard vga enabled) complains that vgapnp does not allow certain Sx transitions like S2, S3 etc. Is there a way to stop vgapnp.sys from impeding S2, S3 transitions? Switching to a vendor specific video driver though an obvious option is not what I am looking for. I would like to use standard vga if possible inspite of obvious drawbacks. Thanks, KamalaAnonymous
April 01, 2008
Kamala, i asked around. vgapnp.sys supports hibernate, but that is it. it does not support S1-S3 due to varying BIOS compat problems that were encountered during test. dAnonymous
April 02, 2008
Thanks for getting back! KamalaAnonymous
April 07, 2008
The comment has been removedAnonymous
June 13, 2008
PingBack from http://elijah.picturesiteworld.com/pleasewaitwhilewindowsconfigureswindowsmobiledevicecenterdriverupdatetimeremaining0s.htmlAnonymous
July 02, 2008
Hi Doran... i'm currently doing a project of USB Mass Storage Acces Control System where we can block the usb devices... can u pls tell me how to trap the messages sended by usb Mass storage devices using windows hooks... Does the service can handle it without using hooks... How to programatically make a USB mass storage Device write protected... I'm new to win32API so can u guide step by step to solve these problems... Thanks in advance... varun :) Thanks in advance... varun...Anonymous
July 06, 2008
Hi doron. i have an architecture question regarding a communication between two drivers, one of them is WDF based and the other isn't. these two driver needs to communicate with each other. i've implemented the communicaiton methods using interface notification registration for synch ussues and function pointers that are passed between the drivers in order to implement the actual communication. now - DriverB (non wdf) is in charge of the interrupt handling. within its DPC it calls functions that are implemented in driverA (WDF based). it works fine and i can pass data between the two drivers. now, here is my problem. upon interrupt, driverB(non wdf) will call a method(through a function pointer) in driverA(WDF). in this method (implemented in the WDF drievr but called from the non-wdf driver) i would like to complete a pending IOCTL that was previously sent to driverA(WDF). since my call to the method was from the nonWDf driver, i can't complete the pending IOCTL since i can't call any WDF method. what are my options in that case to do so ? can DriverB(non-WDF) triger an event to wake a thread in driverA(WDF) to complete the IRP ? thanks, kobi.Anonymous
July 20, 2008
Hi Doron, I'd like to ask you about WdfTimerStop function. When the 'Wait' parameter is set to FALSE, does it mean that all queued calls fired by timer are canceled? If not, how can I cancel them? Thanks in advance. MichalAnonymous
July 27, 2008
Hi Doron, I wish to intercept or monitor the file io as well as network io. i am sure that if i write a file system filter driver, i will be able to monitor file io. :-) But will 'redirector' sends networking related apis also to my filter driver. if not.. can u suggest me a better technique to do monitoring of file io and networking io. thanks in advance. HPAnonymous
July 28, 2008
Hi Doron, I'v been pokling around WDF headers to see what is the internal implementation of WDF context objects and how does WDF work in order to make context object retrieval fast. However, the headers don't tell the whole story. I was wondering if you can give a post describing the context object infrastructure, and the way the internals are designed to be able to retrieve any type of context object from a WDF handle in a fast way. Thanks, Eran.Anonymous
August 06, 2008
Hi Doron, I am developing a miniport storage driver for HBA. I am trying to write Event Log other than SCSI events. ScsiPortLogError or StorPortLogError functions are used to log only the SCSI events. For my requirement I have to use IoAllocateErrorLogEntry & IoWriteErrorLogEntry functions. IoAllocateErrorLogEntry takes DriverObject as input. In miniport driver, we can get DriverObject only in DriverEntry function. Is it good to save this pointer for future usage for writing events. Or if there is any other way to write event log messages plz post it. Thanks, VijayAnonymous
September 02, 2008
Hi Doron, i have a case of a bug check that is issued occasionaly and specifies the pci.sys as the faulting driver. I'm using a routine which uses "IRP_MN_READ_CONFIG/IRP_MN_WRITE_CONFIG" in order to write/read pci configuration space of a device. on earlier days i used HalGetBusData/HalSetBusData but now that they are obsolete i'm using an irp as described before (as documented in the MSDN). as a result of this call i sometime get the bugcheck and i can't expect when the bug check will be issued or not. DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check parameters : 0x000000D1(F99dd748,00000002,00000000,f99dd748) any idea ? P.S. it might sound strange but here's another piece of information : on my machine there's an antivirus client (symantec). somehow, but i can't be 100% sure, while the antivirus client is up the bugcheck will be issued. when it's service is down the bug check will not occur. thanks, Kobi.Anonymous
September 08, 2008
Dear Doronh! I haven't found anything related to how to setup alternate settings for a multi interface usb driver. The only code I have found is that from MSDN for WDF_USB_DEVICE_SELECT_CONFIG_PARAMS_INIT_MULTIPLE_INTERFACES. if (numInterfaces == 1){ WDF_USB_DEVICE_SELECT_CONFIG_PARAMS_INIT_SINGLE_INTERFACE(¶ms); } else { settingPairs = ExAllocatePoolWithTag( PagedPool, sizeof(WDF_USB_INTERFACE_SETTING_PAIR) * numInterfaces, MEM_TAG ); if (settingPairs == NULL){ return STATUS_INSUFFICIENT_RESOURCES; } InitSettingPairs( UsbDevice, settingPairs, numInterfaces ); WDF_USB_DEVICE_SELECT_CONFIG_PARAMS_INIT_MULTIPLE_INTERFACES( ¶ms, numInterfaces, settingPairs ); } status = WdfUsbTargetDeviceSelectConfig( UsbDevice, NULL, ¶ms ); But I don't know what InitSettingPairs should do? I hope you could give some directions about how to setup a multiple interface device that uses alternate settings for increasing bandwidth. Thanks.Anonymous
November 19, 2008
The comment has been removedAnonymous
November 22, 2008
The comment has been removedAnonymous
January 29, 2009
The comment has been removedAnonymous
March 03, 2009
Hi Doron, I wrote a KMDF driver for a PCI device. I have to use "WdfDeviceCreateDeviceInterface" to create a Interface with a "ReferenceString". This "ReferenceString" is determined by the PCI device's curent state. So I do "WdfDeviceCreateDeviceInterface" and write some information into registry in "EvtDeviceD0Entry". It can work in most time except OS is restarted. After I change the PCI device's state, I restart OS(WinXP). After OS restart, I find no new information written to registry. If I disabel this PCI device and enable this PCI device again, the new information can be writen to registry. Can you give me any suggestions or tips?Thanks a lot!Anonymous
March 31, 2009
Hi ?Doron I am trying to get and set the properties of soundmax card.Both get and set uses deviceiocontrol.The get version is working fine but when i set the pin state to RUN ,the deviceiocontrol fails returning error ERROR_BAD_COMMAND.There are two kinds of cards on my m/c.One is soundmax and the other maudio.For maudio it works fine but it fails for soundmax.I am running vista on my m/c. I am calling deviceiocontrol twice one after other for get and set.Can you pls let me know why it fails for second time.Anonymous
May 26, 2009
The comment has been removedAnonymous
June 08, 2009
PingBack from http://insomniacuresite.info/story.php?id=9005Anonymous
June 08, 2009
PingBack from http://hairgrowthproducts.info/story.php?id=477Anonymous
June 13, 2009
PingBack from http://thestoragebench.info/story.php?id=8011Anonymous
July 21, 2009
The comment has been removedAnonymous
November 05, 2009
Hi Doran, I'm sorry for my English and new in program. I hope my description won't confuse you. I'm developing an application with USB device scan. Using WM_DEVICECHANGE , I retrieved the Symbolic Link of device. Is there a methord that retrieved the device descriptor of this USB device through the Symbolic Link of device? I have read the USBView sample in DDK, that methor costs too much time to retrieved the device descriptor. Also, driver of this device doesn't support the function. Looking forward to your reply!Thank you!Anonymous
February 07, 2010
Dear Doran Greetings ! I am developing a driver for Ethernet over USB in Win XP. I registered the read write calls in the AddDevice() as follwos : In USBSamp the registration of the callback function is done as : WDF_FILEOBJECT_CONFIG_INIT(&fileConfig,UsbSamp_EvtDeviceFileCreate,WDF_NO_EVENT_CALLBACK,WDF_NO_EVENT_CALLBACK); WDF_OBJECT_ATTRIBUTES_INIT(&fileObjectAttributes); WDF_OBJECT_ATTRIBUTES_SET_CONTEXT_TYPE(&fileObjectAttributes, FILE_CONTEXT); WdfDeviceInitSetFileObjectConfig(DeviceInit, &fileConfig, &fileObjectAttributes); I am using NDIS-WDM as Upper edge and USBsamp as Function driver. I am able to send IRP_MJ_WRITE event to USB driver which in turn invokes EvtIoWrite callback function properly. EvtIoWrite invokes WdfRequestGetFileObject() Which returns NULL. This is possiblly because USB driver did not receive IRP_MJ_CREATE to create FILE OBJECT. Then i inserted IRP_MJ_CREATE event in my NIDS driver as follows : PIRP irp = Adapter->StatusIndicationIrp; PIO_STACK_LOCATION nextStack = NULL; DEBUGP(MP_INFO, ("--> NICPostAsynchronousStatusIndicationIrpn")); IoReuseIrp(irp, STATUS_SUCCESS); nextStack = IoGetNextIrpStackLocation( irp ); nextStack->MajorFunction = IRP_MJ_CREATE ; nextStack->FileObject = Adapter->FileObject; IoSetCompletionRoutine(irp, NICStatusIndicationCreateIrpCompletionRoutine, Adapter, TRUE, TRUE,TRUE); Adapter->StatusIndicationIrpLock = IRPLOCK_CANCELABLE; MP_INC_REF(Adapter); (void) IoCallDriver(Adapter->TargetDeviceObject, irp); However, this call also fail's in the COMPLETION ROUTINE at if(!NT_SUCCESS(Irp->IoStatus.Status)). With Status code 0xc0000182 Can you help me in the right implementation of IRP_MJ_CREATE or an appropriate solution for WdfRequestGetFileObject() in the EvtIoWrite routine to Pass. Kindly guide me in resolving this issue. With Warm Regards, Pramod KolhapureAnonymous
March 29, 2010
The comment has been removed