WDK – OSR

Mar

PSA: FsRtlIsNameInExpression Can Raise an Exception

Categories: FSD, WDK

by SNoone

Well, THIS one was a surprise…After triggering a memory leak in a driver, the system surprisingly crashed due to a call to FsRtlIsNameInExpression:

 # ChildEBP RetAddr  
00 b7226d0c 816167b8 nt!RtlpBreakWithStatusInstruction
01 b7226d60 816161c1 nt!KiBugCheckDebugBreak+0x1f
02 b7227154 81575746 nt!KeBugCheck2+0x7b3
03 b7227178 8157567d nt!KiBugCheck2+0xc6
04 b7227198 816126ed nt!KeBugCheckEx+0x19
05 b72271b4 81590522 nt!KiFatalExceptionHandler+0x1a
06 b72271d8 815904f4 nt!ExecuteHandler2+0x26
07 b722729c 8159049b nt!ExecuteHandler+0x24
08 b72275cc 814c61fe nt!RtlRaiseStatus+0x47
09 b7227610 89a72012 nt!RtlIsNameInExpression+0x74
0a b7227630 89a71496 Osr!MatchNameAgainstExpression+0x42

# ChildEBP RetAddr

00 b7226d0c 816167b8 nt!RtlpBreakWithStatusInstruction

01 b7226d60 816161c1 nt!KiBugCheckDebugBreak+0x1f

02 b7227154 81575746 nt!KeBugCheck2+0x7b3

03 b7227178 8157567d nt!KiBugCheck2+0xc6

04 b7227198 816126ed nt!KeBugCheckEx+0x19

05 b72271b4 81590522 nt!KiFatalExceptionHandler+0x1a

06 b72271d8 815904f4 nt!ExecuteHandler2+0x26

07 b722729c 8159049b nt!ExecuteHandler+0x24

08 b72275cc 814c61fe nt!RtlRaiseStatus+0x47

09 b7227610 89a72012 nt!RtlIsNameInExpression+0x74

0a b7227630 89a71496 Osr!MatchNameAgainstExpression+0x42

As best we could tell we Read more

Oct

Check out the new Virtual Hardware Lab Kit (VHLK)

Categories: TESTING, WDK

Comments: No

by SNoone

A big complaint I’ve always had about the HLKs is the overhead of getting a system provisioned as the HLK controller. This is made even worse now by the blistering Read more

Jun

Beware MmBuildMdlForNonPagedPool and Kernel Stacks

Categories: DEBUG, GENERAL, WDK, WDM

Comments: No

by SNoone

Well, this one took us by surprise… MmBuildMdlForNonPagedPool is the standard shortcut function drivers use to build MDLs describing non-pageable memory. Despite the name, the buffer described by the MDL Read more

Jan

Meltdown and Spectre: What about drivers?

Categories: COMMUNITY, FSD, GENERAL, WDF, WDK, WDM

Comments: 1

by SNoone

The week the Meltdown and Spectre vulnerabilities was one of the most fun weeks I’ve had in a while. Not only were the vulnerabilities mind-bendingly clever, that week had just Read more

Oct

WDK 1709 (aka 16299 aka RS3) Released!

Categories: WDK

Comments: No

by SNoone

Yet another release of Windows 10 means yet another release of the WDK: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit The big news with this release is that driver development is finally integrated with Visual Studio Read more

May

WinDbg, Debugger Objects, and JavaScript! Oh, My!

Categories: DEBUG, WDK

Comments: No

by SNoone

In case you’ve missed it, there are tons of changes going on under the covers in WinDbg. There is a fundamental paradigm shift going on in terms of how WinDbg Read more

Apr

1394 Boot Debugging is Dead

Categories: COMMUNITY, DEBUG, WDK

Comments: No

by SNoone

TL;DR: Don’t waste your time like we did – 1394 boot debugging no longer works on the latest builds on Windows 10. As you might already be aware, native 1394 kernel Read more

Mar

Is Running the HLK Tests REALLY a Best Practice?

Categories: COMMUNITY, TESTING, WDK

Comments: 1

by PeterGV

I can hear you now, scoffing as you read the latest issue of The NT Insider: “You OSR people actually think running the HLK tests is a Best Practice? Seriously?” I Read more

Mar

Visual Studio 2017 Released — Driver Devs: Stay Where You Are

Categories: COMMUNITY, GENERAL, WDK

Tags: Visual Studio, wdk

Comments: No

by PeterGV

Good News: Today Visual Studio (VS) 2017 was released to General Availability. You can download it here. Bad News: The Windows Driver Kit (WDK) doesn’t support this latest version of Read more

Aug

Debugging Target RS1? Good Luck!

Categories: COMMUNITY, DEBUG, GENERAL, WDK

Comments: No

by PeterGV

[Last updated 31 Aug 2016, 16:11 Eastern time] Update: As of 31 August 2016, we have verified that RS1 symbols are now present and indexed on the MSFT Symbol Server. Yay! Read more

All posts in WDK