newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-23-2006, 03:39 PM

Paul Mulholland

Guest
Posts: n/a

Hi All,

I am trying to write my first Windows driver, although I have written
Solaris drivers.

The problem is that when the device interrupts I get a
DRIVER_IRQL_NOT_LESS_OR_EQUAL error. The address quoted as the fault
address is in fact the address of the ISR. As far as I am aware all the
code is locked into memory.

I feel it must be something simple I am missing but I don't know what.

Cheers Paul.

Below is the WinDbg output.

0: kd> !analyze -v
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f77886b0, memory referenced
Arg2: 00000007, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: f77886b0, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
************************************************** ***********************

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 0

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
f77886b0

CURRENT_IRQL: 7

FAULTING_IP:
LaserBus+16b0
f77886b0 ?? ???

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from f77886b0 to 805436d0

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
8055031c f77886b0 badb0d00 00000002 00000000 nt!Kei386EoiHelper+0x2834
00000000 00000000 00000000 00000000 00000000 <Unloaded_LaserBus.sys>+0x16b0

STACK_COMMAND: kb

FOLLOWUP_IP:
LaserBus+16b0
f77886b0 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: LaserBus+16b0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: LaserBus

IMAGE_NAME: LaserBus.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

Responses to "newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem"

Don Burn

Guest
Posts: n/a

Re: newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-23-2006, 03:42 PM

Without the correct symbols, you are not going to get anywhere. Get the
symbols (use the symbol server) and then put out the question again.
DRIVER_IRQL_NOT_LESS_OR_EQUAL is the most common BSOD a driver can do.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

"Paul Mulholland" <paulNOSPAM@ipasys.biz> wrote in message
news:ek4euj$hhv$1$8302bc10@news.demon.co.uk...

> Hi All,
>
> I am trying to write my first Windows driver, although I have written
> Solaris drivers.
>
> The problem is that when the device interrupts I get a
> DRIVER_IRQL_NOT_LESS_OR_EQUAL error. The address quoted as the fault
> address is in fact the address of the ISR. As far as I am aware all the
> code is locked into memory.
>
> I feel it must be something simple I am missing but I don't know what.
>
> Cheers Paul.
>
> Below is the WinDbg output.
>
> 0: kd> !analyze -v
> ************************************************** *****************************
> * *
> * Bugcheck Analysis *
> * *
> ************************************************** *****************************
>
> DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
> An attempt was made to access a pageable (or completely invalid) address
> at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If kernel debugger is available get stack backtrace.
> Arguments:
> Arg1: f77886b0, memory referenced
> Arg2: 00000007, IRQL
> Arg3: 00000008, value 0 = read operation, 1 = write operation
> Arg4: f77886b0, address which referenced memory
>
> Debugging Details:
> ------------------
>
> ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
>
> ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
>
> ************************************************** ***********************
> *** ***
> *** ***
> *** Your debugger is not using the correct symbols ***
> *** ***
> *** In order for this command to work properly, your symbol path ***
> *** must point to .pdb files that have full type information. ***
> *** ***
> *** Certain .pdb files (such as the public OS symbols) do not ***
> *** contain the required information. Contact the group that ***
> *** provided you with these symbols if you need this command to ***
> *** work. ***
> *** ***
> *** Type referenced: nt!_KPRCB ***
> *** ***
> ************************************************** ***********************
> ************************************************** ***********************
> *** ***
> *** ***
> *** Your debugger is not using the correct symbols ***
> *** ***
> *** In order for this command to work properly, your symbol path ***
> *** must point to .pdb files that have full type information. ***
> *** ***
> *** Certain .pdb files (such as the public OS symbols) do not ***
> *** contain the required information. Contact the group that ***
> *** provided you with these symbols if you need this command to ***
> *** work. ***
> *** ***
> *** Type referenced: nt!KPRCB ***
> *** ***
> ************************************************** ***********************
> ************************************************** ***********************
> *** ***
> *** ***
> *** Your debugger is not using the correct symbols ***
> *** ***
> *** In order for this command to work properly, your symbol path ***
> *** must point to .pdb files that have full type information. ***
> *** ***
> *** Certain .pdb files (such as the public OS symbols) do not ***
> *** contain the required information. Contact the group that ***
> *** provided you with these symbols if you need this command to ***
> *** work. ***
> *** ***
> *** Type referenced: nt!_KPRCB ***
> *** ***
> ************************************************** ***********************
> ************************************************** ***********************
> *** ***
> *** ***
> *** Your debugger is not using the correct symbols ***
> *** ***
> *** In order for this command to work properly, your symbol path ***
> *** must point to .pdb files that have full type information. ***
> *** ***
> *** Certain .pdb files (such as the public OS symbols) do not ***
> *** contain the required information. Contact the group that ***
> *** provided you with these symbols if you need this command to ***
> *** work. ***
> *** ***
> *** Type referenced: nt!KPRCB ***
> *** ***
> ************************************************** ***********************
> ************************************************** ***********************
> *** ***
> *** ***
> *** Your debugger is not using the correct symbols ***
> *** ***
> *** In order for this command to work properly, your symbol path ***
> *** must point to .pdb files that have full type information. ***
> *** ***
> *** Certain .pdb files (such as the public OS symbols) do not ***
> *** contain the required information. Contact the group that ***
> *** provided you with these symbols if you need this command to ***
> *** work. ***
> *** ***
> *** Type referenced: nt!_KPRCB ***
> *** ***
> ************************************************** ***********************
>
> FAULTING_MODULE: 804d7000 nt
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 0
>
> WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
> unable to get nt!MmSpecialPoolEnd
> unable to get nt!MmPoolCodeStart
> unable to get nt!MmPoolCodeEnd
> f77886b0
>
> CURRENT_IRQL: 7
>
> FAULTING_IP:
> LaserBus+16b0
> f77886b0 ?? ???
>
> DEFAULT_BUCKET_ID: WRONG_SYMBOLS
>
> BUGCHECK_STR: 0xD1
>
> LAST_CONTROL_TRANSFER: from f77886b0 to 805436d0
>
> STACK_TEXT:
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> 8055031c f77886b0 badb0d00 00000002 00000000 nt!Kei386EoiHelper+0x2834
> 00000000 00000000 00000000 00000000 00000000
> <Unloaded_LaserBus.sys>+0x16b0
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> LaserBus+16b0
> f77886b0 ?? ???
>
> SYMBOL_STACK_INDEX: 1
>
> SYMBOL_NAME: LaserBus+16b0
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: LaserBus
>
> IMAGE_NAME: LaserBus.sys
>
> BUCKET_ID: WRONG_SYMBOLS
>
> Followup: MachineOwner

Paul Mulholland

Guest
Posts: n/a

Re: newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-23-2006, 05:04 PM

Don Burn wrote:

> Without the correct symbols, you are not going to get anywhere. Get the
> symbols (use the symbol server) and then put out the question again.
> DRIVER_IRQL_NOT_LESS_OR_EQUAL is the most common BSOD a driver can do.
>
>

Thanks Don,

I have done that and get more sensible output (see below).

I am concerned that it thinks it's an unloaded module does that perhaps
have something to do with it? Even though at the time of the crash the
device is open by a test program.

Paul.

0: kd> !analyze -v
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f77886b0, memory referenced
Arg2: 00000007, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: f77886b0, address which referenced memory

Debugging Details:
------------------

WRITE_ADDRESS: f77886b0

CURRENT_IRQL: 7

FAULTING_IP:
LaserBus+16b0
f77886b0 ?? ???

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

TRAP_FRAME: 8055031c -- (.trap ffffffff8055031c)
ErrCode = 00000010
eax=8626e0e8 ebx=86166474 ecx=86125807 edx=00000002 esi=860fb91c
edi=860fb6b8
eip=f77886b0 esp=80550390 ebp=00000000 iopl=0 nv up ei pl zr na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
<Unloaded_LaserBus.sys>+0x16b0:
f77886b0 ?? ???
Resetting default scope

IP_MODULE_UNLOADED:
LaserBus+16b0
f77886b0 ?? ???

LAST_CONTROL_TRANSFER: from f77886b0 to 805436d0

STACK_TEXT:
8055031c f77886b0 badb0d00 00000002 00000000 nt!KiTrap0E+0x238
WARNING: Frame IP not in any known module. Following frames may be wrong.
8055038c 805444bc 860fb6b8 8626e0e8 804feef4 <Unloaded_LaserBus.sys>+0x16b0
805503b0 80544469 86391e02 00000183 80550450 nt!KiChainedDispatch2ndLvl+0x44
805503b0 f7579062 86391e02 00000183 80550450 nt!KiChainedDispatch+0x29
80550450 80544d2c 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12
80550454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x10

STACK_COMMAND: kb

FOLLOWUP_IP:
LaserBus+16b0
f77886b0 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: LaserBus+16b0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: LaserBus

IMAGE_NAME: LaserBus.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0xD1_W_VRF_LaserBus+16b0

BUCKET_ID: 0xD1_W_VRF_LaserBus+16b0

Followup: MachineOwner
---------

Will Denny

Guest
Posts: n/a

Re: newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-23-2006, 05:38 PM

Hi

Please try the following link to Jim Eshelman's web page - right hand column
(D1)

http://aumha.org/win5/kbestop.htm

--

Will Denny
MS-MVP Shell/User
Please reply to the News Groups

"Paul Mulholland" <paulNOSPAM@NOSPAMipasys.biz> wrote in message
news:ek4jtn$6al$1$830fa79d@news.demon.co.uk...

> Don Burn wrote:
>> Without the correct symbols, you are not going to get anywhere. Get the
>> symbols (use the symbol server) and then put out the question again.
>> DRIVER_IRQL_NOT_LESS_OR_EQUAL is the most common BSOD a driver can do.
>>
>>
>
> Thanks Don,
>
> I have done that and get more sensible output (see below).
>
> I am concerned that it thinks it's an unloaded module does that perhaps
> have something to do with it? Even though at the time of the crash the
> device is open by a test program.
>
> Paul.

Don Burn

Guest
Posts: n/a

Re: newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-23-2006, 06:42 PM

Paul,

First use lm in the debugger when the crash occurs to see if your
driver is truly loaded. This looks like an unload without an
IoDisconnectInterupt call. Note: there are a number of bug code sites
such as another poster pointed out, most of them are pretty poor versus the
latest WinDBG documentation and !analyze.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

"Paul Mulholland" <paulNOSPAM@NOSPAMipasys.biz> wrote in message
news:ek4jtn$6al$1$830fa79d@news.demon.co.uk...

> Don Burn wrote:
>> Without the correct symbols, you are not going to get anywhere. Get the
>> symbols (use the symbol server) and then put out the question again.
>> DRIVER_IRQL_NOT_LESS_OR_EQUAL is the most common BSOD a driver can do.
>>
>>
>
> Thanks Don,
>
> I have done that and get more sensible output (see below).
>
> I am concerned that it thinks it's an unloaded module does that perhaps
> have something to do with it? Even though at the time of the crash the
> device is open by a test program.
>
> Paul.
>
> 0: kd> !analyze -v
> ************************************************** *****************************
> * *
> * Bugcheck Analysis *
> * *
> ************************************************** *****************************
>
> DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
> An attempt was made to access a pageable (or completely invalid) address
> at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If kernel debugger is available get stack backtrace.
> Arguments:
> Arg1: f77886b0, memory referenced
> Arg2: 00000007, IRQL
> Arg3: 00000008, value 0 = read operation, 1 = write operation
> Arg4: f77886b0, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> WRITE_ADDRESS: f77886b0
>
> CURRENT_IRQL: 7
>
> FAULTING_IP:
> LaserBus+16b0
> f77886b0 ?? ???
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xD1
>
> PROCESS_NAME: Idle
>
> TRAP_FRAME: 8055031c -- (.trap ffffffff8055031c)
> ErrCode = 00000010
> eax=8626e0e8 ebx=86166474 ecx=86125807 edx=00000002 esi=860fb91c
> edi=860fb6b8
> eip=f77886b0 esp=80550390 ebp=00000000 iopl=0 nv up ei pl zr na
> pe nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
> <Unloaded_LaserBus.sys>+0x16b0:
> f77886b0 ?? ???
> Resetting default scope
>
> IP_MODULE_UNLOADED:
> LaserBus+16b0
> f77886b0 ?? ???
>
> LAST_CONTROL_TRANSFER: from f77886b0 to 805436d0
>
> STACK_TEXT:
> 8055031c f77886b0 badb0d00 00000002 00000000 nt!KiTrap0E+0x238
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 8055038c 805444bc 860fb6b8 8626e0e8 804feef4
> <Unloaded_LaserBus.sys>+0x16b0
> 805503b0 80544469 86391e02 00000183 80550450
> nt!KiChainedDispatch2ndLvl+0x44
> 805503b0 f7579062 86391e02 00000183 80550450 nt!KiChainedDispatch+0x29
> 80550450 80544d2c 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12
> 80550454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x10
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> LaserBus+16b0
> f77886b0 ?? ???
>
> SYMBOL_STACK_INDEX: 1
>
> SYMBOL_NAME: LaserBus+16b0
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: LaserBus
>
> IMAGE_NAME: LaserBus.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 0
>
> FAILURE_BUCKET_ID: 0xD1_W_VRF_LaserBus+16b0
>
> BUCKET_ID: 0xD1_W_VRF_LaserBus+16b0
>
> Followup: MachineOwner
> ---------

Paul Mulholland

Guest
Posts: n/a

Re: newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-24-2006, 10:37 AM

Don Burn wrote:

> Paul,
>
> First use lm in the debugger when the crash occurs to see if your
> driver is truly loaded. This looks like an unload without an
> IoDisconnectInterupt call. Note: there are a number of bug code sites
> such as another poster pointed out, most of them are pretty poor versus the
> latest WinDBG documentation and !analyze.
>
>

Thanks Don,

It does appear to be something like that, "lm" does report it as an
"Unloaded Module". In fact it always thinks it's unloaded even when I
have just installed the driver and start device has been called.

I can even open have the device and it still reports as an unloaded module.

Paul.

Paul Mulholland

Guest
Posts: n/a

Re: newbee DRIVER_IRQL_NOT_LESS_OR_EQUAL problem

Posted: 11-24-2006, 12:08 PM

Paul Mulholland wrote:

> Don Burn wrote:
>> Paul,
>>
>> First use lm in the debugger when the crash occurs to see if
>> your driver is truly loaded. This looks like an unload without an
>> IoDisconnectInterupt call. Note: there are a number of bug code
>> sites such as another poster pointed out, most of them are pretty poor
>> versus the latest WinDBG documentation and !analyze.
>>
>>
>
> Thanks Don,
>
> It does appear to be something like that, "lm" does report it as an
> "Unloaded Module". In fact it always thinks it's unloaded even when I
> have just installed the driver and start device has been called.
>
> I can even open have the device and it still reports as an unloaded module.
>
> Paul.

Thanks Don,

Your comment about IoDisconnectInterupt hit the nail on the head. I
didn't realise that the StopDevice pnp message was not sent but that I
had to remove the interrupt in the RemoveDevice instead/as well.

Paul.

LinkBack

Thread Tools

Display Modes

« Blue screen with NVidia 93.71 forceware drivers and AMD X2 Processor driver. | Installation of HP OfficeJet T Series Software »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
DRIVER_IRQL_NOT_LESS_OR_EQUAL ON XP	JOHNIE	Windows XP Device Drivers	1	10-17-2003 07:30 PM
how to boot from an xpe image (newbee question)	Benjamin Burnham	Windows XP Embedded	4	09-25-2003 06:17 PM
newbee	arn	Windows XP Embedded	1	09-10-2003 02:06 PM
Newbee: VPN server browse in XP networks	Brian	Windows XP Work Remotely	1	08-14-2003 02:59 PM
driver_irql_not_less_or_equal	Mike	Windows XP Setup	1	07-07-2003 09:35 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90