Prev: Simple hack to get $600 to your home.
Next: Get WDFDEVICE from WDFREQUEST in IOCTL (KMDF)
From: gti4ever on 6 Jun 2010 04:58
Hi all,

My UMDF driver crashes when it is being disabled or uninstalled.

Using Windbg, I got the following error:

ntdll!NtWaitForWorkViaWorkerFactory+0xa:
00000000`772317ba c3 ret

When I used !analyze -v command, it only shows the following info:

Last event: 13dc.12b4: Exit process 0:13dc, code 70000003
debugger time: Sun Jun 6 16:35:05.808 2010 (UTC + 8:00)

Then I dump the thread info:

.. 1 Id: 13dc.12b4 Suspend: -1 Teb: 000007ff`fffdc000 Unfrozen
Start: ntdll!TppWorkerThread (00000000`771f8f00)
Priority: 0 Priority class: 32 Affinity: 3

Here is the teb:
TEB at 000007fffffdc000
ExceptionList: 0000000000000000
StackBase: 0000000000c00000
StackLimit: 0000000000bfe000
SubSystemTib: 0000000000000000
FiberData: 0000000000001e00
ArbitraryUserPointer: 0000000000000000
Self: 000007fffffdc000
EnvironmentPointer: 0000000000000000
ClientId: 00000000000013dc . 00000000000012b4
RpcHandle: 0000000000000000
Tls Storage: 000007fffffdc058
PEB Address: 000007fffffdb000
LastErrorValue: 0
LastStatusValue: c000000d
Count Owned Locks: 0
HardErrorMode: 0



My question:
1. Where is this WaitForWorkViaWorkerFactory came from? Is it called by the
framework?
2. How do I find which worker thread is calling this? I can only get the id
of the thread (12b4, in this example), but I can't trace it back to any of my
code.
3. What is code 70000003?
4. In TEB, the last status shows INVALID_PARAMETER. How do I find which
function call got invalid parameter?

Thanks for the help.

G.



From: gti4ever on 25 Jun 2010 14:27
Can anyone help?

Thanks.

"gti4ever" wrote:

> Hi all,
>
> My UMDF driver crashes when it is being disabled or uninstalled.
>
> Using Windbg, I got the following error:
>
> ntdll!NtWaitForWorkViaWorkerFactory+0xa:
> 00000000`772317ba c3 ret
>
> When I used !analyze -v command, it only shows the following info:
>
> Last event: 13dc.12b4: Exit process 0:13dc, code 70000003
> debugger time: Sun Jun 6 16:35:05.808 2010 (UTC + 8:00)
>
> Then I dump the thread info:
>
> . 1 Id: 13dc.12b4 Suspend: -1 Teb: 000007ff`fffdc000 Unfrozen
> Start: ntdll!TppWorkerThread (00000000`771f8f00)
> Priority: 0 Priority class: 32 Affinity: 3
>
> Here is the teb:
> TEB at 000007fffffdc000
> ExceptionList: 0000000000000000
> StackBase: 0000000000c00000
> StackLimit: 0000000000bfe000
> SubSystemTib: 0000000000000000
> FiberData: 0000000000001e00
> ArbitraryUserPointer: 0000000000000000
> Self: 000007fffffdc000
> EnvironmentPointer: 0000000000000000
> ClientId: 00000000000013dc . 00000000000012b4
> RpcHandle: 0000000000000000
> Tls Storage: 000007fffffdc058
> PEB Address: 000007fffffdb000
> LastErrorValue: 0
> LastStatusValue: c000000d
> Count Owned Locks: 0
> HardErrorMode: 0
>
>
>
> My question:
> 1. Where is this WaitForWorkViaWorkerFactory came from? Is it called by the
> framework?
> 2. How do I find which worker thread is calling this? I can only get the id
> of the thread (12b4, in this example), but I can't trace it back to any of my
> code.
> 3. What is code 70000003?
> 4. In TEB, the last status shows INVALID_PARAMETER. How do I find which
> function call got invalid parameter?
>
> Thanks for the help.
>
> G.
>
>
>
 | 
Pages: 1
Prev: Simple hack to get $600 to your home.
Next: Get WDFDEVICE from WDFREQUEST in IOCTL (KMDF)