0

I have enabled NDIS/WIFI verification flag of my driver in Driver Verifier. This resulted in BSOD for hitting the ndistimeddatahang rule. When I analyzed the dump, I got -

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)

Arguments:

Arg1: 000000000009200f, ID of the 'NdisTimedDataHang' rule that was violated.

Arg2: fffff806cd819200, A pointer to the string describing the violated rule condition.

Arg3: ffff87862606b110, Address of internal rule state (second argument to !ruleinfo).

Arg4: ffff87862606b240, Address of supplemental states (third argument to !ruleinfo).

When I did !ndiskd.pendingnbls, I got the list of NBLs that are currently pending while the dump was taken. To figure out, which NBL has caused the violation, I tried to use !ruleinfo command with the arguments received in analyzing.

ruleinfo 0x9200f 0xffff87862606b110 0xffff87862606b240

but Windbg reported the error -

Failed to read the rule state (check the second argument).

What am I doing wrong ? Is there any way to figure out which NBL failed to complete in 22 seconds which is a requirement for ndistimeddatahang rule ?

Community
  • 1
  • 1
Mahesh
  • 34,573
  • 20
  • 89
  • 115
  • i would suggest getting this query to ntdev list of community.osr.com you may get a better response from some ms devs like jeffrey tippet who watch that list – blabb Apr 23 '19 at 07:27
  • @blabb Thanks for the suggestion. Posted there. Seems like that community is more active for Windows driver related stuff. – Mahesh Apr 23 '19 at 08:51

0 Answers0