flynn017

Driver Verifier in Windows 8/8.1 has added more new debugging and testing procedures, the example in this blog post is going to be about DDI Compliance Rules, and how to debug such a bugcheck. I know this is a very easy bugcheck, but I just wanted to explain some of the parameters and the extensions we can use with it. The first parameter contains the identifier for the broken DDI Compliance Rule, and the second parameter contains the pointer to the string which describes the broken DDI Compliance Rule. We should discuss what are DDI Compliance Rules and what is DDI Compliance Checking. DDI Compliance Rules define how a driver and the Kernel Mode side of the operating system should interact, in order to prevent any crashes or problems. The DDI Compliance Rules apply to  WDM, KMDF, NDIS and Storport drivers. In this example, since driver has broken a Windows Driver Model framework DDI (Driver Device Interface) rule, we'll look at the WDM side of things. The DDI Compliance Checking D...

Again, this is a updated version of a previous blog post, since I will able to show things in more depth. This is a bugcheck caused by Driver Verifier finding a violation, it indicates that a process or driver has used a User-Mode handle in Kernel-Mode. I've highlighted the two parameters which are the most important in this bugcheck. The value of the handle, and the address of the current process. Since this is a Driver Verifier bugcheck, the driver is most likely going to be displayed, so this post is more about understanding what it references and what it did wrong. By using the !process extension, we can dump some information about the process, and view the number of handles it currently holds. Using the !handle extension with the value of the handle being referenced in parameter 3, gives some information about the object which the handle is currently referencing. It seems to be a registry key. Let's take a closer look into the registry key, just for academic and nerdy in...