小弟是驱动菜鸟,望各位达人指教。
最近在写一个从Isochronous pipe读取数据的驱动,但是总是失败。
我在adddevice的时候创建了一个Request,然后用WdfUsbTargetPipeFormatRequestForUrb构建这个Request,并设置complete事件,但是在complete的时候出现了蓝屏。调试的信息如下:
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: 8052f65b, The address that the exception occurred at
Arg3: f8ac59b0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - <Unable to get error code text>
FAULTING_IP:
nt!ExpAcquireLockRoutine+1
8052f65b cc int 3
TRAP_FRAME: f8ac59b0 -- (.trap 0xfffffffff8ac59b0)
ErrCode = 00000000
eax=00000002 ebx=f8ac5aa0 ecx=8052a436 edx=00000056 esi=8052a437 edi=00000002
eip=8052f65c esp=f8ac5a24 ebp=f8ac5a38 iopl=3 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00003206
nt!ExpAcquireLockRoutine+0x2:
8052f65c 5b pop ebx
Resetting default scope
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: csrss.exe
MISALIGNED_IP:
nt!ExpAcquireLockRoutine+2
8052f65c 5b pop ebx
LAST_CONTROL_TRANSFER: from 8052f6d1 to 8052f65c
STACK_TEXT:
f8ac5a38 8052f6d1 00000002 8052a436 00000056 nt!ExpAcquireLockRoutine+0x2
f8ac5a54 80528f82 f8ac5a68 f8ac5a70 8052a3d9 nt!IoAcquireVpbSpinLock+0x15
f8ac5a78 8052a54e 8052a436 f8ac5aa0 00000002 nt!RtlVerifyVersionInfo+0x1e5
f8ac5d74 8052a5fc f8a67c30 f8a68c50 000003ae nt!_flsbuf+0x94
f8ac5d90 f8a67948 f8a67c30 f8a68c50 000003ae nt!_wchartodigit+0xba
f8ac5dd8 f5fed317 7e020278 7e2b90f0 81f7d5fc VBTUSB!SubRequestCompletionRoutine+0x78 [e:\driver\driver22\usbdriver\nsbtusb_contin.c @ 944]
WARNING: Stack unwind information not available. Following frames may be wrong.
f8ac5e04 f5fd1c36 81d2eb4b 81d46f08 00000000 wdf01000+0x25317
f8ac5e20 f5fd1cde 01fdfd80 81f4b8b0 f8ac5e4c wdf01000+0x9c36
f8ac5e30 804f1403 00000000 81d2ea90 81fdfd80 wdf01000+0x9cde
f8ac5e34 00000000 81d2ea90 81fdfd80 81d2eb4b nt!MmFlushSection+0x8
STACK_COMMAND: kb
FOLLOWUP_IP:
VBTUSB!SubRequestCompletionRoutine+78 [e:\driver\driver22\usbdriver\contin.c @ 944]
f8a67948 8b5508 mov edx,dword ptr [ebp+8]
FAULTING_SOURCE_CODE:
940:
941: KdPrint(("--->SubRequestCompletionRoutine\n"));
942: PAGED_CODE();
943:
> 944: device = WdfIoQueueGetDevice(WdfRequestGetIoQueue(Request));
我猜测是Request的URB构建的不对,但是我是仿照KMDF/USBSample写的,不知道错在哪, 唯一不同的地方:
...
pUrb->UrbIsochronousTransfer.TransferBuffer = aucData;//aucData是我之前创建的Memory buffer。
...
另外USBSample代码我有一点没懂:
PerformFullSpeedIsochTransfer函数中
if(rwContext->Read) {
offset = 0;
for(j = 0; j < nPackets; j++) {
subUrb->UrbIsochronousTransfer.IsoPacket[j].Offset = offset;
subUrb->UrbIsochronousTransfer.IsoPacket[j].Length = 0;