BSoD WDF_VIOLATION


  1. Berbe
    Posts : 4
    10
       New #1

    BSoD WDF_VIOLATION


    Windows 10 version 21H2 build 19044.3208

    Attachment 394267

    How does one find the involved driver, to go beyond mere suspicion (even if strong)?

    WDF_VIOLATION (10d)
    The Kernel-Mode Driver Framework was notified that Windows detected an error
    in a framework-based driver. In general, the dump file will yield additional
    information about the driver that caused this BugCheck.
    Arguments:
    Arg1: 0000000000000007, A driver attempted to delete a framework object incorrectly
    by calling WdfObjectDereference to delete a handle instead
    of calling WdfObjectDelete.
    Arg2: 000019fc10bf48a8, Reserved.
    Arg3: ffffe603ef40b750, Reserved.
    Arg4: ffffe603edcf4de0, Reserved.

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1

    Key : Analysis.CPU.mSec
    Value: 2937

    Key : Analysis.Elapsed.mSec
    Value: 3063

    Key : Analysis.IO.Other.Mb
    Value: 7

    Key : Analysis.IO.Read.Mb
    Value: 0

    Key : Analysis.IO.Write.Mb
    Value: 35

    Key : Analysis.Init.CPU.mSec
    Value: 749

    Key : Analysis.Init.Elapsed.mSec
    Value: 220953

    Key : Analysis.Memory.CommitPeak.Mb
    Value: 115

    Key : Bugcheck.Code.KiBugCheckData
    Value: 0x10d

    Key : Bugcheck.Code.LegacyAPI
    Value: 0x10d

    Key : Failure.Bucket
    Value: 0x10D_7_Wdf01000!FxVerifierBugCheckWorker

    Key : Failure.Hash
    Value: {9fffab3b-e3ef-9b86-453d-788731d56929}

    Key : Hypervisor.Enlightenments.Value
    Value: 68673420

    Key : Hypervisor.Enlightenments.ValueHex
    Value: 417df8c

    Key : Hypervisor.Flags.AnyHypervisorPresent
    Value: 1

    Key : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key : Hypervisor.Flags.CpuManager
    Value: 1

    Key : Hypervisor.Flags.DeprecateAutoEoi
    Value: 1

    Key : Hypervisor.Flags.DynamicCpuDisabled
    Value: 1

    Key : Hypervisor.Flags.Epf
    Value: 0

    Key : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 1

    Key : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 1

    Key : Hypervisor.Flags.Phase0InitDone
    Value: 1

    Key : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key : Hypervisor.Flags.RootScheduler
    Value: 0

    Key : Hypervisor.Flags.SynicAvailable
    Value: 1

    Key : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key : Hypervisor.Flags.Value
    Value: 21631230

    Key : Hypervisor.Flags.ValueHex
    Value: 14a10fe

    Key : Hypervisor.Flags.VpAssistPage
    Value: 1

    Key : Hypervisor.Flags.VsmAvailable
    Value: 1

    Key : Hypervisor.RootFlags.AccessStats
    Value: 1

    Key : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 1

    Key : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 1

    Key : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key : Hypervisor.RootFlags.HostTimelineSync
    Value: 1

    Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key : Hypervisor.RootFlags.IsHyperV
    Value: 1

    Key : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 1

    Key : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 1

    Key : Hypervisor.RootFlags.MceEnlightened
    Value: 1

    Key : Hypervisor.RootFlags.Nested
    Value: 0

    Key : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 1

    Key : Hypervisor.RootFlags.Value
    Value: 1015

    Key : Hypervisor.RootFlags.ValueHex
    Value: 3f7

    Key : SecureKernel.HalpHvciEnabled
    Value: 1

    Key : WER.OS.Branch
    Value: vb_release

    Key : WER.OS.Version
    Value: 10.0.19041.1


    BUGCHECK_CODE: 10d

    BUGCHECK_P1: 7

    BUGCHECK_P2: 19fc10bf48a8

    BUGCHECK_P3: ffffe603ef40b750

    BUGCHECK_P4: ffffe603edcf4de0

    FILE_IN_CAB: MEMORY.DMP

    TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b


    BLACKBOXBSD: 1 (!blackboxbsd)


    BLACKBOXNTFS: 1 (!blackboxntfs)


    BLACKBOXPNP: 1 (!blackboxpnp)


    BLACKBOXWINLOGON: 1

    PROCESS_NAME: System

    LOCK_ADDRESS: fffff80562244b80 -- (!locks fffff80562244b80)

    Resource @ nt!PiEngineLock (0xfffff80562244b80) Exclusively owned
    Contention Count = 50
    Threads: ffffe603fd4b0040-01<*>
    1 total locks

    PNP_TRIAGE_DATA:
    Lock address : 0xfffff80562244b80
    Thread Count : 1
    Thread address: 0xffffe603fd4b0040
    Thread wait : 0x10b7919

    STACK_TEXT:
    fffffd03`0ed466e8 fffff805`63c2927c : 00000000`0000010d 00000000`00000007 000019fc`10bf48a8 ffffe603`ef40b750 : nt!KeBugCheckEx
    fffffd03`0ed466f0 fffff805`63bf58bc : ffffe603`ef40b750 00000000`00000000 000019fc`10bf48a8 fffff805`63bd5676 : Wdf01000!FxVerifierBugCheckWorker+0x24 [minkernel\wdf\framework\shared\object\fxverifierbugcheck.cpp @ 68]
    fffffd03`0ed46730 fffff805`63be425a : ffffe603`ef40b8d0 ffffe603`ef40b8d0 fffff805`63c6bf00 fffffd03`0ed46b00 : Wdf01000!FxObject::~FxObject+0x1df1c [minkernel\wdf\framework\shared\object\fxobject.cpp @ 146]
    fffffd03`0ed46790 fffff805`63c1d574 : ffffe603`ef40b750 ffffe603`ef40b8d0 fffff805`63c67da0 00000000`ffffffff : Wdf01000!FxNonPagedObject::~FxNonPagedObject+0x2a [minkernel\wdf\framework\shared\inc\private\common\FxNonPagedObject.hpp @ 112]
    fffffd03`0ed467c0 fffff805`63c216bc : ffffe603`ef40b750 ffffe603`ef40b8d0 000019fc`116d6e08 ffffe603`ee9291f0 : Wdf01000!FxDeviceBase::~FxDeviceBase+0x6c [minkernel\wdf\framework\shared\core\fxdevicebase.cpp @ 68]
    fffffd03`0ed467f0 fffff805`63c216f4 : 00000000`00000001 fffffd03`0ed46b00 00000000`ffffffff fffff805`61fb70b9 : Wdf01000!FxDevice::~FxDevice+0x29c [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 362]
    fffffd03`0ed46850 fffff805`63bd40cb : 00000000`00000000 00000000`ffffffff 00000000`00000000 ffffe603`ee3baee0 : Wdf01000!FxDevice::`scalar deleting destructor'+0x14
    fffffd03`0ed46880 fffff805`63bd2a46 : fffffd03`0ed46b00 fffff805`63be8b0a ffffe603`ee3baf88 fffff805`00000000 : Wdf01000!FxObject::SelfDestruct+0x1b [minkernel\wdf\framework\shared\inc\private\common\fxobject.hpp @ 453]
    fffffd03`0ed468b0 fffff805`63be3b02 : ffffffff`dc3cba00 fffffd03`0ed46b00 00000000`00000005 00000000`00000000 : Wdf01000!FxObject::Release+0x106 [minkernel\wdf\framework\shared\inc\private\common\fxobject.hpp @ 884]
    fffffd03`0ed46900 fffff805`63bf6724 : ffffe603`edbfad00 ffffe603`fbd85968 00000000`00000000 fffff805`63c67da0 : Wdf01000!FxWorkItem::Dispose+0x72 [minkernel\wdf\framework\shared\core\fxworkitem.cpp @ 502]
    fffffd03`0ed46940 fffff805`63bd41a9 : fffffd03`0ed46b00 00000000`00000000 fffff805`63c67da0 fffff805`63be273f : Wdf01000!FxObject::DisposeChildrenWorker+0x1e434 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 1212]
    fffffd03`0ed46990 fffff805`63bf66cb : ffffe603`ef40b750 ffffe603`ee3baf28 ffffe603`e6ff000c fffffd03`0ed46a58 : Wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x35 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 846]
    fffffd03`0ed469c0 fffff805`63bd41a9 : fffffd03`0ed46b00 00000000`00000000 fffff805`63c67da0 fffff805`63bdea20 : Wdf01000!FxObject::DisposeChildrenWorker+0x1e3db [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 1191]
    fffffd03`0ed46a10 fffff805`63be8a21 : ffffe603`ef40b750 ffffe603`ef40b701 fffff805`63c68c38 000019fc`10bf48a8 : Wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x35 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 846]
    fffffd03`0ed46a40 fffff805`63be89b6 : ffffe603`ef40b750 ffffe603`ef40b788 ffffe603`ef40b788 fffff805`63c67da0 : Wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x49 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 926]
    fffffd03`0ed46a70 fffff805`63c4b054 : ffffe603`f09ad5c0 fffffd03`0ed46ba0 00000000`00000124 00000000`00000124 : Wdf01000!FxObject::EarlyDispose+0x5e [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 492]
    fffffd03`0ed46aa0 fffff805`63c54359 : fffffd03`0ed40000 00000000`00000124 00000000`00000008 fffffd03`0ed46b60 : Wdf01000!FxPkgPnp::PnpEventRemovedCommonCode+0x84 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 2055]
    fffffd03`0ed46ad0 fffff805`63c4a644 : 00000000`00000004 fffffd03`0ed46b70 00000000`00000004 00000000`00000000 : Wdf01000!FxPkgFdo::PnpEventFdoRemovedOverload+0x9 [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgfdo.cpp @ 1242]
    fffffd03`0ed46b00 fffff805`63c4a33b : 00000000`00000124 00000000`00000136 ffffe603`f328c8b0 00000000`00000000 : Wdf01000!FxPkgPnp::PnpEventFdoRemoved+0x14 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 2728]
    fffffd03`0ed46b30 fffff805`63c4c011 : ffffe603`f328c9e8 ffffe603`f328c8b0 ffffe603`f328c8b0 000002fc`f12b9340 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x15f [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1234]
    fffffd03`0ed46bc0 fffff805`63c4bdda : ffffe603`f328c8b0 ffffe603`f3874d00 ffffe603`f328ca10 ffffe603`f328c9e8 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0x1d1 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1152]
    fffffd03`0ed46c30 fffff805`63c53222 : 00000000`00000000 00000000`00000001 ffffe603`f3874d00 fffffd03`0ed46d60 : Wdf01000!FxPkgPnp::PnpProcessEvent+0x182 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 933]
    fffffd03`0ed46cc0 fffff805`63bdcc60 : ffffe603`f328c8b0 ffffe603`ef40b750 ffffe603`ef40b750 00000000`00000000 : Wdf01000!FxPkgPnp::_PnpRemoveDevice+0xa2 [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 2519]
    fffffd03`0ed46d30 fffff805`63bda867 : ffffe603`e354d7a0 ffffe603`eb7dd290 ffffe603`e354d7a0 00000000`00000000 : Wdf01000!FxPkgPnp::Dispatch+0xb0 [minkernel\wdf\framework\shared\irphandlers\pnp\fxpkgpnp.cpp @ 765]
    fffffd03`0ed46da0 fffff805`618113a5 : 00000000`00000000 00000000`00000000 ffffe603`f3874dc0 00000000`80000000 : Wdf01000!FxDevice::DispatchWithLock+0x157 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1447]
    fffffd03`0ed46e00 fffff806`02613da9 : 00000000`00000010 00000000`00000000 00000000`00000200 00000000`00000000 : nt!IofCallDriver+0x55
    fffffd03`0ed46e40 fffff806`02612f34 : ffffe603`f3874dc0 ffffe603`eb7dd290 ffffe603`e354d7a0 ffffe603`e354d7a0 : xboxgip!gipPnP+0x545
    fffffd03`0ed46ed0 fffff805`618113a5 : ffffe603`f3874dc0 ffffe603`f3874f10 00000000`00000000 fffffd03`0ed47010 : xboxgip!gipGenDispatch+0x114
    fffffd03`0ed46f20 fffff805`61bdd5dc : 00000000`00000000 ffffe603`f3874dc0 fffffd03`0ed47010 ffffe603`ef3f22d0 : nt!IofCallDriver+0x55
    fffffd03`0ed46f60 fffff805`61d41a70 : 00000000`00000002 ffffe603`ef3f22d0 ffffe603`ed854cc0 ffffe603`ef3f22d0 : nt!IopSynchronousCall+0xf8
    fffffd03`0ed46fd0 fffff805`6196f81c : ffff9006`7688b700 ffffe603`ed854cc0 00000000`00000001 00000000`0000000a : nt!IopRemoveDevice+0x108
    fffffd03`0ed47080 fffff805`61d41632 : ffffe603`ed854cc0 00000000`0000000a 00000000`00000000 fffff805`62244ae0 : nt!PnpRemoveLockedDeviceNode+0x1ac
    fffffd03`0ed470e0 fffff805`61d41367 : ffffe603`ed854cc0 fffffd03`0ed47160 00000000`0000000a 00000000`00000000 : nt!PnpDeleteLockedDeviceNode+0x4e
    fffffd03`0ed47120 fffff805`61d6da79 : ffffe603`ef3f22d0 00000000`00000002 ffffe603`f0fb0090 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xf7
    fffffd03`0ed471a0 fffff805`61d6d9a4 : 00000000`00000000 fffffd03`0ed47220 ffffe603`ef3f22d0 00000000`00000000 : nt!PipRemoveDevicesInRelationList+0x8d
    fffffd03`0ed471f0 fffff805`61d42c8d : ffffe603`f0fb0090 00000000`00000001 ffffe603`f0fb0090 00000000`00000000 : nt!PnpDelayedRemoveWorker+0x114
    fffffd03`0ed47230 fffff805`619703c4 : 00000000`00000000 00000000`00000001 00000000`00000000 ffffe603`ed854cc0 : nt!PnpChainDereferenceComplete+0xfd
    fffffd03`0ed47260 fffff805`61d3fb62 : 00000000`00000001 fffffd03`0ed47359 ffff9006`7e865d80 00000000`00000001 : nt!PnpIsChainDereferenced+0xac
    fffffd03`0ed472e0 fffff805`61d39f5b : fffffd03`0ed47420 ffffe603`ed854c00 fffffd03`0ed47400 ffff9006`00000001 : nt!PnpProcessQueryRemoveAndEject+0x28a
    fffffd03`0ed473c0 fffff805`61c4aa4e : ffff9006`7688b700 ffff9006`825cfe70 ffffe603`c6ac1c00 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0xeb
    fffffd03`0ed473f0 fffff805`6188e5c5 : ffffe603`fd4b0040 ffffe603`fd4b0040 ffffe603`c6ac1c10 ffffe603`f1213250 : nt!PnpDeviceEventWorker+0x2ce
    fffffd03`0ed47470 fffff805`61926915 : ffffe603`fd4b0040 00000000`00000080 ffffe603`c6ae9100 51434230`30324b62 : nt!ExpWorkerThread+0x105
    fffffd03`0ed47510 fffff805`61a04cf8 : ffffb381`8eac0180 ffffe603`fd4b0040 fffff805`619268c0 2d756b66`52584f64 : nt!PspSystemThreadStartup+0x55
    fffffd03`0ed47560 00000000`00000000 : fffffd03`0ed48000 fffffd03`0ed41000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


    FAULTING_SOURCE_LINE: minkernel\wdf\framework\shared\object\fxverifierbugcheck.cpp

    FAULTING_SOURCE_FILE: minkernel\wdf\framework\shared\object\fxverifierbugcheck.cpp

    FAULTING_SOURCE_LINE_NUMBER: 68

    SYMBOL_NAME: Wdf01000!FxVerifierBugCheckWorker+24

    MODULE_NAME: Wdf01000

    IMAGE_NAME: Wdf01000.sys

    STACK_COMMAND: .cxr; .ecxr ; kb

    BUCKET_ID_FUNC_OFFSET: 24

    FAILURE_BUCKET_ID: 0x10D_7_Wdf01000!FxVerifierBugCheckWorker

    OS_VERSION: 10.0.19041.1

    BUILDLAB_STR: vb_release

    OSPLATFORM_TYPE: x64

    OSNAME: Windows 10

    FAILURE_ID_HASH: {9fffab3b-e3ef-9b86-453d-788731d56929}

    Followup: MachineOwner
    ---------
      My Computer
    Quote Quote

  3. ubuysa
    Posts : 402
    Windows 10 and Windows 11
       New #2

    I don't know how to find out exactly which driver is calling WDF but so much of dump analysis is making deductions based on available information.

    The call stack does show that a PnP device was in the process of being removed, the WDF exception (arg 1) shows that the problem occurred when a WDF framework object was deleted and this happened right at the end of this device removal process. It's fair to infer then that the same device is involved throughout and we should be able to identify this device (and thus its driver) from earlier in the stack.

    If you install the cmkd debugger extension you can use the !stack extension command to look at the arguments passed to each function more clearly. The following fragment of a !stack -p on your dump, just before the WDF01000.sys calls, gives this...
    Code:
    18 fffffd030ed46da0 fffff805618113a5 Wdf01000!FxDevice::DispatchWithLock+157 (perf)
	Parameter[0] = 0000000000000002
	Parameter[1] = ffffe603e354d7a0
	Parameter[2] = (unknown)       
	Parameter[3] = (unknown)       
19 fffffd030ed46e00 fffff80602613da9 nt!IofCallDriver+55 
	Parameter[0] = (unknown)       
	Parameter[1] = ffffe603e354d7a0
	Parameter[2] = 0000000000000000
	Parameter[3] = (unknown)       
1a fffffd030ed46e40 fffff80602612f34 xboxgip!gipPnP+545 
	Parameter[0] = ffffe603f3874dc0
	Parameter[1] = (unknown)       
	Parameter[2] = ffffe603e354d7a0
	Parameter[3] = 0000000000000000
1b fffffd030ed46ed0 fffff805618113a5 xboxgip!gipGenDispatch+114 
	Parameter[0] = ffffe603f3874dc0
	Parameter[1] = ffffe603e354d7a0
	Parameter[2] = (unknown)       
	Parameter[3] = (unknown)       
1c fffffd030ed46f20 fffff80561bdd5dc nt!IofCallDriver+55 
	Parameter[0] = (unknown)       
	Parameter[1] = (unknown)       
	Parameter[2] = (unknown)       
	Parameter[3] = (unknown)       
1d fffffd030ed46f60 fffff80561d41a70 nt!IopSynchronousCall+f8 
	Parameter[0] = ffffe603ef3f22d0
	Parameter[1] = fffffd030ed47010
	Parameter[2] = 00000000c00000bb
	Parameter[3] = 0000000000000000
1e fffffd030ed46fd0 fffff8056196f81c nt!IopRemoveDevice+108 
	Parameter[0] = ffffe603ef3f22d0
	Parameter[1] = 0000000000000002
	Parameter[2] = (unknown)       
	Parameter[3] = (unknown)       
1f fffffd030ed47080 fffff80561d41632 nt!PnpRemoveLockedDeviceNode+1ac 
	Parameter[0] = ffffe603ed854cc0
	Parameter[1] = 000000000000000a
	Parameter[2] = 0000000000000000
	Parameter[3] = (unknown)
    The nt!IopRemoveDevice looks promising, we can assume that the argument on this function call is a device object, displaying that we get...
    Code:
    15: kd> !devobj ffffe603ef3f22d0
Device object (ffffe603ef3f22d0) is for:
 Cannot read info offset from nt!ObpInfoMaskToOffset
 \Driver\USBHUB3 DriverObject ffffe603c9c32a70
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003044
SecurityDescriptor ffff90066dcb84e0 DevExt ffffe603fc3ccda0 DevObjExt ffffe603ef3f2448 DevNode ffffe603ed854cc0 
ExtensionFlags (0x00000008)  DOE_REMOVE_PROCESSED
Characteristics (0x00000100)  FILE_DEVICE_SECURE_OPEN
AttachedDevice (Upper) ffffe603ef0bd960 \Driver\ACPI
Device queue is not busy.
    This is a USB3 device, the acpi.sys driver referenced is the PnP power management driver - but that's for the USB port iteself. Also in the device object is a pointer to the device node, which will identify the actual device (the DevNode ffffe603ed854cc0)...
    Code:
    15: kd> !devnode ffffe603ed854cc0
DevNode 0xffffe603ed854cc0 for PDO 0xffffe603ef3f22d0
  Parent 0xffffe603c9dbfcb0   Sibling 0000000000   Child 0000000000   
  InterfaceType 0  Bus Number 0
  InstancePath is "USB\VID_045E&PID_0B00\3032363330303334303633323033"
  ServiceName is "dc1-controller"
  State = DeviceNodeRemovePendingCloses (0x311)
  Previous State = DeviceNodeRestartCompletion (0x30b)
  StateHistory[05] = DeviceNodeRestartCompletion (0x30b)
  StateHistory[04] = DeviceNodeAwaitingQueuedRemoval (0x30f)
  StateHistory[03] = DeviceNodeRestartCompletion (0x30b)
  StateHistory[02] = DeviceNodeStartPending (0x305)
  StateHistory[01] = DeviceNodeStopped (0x30a)
  StateHistory[00] = DeviceNodeQueryStopped (0x309)
  StateHistory[19] = DeviceNodeStarted (0x308)
  StateHistory[18] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[17] = DeviceNodeEnumeratePending (0x30c)
  StateHistory[16] = DeviceNodeStarted (0x308)
  StateHistory[15] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[14] = DeviceNodeEnumeratePending (0x30c)
  StateHistory[13] = DeviceNodeStarted (0x308)
  StateHistory[12] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[11] = DeviceNodeEnumeratePending (0x30c)
  StateHistory[10] = DeviceNodeStarted (0x308)
  StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
  StateHistory[07] = DeviceNodeStarted (0x308)
  StateHistory[06] = DeviceNodeStartPostWork (0x307)
  Flags (0x4c000130)  DNF_ENUMERATED, DNF_IDS_QUERIED, 
                      DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS, 
                      DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_CLASS_FILTERS
    You could look up the VID_045E&PID_0B00, but the device name is also given in this output; dc1-controller - that I believe is an X-Box controller?

    A little further up the stack we see a call to xboxgip!gipPnP with an argument of ffffe603f3874dc0 - let's see whether that is also a device object...
    Code:
    15: kd> !devobj ffffe603f3874dc0 
fffff80562225128: Unable to get value of ObpRootDirectoryObject
Device object (ffffe603f3874dc0) is for:
  \Driver\xboxgip DriverObject ffffe603ed380e30
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000000
SecurityDescriptor ffff90066dcb7620 DevExt ffffe603f3874f10 DevObjExt ffffe603f3874f78 
ExtensionFlags (0x00000808)  DOE_REMOVE_PROCESSED, DOE_DEFAULT_SD_PRESENT
Characteristics (0x00000100)  FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) ffffe603eb7dd290 \Driver\dc1-controller
Device queue is not busy.
    You can see clearly here that xboxgip.sys is the driver for the dc1-contoller, so this must be the WDF driver in question.
      My Computer
    Quote Quote

  4. Win10Warlord
    Posts : 73
    Windows 11, Windows 10, Linux Fedora Cinnamon, Linux Mint XFCE, Ghost BSD
       New #3

    That third parameter is a handle to the WDF device which was being removed.

    Code:
    15: kd> dt FxDevice ffffe603ef40b750
Wdf01000!FxDevice
   +0x000 __VFN_table : 0xfffff805`63c637e0 
   +0x008 m_Type           : 0x1002
   +0x00a m_ObjectSize     : 0x2c0
   +0x00c m_Refcnt         : 0n0
   +0x010 m_Globals        : 0xffffe603`edcf4de0 _FX_DRIVER_GLOBALS
   +0x018 m_ObjectFlags    : 0xd1a
   +0x018 m_ObjectFlagsByName : FxObject::<anonymous-tag>::<unnamed-type-m_ObjectFlagsByName>
   +0x01a m_ObjectState    : 4
   +0x020 m_ChildListHead  : _LIST_ENTRY [ 0xffffe603`f706ac98 - 0xffffe603`ee3baf28 ]
   +0x030 m_SpinLock       : MxLock
   +0x040 m_ParentObject   : (null) 
   +0x048 m_ChildEntry     : _LIST_ENTRY [ 0xffffe603`ef40b798 - 0xffffe603`ef40b798 ]
   +0x058 m_DisposeSingleEntry : _SINGLE_LIST_ENTRY
   +0x060 m_DeviceBase     : 0xffffe603`ef40b750 FxDeviceBase
   +0x060 m_Device         : 0xffffe603`ef40b750 FxDevice
   +0x068 m_NPLock         : MxLock
   +0x078 __VFN_table : 0xfffff805`63c673d8 
   +0x080 m_DisposeList    : (null) 
   +0x088 m_Driver         : 0xffffe603`fb646af0 FxDriver
   +0x090 m_DeviceObject   : MxDeviceObject
    Code:
    15: kd> dt FxDriver ffffe603`fb646af0 -y m_RegistryPath
Wdf01000!FxDriver
   +0x088 m_RegistryPath : _UNICODE_STRING "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\dc1-controller"
      My Computer
    Quote Quote

  6. ubuysa
    Posts : 402
    Windows 10 and Windows 11
       New #4

    Oh, excellent. Thank you!
      My Computer
    Quote Quote

  7. Win10Warlord
    Posts : 73
    Windows 11, Windows 10, Linux Fedora Cinnamon, Linux Mint XFCE, Ghost BSD
       New #5

    No problem and it would seem that the WDF driver is dc1-controller.sys which is in fact related to Xbox peripherals.

    Code:
     15: kd> lmvm dc1_controller
Browse full module list
start             end                 module name
fffff806`025f0000 fffff806`02606000   dc1_controller   (deferred)             
    Mapped memory image file: C:\ProgramData\dbg\sym\dc1-controller.sys\9FAE84F016000\dc1-controller.sys
    Image path: \SystemRoot\System32\drivers\dc1-controller.sys
    Image name: dc1-controller.sys
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        9FAE84F0 (This is a reproducible build file hash, not a timestamp)
    CheckSum:         000185DE
    ImageSize:        00016000
    File version:     1.0.0.1
    Product version:  1.0.0.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corp.
        ProductName:      DC1 Controller KMDF driver
        InternalName:     DC1Controller.sys
        OriginalFilename: DC1Controller.sys
        ProductVersion:   1.0.0.1
        FileVersion:      1.0.0.1 (WinBuild.160101.0800)
        FileDescription:  KMDF driver for DC1 Controller
        LegalCopyright:   Copyright (C) 2012 Microsoft Corp
      My Computer
    Quote Quote

  8. Berbe
    Posts : 4
    10
    Thread Starter
       New #6

    Oh wow a Microsoft-baked (default/automatically provided) driver handling a Microsoft-made hardware on a Microsoft-crafted OS improperly using drivers API?
    This is wonderful.

    My suspicion was misplaced.
    Thanks for the help!
      My Computer
    Quote Quote

  9. zbook
    Posts : 41,480
    windows 10 professional version 1607 build 14393.969 64 bit
       New #7

    The attachment in the opening post displayed:

    Message
    Invalid Attachment specified. If you followed a valid link, please notify the administrator


    Please post a new V2 share link into the newest post.
      My Computer
    Quote Quote

  10. ubuysa
    Posts : 402
    Windows 10 and Windows 11
       New #8

    Berbe said:
    Oh wow a Microsoft-baked (default/automatically provided) driver handling a Microsoft-made hardware on a Microsoft-crafted OS improperly using drivers API?
    This is wonderful.

    My suspicion was misplaced.
    Thanks for the help!
    There have been a number of reported issues with the Windows X-Box drivers. We typically assume that Microsoft drivers are perfect - unless they're an X-Box driver....
      My Computer
    Quote Quote

 

  Related Discussions
BSOD WDF_VIOLATION after wake from Sleep\Hibernation. The BSOD has happened reliably about 10 times. Microsoft OneDrive - Access files anywhere. Create docs with free Office Online. Microsoft OneDrive - Access files anywhere. Create docs with...
BSOD WDF_Violation Reboot windows 10
in BSOD Crashes and Debugging

After months of using my computer successfully without any BSOD or whatsoever some random WDF_violation reboot appears today, I don't remember to have installed a new software yesterday, and my hardware ( new monitor ) has been the same for the last...
wdf_violation RESET WINDOWS
in BSOD Crashes and Debugging

i was trying to reset windows and i got message wdf_violation. any help?
Hey Guys, need urgent help here i have windows 8.1 earlier and upgrade it to windows 10 latest build its working fine till i notice system thread exception BSOD occur sometimes (when using chrome) so i decided to reset my windows 10 and start from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 22:57.
Find Us




Windows 10 Forums