Share via

Debugging app verifier break point for UMDF driver

Anonymous
2018-02-21T13:12:28+00:00

I am  debugging a app verifier break point  for an umdf driver. Unfortunately I could not able to get any information from the "!analyze -v".

I also tried the command !avrf but following is the output I got 

0:000> !avrf 

Cannot read value @ 00007ffbcc5312c0 (ntdll!AVrfpVerifierDllsString)

Can anyone help me with the reason for "cannot read value" when I type the command !avrf?

Following is the output of the windbg 

=============================

0:000> !analyze -v

*******************************************************************************

*                                                                             *

*                        Exception Analysis                                   *

*                                                                             *

*******************************************************************************

*** WARNING: Unable to verify checksum for lpcusbsio.dll

GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

FAULTING_IP:

+0

00000000`00000000 ??              ???

EXCEPTION_RECORD:  (.exr -1)

ExceptionAddress: 0000000000000000

   ExceptionCode: 80000003 (Break instruction exception)

  ExceptionFlags: 00000000

NumberParameters: 0

FAULTING_THREAD:  00001514

DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT_AVRF

PROCESS_NAME:  WUDFHost.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

EXCEPTION_CODE_STR:  80000003

WATSON_BKT_PROCSTAMP:  a452226a

WATSON_BKT_PROCVER:  10.0.16299.15

PROCESS_VER_PRODUCT:  Microsoft® Windows® Operating System

WATSON_BKT_MODULE:  unknown

WATSON_BKT_MODVER:  0.0.0.0

WATSON_BKT_MODOFFSET:  0

WATSON_BKT_MODSTAMP:  bbbbbbb4

BUILD_VERSION_STRING:  10.0.16299.64 (WinBuild.160101.0800)

MODLIST_WITH_TSCHKSUM_HASH:  2d8b6e1d65bc5e2e7ef3d2514971dfe4daa8c7ab

MODLIST_SHA1_HASH:  25d256690bc500f746d765593b24775088efbc68

NTGLOBALFLAG:  2000100

DUMP_FLAGS:  884

DUMP_TYPE:  1

APPLICATION_VERIFIER_LOADED: 1

ANALYSIS_SESSION_HOST:  NXPWINDOWS10

ANALYSIS_SESSION_TIME:  02-21-2018 18:14:43.0064

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

THREAD_ATTRIBUTES:

OS_LOCALE:  ENU

PROBLEM_CLASSES:

Tid    [0x0]

    Frame  [0x00]

    String [STATUS_BREAKPOINT]

    Data Bucketing

AVRF

    Tid    [0x1514]

    Frame  [0x00]: ntdll!NtWaitForSingleObject

    Failure Bucketing

BUGCHECK_STR:  STATUS_BREAKPOINT_AVRF

LAST_CONTROL_TRANSFER:  from 00007ffb474d3b2f to 00007ffb4aa0fec4

STACK_TEXT: 

0000007f33c9f878 00007ffb474d3b2f : 00007ffb47506eae 00007ff627f4c39b 0000027dfa6a9e40 00007ffb47506eae : ntdll!NtWaitForSingleObject+0x14

0000007f33c9f880 00007ff627f564f4 : 0000000000000000 0000000000000001 0000000000000000 0000000000000228 : KERNELBASE!WaitForSingleObjectEx+0x9f

0000007f33c9f920 00007ff627f489a8 : 0000000000000000 0000000000000000 0000007f33c9fa10 000000000000000e : WUDFHost!CLpcNotification::Run+0x1c

0000007f33c9f950 00007ff627f51938 : 0000000000000000 0000027dfa6a9e40 0000000000000008 00007ffb4752d416 : WUDFHost!WudfMain+0x348

0000007f33c9f9c0 00007ff627f4805c : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : WUDFHost!wmain+0x178

0000007f33c9fa70 00007ffb4a3c1fe4 : 0000000000000008 0000027dfa592b60 0000000000000000 0000000000000000 : WUDFHost!__wmainCRTStartup+0x74

0000007f33c9faa0 00007ffb4a9def91 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0x14

0000007f33c9fad0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21

STACK_COMMAND:  ~0s; .ecxr ; kb

THREAD_SHA1_HASH_MOD_FUNC:  45c4e8ff3e146c17c0e19dd2528b27627281f077

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  7d4868c7d57c9b4c4ada126fce5cc1399bc16dea

THREAD_SHA1_HASH_MOD:  746146a7831296d4cf19576e64fa27c130794adc

FOLLOWUP_IP:

WUDFHost!CLpcNotification::Run+1c [minkernel\wdf\framework\umdf\driverhost\wudfhost\wudflpc.cpp @ 548]

00007ff627f564f4 488d3d055b0200  lea     rdi,[WUDFHost!WPP_GLOBAL_Control (00007ff627f7c000)]

FAULT_INSTR_CODE:  53d8d48

FAULTING_SOURCE_LINE:  minkernel\wdf\framework\umdf\driverhost\wudfhost\wudflpc.cpp

FAULTING_SOURCE_FILE:  minkernel\wdf\framework\umdf\driverhost\wudfhost\wudflpc.cpp

FAULTING_SOURCE_LINE_NUMBER:  548

FAULTING_SOURCE_CODE: 

No source found for 'minkernel\wdf\framework\umdf\driverhost\wudfhost\wudflpc.cpp'

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  wudfhost!CLpcNotification::Run+1c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: WUDFHost

IMAGE_NAME:  WUDFHost.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  STATUS_BREAKPOINT_AVRF_wudfhost!CLpcNotification::Run+1c

PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT_AVRF_wudfhost!CLpcNotification::Run+1c

FAILURE_EXCEPTION_CODE:  80000003

FAILURE_IMAGE_NAME:  WUDFHost.exe

BUCKET_ID_IMAGE_STR:  WUDFHost.exe

FAILURE_MODULE_NAME:  WUDFHost

BUCKET_ID_MODULE_STR:  WUDFHost

FAILURE_FUNCTION_NAME:  CLpcNotification::Run

BUCKET_ID_FUNCTION_STR:  CLpcNotification::Run

BUCKET_ID_OFFSET:  1c

BUCKET_ID_MODTIMEDATESTAMP:  0

BUCKET_ID_MODCHECKSUM:  4c221

BUCKET_ID_MODVER_STR:  10.0.16299.15

BUCKET_ID_PREFIX_STR:  STATUS_BREAKPOINT_AVRF_

FAILURE_PROBLEM_CLASS:  STATUS_BREAKPOINT_AVRF

FAILURE_SYMBOL_NAME:  WUDFHost.exe!CLpcNotification::Run

FAILURE_BUCKET_ID:  STATUS_BREAKPOINT_AVRF_80000003_WUDFHost.exe!CLpcNotification::Run

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/WUDFHost.exe/10.0.16299.15/a452226a/unknown/0.0.0.0/bbbbbbb4/80000003/00000000.htm?Retriage=1

TARGET_TIME:  2018-02-21T12:21:44.000Z

OSBUILD:  16299

OSSERVICEPACK:  15

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  256

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  1976-06-22 12:15:20

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.16299.64

ANALYSIS_SESSION_ELAPSED_TIME: 6cb6

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:status_breakpoint_avrf_80000003_wudfhost.exe!clpcnotification::run

FAILURE_ID_HASH:  {6e78a19f-02a5-0e18-545c-58dac10eb6be}

Followup:     MachineOwner

0:000> !avrf

Cannot read value @ 00007ffbcc5312c0 (ntdll!AVrfpVerifierDllsString)

0:000> !avrf

Cannot read value @ 00007ffbcc5312c0 (ntdll!AVrfpVerifierDllsString)

0:000> k

 # Child-SP          RetAddr           Call Site

00 0000007f33c9f878 00007ffb474d3b2f ntdll!NtWaitForSingleObject+0x14

01 0000007f33c9f880 00007ff627f564f4 KERNELBASE!WaitForSingleObjectEx+0x9f

02 0000007f33c9f920 00007ff627f489a8 WUDFHost!CLpcNotification::Run+0x1c [minkernel\wdf\framework\umdf\driverhost\wudfhost\wudflpc.cpp @ 548]

03 0000007f33c9f950 00007ff627f51938 WUDFHost!WudfMain+0x348 [minkernel\wdf\framework\umdf\driverhost\wudfhost\wudfmain.cpp @ 640]

04 0000007f33c9f9c0 00007ff627f4805c WUDFHost!wmain+0x178 [minkernel\wdf\framework\umdf\driverhost\wudfhost\wudfmain.cpp @ 331]

05 0000007f33c9fa70 00007ffb4a3c1fe4 WUDFHost!__wmainCRTStartup+0x74 [minkernel\crts\syscrt\static\wstartup.c @ 108]

06 0000007f33c9faa0 00007ffb4a9def91 kernel32!BaseThreadInitThunk+0x14

07 0000007f33c9fad0 0000000000000000 ntdll!RtlUserThreadStart+0x21

0:000> .load appverif

The call to LoadLibrary(appverif) failed, Win32 error 0n2

    "The system cannot find the file specified."

Please check your debugger configuration and/or network access.

0:000> .load exts

0:000> !avrf

Cannot read value @ 00007ffbcc5312c0 (ntdll!AVrfpVerifierDllsString)

0:000> !avrf -leak

Cannot read value @ 00007ffbcc5312c0 (ntdll!AVrfpVerifierDllsString)

[Moved from: Windows / Windows 10 / Devices & drivers]

Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2018-02-24T15:00:52+00:00

    Thank you for getting back to us, Venkatesh. It seems that the DMP report your provided in your initial post is missing some critical information. Would it be possible to send us the entire DMP file? It would also be great if you can upload the System Information in NFO format.

    1. Click the Start  button.
    2. Type System Information and then press Enter.
    3. Press Ctrl + S.
    4. Name the file and click Save.

    You can follow the same steps provided by ZigZag3143 from the previous post.

    We're looking forward to your response.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2018-02-22T04:51:33+00:00

    Hi Devlin Sco,

    Thanks for the quick response.

    System info file is available at the location

    https://1drv.ms/f/s!AhMSFkPZOS0QgShL5MxTa2DD39JM

    Regards

    Venkatesh KV

    Was this answer helpful?

    0 comments
  3. Anonymous
    2018-02-21T15:58:37+00:00

    Hello,

    It is possible that the issue is occurring due to a misconfiguration of the app. That being said, we'll need the System Information (MSINFO32) of your PC in order to identify the cause. You can import your System Information into a text file.

    1. Click the Start  button.
    2. Type System Information and then press Enter.
    3. Click File > Export.
    4. Name the file and then click Save.

    You can upload the file to OneDrive. Kindly follow the steps provided by ZigZag3143 from this thread. The steps should be under the section: Link for how to upload the DMP file is here.

    We'll be waiting for your response.

    Was this answer helpful?

    0 comments