Sunday 11 August 2013

Stop 0x9F - Checking Devices and Sleep Compatiblity

Hey everyone, I've got another Stop 0x9F example to show you, in this example I'm going to explain how to find the supported sleep states for a device and find the model of the hardware. I thought this would be especially helpful with the athrx.sys BSODs, since the looking up on the Driver Reference Table usually points to a generic entry.

Firstly, we'll use the !devstack extension on the second parameter of the bugcheck. The !devstack extension will display the device stack for a associated device object. Remember parameter two is the physical device object.

The > symbol points to the entry which matches the device object address used. I should also explain what a device stack is. A device stack is simply a list of device objects associated with a device node, each device object also has a associated a driver objects. 

IRPs are usually processed by multiple device stacks. It's important to remember that a single driver object can have multiple device objects.

A device node is simply a physical device within the device tree.

Notice, the !devnode extension? (refer to screenshot). We can expand upon that information, by entering the !devnode extension again with the exact same address.

The Compatibility flags section shows the sleep states, and the Instance Path shows us how to locate the exact model of the hardware device. 

Use the VEN_XXX and DEV_XXXX values in a PCI Database, and you should find the exact hardware device.

No comments:

Post a Comment