[AlexCasual]

Hello guyz)

I have usb device object address and want to send IRP_MN_REMOVE_DEVICE :

Code: Select all

...
PIRP Irp;
PIO_STACK_LOCATION IrpStack;
IO_STATUS_BLOCK IoStatusBlock;
KEVENT Event;
NTSTATUS Status;
PDEVICE_OBJECT TopDeviceObject;

PAGED_CODE();

TopDeviceObject = IoGetAttachedDeviceReference(DeviceObject);
 
 Irp = IoAllocateIrp(TopDeviceObject->StackSize + 1, FALSE);

 if(!Irp) 
    return STATUS_INSUFFICIENT_RESOURCES;
    
 KeInitializeEvent(&Event, SynchronizationEvent, FALSE);
        
IrpStack = IoGetNextIrpStackLocation(Irp);

IrpStack->DeviceObject  = TopDeviceObject;
IrpStack->MajorFunction = IRP_MJ_PNP;
IrpStack->MinorFunction = IRP_MN_REMOVE_DEVICE;

Irp->UserIosb = &IoStatusBlock;
Irp->UserEvent = &Event;

Status = IoCallDriver(TopDeviceObject, Irp);
if (Status == STATUS_PENDING)
{
        KeWaitForSingleObject(&Event,
                              Executive,
                              KernelMode,
                              FALSE,
                              NULL);

        Status = IoStatusBlock.Status;
}

ObDereferenceObject(TopDeviceObject);
...

And have BSOD IRQL_NOT_LESS_OR_EQUAL...

What I do wrong?

[rkhunter]

Would be great using Windbg in this case: analyze of crash dump or post mortem debug. So you have sources and symbols this would be easy I think.

[frank_boldewin]

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

Reserved for system use. Drivers must not send this IRP.

If a bus driver detects that one (or more) of its child devices (child PDOs) has been physically removed from the computer, the bus driver calls IoInvalidateDeviceRelations to report the change to the PnP manager. The PnP manager then sends remove IRPs for any devices that have disappeared.

[AlexCasual]

Minidump attached.

May be I can't send this IRP because it's only for PnP Manager?