Microsoft KB Archive/303128

From BetaArchive Wiki
Knowledge Base


How To Debug Query-Remove Veto That Results from Open Handles to a Device

Article ID: 303128

Article Last Modified on 9/7/2004


APPLIES TO

  • Microsoft Windows XP Professional


This article was previously published under Q303128

SUMMARY

If you try to disable or uninstall a device, and there are open handles to the device from any processes or programs, the PnP Configuration Manager will abort the query-remove operation on the device and prompt you to reboot the computer.

This usually happens when there are legacy programs that are unaware of PnP notifications that are "talking" to your device. Currently, there is no easy way to find and fix those offending programs. This is because the PnP Configuration Manager does not log any information about the processes that have open handles to the device being removed.

This article explains how to find the processes in question by using a kernel debugger on a checked build system.

MORE INFORMATION

To find out which process has the open handle (or handles), follow these steps:

  1. Set up a kernel debugging session, and then break into the target computer.
  2. Set the value of the kernel global variable PiDumpVetoedHandles to 1 in the debugger to enable open handle logging, as follows:

    eb nt!PiDumpVetoedHandles 1

    If you want this setting to be preserved across reboots, use the Oh.exe utility, and then reboot the computer.

    To download the Oh.exe utility, browse to the following Microsoft Web site:

    http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/oh-o.asp

  3. Disable or uninstall your device. If the query remove is vetoed because of open handles, you receive a message in your debugger similar to the following:

    1:Beginning handle dump:
    1: (Failed Query-Remove - *Might* by due to leaked handles)
    1: DeviceObject:816CAEE0 ProcessID:1744T FileObject:817808D0 Handle:636T
    1:Dump complete - 1 total handles found.

  4. Convert the Process ID (1744) in the preceding dump from decimal to hex value, and then use !process debugger command to dump the process information, as follows: !process 6D0
    Searching for Process with Cid == 6d0
    PROCESS 81729020 SessionId: 0 Cid: 06d0 Peb: 7ffdf000 ParentCid: 0358

    DirBase: 0c3ae000   ObjectTable: e1cbfb60    TableSize: 33.
    Image:  toast.exe
    VadRoot 81651b68 Vads 39 Clone 0 Private 140. Modified 0. Locked 0.
    DeviceMap e18913e0
    Token                e10fb378
    ElapsedTime        0:00:16.0008
    UserTime            0:00:00.0031
    KernelTime           0:00:00.0015
    QuotaPoolUsage[PagedPool]      0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max) (587, 50, 345) (2348KB, 200KB, 1380KB)
    PeakWorkingSetSize      595
    VirtualSize             20 MB
    PeakVirtualSize        20 MB
    PageFaultCount       603
    MemoryPriority       BACKGROUND
    BasePriority           8
    CommitCharge       284

  5. For .NET, you can create a DWORD value named ReturnHandleInfo with the value 1 under the following registry key: HKEY_Local_Machine\System\CurrentControlSet\Control\Pnp

    When you restart the computer, PnP will dump the veto information to SetupAPI.log during install and uninstall events.


REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

151981 How to Set Up a Remote Debug Session Using a Null Modem Cable


172710 How to Use the OH Tool on the Windows NT 4.0 Resource Kit


Keywords: kberrmsg kbhowto kbinfo kbbug kbplugplay kbdebug KB303128



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/303128&oldid=165970
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki