[pso] [Tema 3][Windows] Bsod aleator la IoGetDeviceObjectPointer

Vladimir-Andrei Olteanu kooliva at gmail.com
Sat May 8 19:10:32 EEST 2010 

On 5/8/2010 6:08 PM, Vladimir-Andrei Olteanu wrote:
> Am rezolvat problema. Uitam sa "inchid" data->Disk*FileObject.

Retrag ce am zis. Adaugarea a doua ObDereferenceObject doar a coincis cu 
un numar mare de rulari consecutive fara ca BSOD-ul sa apara. Ceea ce 
este interesant este ca natura bug-ului pare sa se fi schimbat:

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address 
at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 5dd36fed, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8088d35b, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP:
nt!ExAllocatePoolWithTag+82d
8088d35b 897004          mov     dword ptr [eax+4],esi

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

TRAP_FRAME:  f78ea514 -- (.trap 0xfffffffff78ea514)
ErrCode = 00000002
eax=5dd36fe9 ebx=808a7bc0 ecx=00000000 edx=00000027 esi=808a7d20 
edi=82203bd7
eip=8088d35b esp=f78ea588 ebp=f78ea5c4 iopl=0         nv up ei pl nz na 
pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             
efl=00010206
nt!ExAllocatePoolWithTag+0x82d:
8088d35b 897004          mov     dword ptr [eax+4],esi 
ds:0023:5dd36fed=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8088d35b to 80886a69

STACK_TEXT:
f78ea514 8088d35b badb0d00 00000027 822665c0 nt!KiTrap0E+0x2a1
f78ea5c4 809311e5 00000000 00000000 e9766544 nt!ExAllocatePoolWithTag+0x82d
f78ea5e8 80931905 822bee30 00000000 00000000 nt!ObpAllocateObject+0xc9
f78ea61c 808e3dd8 00000000 8279cad0 f78ea65c nt!ObCreateObject+0x129
f78ea6e4 f715453e 827ae460 00000030 00000000 nt!IoCreateDevice+0x13e
f78ea738 f715914b 826ddaa8 827b1ab8 826ddc00 
fltmgr!FltpCreateVolumeDeviceObject+0x32
f78ea7c8 f7159644 826ddaa8 82244aa0 827a2020 
fltmgr!FltpFsControlMountVolume+0x93
f78ea7f8 8081d5a3 826ddaa8 82244aa0 82244aa0 fltmgr!FltpFsControl+0x5a
f78ea80c 808ef806 80a543b0 827b1ab8 00000000 nt!IofCallDriver+0x45
f78ea85c 808215e8 826ddaa8 8251ec01 00000000 nt!IopMountVolume+0x1b4
f78ea888 808f08ba 8251ec60 827b1a00 f78ea9c4 nt!IopCheckVpbMounted+0x54
f78ea980 8092f71c 827b1ab8 00000000 827eaf28 nt!IopParseDevice+0x3d4
f78eaa00 8092b85c 00000000 f78eaa40 00000240 nt!ObpLookupObjectName+0x5b0
f78eaa54 808e2de7 00000000 00000000 8eaae800 nt!ObOpenObjectByName+0xea
f78eaad0 808e4081 f78eac4c 001f01ff f78eac24 nt!IopCreateFile+0x447
f78eab2c 808e7c11 f78eac4c 001f01ff f78eac24 nt!IoCreateFile+0xa3
f78eab6c 80883908 f78eac4c 001f01ff f78eac24 nt!NtOpenFile+0x27
f78eab6c 8082d049 f78eac4c 001f01ff f78eac24 nt!KiFastCallEntry+0xf8
f78eabfc 808e2f94 f78eac4c 001f01ff f78eac24 nt!ZwOpenFile+0x11
f78eac44 f7870498 f78eac74 001f01ff 825b0fc4 
nt!IoGetDeviceObjectPointer+0x40
f78eac88 808eed5d 8228caf0 81a98000 00000000 ssr!DriverEntry+0x148 
[c:\cygwin\home\administrator\share\so2\ssr_main.c @ 184]
f78ead58 808eee73 80000974 00000001 00000000 nt!IopLoadDriver+0x689
f78ead80 8087adc1 80000974 00000000 827a2020 nt!IopLoadUnloadDriver+0x45
f78eadac 809418f4 f65dfcf4 00000000 00000000 nt!ExpWorkerThread+0xeb
f78eaddc 80887f4a 8087acd6 00000001 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
ssr!DriverEntry+148 [c:\cygwin\home\administrator\share\so2\ssr_main.c @ 
184]
f7870498 8945e8          mov     dword ptr [ebp-18h],eax

FAULTING_SOURCE_CODE:
    180:         goto error;
    181:     }
    182:
    183:     ret = IoGetDeviceObjectPointer(&disk2UnicodeName, 
FILE_ALL_ACCESS,
 >  184: &data->Disk2FileObject, &data->Disk2DeviceObject);
    185:     if (!NT_SUCCESS(ret))
    186:     {
    187:         DbgPrint("Eroare la IoGetDeviceObjectPointer 2");
    188:         goto error;
    189:     }


SYMBOL_STACK_INDEX:  14

SYMBOL_NAME:  ssr!DriverEntry+148

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ssr

IMAGE_NAME:  ssr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4be584bb

FAILURE_BUCKET_ID:  0xC5_2_ssr!DriverEntry+148

BUCKET_ID:  0xC5_2_ssr!DriverEntry+148

Followup: MachineOwner
---------

More information about the pso mailing list