got PAGE_FAULT_IN_NONPAGED_AREA error while installing USB CCID driver-

NTDEV
1

Hello All,

when i was installing a USB CCID driver on a bus driver written by me , i get a BSOD , saying
PAGE_FAULT_IN_NONPAGED_AREA…

The dump analysis is
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fe9bd000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 805d944e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for usbccid.sys

MODULE_NAME: usbccid

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 448ff89b

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fe9bd000

FAULTING_IP:
nt!RtlUnicodeToMultiByteN+d0
805d944e 0fb75816 movzx ebx,word ptr [eax+16h]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from 8052036a to 804f9f33

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f8a9d32c 8052036a 00000050 fe9bd000 00000000 nt!KeBugCheckEx+0x1b
f8a9d394 80544578 00000000 fe9bd000 00000000 nt!MmTrimAllSystemPagableMemory+0x6c7e
f8a9d3c0 8054ba71 00000001 e2e13000 8054bb11 nt!Kei386EoiHelper+0x26cc
f8a9d42c 805e23e7 e2e13000 00007fff f8a9d464 nt!ExAllocatePoolWithTag+0x109
f8a9d458 a916aa87 f8a9d480 00007fff 00000001 nt!RtlUnicodeStringToAnsiString+0x97
f8a9d4b4 a916aea5 fe7a0b20 00000000 fe7a0c32 usbccid+0x2a87
f8a9d9b4 a916d075 fe7a0b20 82a70c18 fe7a0b20 usbccid+0x2ea5
f8a9d9ec a916d49b fe7a0b20 82a70c18 82a70cd0 usbccid+0x5075
f8a9da30 804ef18f fe7a0b20 82a70c18 f8a9daac usbccid+0x549b
f8a9da6c 80592be1 fe7a0b20 f8a9da88 00000000 nt!IoBuildPartialMdl+0xed
f8a9dab0 804f61ea fe6a3560 fe77c2d8 00000001 nt!IoReportResourceUsage+0x7f43
f8a9dacc 8059229b fe6a3560 fe6a3501 fe77c2d8 nt!IoReportTargetDeviceChangeAsynchronous+0x4e2
f8a9dd24 805927fa 82ab5cd0 00000001 00000000 nt!IoReportResourceUsage+0x75fd
f8a9dd54 804f698e 00000003 8055b5c0 8056485c nt!IoReportResourceUsage+0x7b5c
f8a9dd7c 8053876d 00000000 00000000 82dc5b30 nt!IoReportTargetDeviceChangeAsynchronous+0xc86
f8a9ddac 805cff64 00000000 00000000 00000000 nt!ExQueueWorkItem+0x1a3
f8a9dddc 805460de 8053867e 00000001 00000000 nt!PsRemoveCreateThreadNotifyRoutine+0x214
00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x72e

STACK_COMMAND: kb

FOLLOWUP_IP:
usbccid+2a87
a916aa87 8945e4 mov dword ptr [ebp-1Ch],eax

SYMBOL_STACK_INDEX: 5

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: usbccid.sys

SYMBOL_NAME: usbccid+2a87

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

any clues were the problem could be…

Thanks you
regards,
-Jagadish Hadimani

2

Did you read the debugger output before posting it here?

You should fix your sympath in order to be able to get valid kernel symbols and thus get an intelligible stack trace.

  • S

-----Original Message-----
From: xxxxx@gmail.com
Sent: Friday, September 12, 2008 08:37
To: Windows System Software Devs Interest List
Subject: [ntdev] got PAGE_FAULT_IN_NONPAGED_AREA error while installing USB CCID driver-

Hello All,

when i was installing a USB CCID driver on a bus driver written by me , i get a BSOD , saying
PAGE_FAULT_IN_NONPAGED_AREA…

The dump analysis is
kd> !analyze -v
Bugcheck Analysis



PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fe9bd000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 805d944e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

Kernel symbols are WRONG. Please fix symbols to do analysis.

 Kernel symbols are WRONG. Please fix symbols to do analysis.

Your debugger is not using the correct symbols

In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.

Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.

Type referenced: nt!_KPRCB





Your debugger is not using the correct symbols

In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.

Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.

Type referenced: nt!KPRCB





Your debugger is not using the correct symbols

In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.

Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.

Type referenced: nt!_KPRCB





Your debugger is not using the correct symbols

In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.

Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.

Type referenced: nt!KPRCB





Your debugger is not using the correct symbols

In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.

Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.

Type referenced: nt!_KPRCB


*** ERROR: Module load completed but symbols could not be loaded for usbccid.sys

MODULE_NAME: usbccid

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 448ff89b

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fe9bd000

FAULTING_IP:
nt!RtlUnicodeToMultiByteN+d0
805d944e 0fb75816 movzx ebx,word ptr [eax+16h]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from 8052036a to 804f9f33

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f8a9d32c 8052036a 00000050 fe9bd000 00000000 nt!KeBugCheckEx+0x1b
f8a9d394 80544578 00000000 fe9bd000 00000000 nt!MmTrimAllSystemPagableMemory+0x6c7e
f8a9d3c0 8054ba71 00000001 e2e13000 8054bb11 nt!Kei386EoiHelper+0x26cc
f8a9d42c 805e23e7 e2e13000 00007fff f8a9d464 nt!ExAllocatePoolWithTag+0x109
f8a9d458 a916aa87 f8a9d480 00007fff 00000001 nt!RtlUnicodeStringToAnsiString+0x97
f8a9d4b4 a916aea5 fe7a0b20 00000000 fe7a0c32 usbccid+0x2a87
f8a9d9b4 a916d075 fe7a0b20 82a70c18 fe7a0b20 usbccid+0x2ea5
f8a9d9ec a916d49b fe7a0b20 82a70c18 82a70cd0 usbccid+0x5075
f8a9da30 804ef18f fe7a0b20 82a70c18 f8a9daac usbccid+0x549b
f8a9da6c 80592be1 fe7a0b20 f8a9da88 00000000 nt!IoBuildPartialMdl+0xed
f8a9dab0 804f61ea fe6a3560 fe77c2d8 00000001 nt!IoReportResourceUsage+0x7f43
f8a9dacc 8059229b fe6a3560 fe6a3501 fe77c2d8 nt!IoReportTargetDeviceChangeAsynchronous+0x4e2
f8a9dd24 805927fa 82ab5cd0 00000001 00000000 nt!IoReportResourceUsage+0x75fd
f8a9dd54 804f698e 00000003 8055b5c0 8056485c nt!IoReportResourceUsage+0x7b5c
f8a9dd7c 8053876d 00000000 00000000 82dc5b30 nt!IoReportTargetDeviceChangeAsynchronous+0xc86
f8a9ddac 805cff64 00000000 00000000 00000000 nt!ExQueueWorkItem+0x1a3
f8a9dddc 805460de 8053867e 00000001 00000000 nt!PsRemoveCreateThreadNotifyRoutine+0x214
00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x72e

STACK_COMMAND: kb

FOLLOWUP_IP:
usbccid+2a87
a916aa87 8945e4 mov dword ptr [ebp-1Ch],eax

SYMBOL_STACK_INDEX: 5

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: usbccid.sys

SYMBOL_NAME: usbccid+2a87

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

any clues were the problem could be…

Thanks you
regards,
-Jagadish Hadimani


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

Possibly you are calling RtlUnicodeStringToAnsiString at elevated IRQL but
more likely you are just passing it an invalid address. If you want post
your code.

//Daniel

wrote in message news:xxxxx@ntdev…
> Hello All,
>
> when i was installing a USB CCID driver on a bus driver written by me , i
> get a BSOD , saying
> PAGE_FAULT_IN_NONPAGED_AREA…
>
>
> The dump analysis is
> kd> !analyze -v
> ***
> *
>
> * Bugcheck Analysis
>
> *
>
>
>
> PAGE_FAULT_IN_NONPAGED_AREA (50)
> Invalid system memory was referenced. This cannot be protected by
> try-except,
> it must be protected by a Probe. Typically the address is just plain bad
> or it
> is pointing at freed memory.
> Arguments:
> Arg1: fe9bd000, memory referenced.
> Arg2: 00000000, value 0 = read operation, 1 = write operation.
> Arg3: 805d944e, If non-zero, the instruction address which referenced the
> bad memory
> address.
> Arg4: 00000000, (reserved)
>
> Debugging Details:
> ------------------
>
> Kernel symbols are WRONG. Please fix symbols to do analysis.
>
> Kernel symbols are WRONG. Please fix symbols to do analysis.
>
>
>
>
> Your debugger is not using the correct symbols
>
> In order for this command to work properly, your symbol path
> must point to .pdb files that have full type information.
>
> Certain .pdb files (such as the public OS symbols) do not
> contain the required information. Contact the group that
> provided you with these symbols if you need this command to
> work.
>
> Type referenced: nt!_KPRCB
>
>
>
>
>
> Your debugger is not using the correct symbols
>
> In order for this command to work properly, your symbol path
> must point to .pdb files that have full type information.
>
> Certain .pdb files (such as the public OS symbols) do not
> contain the required information. Contact the group that
> provided you with these symbols if you need this command to
> work.
>
> Type referenced: nt!KPRCB
>
>
>
>
>
> Your debugger is not using the correct symbols
>
> In order for this command to work properly, your symbol path
> must point to .pdb files that have full type information.
>
> Certain .pdb files (such as the public OS symbols) do not
> contain the required information. Contact the group that
> provided you with these symbols if you need this command to
> work.
>
> Type referenced: nt!_KPRCB
>
>
>
>
>
> Your debugger is not using the correct symbols
>
> In order for this command to work properly, your symbol path
> must point to .pdb files that have full type information.
>
> Certain .pdb files (such as the public OS symbols) do not
> contain the required information. Contact the group that
> provided you with these symbols if you need this command to
> work.
>
> Type referenced: nt!KPRCB
>
>
>
>
>
> Your debugger is not using the correct symbols
>
> In order for this command to work properly, your symbol path
> must point to .pdb files that have full type information.
>
> Certain .pdb files (such as the public OS symbols) do not
> contain the required information. Contact the group that
> provided you with these symbols if you need this command to
> work.
>
> Type referenced: nt!_KPRCB
>
>
> *** ERROR: Module load completed but symbols could not be loaded for
> usbccid.sys
>
> MODULE_NAME: usbccid
>
> FAULTING_MODULE: 804d7000 nt
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 448ff89b
>
> READ_ADDRESS: unable to get nt!MmSpecialPoolStart
> unable to get nt!MmSpecialPoolEnd
> unable to get nt!MmPoolCodeStart
> unable to get nt!MmPoolCodeEnd
> fe9bd000
>
> FAULTING_IP:
> nt!RtlUnicodeToMultiByteN+d0
> 805d944e 0fb75816 movzx ebx,word ptr [eax+16h]
>
> MM_INTERNAL_CODE: 0
>
> DEFAULT_BUCKET_ID: WRONG_SYMBOLS
>
> BUGCHECK_STR: 0x50
>
> LAST_CONTROL_TRANSFER: from 8052036a to 804f9f33
>
> STACK_TEXT:
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> f8a9d32c 8052036a 00000050 fe9bd000 00000000 nt!KeBugCheckEx+0x1b
> f8a9d394 80544578 00000000 fe9bd000 00000000
> nt!MmTrimAllSystemPagableMemory+0x6c7e
> f8a9d3c0 8054ba71 00000001 e2e13000 8054bb11 nt!Kei386EoiHelper+0x26cc
> f8a9d42c 805e23e7 e2e13000 00007fff f8a9d464
> nt!ExAllocatePoolWithTag+0x109
> f8a9d458 a916aa87 f8a9d480 00007fff 00000001
> nt!RtlUnicodeStringToAnsiString+0x97
> f8a9d4b4 a916aea5 fe7a0b20 00000000 fe7a0c32 usbccid+0x2a87
> f8a9d9b4 a916d075 fe7a0b20 82a70c18 fe7a0b20 usbccid+0x2ea5
> f8a9d9ec a916d49b fe7a0b20 82a70c18 82a70cd0 usbccid+0x5075
> f8a9da30 804ef18f fe7a0b20 82a70c18 f8a9daac usbccid+0x549b
> f8a9da6c 80592be1 fe7a0b20 f8a9da88 00000000 nt!IoBuildPartialMdl+0xed
> f8a9dab0 804f61ea fe6a3560 fe77c2d8 00000001
> nt!IoReportResourceUsage+0x7f43
> f8a9dacc 8059229b fe6a3560 fe6a3501 fe77c2d8
> nt!IoReportTargetDeviceChangeAsynchronous+0x4e2
> f8a9dd24 805927fa 82ab5cd0 00000001 00000000
> nt!IoReportResourceUsage+0x75fd
> f8a9dd54 804f698e 00000003 8055b5c0 8056485c
> nt!IoReportResourceUsage+0x7b5c
> f8a9dd7c 8053876d 00000000 00000000 82dc5b30
> nt!IoReportTargetDeviceChangeAsynchronous+0xc86
> f8a9ddac 805cff64 00000000 00000000 00000000 nt!ExQueueWorkItem+0x1a3
> f8a9dddc 805460de 8053867e 00000001 00000000
> nt!PsRemoveCreateThreadNotifyRoutine+0x214
> 00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x72e
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> usbccid+2a87
> a916aa87 8945e4 mov dword ptr [ebp-1Ch],eax
>
> SYMBOL_STACK_INDEX: 5
>
> FOLLOWUP_NAME: MachineOwner
>
> IMAGE_NAME: usbccid.sys
>
> SYMBOL_NAME: usbccid+2a87
>
> BUCKET_ID: WRONG_SYMBOLS
>
> Followup: MachineOwner
>
>
>
>
> any clues were the problem could be…
>
> Thanks you
> regards,
> -Jagadish Hadimani
>
>

4

For some reason, my previous post did not reach.
fe9bd000 is invalid – This is either due to memory corruption or your drivers is accessign this paged out data (from paged pool) at higer IRQL (irql=2 maybe). Please share the output of “!pool fe9bd000”, “!pte fe9bd000” and “!irql”.