Hi,
we have a BSOD report happening during uninstall of our driver but without any useful reference to our driver. How could I check if it was caused by our driver, could it be originated in user mode as well?
Thanks,
Hagen
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;objfre_wnet_amd64\amd64
Executable search path is: objfre_wnet_amd64\amd64
Windows 7 Kernel Version 9200 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16581.amd64fre.win8_gdr.130410-1505
Machine Name:
Kernel base = 0xfffff802ce475000 PsLoadedModuleList = 0xfffff802
ce741a20
Debug session time: Sun Oct 20 10:47:36.091 2013 (UTC + 1:00)
System Uptime: 0 days 0:07:44.768
Loading Kernel Symbols
…
…
…
Loading User Symbols
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 93, {304, 0, 0, 0}
Probably caused by : Wdf01000.sys ( Wdf01000!FxRegKey::`scalar deleting destructor’+28 )
Followup: MachineOwner
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code (server, redirector, other driver, etc.)
attempts to close a handle that is not a valid handle.
Arguments:
Arg1: 0000000000000304, The handle that NtClose was called with.
Arg2: 0000000000000000, means a protected handle was closed.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x93
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff802cea728b3 to fffff802ce4cf440
STACK_TEXT:
fffff880031c60f8 fffff802
cea728b3 : 0000000000000093 00000000
00000304 0000000000000000 00000000
00000000 : nt!KeBugCheckEx
fffff880031c6100 fffff802
ce4ce453 : 0000000000000000 fffffa80
18eaf740 fffff880031c6230 00000000
0000000a : nt! ?? ::NNGAKEGL::string'+0x3abd0 fffff880
031c61b0 fffff802ce4d3630 : fffff880
0116db0c fffffa801bb15810 00000000
0000000a fffffa801bb15850 : nt!KiSystemServiceCopyEnd+0x13 fffff880
031c6348 fffff8800116db0c : fffffa80
1bb15810 000000000000000a fffffa80
1bb15850 fffff88000647864 : nt!KiServiceLinkage fffff880
031c6350 0000000000000000 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : Wdf01000!FxRegKey::
scalar deleting destructor’+0x28
STACK_COMMAND: kb
FOLLOWUP_IP:
Wdf01000!FxRegKey::scalar deleting destructor'+28 fffff880
0116db0c 4883636800 and qword ptr [rbx+68h],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: Wdf01000!FxRegKey::`scalar deleting destructor’+28
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 50eceb04
FAILURE_BUCKET_ID: X64_0x93_Wdf01000!FxRegKey::scalar_deleting_destructor+28
BUCKET_ID: X64_0x93_Wdf01000!FxRegKey::scalar_deleting_destructor+28
Followup: MachineOwner