Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:


sachin_shindesachin_shinde Member - All Emails Posts: 61

I have query regarding crash dumps observed, system shows BSOD with BugCheck "INVALID_KERNEL_HANDLE (93)",
Checked stacks for my driver threads but didn't found any suspicious thread. observed crashes on different systems with same bugcheck but for different processes.

This message occurs if kernel code attempts to close or reference a handle
that is not a valid handle. Only invalid or protected handles passed to NtClose
will cause this bugcheck, unless bad handle detection is enabled.
Arg1: 00000000000004fc, The handle that was referenced
Arg2: fffff8a0000017f0,
Arg3: fffff8a001ff73f0
Arg4: 0000000000000001, The error occurred referencing an invalid kernel handle and
bad handle detection was enabled.





ANALYSIS_SESSION_TIME: 01-05-2017 12:30:11.0449

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

LAST_CONTROL_TRANSFER: from fffff800082d6a33 to fffff8000807cbc0

fffff880`0ca85378 fffff800`082d6a33 : 00000000`00000093 00000000`000004fc fffff8a0`000017f0 fffff8a0`01ff73f0 : nt!KeBugCheckEx
fffff880`0ca85380 fffff800`083559c5 : 00000000`00000000 fffff800`00000000 00000000`00000000 fffff980`31986700 : nt! ?? ::NNGAKEGL::`string'+0x20431
fffff880`0ca85450 fffff880`08e4a6a6 : 00000000`00000002 00000000`00000002 fffff980`00000440 00000000`00000000 : nt!ObReferenceObjectByHandle+0x25
fffff880`0ca854a0 fffff880`08e49d8d : 00000000`00000000 fffffa80`03153480 fffffa80`035d17c0 fffff800`080a090f : PROCEXP152+0x26a6
fffff880`0ca855f0 fffff880`08e4a07f : 00000000`00000000 fffffa80`099c6210 00000000`00000001 00000000`00000001 : PROCEXP152+0x1d8d
fffff880`0ca857c0 fffff800`08525d26 : fffff980`04e2aee0 00000000`00000002 fffffa80`051473e0 fffffa80`038dc118 : PROCEXP152+0x207f
fffff880`0ca85870 fffff800`083993a7 : fffffa80`051473e0 fffff880`0ca85b60 fffffa80`051473e0 fffffa80`048c9010 : nt!IovCallDriver+0x566
fffff880`0ca858d0 fffff800`08399c06 : fffffa80`04ffd060 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0ca85a00 fffff800`0807be53 : fffffa80`0491eb50 fffff880`0ca85b60 00000000`04b7c418 fffff800`08373ce4 : nt!NtDeviceIoControlFile+0x56
fffff880`0ca85a70 00000000`7703132a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`04b7b258 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7703132a

Checked handle information,
1: kd> !handle 00000000000004fc

PROCESS fffffa80036e30d0
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 001aa000 ObjectTable: fffff8a0000017f0 HandleCount: 3236.
Image: System

Kernel handle table at fffff8a0000017f0 with 3236 entries in use

04fc: free handle, Entry address fffff8a001ff73f0, Next Entry 0000000000000cb8

Any pointers will be really helpful.



Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA