The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am seeing a crash in my application,
Here is the call stack
eax=aa893f00 ebx=150b6f00 ecx=153ec728 edx=153fcec0 esi=153fe330 edi=153ec728
eip=aa893f00 esp=008ff080 ebp=008ff09c iopl=0 nv up ei ng nz ac po cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210293
aa893f00 ?? ???
*** Stack trace for last set context - .thread/.cxr resets it
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
00 008ff07c 68b18a3a 0xaa893f00
01 008ff09c 68b09c4b TestExe!TestClass::TestFun1+0x5a [d:\test1.cpp @ 666]
02 008ff0d4 68b31a54 TestExe!TestClass::TestFun2+0x11b [d:\test2.cpp @ 3722]
0:000> x TestExe!TestClass::*
68b189e0 TestExe!TestClass::TestFun1( *, void *)
68b19400 TestExe!TestClass::TestFun2(unsigned long, void *, void *)
Here it means the eax=aa893f00 is something different which is causing the access violation.
So the question is why this is getting changed, who is modifying the stack, how do I identify it. If my understanding is correct then control flow guard can help in this case, but seems that is not available in VS 2008.
Can someone provide input, any help would be appreciated.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|