Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Plz help to resolve PAGE_FAULT_IN_NONPAGED_AREA (50)

SeungjinLeeSeungjinLee Member Posts: 4
edited November 6 in WINDBG

Hello,
My driver get PAGE_FAULT_IN_NONPAGED_AREA (50) on some XEON processor machines.
I am investigating the problem but am unable to find the reason. Please help me to resolve this issue.

dump and source file attached.

pnp.c @ 289:
288] RtlMoveMemory(newPrevRelations, relations, size);

289] newPdoList->Count = relations->Count;

For your reference, I have never experienced the BSOD, but some our users are reporting the BSOD and an user sent the dump files.

Post edited by SeungjinLee on
Share on Facebook

Comments

  • SeungjinLeeSeungjinLee Member Posts: 4

    pnp.c @ 289:
    288] RtlMoveMemory(newPrevRelations, relations, size);
    289] newPdoList->Count = relations->Count;

    Share on Facebook
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 244

    And I thought I was bad at posting code on forums ;)

    At the point of crash [rax+rdx-10h] is exactly the address at fault, suggesting your size calculation is incorrect, or he "relations" pool that you seem to return via Irp->IoStatus.Information is of incorrect size.

    Dump that memory.

    Share on Facebook
  • SeungjinLeeSeungjinLee Member Posts: 4

    Thanks for the answer.
    As I mentioned before, I cannot reproduce this issue, and an user sent the mini dump files. Can I dump that memory from the mini dump files?

    Size calculation seems to be correct. My driver is a bus filter driver and the "relations" info is returned by the bus driver. It means that the bus driver would return the incorrect "relations" info.

    Share on Facebook
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,183
    Mini dump won’t help much. Get a kernel summary dump and debug it. Something is up with the pointers you’re passing to memcpy.

    -scott
    OSR

    Share on Facebook
  • SeungjinLeeSeungjinLee Member Posts: 4
    edited November 9

    Is there any difference between
    if (NT_SUCCESS(status))
    and
    if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
    ?

    I changed it to the latter and am waiting for the user's response.

    Share on Facebook
  • ashish_kohliashish_kohli Member - All Emails Posts: 61

    where is the dump.You have just attached txt.zip the dump and attach

    Share on Facebook
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,467

    Is there any difference between
    if (NT_SUCCESS(status))
    and
    if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
    ?

    Well, yes there’s a difference. STATUS_SUCCESS is just one of the many possible success status codes. Depending on what you’re looking at the return from, this will either matter or it will not matter.

    Get us a dump to look at, and a proper dump not a mini dump, as we’ve all requested. this should not be hard to debug. The source or destination pointer is bad...

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

    Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE

Categories