Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Plz help to resolve PAGE_FAULT_IN_NONPAGED_AREA (50)
SeungjinLee
Member Posts: 5
Hello,
My driver get PAGE_FAULT_IN_NONPAGED_AREA (50) on some XEON processor machines.
I am investigating the problem but am unable to find the reason. Please help me to resolve this issue.
dump and source file attached.
pnp.c @ 289:
288] RtlMoveMemory(newPrevRelations, relations, size);
289] newPdoList->Count = relations->Count;
For your reference, I have never experienced the BSOD, but some our users are reporting the BSOD and an user sent the dump files.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Internals & Software Drivers | 7 February 2022 | Live, Online |
| Kernel Debugging | 21 March 2022 | Live, Online |
| Developing Minifilters | 23 May 2022 | Live, Online |
| Writing WDF Drivers | 12 September 2022 | Live, Online |
Comments
pnp.c @ 289:
288] RtlMoveMemory(newPrevRelations, relations, size);
289] newPdoList->Count = relations->Count;
And I thought I was bad at posting code on forums
At the point of crash [rax+rdx-10h] is exactly the address at fault, suggesting your size calculation is incorrect, or he "relations" pool that you seem to return via Irp->IoStatus.Information is of incorrect size.
Dump that memory.
Thanks for the answer.
As I mentioned before, I cannot reproduce this issue, and an user sent the mini dump files. Can I dump that memory from the mini dump files?
Size calculation seems to be correct. My driver is a bus filter driver and the "relations" info is returned by the bus driver. It means that the bus driver would return the incorrect "relations" info.
-scott
OSR
Is there any difference between
if (NT_SUCCESS(status))
and
if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
?
I changed it to the latter and am waiting for the user's response.
where is the dump.You have just attached txt.zip the dump and attach
Well, yes there’s a difference. STATUS_SUCCESS is just one of the many possible success status codes. Depending on what you’re looking at the return from, this will either matter or it will not matter.
Get us a dump to look at, and a proper dump not a mini dump, as we’ve all requested. this should not be hard to debug. The source or destination pointer is bad...
Peter
Peter Viscarola
OSR
@OSRDrivers
@Dejan_Maksimovic said:
Finally, found the bug.
for (ULONG j = 0; j < prevRelations->Count; j++)must be
for (ULONG j = 0; j < relations->Count; j++)Thank you.