Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Wrong destructor called

Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 259
edited February 24 in NTDEV

Hello !

I have class in my driver:
kd> dt reg_val_query_control!value_modifier_cpp::modifier_with_rules 0xfffff8063b1cc100 +0x000 __VFN_table : 0xfffff8063b1cb3c8
+0x008 rules : win_kernel_lib::avl_list_facility::avl_list<rule_facility::rule,&value_modifier_cpp::modifier_with_rules::alloc,&value_modifier_cpp::modifier_with_rules::free>
+0x070 rules_guard : win_kernel_lib::locks::eresource

Note that rules at offset 8 is list of elements of type rule.

However, wrong destructor called for rules:
kd> uf reg_val_query_control!value_modifier_cpp::modifier_with_rules::~modifier_with_rules
reg_val_query_control!value_modifier_cpp::modifier_with_rules::~modifier_with_rules:
mov qword ptr[rsp + 8], rcx
sub rsp, 28h
mov rax, qword ptr[rsp + 30h]
add rax, 70h
mov rcx, rax
call reg_val_query_control!win_kernel_lib::locks::eresource::~eresource
mov rax, qword ptr[rsp + 30h]
add rax, 8
mov rcx, rax
call reg_val_query_control!win_kernel_lib::avl_list_facility::avl_list<win_kernel_lib::string_facility::string, &rule_facility::rule::alloc_paged, &rule_facility::rule::free>::~avl_list<win_kernel_lib::string_facility::string, &rule_facility::rule::alloc_paged, &rule_facility::rule::free>
mov rcx, qword ptr[rsp + 30h]
call reg_val_query_control!value_modifier::modifier::~modifier
add rsp, 28h
ret

Note that list destructor called for class string. I have list of strings in this driver, but this is not it. Destructor called for correct object( I checked address in rcx) but destructor itself is not for that object.

Do you have any ideas what am I doing wrong ?
I can post link to sources if need be, just not sure that people interested in figuring out over people’s code for free.

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,578

    If you're doing a release build, it's entirely possible that the destructors for the templates are all the same, so it only had to generate one set of code. Do you have evidence that this isn't working, or are you just second-guessing the optimizer?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 259
    > @Tim_Roberts said:
    > If you're doing a release build, it's entirely possible that the destructors for the templates are all the same, so it only had to generate one set of code. Do you have evidence that this isn't working, or are you just second-guessing the optimizer?

    Thank you !

    This is debug build.

    I am having a bsod and my guess is that wrong destructor corrupt the data he doesn’t expect
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,578

    I guess you'll have to post the source.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 259

    I have found the error.
    I have avl list of classes that contain avl list of other classes.
    class class1
    {
    avl_list list_of_class2;
    };

    I initialize temp variable of type class1 on stack and then insert it (copy) to avl list. However list_of_class2(rtl_balanced_links.parent) already initialized and points to the stack.

  • anton_bassovanton_bassov Member Posts: 5,166

    Destructor called for correct object( I checked address in rcx) but destructor itself is not for that object.
    Do you have any ideas what am I doing wrong ?

    Does your "correct" class derive from the "wrong" one, and if it does, does it derive from any other classes? C++ allows us to create the class hierarchies that may have a fairly complex relationships between them, so that you may, probably, be just getting the wrong pointer due to the improper typecast from the derived class to the base one...

    Anton Bassov

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 259
    edited February 29

    @anton_bassov said:

    Destructor called for correct object( I checked address in rcx) but destructor itself is not for that object.
    Do you have any ideas what am I doing wrong ?

    Does your "correct" class derive from the "wrong" one, and if it does, does it derive from any other classes? C++ allows us to create the class hierarchies that may have a fairly complex relationships between them, so that you may, probably, be just getting the wrong pointer due to the improper typecast from the derived class to the base one...

    Anton Bassov

    I already found my mistake. Avl list head was pointing to stack

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA