Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

driver verifier showing Finished parsing all pool tracking information. No entries matching address

LearnerLearner Member Posts: 7
edited January 29 in WINDBG

I am looking verifier crash, referring this MS docs
While looking for call stack getting error
Finished parsing all pool tracking information.
No entries matching address ffffcf8359cf93e0 have been found.
nt!_VF_TARGET_DRIVER 0xffffcf8344a021e0: FileDriver.sys (Loaded)

Pool Allocation Statistics: ( NonPagedPool / PagedPool )

  Current Pool Allocations: ( 0x000008b8 / 0x00000787 )
  Current Pool Bytes:       ( 0x000359e6 / 0x00034b10 )
  Peak Pool Allocations:    ( 0x0030b589 / 0x0002dc77 )
  Peak Pool Bytes:          ( 0x17a14585 / 0x074a12cc )
  Contiguous Memory Bytes:       0x00000000
  Peak Contiguous Memory Bytes:  0x00000000

Pool Allocations:

  Address             Length      Tag   Caller Address    
  ------------------  ----------  ----  ------------------
  0xffffcf8359cf93e0  0x00000040  AdS1  0xfffff80b9201fedb  FileDriver!AllocateList::Allocate+0xcf
  0xffff830e4d7a0f90  0x00000070  AdFr  0xfffff80b92031664  FileDriver!FILE_DATA::AddFileData+0x35c
  0xffff830e47abcf90  0x00000070  AdFr  0xfffff80b92031664  FileDriver!FILE_DATA::AddFileData+0x35c
  0xffff830e903d8f90  0x00000070  AdFr  0xfffff80b920314f6  FileDriver!FILE_DATA::AddFileData+0x1ee
  0xffff830eb5b20f90  0x00000070  AdFr  0xfffff80b92031664  FileDriver!FILE_DATA::AddFileData+0x35c
  0xffff830eef328f90  0x00000070  AdFr  0xfffff80b92031664  FileDriver!FILE_DATA::AddFileData+0x35c
  0xffffcf835d3aec10  0x00000040  AdS1  0xfffff80b9201fedb  FileDriver!AllocateList::Allocate+0xcf

While looking for call stack facing error
1: kd> !verifier 0x80 0xffffcf8359cf93e0

Log of recent kernel pool Allocate and Free operations:

There are up to 0x10000 entries in the log.

Parsing 0x0000000000010000 log entries, searching for address 0xffffcf8359cf93e0.
Finished parsing all pool tracking information.
No entries matching address ffffcf8359cf93e0 have been found.

Any help How else I can get callstack for specific allocation

!analyze -v does not point to my driver callstack

IMAGE_NAME: FileDriver.sys


FAULTING_MODULE: fffff80b91e80000 FileDriver

Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.


ffffe701470a6538 fffff802f2386360 : 00000000000000c4 0000000000000062 ffffcf834b6c34b0 ffffcf834b1451c0 : nt!KeBugCheckEx
ffffe701470a6540 fffff802f238aa4a : 00000000ffffffff fffff802f1f79b90 ffffa80d64dd5fc0 0000000000000301 : nt!VerifierBugCheckIfAppropriate+0x48
ffffe701470a6580 fffff802f1e0965e : ffffcf834b1451c0 fffff80b92b18000 fffff80b00000001 fffff80b91e81000 : nt!VfPoolCheckForLeaks+0x3e
ffffe701470a65c0 fffff802f23781ae : ffffcf834b6c3210 ffffe701470a6770 ffffcf834b6c3210 ffffcf834b6c3210 : nt!VfTargetDriversRemove+0x5d776
ffffe701470a6640 fffff802f2079cd3 : ffffcf834b6c3210 ffffe701470a6770 fffff80b91e80000 0000000000000c98 : nt!VfDriverUnloadImage+0x3e
ffffe701470a6670 fffff802f21afef8 : 0000000000000000 ffffcf83645bf2c0 ffff602a00000001 ffffcf834b6c32b0 : nt!MiUnloadSystemImage+0x227
ffffe701470a67c0 fffff802f21afe52 : ffffcf834b1094c0 fffff802f2114bf0 0000000000000010 0000000000010246 : nt!MmUnloadSystemImage+0x20
ffffe701470a67f0 fffff802f2110988 : ffffcf834b1094c0 ffffcf834b1094c0 ffff830d80cea9a0 ffff830d7d010928 : nt!IopDeleteDriver+0x4e
ffffe701470a6830 fffff802f1d3fae1 : 0000000000000000 0000000000000000 ffffe701470a6920 ffffcf834b1094f0 : nt!ObpRemoveObjectRoutine+0x78
ffffe701470a6890 fffff80b8d4ab922 : 00000000035ce30f 0000000000000000 0000000000000000 ffff830d80cea9a0 : nt!ObfDereferenceObject+0xa1
ffffe701470a68d0 fffff80b8d4b0ac4 : ffffcf83645bf2c0 ffffe70147192548 ffffcf8341775540 0000000000000000 : FLTMGR!FltpDoUnloadFilter+0x262
ffffe701470a6b30 fffff802f1cfd979 : fffff802f2038100 ffffcf83645bf2c0 ffffcf8300000000 fffff802f2038280 : FLTMGR!FltpSyncOpWorker+0x44
ffffe701470a6b80 fffff802f1ca3005 : ffffcf83645bf2c0 0000000000000080 ffffcf8341662700 ffffcf83645bf2c0 : nt!ExpWorkerThread+0xe9
ffffe701470a6c10 fffff802f1de1c26 : fffff802f1fbd180 ffffcf83645bf2c0 fffff802f1ca2fc4 0000000000000246 : nt!PspSystemThreadStartup+0x41
ffffe701470a6c60 0000000000000000 : ffffe701470a7000 ffffe701470a1000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

Post edited by Learner on


  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 636
    via Email
    Often times the alloc/free happened so long ago that it got overwritten by
    newer entries.
    I think there is a way to increase the threshold and hold more entries,
    but I don't recall how :(
    You need to repeat the test after reboot.

    IME, tags are enough to tell what leaked. And I make drivers in a way that
    no alloc is ambiguous, by forcing inlines for alloc helper routines.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online