Driver Verify Windows 10 OS crash

NTDEV
1

Hi Guys,
I enabled the Driver Versifiers Security check flag. By this check OS is got crashed.

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000098, Handle value being referenced.
Arg3: ffff8408e99602c0, Address of the current process.
Arg4: fffff800625bce64, Address inside the driver that is performing the incorrect reference.

Debugging Details:

*** WARNING: Unable to verify checksum for UpstreamDriver-test.exe

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434

DUMP_TYPE: 0

BUGCHECK_P1: f6

BUGCHECK_P2: 98

BUGCHECK_P3: ffff8408e99602c0

BUGCHECK_P4: fffff800625bce64

BUGCHECK_STR: 0xc4_f6

CPU_COUNT: 4

CPU_MHZ: bb8

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: 9

CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 84’00000000 (cache) 84’00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: UpstreamDriver-test.exe

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: DESKTOP-TFVN32S

ANALYSIS_SESSION_TIME: 03-06-2019 16:19:28.0601

ANALYSIS_VERSION: 10.0.18317.1001 amd64fre

LAST_CONTROL_TRANSFER: from fffff80330b35ab2 to fffff80330a60240

STACK_TEXT:
ffffd60487aa6918 fffff80330b35ab2 : 00000000000000f6 0000000000000003 ffffd60487aa6a80 fffff80330a00200 : nt!DbgBreakPointWithStatus
ffffd60487aa6920 fffff80330b35237 : 0000000000000003 ffffd60487aa6a80 fffff80330a6c560 00000000000000c4 : nt!KiBugCheckDebugBreak+0x12
ffffd60487aa6980 fffff80330a586e7 : 0000000000000000 ffff8408e307f880 000000000000000d 0000000000000008 : nt!KeBugCheck2+0x957
ffffd60487aa70a0 fffff803311d4e63 : 00000000000000c4 00000000000000f6 0000000000000098 ffff8408e99602c0 : nt!KeBugCheckEx+0x107
ffffd60487aa70e0 fffff803311de1f0 : ffff8408e99602c0 0000000000000008 fffff800625bce00 0000000000000002 : nt!VerifierBugCheckIfAppropriate+0xdf
ffffd60487aa7120 fffff80331072d23 : ffff8408e7e13000 ffff8408df0b87a0 0000000000000098 ffff8408df0b87a0 : nt!VfCheckUserHandle+0x1d4
ffffd60487aa7210 fffff80330f4278e : ffff8408e99602c0 fffff80000100002 ffff8408df0b87a0 ffffd60487aa7200 : nt!ObpReferenceObjectByHandleWithTag+0x130583
ffffd60487aa72a0 fffff803311ea9db : 0000000000220001 fffff80330a00200 ffff8408e9f8ae30 ffff8408e1f7bde0 : nt!ObReferenceObjectByHandle+0x2e
ffffd60487aa72f0 fffff800625bce64 : ffff8408e9f8ae30 0000000000220001 ffff8408e1f7bde0 0000000000000000 : nt!VerifierObReferenceObjectByHandle+0x3b
ffffd60487aa7340 fffff800625b936d : ffff8408e307f3c0 00007bf7160751c8 ffffd60487aa7490 fffff8006126f6e0 : UpstreamDriver!UpstreamDriverRegisterEvent+0x124 [d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c @ 884]
ffffd60487aa7390 fffff80061229995 : 00007bf71e1414a8 00007bf7160751c8 0000000000000001 0000000000000008 : UpstreamDriver!UpstreamDriverEvtIoDeviceControl+0xbd [d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c @ 733]
ffffd60487aa73f0 fffff80061229297 : ffffd60487aa7500 ffff8408e1ebeb50 ffff8408e7e17b20 fffff8006127d000 : Wdf01000!FxIoQueue::DispatchRequestToDriver+0x225 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3325]
ffffd60487aa7490 fffff800612274e2 : ffff8408e1ebeb50 ffff8408e1eb7c00 0000000000000000 0000000000000000 : Wdf01000!FxIoQueue::DispatchEvents+0x617 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3125]
ffffd60487aa7570 fffff80061226f8d : ffff8408e1eb7c02 ffff8408e93c3000 ffff8408e9f8ae30 0000000fffffff01 : Wdf01000!FxPkgIo::DispatchStep1+0x542 [minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 324]
ffffd60487aa7630 fffff80061221b73 : ffff8408e93c3010 0000000000000fff 8000000000000867 ffffd8800c800000 : Wdf01000!FxPkgIo::Dispatch+0x5d [minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 119]
ffffd60487aa7690 fffff8033095d0d9 : ffff8408e9f94a90 0000000000000001 0000000000000000 0000000000000002 : Wdf01000!FxDevice::DispatchWithLock+0x113 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
ffffd60487aa76f0 fffff80330f18721 : ffffd60487aa7a80 ffff8408e93c3010 0000000000000001 ffff8408e9f94a90 : nt!IofCallDriver+0x59
ffffd60487aa7730 fffff80330f4369a : ffffd60487aa7a80 ffff8408e93c3248 ffff8408e93c3000 ffffd60487aa7a80 : nt!IopSynchronousServiceTail+0x1b1
ffffd60487aa77e0 fffff80330ed02d6 : 00000018f0fad320 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x68a
ffffd60487aa7920 fffff80330a69785 : ffff8408e9fee0c0 00000018f0fad308 ffffd60487aa79a8 0000000000000000 : nt!NtDeviceIoControlFile+0x56
ffffd60487aa7990 00007ff9e9d6f754 : 00007ff9e6c5ef57 0000000000000000 00007ff9e6c8b452 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
00000018f0fad2d8 00007ff9e6c5ef57 : 0000000000000000 00007ff9e6c8b452 0000000000000000 000000000000009c : ntdll!NtDeviceIoControlFile+0x14
00000018f0fad2e0 00007ff9e7185b90 : 0000000000220001 00000018f0fad338 cccccccc00000080 0000000000000000 : KERNELBASE!DeviceIoControl+0x67
00000018f0fad350 00007ff6930a2d46 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!DeviceIoControlImplementation+0x80
00000018f0fad3a0 00007ff6930a14f9 : 00007ff6930bc9b0 00007ff6930b6bd0 00000000fffffd7f 0000000000000000 : UpstreamDriver_test+0x2d46
00000018f0fad400 00007ff6930a74ea : 00007ff6930bc9b0 00007ff600000400 00007ff9bacd6d70 0000000000000000 : UpstreamDriver_test+0x14f9
00000018f0fad520 00007ff6930aa8d4 : 0000000000000000 00007ff6930aa00d 0000000000000000 00007ff6930ae380 : UpstreamDriver_test+0x74ea
00000018f0faf7f0 00007ff6930aa82e : 00007ff6930ae300 00007ff6930ae360 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa8d4
00000018f0faf830 00007ff6930aa6ee : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa82e
00000018f0faf8a0 00007ff6930aa949 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa6ee
00000018f0faf8d0 00007ff9e71881f4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa949
00000018f0faf900 00007ff9e9d3a251 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0x14
00000018f0faf930 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21

THREAD_SHA1_HASH_MOD_FUNC: 52b7fcda99690f3cd17478afdde3ebac34cc65eb

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9131a816fba4ced6581c41d7bac3ae3d51351269

THREAD_SHA1_HASH_MOD: 304fe32e231f04642a6dc9ad7cc378b3d321c548

FOLLOWUP_IP:
UpstreamDriver!UpstreamDriverRegisterEvent+124 [d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c @ 884]
fffff800`625bce64 89442430 mov dword ptr [rsp+30h],eax

FAULT_INSTR_CODE: 30244489

FAULTING_SOURCE_LINE: d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c

FAULTING_SOURCE_FILE: d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c

FAULTING_SOURCE_LINE_NUMBER: 884

FAULTING_SOURCE_CODE:
880: }
881:
882: DBGPRINT(DPFLTR_INFO_LEVEL, “New Event \n”);
883:

884: status = ObReferenceObjectByHandle(pInputEvent->hEvent, SYNCHRONIZE | EVENT_MODIFY_STATE, *ExEventObjectType, KernelMode, ((VOID *)(&(pDevExt->DRIVERPVT.pNamedEvent))), NULL);
885:
886: if (NULL == ((VOID *)(&(pDevExt->DRIVERPVT.pNamedEvent))))
887: {
888: DBGPRINT(DPFLTR_ERROR_LEVEL, “UpstreamDriver_IOCTL_REGISTER_EVENT Handle is NULL \n”);
889: status = STATUS_INVALID_PARAMETER;

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: UpstreamDriver!UpstreamDriverRegisterEvent+124

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: UpstreamDriver

IMAGE_NAME: UpstreamDriver.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5c7fa3ab

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 124

FAILURE_BUCKET_ID: 0xc4_f6_VRF_UpstreamDriver!UpstreamDriverRegisterEvent

BUCKET_ID: 0xc4_f6_VRF_UpstreamDriver!UpstreamDriverRegisterEvent

PRIMARY_PROBLEM_CLASS: 0xc4_f6_VRF_UpstreamDriver!UpstreamDriverRegisterEvent

TARGET_TIME: 2019-03-06T10:49:16.000Z

OSBUILD: 17763

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 180914-1434

BUILDLAB_STR: rs5_release

BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME: 1a4e

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xc4_f6_vrf_UpstreamDriver!UpstreamDriverregisterevent

FAILURE_ID_HASH: {b75f53ca-3470-c7ad-5380-9aa85393232b}

Followup: MachineOwner

2

You need to specify UserMode as the access mode parameter if the HANDLE you are converting is from user mode.

3

After the usermode change i am getting this crash

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000000002001b, ID of the ‘IrqlObPassive’ rule that was violated.
Arg2: fffff80758773f90, A pointer to the string describing the violated rule condition.
Arg3: 0000000000000000, Reserved (unused).
Arg4: 0000000000000000, Reserved (unused).

Debugging Details:
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER:
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
DUMP_TYPE: 0
BUGCHECK_P1: 2001b
BUGCHECK_P2: fffff80758773f90
BUGCHECK_P3: 0
BUGCHECK_P4: 0
DV_VIOLATED_CONDITION: ObReferenceObjectByHandle should only be called at IRQL = PASSIVE_LEVEL.
DV_MSDN_LINK: https://go.microsoft.com/fwlink/?LinkId=216044
DV_RULE_INFO: 0x2001B

BUGCHECK_STR: 0xc4_IrqlObPassive_XDV

CPU_COUNT: 4

CPU_MHZ: bb8

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: 9

CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 84’00000000 (cache) 84’00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: UpstreamDriver-test.exe

CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-TFVN32S
ANALYSIS_SESSION_TIME: 03-06-2019 19:07:01.0143

ANALYSIS_VERSION: 10.0.18317.1001 amd64fre
LAST_CONTROL_TRANSFER: from fffff8007572dab2 to fffff80075658240
STACK_TEXT:
ffffa38fb53b6988 fffff8007572dab2 : 000000000002001b 0000000000000003 ffffa38fb53b6af0 fffff800755f8200 : nt!DbgBreakPointWithStatus
ffffa38fb53b6990 fffff8007572d237 : 0000000000000003 ffffa38fb53b6af0 fffff80075664560 00000000000000c4 : nt!KiBugCheckDebugBreak+0x12
ffffa38fb53b69f0 fffff800756506e7 : 0000000000000001 fffff807587645a2 000000000002001b 000000000002001b : nt!KeBugCheck2+0x957
ffffa38fb53b7110 fffff8075876314e : 00000000000000c4 000000000002001b fffff80758773f90 0000000000000000 : nt!KeBugCheckEx+0x107
ffffa38fb53b7150 fffff807587538c7 : 0000000000000101 0000000000000104 0000000000100002 0000000000000000 : VerifierExt!XdvUnifiedBugCheck+0x36e
ffffa38fb53b71d0 fffff80758753910 : ffffb689d2aa000b ffffa38fb53b7180 ffffe4fef65a6940 ffffb689d48be328 : VerifierExt!SLIC_ObReferenceObjectByHandle_entry_IrqlObPassive+0x33
ffffa38fb53b7210 fffff80075de29db : 0000000000000104 0000000000220001 ffffb689c98b7a60 ffffb689cac838a0 : VerifierExt!ObReferenceObjectByHandle_wrapper+0x30
ffffa38fb53b7250 fffff80759c5ce64 : ffffb689d2aa6e30 0000000000220001 ffffb689cac838a0 0000000000000000 : nt!VerifierObReferenceObjectByHandle+0x3b
ffffa38fb53b72a0 fffff80759c5936d : ffffb689cae65380 000049762d5591c8 ffffa38fb53b73f0 fffff8075882f6e0 : UpstreamDriver!UpstreamDriverRegisterEvent+0x124 [d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c @ 889]
ffffa38fb53b72f0 fffff807587e9995 : 00004976353636d8 000049762d5591c8 0000000000000001 0000000000000008 : UpstreamDriver!UpstreamDriverEvtIoDeviceControl+0xbd [d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c @ 733]
ffffa38fb53b7350 fffff807587e9297 : ffffa38fb53b7400 ffffb689cac9c920 ffffb689d48be2a0 fffff8075883d000 : Wdf01000!FxIoQueue::DispatchRequestToDriver+0x225 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3325]
ffffa38fb53b73f0 fffff807587e74e2 : ffffb689cac9c920 ffffb689cae65a00 0000000000000000 fffff80075798802 : Wdf01000!FxIoQueue::DispatchEvents+0x617 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3125]
ffffa38fb53b74d0 fffff807587e6f8d : ffffb689cae65a02 ffffb689d426d900 ffffb689d2aa6e30 ffffa38fb53b7601 : Wdf01000!FxPkgIo::DispatchStep1+0x542 [minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 324]
ffffa38fb53b7590 fffff807587e1b73 : ffffb689d426d9a0 fffff800758da840 0000000000000002 0000000000000000 : Wdf01000!FxPkgIo::Dispatch+0x5d [minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 119]
ffffa38fb53b75f0 fffff8075875c38d : ffffa38fb53b7670 fffff807587e1a60 0000000000000000 0000000000000002 : Wdf01000!FxDevice::DispatchWithLock+0x113 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
ffffa38fb53b7650 fffff80075ddfa34 : 000000000000000e 0000000000000001 ffffb689cabfe8b0 ffffb689d4ccec10 : VerifierExt!xdv_IRP_MJ_DEVICE_CONTROL_wrapper+0x9d
ffffa38fb53b7680 fffff80075ddf9b6 : 00007ff7bb7cb110 00007ff7bb7ca111 fffff03ffbddbe58 fffff03ffbddbe50 : nt!ViGenericDispatchHandler+0x40
ffffa38fb53b76c0 fffff800755550d9 : ffffb689d32c4338 ffffb689d32c4300 ffffb600cae648c1 ffffb689d4d5a080 : nt!ViGenericDeviceControl+0x16
ffffa38fb53b76f0 fffff80075b10721 : ffffa38fb53b7a80 ffffb689d426d9a0 0000000000000001 ffffb689d4ccec10 : nt!IofCallDriver+0x59
ffffa38fb53b7730 fffff80075b3b69a : ffffa38fb53b7a80 ffffb689d426dbd8 ffffb689d426d900 ffffa38fb53b7a80 : nt!IopSynchronousServiceTail+0x1b1
ffffa38fb53b77e0 fffff80075ac82d6 : 00000010ed4fd3f0 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x68a
ffffa38fb53b7920 fffff80075661785 : ffffb689d4d5a080 00000010ed4fd3d8 ffffa38fb53b79a8 0000000000000000 : nt!NtDeviceIoControlFile+0x56
ffffa38fb53b7990 00007ffc7138f754 : 00007ffc6df4ef57 0000000000000000 00007ffc6df7b452 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
00000010ed4fd3a8 00007ffc6df4ef57 : 0000000000000000 00007ffc6df7b452 0000000000000000 000000000000010c : ntdll!NtDeviceIoControlFile+0x14
00000010ed4fd3b0 00007ffc6f5d5b90 : 0000000000220001 00000010ed4fd408 cccccccc00000080 0000000000000000 : KERNELBASE!DeviceIoControl+0x67
00000010ed4fd420 00007ff7bb7b2d46 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!DeviceIoControlImplementation+0x80
00000010ed4fd470 00007ff7bb7b14f9 : 00007ff7bb7cc9b0 00007ff7bb7c6bd0 00000000fffffd7f 0000000000000000 : UpstreamDriver_test+0x2d46
00000010ed4fd4d0 00007ff7bb7b74ea : 00007ff7bb7cc9b0 00007ff700000400 00007ffc42286d70 0000000000000000 : UpstreamDriver_test+0x14f9
00000010ed4fd5f0 00007ff7bb7ba8d4 : 0000000000000000 00007ff7bb7ba00d 0000000000000000 00007ff7bb7be380 : UpstreamDriver_test+0x74ea
00000010ed4ff8c0 00007ff7bb7ba82e : 00007ff7bb7be300 00007ff7bb7be360 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa8d4
00000010ed4ff900 00007ff7bb7ba6ee : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa82e
00000010ed4ff970 00007ff7bb7ba949 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa6ee
00000010ed4ff9a0 00007ffc6f5d81f4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : UpstreamDriver_test+0xa949
00000010ed4ff9d0 00007ffc7135a251 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0x14
00000010ed4ffa00 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21

THREAD_SHA1_HASH_MOD_FUNC: ad5cef7ce511e4acc16292cf2e6656c93dfc9388

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c6dafa12121058cea38fd78f7cdb2d0d6018d275

THREAD_SHA1_HASH_MOD: 72b97058f42c7a960f3307b462a56fc3e01eaae2

FOLLOWUP_IP:
UpstreamDriver!UpstreamDriverRegisterEvent+124 [d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c @ 889]
fffff807`59c5ce64 89442430 mov dword ptr [rsp+30h],eax

FAULT_INSTR_CODE: 30244489

FAULTING_SOURCE_LINE: d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c

FAULTING_SOURCE_FILE: d:\windows drivers development\svn_driver_code\sys\UpstreamDriver-control.c

FAULTING_SOURCE_LINE_NUMBER: 889

FAULTING_SOURCE_CODE:
885:
886: DBGPRINT(DPFLTR_INFO_LEVEL, “New Event \n”);
887:
888:

889: status = ObReferenceObjectByHandle(pInputEvent->hEvent, SYNCHRONIZE | EVENT_MODIFY_STATE, *ExEventObjectType, UserMode, ((VOID *)(&(pDevExt->DRIVERPVT.pNamedEvent))), NULL);
890:
891: if (NULL == ((VOID *)(&(pDevExt->DRIVERPVT.pNamedEvent))))
892: {
893: DBGPRINT(DPFLTR_ERROR_LEVEL, “UpstreamDriver_IOCTL_REGISTER_EVENT Handle is NULL \n”);
894: status = STATUS_INVALID_PARAMETER;

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: UpstreamDriver!UpstreamDriverRegisterEvent+124

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: UpstreamDriver

IMAGE_NAME: UpstreamDriver.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5c7fc99a

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 124

FAILURE_BUCKET_ID: 0xc4_IrqlObPassive_XDV_VRF_UpstreamDriver!UpstreamDriverRegisterEvent

BUCKET_ID: 0xc4_IrqlObPassive_XDV_VRF_UpstreamDriver!UpstreamDriverRegisterEvent

PRIMARY_PROBLEM_CLASS: 0xc4_IrqlObPassive_XDV_VRF_UpstreamDriver!UpstreamDriverRegisterEvent

TARGET_TIME: 2019-03-06T13:36:48.000Z

OSBUILD: 17763

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
USER_LCID: 0
BUILDDATESTAMP_STR: 180914-1434

BUILDLAB_STR: rs5_release

BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME: 17f9

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xc4_irqlobpassive_xdv_vrf_UpstreamDriver!UpstreamDriverregisterevent

FAILURE_ID_HASH: {85b474f6-2d07-1075-9a0c-4e82fd8a058a}

Followup: MachineOwner

4

This error could not possibly be more clear. It is telling you in plain words what you did wrong:

On Mar 6, 2019, at 5:42 AM, bappu wrote:
>
> Arg1: 000000000002001b, ID of the ‘IrqlObPassive’ rule that was violated.
> Arg2: fffff80758773f90, A pointer to the string describing the violated rule condition.
> Arg3: 0000000000000000, Reserved (unused).
> Arg4: 0000000000000000, Reserved (unused).
> …
> DV_VIOLATED_CONDITION: ObReferenceObjectByHandle should only be called at IRQL = PASSIVE_LEVEL.
> DV_MSDN_LINK: https://go.microsoft.com/fwlink/?LinkId=216044
> DV_RULE_INFO: 0x2001B


Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.