Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

BSOD with error code 0x135, using Verity

Cecilia_wllCecilia_wll Member Posts: 13

Hello, all.

I am a beginner of windows driver.
And I heard Verity is a good tool to test your driver. So I use it and got a BSOD with error code 0x135.
The dump said that BSOD probably caused by : ntkrpamp.exe ( nt!CmpFatalFilter+17 ), but I think the exe has nothing to do with me.

Anyone have a way to find out the real reason? THANK YOU VERY MUCH.

Comments

  • Cecilia_wllCecilia_wll Member Posts: 13

    The part of debugging details:
    STACK_TEXT:
    807ec12c 840eb654 00000135 c0000005 807ec270 nt!KeBugCheckEx+0x1e
    807ec144 840eaa14 83ec6494 00000000 807ec8b0 nt!CmpFatalFilter+0x17
    807ec8b0 84080722 0000000e 807ec908 00000001 nt!CmpCallCallBacks+0x16d
    807ec91c 8406f591 a8ff5668 a8ff5668 a8ff5650 nt!CmpDeleteKeyObject+0x81
    807ec934 83ec4d60 00000000 85fdd4c0 a8ff5650 nt!ObpRemoveObjectRoutine+0x59
    807ec948 83ec4cd0 a8ff5668 84092308 87801b28 nt!ObfDereferenceObjectWithTag+0x88
    807ec950 84092308 87801b28 85fdd4c0 0000086c nt!ObfDereferenceObject+0xd
    807ec990 8409202e 87801b28 a99850d8 85fd1020 nt!ObpCloseHandleTableEntry+0x21d
    807ec9c0 8408e965 85fd1020 00000000 00000000 nt!ObpCloseHandle+0x7f
    807ec9d8 8401065a 8000086c 00000000 00000000 nt!ObCloseHandle+0x40
    807ecbbc 84013d98 00000001 00000000 807ecbe4 nt!IopLoadDriver+0xb61
    807ecc00 83ec9aab ac9adbd0 00000000 85fdd4c0 nt!IopLoadUnloadDriver+0x70
    807ecc50 84055f5e 00000001 36f5aa8c 00000000 nt!ExpWorkerThread+0x10d
    807ecc90 83efd219 83ec999e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

    THREAD_SHA1_HASH_MOD_FUNC: 049e447e55a7b64e8d7f3231653085e63a317e65
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a997c0d526fdb0f4723fb306ecfdf66411f77893
    THREAD_SHA1_HASH_MOD: 38bc5fec3f0409c265cf5c87da6f8f8859d0711c
    FOLLOWUP_IP:
    nt!CmpFatalFilter+17
    840eb654 cc int 3
    FAULT_INSTR_CODE: 909090cc
    SYMBOL_STACK_INDEX: 1
    SYMBOL_NAME: nt!CmpFatalFilter+17
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: nt
    IMAGE_NAME: ntkrpamp.exe
    DEBUG_FLR_IMAGE_TIMESTAMP: 4ce78a09
    IMAGE_VERSION: 6.1.7601.17514
    STACK_COMMAND: .thread ; .cxr ; kb
    FAILURE_BUCKET_ID: 0x135_VRF_nt!CmpFatalFilter+17
    BUCKET_ID: 0x135_VRF_nt!CmpFatalFilter+17
    PRIMARY_PROBLEM_CLASS: 0x135_VRF_nt!CmpFatalFilter+17
    TARGET_TIME: 2019-09-23T08:11:47.000Z
    OSBUILD: 7601
    OSSERVICEPACK: 1000
    SERVICEPACK_NUMBER: 0
    OS_REVISION: 0
    SUITE_MASK: 272
    PRODUCT_TYPE: 1
    OSPLATFORM_TYPE: x86
    OSNAME: Windows 7
    OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
    OS_LOCALE:
    USER_LCID: 0
    OSBUILD_TIMESTAMP: 2010-11-20 16:42:49
    BUILDDATESTAMP_STR: 101119-1850
    BUILDLAB_STR: win7sp1_rtm
    BUILDOSVER_STR: 6.1.7601.17514.x86fre.win7sp1_rtm.101119-1850
    ANALYSIS_SESSION_ELAPSED_TIME: 2dc
    ANALYSIS_SOURCE: KM
    FAILURE_ID_HASH_STRING: km:0x135_vrf_nt!cmpfatalfilter+17
    FAILURE_ID_HASH: {1cf614a7-193c-d67a-fc81-ffe957d678c0}

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,183

    Did you read the description for the bugcheck?

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x135--registry-filter-driver-exception

    A registry filter driver raised an exception and didn't catch it (probably an invalid pointer dereference). Do a .cxr on parameter 2 of the bugcheck (probably 0x807ec270).

    -scott
    OSR

  • Cecilia_wllCecilia_wll Member Posts: 13

    @Scott_Noone_(OSR) said:
    Did you read the description for the bugcheck?

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x135--registry-filter-driver-exception

    A registry filter driver raised an exception and didn't catch it (probably an invalid pointer dereference). Do a .cxr on parameter 2 of the bugcheck (probably 0x807ec270).

    Yes, I read the file but it didn't help much.
    I find the reason of the bug. It's because I send a empty string to function to deal. And in the function, I queto the string as a non empty string. So the Verifier send me a BSOD.
    Thank you for your attention. Have a good day:)

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE