Hello, all.
I am a beginner of windows driver.
And I heard Verity is a good tool to test your driver. So I use it and got a BSOD with error code 0x135.
The dump said that BSOD probably caused by : ntkrpamp.exe ( nt!CmpFatalFilter+17 ), but I think the exe has nothing to do with me.
Anyone have a way to find out the real reason? THANK YOU VERY MUCH.
The part of debugging details:
STACK_TEXT:
807ec12c 840eb654 00000135 c0000005 807ec270 nt!KeBugCheckEx+0x1e
807ec144 840eaa14 83ec6494 00000000 807ec8b0 nt!CmpFatalFilter+0x17
807ec8b0 84080722 0000000e 807ec908 00000001 nt!CmpCallCallBacks+0x16d
807ec91c 8406f591 a8ff5668 a8ff5668 a8ff5650 nt!CmpDeleteKeyObject+0x81
807ec934 83ec4d60 00000000 85fdd4c0 a8ff5650 nt!ObpRemoveObjectRoutine+0x59
807ec948 83ec4cd0 a8ff5668 84092308 87801b28 nt!ObfDereferenceObjectWithTag+0x88
807ec950 84092308 87801b28 85fdd4c0 0000086c nt!ObfDereferenceObject+0xd
807ec990 8409202e 87801b28 a99850d8 85fd1020 nt!ObpCloseHandleTableEntry+0x21d
807ec9c0 8408e965 85fd1020 00000000 00000000 nt!ObpCloseHandle+0x7f
807ec9d8 8401065a 8000086c 00000000 00000000 nt!ObCloseHandle+0x40
807ecbbc 84013d98 00000001 00000000 807ecbe4 nt!IopLoadDriver+0xb61
807ecc00 83ec9aab ac9adbd0 00000000 85fdd4c0 nt!IopLoadUnloadDriver+0x70
807ecc50 84055f5e 00000001 36f5aa8c 00000000 nt!ExpWorkerThread+0x10d
807ecc90 83efd219 83ec999e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
THREAD_SHA1_HASH_MOD_FUNC: 049e447e55a7b64e8d7f3231653085e63a317e65
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a997c0d526fdb0f4723fb306ecfdf66411f77893
THREAD_SHA1_HASH_MOD: 38bc5fec3f0409c265cf5c87da6f8f8859d0711c
FOLLOWUP_IP:
nt!CmpFatalFilter+17
840eb654 cc int 3
FAULT_INSTR_CODE: 909090cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!CmpFatalFilter+17
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce78a09
IMAGE_VERSION: 6.1.7601.17514
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0x135_VRF_nt!CmpFatalFilter+17
BUCKET_ID: 0x135_VRF_nt!CmpFatalFilter+17
PRIMARY_PROBLEM_CLASS: 0x135_VRF_nt!CmpFatalFilter+17
TARGET_TIME: 2019-09-23T08:11:47.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x86
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2010-11-20 16:42:49
BUILDDATESTAMP_STR: 101119-1850
BUILDLAB_STR: win7sp1_rtm
BUILDOSVER_STR: 6.1.7601.17514.x86fre.win7sp1_rtm.101119-1850
ANALYSIS_SESSION_ELAPSED_TIME: 2dc
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x135_vrf_nt!cmpfatalfilter+17
FAILURE_ID_HASH: {1cf614a7-193c-d67a-fc81-ffe957d678c0}
Did you read the description for the bugcheck?
A registry filter driver raised an exception and didn’t catch it (probably an invalid pointer dereference). Do a .cxr on parameter 2 of the bugcheck (probably 0x807ec270).
@“Scott_Noone_(OSR)” said:
Did you read the description for the bugcheck?A registry filter driver raised an exception and didn’t catch it (probably an invalid pointer dereference). Do a .cxr on parameter 2 of the bugcheck (probably 0x807ec270).
Yes, I read the file but it didn’t help much.
I find the reason of the bug. It’s because I send a empty string to function to deal. And in the function, I queto the string as a non empty string. So the Verifier send me a BSOD.
Thank you for your attention. Have a good day:)