Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


indebuggable bsod

Gova_GimerGova_Gimer Member - All Emails Posts: 43

I'am on driver disk file system and i have a indebuggable bsod.
I mount disk and i click on directory mounter and propertie disk and i have a bsod.
I can't solve this problem.

I'am on driver disk file system ,
When i click on my disk et property i'am a indebuggable bsod !!

fileinfo.sys IS NOT MY DRIVER !!!!!!!!

Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Storage-Test\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 10240 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.17443.amd64fre.th1.170602-2340
Machine Name:
Kernel base = 0xfffff8000bc12000 PsLoadedModuleList = 0xfffff8000bf36070
Debug session time: Sun Dec 8 15:47:03.665 2019 (UTC + 1:00)
System Uptime: 0 days 0:10:23.523
Loading Kernel Symbols
...............................................................
.....Page 15de13 not present in the dump file. Type ".hh dbgerr004" for details
.......Page 100558 not present in the dump file. Type ".hh dbgerr004" for details
....................................................
...............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff7`c06db018). Type ".hh dbgerr001" for details


  • *
  • Bugcheck Analysis *
  • *

Use !analyze -v to get detailed debugging information.

BugCheck CC, {ffffcf808cec4d77, 0, fffff8000bceacd9, 0}

Probably caused by : fileinfo.sys ( fileinfo!FIPostCreateCallback+153 )

Followup: MachineOwner

1: kd> !analyze -v


  • *
  • Bugcheck Analysis *
  • *

PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf808cec4d77, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff8000bceacd9, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

Debugging Details:

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 10240.17443.amd64fre.th1.170602-2340

SYSTEM_MANUFACTURER: innotek GmbH

VIRTUAL_MACHINE: VirtualBox

SYSTEM_PRODUCT_NAME: VirtualBox

SYSTEM_VERSION: 1.2

BIOS_VENDOR: innotek GmbH

BIOS_VERSION: VirtualBox

BIOS_DATE: 12/01/2006

BASEBOARD_MANUFACTURER: Oracle Corporation

BASEBOARD_PRODUCT: VirtualBox

BASEBOARD_VERSION: 1.2

DUMP_TYPE: 1

BUGCHECK_P1: ffffcf808cec4d77

BUGCHECK_P2: 0

BUGCHECK_P3: fffff8000bceacd9

BUGCHECK_P4: 0

READ_ADDRESS: ffffcf808cec4d77 Special pool

FAULTING_IP:
nt!FsRtlLookupReservedPerStreamContext+9
fffff800`0bceacd9 0fb64107 movzx eax,byte ptr [rcx+7]

MM_INTERNAL_CODE: 0

CPU_COUNT: 2

CPU_MHZ: fa0

CPU_VENDOR: AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 2

CPU_STEPPING: 0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xCC

PROCESS_NAME: dllhost.exe

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: DESKTOP-J0KVJ3N

ANALYSIS_SESSION_TIME: 12-08-2019 15:51:27.0877

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

TRAP_FRAME: ffffd0008858ceb0 -- (.trap 0xffffd0008858ceb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8000bf1a448 rbx=0000000000000000 rcx=ffffcf808cec4d70
rdx=ffffe0019b930010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000bceacd9 rsp=ffffd0008858d040 rbp=ffffd0008858d198
r8=0000000000000000 r9=ffffd0008858d120 r10=fffff801e2d00000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!FsRtlLookupReservedPerStreamContext+0x9:
fffff8000bceacd9 0fb64107 movzx eax,byte ptr [rcx+7] ds:ffffcf808cec4d77=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8000bda9714 to fffff8000bd615f0

STACK_TEXT:
ffffd0008858cc68 fffff8000bda9714 : 0000000000000050 ffffcf808cec4d77 0000000000000000 ffffd0008858ceb0 : nt!KeBugCheckEx
ffffd0008858cc70 fffff8000bc46eb6 : 0000000000000000 0000000000000000 ffffd0008858ceb0 fffff801e45396e6 : nt! ?? ::FNODOBFM::string'+0x39514 ffffd0008858cd60 fffff8000bd6a6bd : ffff01008858ce00 000000000c46315c ffffe00100000101 ffffd0008858cf90 : nt!MmAccessFault+0x696 ffffd0008858ceb0 fffff8000bceacd9 : ffffcf808cf60e50 fffff80000000000 ffffe0019a307580 fffff801e2e464e9 : nt!KiPageFault+0x13d ffffd0008858d040 fffff801e2d0701d : fffff801e454a370 fffff801e45392ea 0000000000000000 fffff801e4539331 : nt!FsRtlLookupReservedPerStreamContext+0x9 ffffd0008858d070 fffff801e2d06f51 : ffffe0019b930010 fffff8000bc5dab8 0000000100000000 fffff801e45530b0 : FLTMGR!FltpGetStreamListCtrl+0x4d ffffd0008858d0e0 fffff801e361bcb3 : 0000000000000000 ffff8000fa4a6b67 ffffe0019b6e9bc0 0000000000000000 : FLTMGR!FltGetStreamContext+0x21 ffffd0008858d120 fffff801e2d03652 : 0000000000000000 fffff801e2e4c0ed ffffe0019b6e9bc0 ffffd0008858d2e0 : fileinfo!FIPostCreateCallback+0x153 ffffd0008858d1d0 fffff801e2d03086 : ffffe0019bd01000 ffffe0019bd01000 ffffcf808cf60e50 0000000000000000 : FLTMGR!FltpPerformPostCallbacks+0x2b2 ffffd0008858d2a0 fffff801e2d0525a : ffffe0019bd01028 ffffe0019bd01010 ffffcf808cf60e50 ffffcf808cf60f68 : FLTMGR!FltpPassThroughCompletionWorker+0x76 ffffd0008858d2e0 fffff801e2d3383a : ffffe0019b6e9df0 ffffe0019b90c010 0000000000000103 fffff80000000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a ffffd0008858d360 fffff8000c33d044 : ffffcf808cf60e00 ffffcf808cf60e50 6d4e6f4900000005 0000000000000000 : FLTMGR!FltpCreate+0x34a ffffd0008858d410 fffff8000bc24d42 : 0000000000000005 ffffd0008858d7c0 ffffe0019b9d4370 ffffe0019e20e460 : nt!IovCallDriver+0x3d8 ffffd0008858d470 fffff8000c02b245 : 0000000000000005 ffffd0008858d7c0 ffffe0019b9d4370 ffffe00100000000 : nt!IofCallDriver+0x72 ffffd0008858d4b0 fffff8000c0305d0 : fffff8000bc12000 fffff8000bc12000 fffff8000c0812a0 fffff8000c029860 : nt!IopParseDevice+0x19e5 ffffd0008858d6c0 fffff8000c02e40c : ffffe0019b90cb00 ffffd0008858d8b8 ffffe00100000040 ffffe0019a376f20 : nt!ObpLookupObjectName+0x9f0 ffffd0008858d830 fffff8000c093e5c : ffffd00000000001 ffffe0019b90c010 0000004b6e3bcdc0 0000004b6e3bcdb0 : nt!ObOpenObjectByName+0x1ec ffffd0008858d960 fffff8000c093a2c : 0000004b6e3bcd98 0000004b6e3bcc78 0000004b6e3bcdc0 0000004b6e3bcdb0 : nt!IopCreateFile+0x38c ffffd0008858da00 fffff8000bd6bc63 : ffffc00076bb5880 fffff8000c03989d 0000004b00000000 ffffc00000000008 : nt!NtOpenFile+0x58 ffffd0008858da90 00007ff91e423b5a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 0000004b6e3bcd48 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ff91e423b5a

STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 6183f13428bb0f708e73a461e3c5037bf3562477

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f6cf4dd3c72127b7c7f0c95500f7bc3c11152992

THREAD_SHA1_HASH_MOD: 5bbc1f80977babd8a0ff5a3f6d3954d493456400

FOLLOWUP_IP:
fileinfo!FIPostCreateCallback+153
fffff801`e361bcb3 448be0 mov r12d,eax

FAULT_INSTR_CODE: 85e08b44

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: fileinfo!FIPostCreateCallback+153

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME: fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 559f38b1

BUCKET_ID_FUNC_OFFSET: 153

FAILURE_BUCKET_ID: 0xCC_VRF_R_INVALID_fileinfo!FIPostCreateCallback

BUCKET_ID: 0xCC_VRF_R_INVALID_fileinfo!FIPostCreateCallback

PRIMARY_PROBLEM_CLASS: 0xCC_VRF_R_INVALID_fileinfo!FIPostCreateCallback

TARGET_TIME: 2019-12-08T14:47:03.000Z

OSBUILD: 10240

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2017-06-03 13:24:02

BUILDDATESTAMP_STR: 170602-2340

BUILDLAB_STR: th1

BUILDOSVER_STR: 10.0.10240.17443.amd64fre.th1.170602-2340

ANALYSIS_SESSION_ELAPSED_TIME: 8ca

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xcc_vrf_r_invalid_fileinfo!fipostcreatecallback

FAILURE_ID_HASH: {f457b6e3-30f6-5237-081a-8fb50b58947b}

Followup: MachineOwner

Comments

  • Mauro_LeggieriMauro_Leggieri Member Posts: 107

    Why do you say it is undebuggable? Do you have verifier enabled to your driver, ntoskrnl, fltmgr.sys, etc?

  • Don_BurnDon_Burn Member - All Emails Posts: 1,710

    So from your comments I assume you are on the stack below the driver that is failing. What does your driver do when it receives the request on the way down? For instance if you do something to mess up the create, but do not return the correct error then there is no file object for the upper driver to use for the stream context.

    There are a lot of things you could do in your driver that would cause a failure like this.

  • Gova_GimerGova_Gimer Member - All Emails Posts: 43

    My driver is enabled in verifier (microsoft utility).

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,152
    edited December 2019

    It’s not clear, is yours a file system or a file system filter. Or possibly even a disk filter.

    In addition to what Don says, given that verifier is on

    !verifier 80

    Would be instructive

  • Gova_GimerGova_Gimer Member - All Emails Posts: 43

    It"s a driver file system , not a file system filter

  • Don_BurnDon_Burn Member - All Emails Posts: 1,710

    So if it is your file system, are you setting up the file object correctly in response to the create request? That would explain the problem completely.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 30 Nov 2020 LIVE ONLINE
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Developing Minifilters Early 2021 LIVE ONLINE