Can i use KeWaitForSingleObject with infianity timeout in IRP Dispatch function?

In the IRP_MJ_DEVICE_CONTROL Dispatch function, I try to invoke the KeWaitForSingleObject with infianity timeout.

Like this:

KeWaitForSingleObject(pMainDevExt->pEvent, Executive, KernelMode, FALSE, NULL);

pEvent is Nonpaged pool allocate by ExAllocatePoolWithTag.

But i get a BSOD with IRQL_NOT_LESS_OR_EQUAL

1: kd> g
Driver Verifier: Enabled for MyDriver_ProcMon.sys, 0:0x100009, 1:0x2, build 19042, key 4XXOFJKTWokcIDxOlNSWC
KDTARGET: Refreshing KD connection

*** Fatal System Error: 0x0000000a
                       (0x0000000000000000,0x0000000000000002,0x0000000000000000,0xFFFFF8015AA156F1)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Then i found this in MSDN
https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/dispatch-routines-and-irqls

Furthermore, they should not be dependent on any blocking calls (such as KeWaitForSingleObject with a nonzero time-out).

But, i don’t know why. Why can’t i call KeWaitForSingleObject with a nonzero time-out? My KEVENT is located in Nonpaged pool, Why can’t i invoke?

0: kd> k
 # Child-SP          RetAddr               Call Site
00 fffffb8e`8a844b48 fffff801`5ad1cd12     nt!DbgBreakPointWithStatus
01 fffffb8e`8a844b50 fffff801`5ad1c2f6     nt!KiBugCheckDebugBreak+0x12
02 fffffb8e`8a844bb0 fffff801`5ac00df7     nt!KeBugCheck2+0x946
03 fffffb8e`8a8452c0 fffff801`5ac12c69     nt!KeBugCheckEx+0x107
04 fffffb8e`8a845300 fffff801`5ac0ef69     nt!KiBugCheckDispatch+0x69
05 fffffb8e`8a845440 fffff801`5aa156f1     nt!KiPageFault+0x469
06 fffffb8e`8a8455d0 fffff801`5b1e559d     nt!KeWaitForSingleObject+0x1e1
07 fffffb8e`8a8456c0 fffff801`5b1e49de     nt!ViKeWaitForSingleObjectCommon+0x95
08 fffffb8e`8a845710 fffff801`5e051280     nt!VerifierKeWaitForSingleObject+0x1e
09 fffffb8e`8a845750 fffff801`5ab225b5     MyDriver!DispatchIoControl+0x240 [G:\work\MyDriver_ProcMon\DriverEntry.cpp @ 152] 
0a fffffb8e`8a845800 fffff801`5aeec718     nt!IofCallDriver+0x55
0b fffffb8e`8a845840 fffff801`5aeebfe5     nt!IopSynchronousServiceTail+0x1a8
0c fffffb8e`8a8458e0 fffff801`5aeeb9e6     nt!IopXxxControlFile+0x5e5
0d fffffb8e`8a845a20 fffff801`5ac126b5     nt!NtDeviceIoControlFile+0x56
0e fffffb8e`8a845a90 00007ff9`c524cf04     nt!KiSystemServiceCopyEnd+0x25
0f 0000007b`f44ff678 00007ff9`c2d0ad21     ntdll!NtDeviceIoControlFile+0x14
10 0000007b`f44ff680 00007ff9`c43f5611     KERNELBASE!DeviceIoControl+0x121
11 0000007b`f44ff6f0 00007ff6`253c85fc     KERNEL32!DeviceIoControlImplementation+0x81
12 0000007b`f44ff740 000001d7`eca97ad0     0x00007ff6`253c85fc
13 0000007b`f44ff748 00000000`00000000     0x000001d7`eca97ad0

The KiPageFault is unbelievable, my KEVENT is in Nonpaged pool!
I don’t know why where is a KiPageFault.

Are you calling this from inside DriverEntry? (Looks like it) … you can’t wait forever in DriverEntry, that system thread will need to return at some point and the Verifier is calling you on this …

@craig_howard said:
Are you calling this from inside DriverEntry? (Looks like it) … you can’t wait forever in DriverEntry, that system thread will need to return at some point and the Verifier is calling you on this …

No, I call it in IRP_MJ_DEVICE_CONTROL dispatch function.

@craig_howard said:
Are you calling this from inside DriverEntry? (Looks like it) … you can’t wait forever in DriverEntry, that system thread will need to return at some point and the Verifier is calling you on this …

I put the all source code in the DriverEntry.cpp file … :cry:
It doesn’t mean i call it from DriverEntry function.

You are trying to access memory at address 0x0000000000000000

1 Like