Hello, I am writing a filter driver. After running for a period of time, a blue screen error occurred when uninstalling the program. The error message is as follows:
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff806827a5120, The address that the exception occurred at
Arg3: ffff9e89af0ae6d8, Exception Record Address
Arg4: ffff9e89af0adf10, Context Record Address
Debugging Details:
*** WARNING: Check Image - Checksum mismatch - Dump: 0xd19ad, File: 0xcffea - E:\win10 xuniji\Symbols\Wdf01000.sys\B83BBE8Ed1000\Wdf01000.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 1905
Key : Analysis.Elapsed.mSec
Value: 9772
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 2
Key : Analysis.IO.Write.Mb
Value: 1
Key : Analysis.Init.CPU.mSec
Value: 8124
Key : Analysis.Init.Elapsed.mSec
Value: 4724685
Key : Analysis.Memory.CommitPeak.Mb
Value: 126
Key : Bugcheck.Code.KiBugCheckData
Value: 0x7e
Key : Bugcheck.Code.LegacyAPI
Value: 0x7e
Key : Bugcheck.Code.TargetModel
Value: 0x7e
Key : Failure.Bucket
Value: AV_MyVPNClient20240501!FxStubDriverUnload
Key : Failure.Hash
Value: {45b75348-52f0-852b-da78-6ad630f4750d}
Key : Hypervisor.Enlightenments.Value
Value: 12576
Key : Hypervisor.Enlightenments.ValueHex
Value: 3120
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 0
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 1
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 536632
Key : Hypervisor.Flags.ValueHex
Value: 83038
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 0
Key : Hypervisor.RootFlags.AccessStats
Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0
Key : Hypervisor.RootFlags.MceEnlightened
Value: 0
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0
Key : Hypervisor.RootFlags.Value
Value: 0
Key : Hypervisor.RootFlags.ValueHex
Value: 0
Key : SecureKernel.HalpHvciEnabled
Value: 0
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff806827a5120
BUGCHECK_P3: ffff9e89af0ae6d8
BUGCHECK_P4: ffff9e89af0adf10
EXCEPTION_RECORD: ffff9e89af0ae6d8 -- (.exr 0xffff9e89af0ae6d8)
ExceptionAddress: fffff806827a5120 (Wdf01000!FxObject::ProcessDestroy+0x000000000000004c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000000d1e1
Attempt to read from address 000000000000d1e1
CONTEXT: ffff9e89af0adf10 -- (.cxr 0xffff9e89af0adf10)
rax=0000000000000000 rbx=ffffc883fcb1fe20 rcx=0000000000000008
rdx=0000000000000000 rsi=0000000000000000 rdi=000000000000d1d1
rip=fffff806827a5120 rsp=ffff9e89af0ae910 rbp=0000377c034e01d8
r8=00000000000004de r9=fffff80682837cd8 r10=fffff8068063aca0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000200
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
Wdf01000!FxObject::ProcessDestroy+0x4c:
fffff806827a5120 488b4710 mov rax,qword ptr [rdi+10h] ds:002b:000000000000d1e1=????????????????
Resetting default scope
PROCESS_NAME: System
READ_ADDRESS: unable to get nt!PspSessionIdBitmap
000000000000d1e1
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p %s
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000000d1e1
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffff9e89af0ae910 fffff806827a4fb6 : ffff9e89b0f4f750 ffffc883fcb1fe20 0000000000000000 ffffc8840290de01 : Wdf01000!FxObject::ProcessDestroy+0x4c [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 320]
ffff9e89af0ae950 fffff806827a415a : ffffc883fcb1fe20 ffffc883fcb1fe20 ffff9e89b0f4f750 0000000000000001 : Wdf01000!FxMemoryObject::Release+0x56 [minkernel\wdf\framework\shared\inc\private\common\FxMemoryObject.hpp @ 146]
ffff9e89af0ae990 fffff806827a84cf : ffffc8840290de00 ffffc8840290de00 0000000000000000 0000000000000000 : Wdf01000!FxObject::ParentDeleteEvent+0x82 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 724]
ffff9e89af0ae9d0 fffff806827a5f8e : ffffc8840290dde0 ffffc883fcb34278 ffffc883ff402350 fffff80683483048 : Wdf01000!FxObject::DestroyChildren+0x3f [minkernel\wdf\framework\shared\inc\private\common\FxObject.hpp @ 496]
ffff9e89af0aea00 fffff806827f3309 : ffffc883ff402350 ffffc88401e0b290 0000000000000000 0000000000000000 : Wdf01000!FxObject::DeleteObject+0x17e [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 124]
ffff9e89af0aea80 fffff806827f371a : 0000377bfd6f2218 0000000000000000 0000000000000000 ffffc883fd0e4a60 : Wdf01000!FxDriver::DeleteObject+0x9 [minkernel\wdf\framework\shared\inc\private\common\FxDriver.hpp @ 375]
ffff9e89af0aeab0 fffff8068cbf3e92 : ffffc883fd186040 ffffc883fd0e4a60 ffff9e89b0f4f750 fffff806847ebcae : Wdf01000!FxDriver::Unload+0xda [minkernel\wdf\framework\shared\core\fxdriver.cpp @ 199]
ffff9e89af0aeb00 fffff80680c52243 : 0000000000000000 ffffc88401b24b68 fffff80681125440 0000000000000000 : MyVPNClient20240501!FxStubDriverUnload+0x22 [minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 190]
ffff9e89af0aeb30 fffff806806c3ea5 : ffffc88300000000 0000000000000000 ffffc883fd186040 fffff80600000000 : nt!IopLoadUnloadDriver+0xd1103
ffff9e89af0aeb70 fffff8068074ef55 : ffffc883fd186040 0000000000000080 ffffc883fd085080 0000000000000080 : nt!ExpWorkerThread+0x105
ffff9e89af0aec10 fffff80680806a48 : ffffb381b09c8180 ffffc883fd186040 fffff8068074ef00 0000000000000246 : nt!PspSystemThreadStartup+0x55
ffff9e89af0aec60 0000000000000000 : ffff9e89af0af000 ffff9e89af0a9000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x28
FAULTING_SOURCE_LINE: minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp
FAULTING_SOURCE_FILE: minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp
FAULTING_SOURCE_LINE_NUMBER: 190
FAULTING_SOURCE_CODE:
No source found for 'minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp'
SYMBOL_NAME: MyVPNClient20240501!FxStubDriverUnload+22
MODULE_NAME: MyVPNClient20240501
IMAGE_NAME: MyVPNClient20240501.sys
STACK_COMMAND: .cxr 0xffff9e89af0adf10 ; kb
BUCKET_ID_FUNC_OFFSET: 22
FAILURE_BUCKET_ID: AV_MyVPNClient20240501!FxStubDriverUnload
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {45b75348-52f0-852b-da78-6ad630f4750d}
Followup: MachineOwner
If you are willing to help me, please try to be as detailed as possible. I am a newbie and I don’t understand many things. Thank you for your help.