BAD_POOL_CALLER on Windows XP

OSR_Community_User · November 25, 2003, 8:57am

So are you going to turn on driver verifier for your driver, for sr.sys and
for anyone else you think might be involved? Or are you going to continue to
hack around looking for permutations of the problem? Verifier is pretty good
at find pool corruption errors.

By the way, it is your driver that is causing the problem, right?

=====================
Mark Roddy

-----Original Message-----
From: Subodh Gupta [mailto:xxxxx@softhome.net]
Sent: Tuesday, November 25, 2003 8:48 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] RE: BAD_POOL_CALLER on Windows XP

Hi mats,
thanks for your valuable suggestions,I just have one Sr.sys
on the system and that is the system restore driver. As a
short cut i first tried to disable the System Restore Feature
of XP, and commented the ExFreePool calls in my driver just
for testing it.By doing this i am able to get rid of the Bug
Check when AutoChk.exe is running.But this brings in a new
bug again from file system which is
DRIVER_IRQL_NOT_LESS_OR_EQUAL when system is showing welcome
screen, please take a look at the stack. it shows that a
call to nt!CcGetVirtualAddress generated the bug check.I am
working on NOP method and buffer checking but for the time
being this results i have in hand for posting.

kd> !analyze -v
**************************************************************
*****************

*

*
* Bugcheck Analysis

*
*

*
**************************************************************
*****************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely
invalid) address at an interrupt request level (IRQL) that is
too high. This is usually caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804f03fb, address which referenced memory

Debugging Details:

READ_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!CcGetVirtualAddress+7b
804f03fb 8b3c81 mov edi,[ecx+eax*4]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 805808d9 to 804f03fb

TRAP_FRAME: fc171960 – (.trap fffffffffc171960) ErrCode =
00000000 eax=00000000 ebx=810c37a8 ecx=00000000 edx=00000000
esi=00000000
edi=810c3878
eip=804f03fb esp=fc1719d4 ebp=fc1719f4 iopl=0 nv up
ei pl zr na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000246
nt!CcGetVirtualAddress+7b:
804f03fb 8b3c81 mov edi,[ecx+eax*4]
Resetting default context

STACK_TEXT:
fc1719f4 805808d9 000c37a8 00000000 00000000
nt!CcGetVirtualAddress+0x7b fc171a5c fc3f6ba3 811c8028
fc171a88 00001000 nt!CcMapData+0x8b fc171a90 fc3f66a9
811f4008 e15b4840 00000000 Fastfat!FatReadDirectoryFile+0x90
fc171b60 fc3f7317 811f4008 e15b4840 e18be608
Fastfat!FatLocateDirent+0xf0
fc171c98 fc3f6285 811f4008 8117a008 fc3f7706
Fastfat!FatQueryDirectory+0x4ab
fc171ca4 fc3f7706 811f4008 8117a008 811cb230
Fastfat!FatCommonDirectoryControl+0x3d
fc171ce8 804eca36 81250be8 8117a008 806c9190
Fastfat!FatFsdDirectoryControl+0x65
fc171cf8 8058b076 fc171d64 00f0f894 805951e4
nt!IopfCallDriver+0x31 fc171d0c 8059523f 81250be8 8117a008
810e5c40 nt!IopSynchronousServiceTail+0x5e fc171d30 804da140
00000488 00000000 00000000 nt!NtQueryDirectoryFile+0x5b
fc171d30 7ffe0304 00000488 00000000 00000000
nt!KiSystemService+0xc4 00f0f85c 77f75fba 77e7eb29 00000488 00000000
SharedUserData!SystemCallStub+0x4
00f0f860 77e7eb29 00000488 00000000 00000000
ntdll!ZwQueryDirectoryFile+0xc
WARNING: Stack unwind information not available. Following
frames may be wrong.
00f0fb54 77e7eb75 00528260 00000488 00f0fb8c
kernel32!FindFirstFileExW+0x1b8
00f0fea4 00000000 00000000 00000000 00000484
kernel32!FindFirstFileW+0x13

FOLLOWUP_IP:
nt!CcGetVirtualAddress+7b
804f03fb 8b3c81 mov edi,[ecx+eax*4]

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!CcGetVirtualAddress+7b

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 3d6de35c

STACK_COMMAND: .trap fffffffffc171960 ; kb

BUCKET_ID: 0xA_nt!CcGetVirtualAddress+7b

Followup: MachineOwner

kd> .trap fffffffffc171960
ErrCode = 00000000
eax=00000000 ebx=810c37a8 ecx=00000000 edx=00000000 esi=00000000
edi=810c3878
eip=804f03fb esp=fc1719d4 ebp=fc1719f4 iopl=0 nv up
ei pl zr na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000246
nt!CcGetVirtualAddress+7b:
804f03fb 8b3c81 mov edi,[ecx+eax*4]
kd> kb
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
fc1719f4 805808d9 000c37a8 00000000 00000000
nt!CcGetVirtualAddress+0x7b fc171a5c fc3f6ba3 811c8028
fc171a88 00001000 nt!CcMapData+0x8b fc171a90 fc3f66a9
811f4008 e15b4840 00000000 Fastfat!FatReadDirectoryFile+0x90
fc171b60 fc3f7317 811f4008 e15b4840 e18be608
Fastfat!FatLocateDirent+0xf0
fc171c98 fc3f6285 811f4008 8117a008 fc3f7706
Fastfat!FatQueryDirectory+0x4ab
fc171ca4 fc3f7706 811f4008 8117a008 811cb230
Fastfat!FatCommonDirectoryControl+0x3d
fc171ce8 804eca36 81250be8 8117a008 806c9190
Fastfat!FatFsdDirectoryControl+0x65
fc171cf8 8058b076 fc171d64 00f0f894 805951e4
nt!IopfCallDriver+0x31 fc171d0c 8059523f 81250be8 8117a008
810e5c40 nt!IopSynchronousServiceTail+0x5e fc171d30 804da140
00000488 00000000 00000000 nt!NtQueryDirectoryFile+0x5b
fc171d30 7ffe0304 00000488 00000000 00000000
nt!KiSystemService+0xc4 00f0f85c 77f75fba 77e7eb29 00000488 00000000
SharedUserData!SystemCallStub+0x4
00f0f860 77e7eb29 00000488 00000000 00000000
ntdll!ZwQueryDirectoryFile+0xc
WARNING: Stack unwind information not available. Following
frames may be wrong.
00f0fb54 77e7eb75 00528260 00000488 00f0fb8c
kernel32!FindFirstFileExW+0x1b8
00f0fea4 00000000 00000000 00000000 00000484
kernel32!FindFirstFileW+0x13

Regards
Subodh

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
xxxxx@lists.osr.com