BSOD

NTDEV
1

Hello
i’have a bluescreen in line :
system_buffer = (PUCHAR) MmGetSystemAddressForMdlSafe(irp->MdlAddress,NormalPagePriority);

Why ???

irp is valid . I don’t understand.

thank you for help

EXCEPTION_RECORD: b75f1c74 – (.exr 0xffffffffb75f1c74)
ExceptionAddress: b73cfafd (vfums!vdrdispatch+0x0000031d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000006
Attempt to read from address 00000006

CONTEXT: b75f1970 – (.cxr 0xffffffffb75f1970)
eax=00000000 ebx=00000000 ecx=82a1b210 edx=82a1b1a0 esi=827fd900 edi=00000000
eip=b73cfafd esp=b75f1d3c ebp=b75f1d5c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
vfums!vdrdispatch+0x31d:
b73cfafd 0fbf4806 movsx ecx,word ptr [eax+6] ds:0023:00000006=???
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from b73cf73e to b73cfafd

STACK_TEXT:
b75f1d5c b73cf73e 00000694 826a0570 826a04b8 vfums!vdrdispatch+0x31d [c:\source\sivaller\vfums\v0.1\sys\vfums\vfums\cdr.c @ 420]
b75f1dac 80576b24 826a04b8 00000000 00000000 vfums!VDRS_DeviceThread+0x16e [c:\source\sivaller\vfums\v0.1\sys\vfums\vfums\cdr.c @ 307]
WARNING: Stack unwind information not available. Following frames may be wrong.
b75f1ddc 804eed86 b73cf5d0 826a04b8 00000000 nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x1eb

FOLLOWUP_IP:
vfums!vdrdispatch+31d [c:\source\sivaller\vfums\v0.1\sys\vfums\vfums\cdr.c @ 420]
b73cfafd 0fbf4806 movsx ecx,word ptr [eax+6]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: vfums!vdrdispatch+31d

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: vfums.sys

STACK_COMMAND: .cxr 0xffffffffb75f1970 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

2

Dump the IRP (!Irp)… is Irp->MdlAddress non-zero?

Peter
OSR

3

Nope, the IRP is not valid, it’s NULL. See value in EAX.

At 16:13 15/01/2011, xxxxx@sivaller.no-ip.org wrote:

Hello
i’have a bluescreen in line :
system_buffer = (PUCHAR)
MmGetSystemAddressForMdlSafe(irp->MdlAddress,NormalPagePriority);

Why ???

irp is valid . I don’t understand.

thank you for help

EXCEPTION_RECORD: b75f1c74 – (.exr 0xffffffffb75f1c74)
ExceptionAddress: b73cfafd (vfums!vdrdispatch+0x0000031d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000006
Attempt to read from address 00000006

CONTEXT: b75f1970 – (.cxr 0xffffffffb75f1970)
eax=00000000 ebx=00000000 ecx=82a1b210 edx=82a1b1a0 esi=827fd900 edi=00000000
eip=b73cfafd esp=b75f1d3c ebp=b75f1d5c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
vfums!vdrdispatch+0x31d:
b73cfafd 0fbf4806 movsx ecx,word ptr
[eax+6] ds:0023:00000006=???
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from b73cf73e to b73cfafd

STACK_TEXT:
b75f1d5c b73cf73e 00000694 826a0570 826a04b8 vfums!vdrdispatch+0x31d
[c:\source\sivaller\vfums\v0.1\sys\vfums\vfums\cdr.c @ 420]
b75f1dac 80576b24 826a04b8 00000000 00000000
vfums!VDRS_DeviceThread+0x16e
[c:\source\sivaller\vfums\v0.1\sys\vfums\vfums\cdr.c @ 307]
WARNING: Stack unwind information not available. Following frames
may be wrong.
b75f1ddc 804eed86 b73cf5d0 826a04b8 00000000 nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x1eb

FOLLOWUP_IP:
vfums!vdrdispatch+31d
[c:\source\sivaller\vfums\v0.1\sys\vfums\vfums\cdr.c @ 420]
b73cfafd 0fbf4806 movsx ecx,word ptr [eax+6]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: vfums!vdrdispatch+31d

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: vfums.sys

STACK_COMMAND: .cxr 0xffffffffb75f1970 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

I added flag DO_DIRECT_IO.

It’s work now , no BSOD.

5

Along with adding DO_DIRECT_IO, I hope you added a check to see if Irp->MdlAddress is non-null before you call MmGetSystemAddressForMdlSafe.

If not, you can be back to the same old BSOD you posted at the start of this thread.

Peter
OSR

6

yes you are right.