bug check 7e

Scott_Noone_OSR · December 27, 2010, 12:52pm

Yes, it’s freed. Have you enabled Driver Verifier (particularly the Special
Pool option) on your driver yet?

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

Hope to see you at the next OSR kernel debugging class February 14th in
Columbia, MD!

“yushang” wrote in message news:xxxxx@ntdev…

Hi Roddy, does the folllowing line mean 85fa40e is freed ?

kd> !pool 85feff04 0x2
Pool page 85feff04 region is Nonpaged pool
*85fef558 size: aa8 previous size: 198 (Allocated) *ICSu
Owning component : Unknown (update pooltag.txt)

kd> !pool 85fa40e8 0x2
Pool page 85fa40e8 region is Nonpaged pool
*85fa40e0 size: 88 previous size: 30 (Free ) *ICSu
Owning component : Unknown (update pooltag.txt)

It seems I should check my code , right?
2010/12/28 Mark Roddy :
> See all the !pool* commands in windbg

OSR_Community_User · December 27, 2010, 9:34pm

If you deallocate memory, something happens to its contents, maybe, for some
of the contents, under some conditions you can’t control.

For example, as part of the internal implementation of the storage
allocator, some of the bytes might be used as part of the storage allocator
information, and they might be set to 0, or to something else. But if the
memory is reallocated, they will be set to whatever the new owner of the
memory sets them to, which is nothing you have control over.

Essentially, once you free storage, it is rendered meaningless to you, and
any further use on your part is erroneous. So the point here is that there
are no guarantees. Driver Verifier options will let you detect such
erroneous usage on the part of your driver. However, it won’t catch cases
where your driver messes with other storage that is still in use. This is
most often caused by uninitialized pointers on the stack or in
newly-allocated storage, which is why it is a really, really good idea to
declare all pointers with an initialization clause of NULL, and zeroing out
all pointers in newly-allocated storage. If you have some concern about
performance, you could write
Whatever * p = (Whatever *)ExAllocateWithTag(…);
if(p == NULL)
…deal with error; e.g., complete with
STATUS_INSUFFICIENT_RESOURCES

#ifdef DBG
RtlZeroMemory(p, …);
#endif

The … Are left as an Exercise For The Reader.

Note that in the above case, I wrote the initializer on the declaration as
doing the allocation. If you are not allocating until later, then you would
write
Whatever * p = NULL;

Key here is that no pointer goes uninitialized, either to what you know is a
valid value or NULL, so there are no errors.

The Driver Verifier can only catch errors in your allocation/deallocation,
not errors of pointers that just happen to be accidentally valid because
they weren’t initialized before they are used.
joe

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yushang
Sent: Monday, December 27, 2010 8:58 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] bug check 7e

Hi Maxim , If I deallocate a piece of memory the first 4 bytes will get
zeroed ?

2010/12/27 Maxim S. Shatskih :
>
> Are you deallocating the structure which is still on the list?

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

–
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

ys1 · December 28, 2010, 7:16am

Finally , I found the code which free pool before dequeue it from the
list . Thank you all.

2010/12/28 yushang :
> Hi Roddy, does the folllowing line mean 85fa40e is freed ?
>
> kd> !pool 85feff04 0x2
> Pool page 85feff04 region is Nonpaged pool
> *85fef558 size: aa8 previous size: 198 (Allocated) *ICSu
> Owning component : Unknown (update pooltag.txt)
>
> kd> !pool 85fa40e8 0x2
> Pool page 85fa40e8 region is Nonpaged pool
> *85fa40e0 size: 88 previous size: 30 (Free ) ICSu
> Owning component : Unknown (update pooltag.txt)
>
> It seems I should check my code , right?
> 2010/12/28 Mark Roddy :
>> See all the !pool commands in windbg
>

Mark_Roddy · December 28, 2010, 10:09am

Nice work on your part to keep pushing at the problem.

Mark Roddy

On Tue, Dec 28, 2010 at 7:16 AM, yushang wrote:
> Finally , I found the code which free pool before dequeue it from the
> list . Thank you all.
>
> 2010/12/28 yushang :
>> Hi Roddy, does the folllowing line mean 85fa40e is freed ?
>>
>> kd> !pool 85feff04 0x2
>> Pool page 85feff04 region is Nonpaged pool
>> *85fef558 size: ?aa8 previous size: ?198 ?(Allocated) *ICSu
>> ? ? ? ? ? ? ? ?Owning component : Unknown (update pooltag.txt)
>>
>> kd> !pool 85fa40e8 0x2
>> Pool page 85fa40e8 region is Nonpaged pool
>> *85fa40e0 size: ? 88 previous size: ? 30 ?(Free ) ICSu
>> ? ? ? ? ? ? ? ?Owning component : Unknown (update pooltag.txt)
>>
>> It seems I should check my code , right?
>> 2010/12/28 Mark Roddy :
>>> See all the !pool commands in windbg
>>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>