Hello everybody,
I have a problem with my USB device. When I connect it for the SECOND
time I get a bugcheck 0xA.
It sais that it’s not allowed to WRITE to address 0x00000004. Ofcourse
it’s not allowed!!! But the problem is, it’s not my driver who
(directly) does it.
The wrong write action is done by win32k.sys, as far as I know it’s a
grafical driver (I don’t use it). My driver just transfer data from USB
to user applications and back.
Is there maybe a connection with win32k.sys what I don’t see, or is it
probably a fault in my driver and the debugger just points to the wrong
place???
Anyone with similair problems? Can you give me a hint in what direction
I have to search for the bug??
Thanks in advance.
Marten Lootsma
*** ERROR: Module load completed but symbols could not be loaded for
win32k.sys
Probably caused by : win32k.sys ( win32k+b1e )
Followup: MachineOwner
nt!DbgBreakPointWithStatus+0x4:
804dc592 cc int 3
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804d4e9b, address which referenced memory
Debugging Details:
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
MODULE_NAME: win32k
FAULTING_MODULE: 804d0000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 422511a2
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
00000004
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiDispatchInterrupt+627
804d4e9b 894204 mov [edx+0x4],eax
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 8052bd2e to 804dc592
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
fc09c528 8052bd2e 00000003 00000004 804d4e9b nt!DbgBreakPointWithStatus+0x4
fc09c908 804da87f 0000000a 00000004 00000002
nt!KeDeregisterBugCheckReasonCallback+0x6c7
fc09c938 804d6519 00000008 00000203 bf86e5d7 nt!Kei386EoiHelper+0x2823
fc09c9a4 804d4eff ffb3b4c0 ffffffff 6e6a3dd2 nt!ZwReadFile+0x11
fc09c9c0 804d1afa ffb3b4c0 ffffffff 00000000 nt!KiDispatchInterrupt+0x68b
fc09c9f0 804dd86c 00000000 00000000 00000000
nt!FsRtlLegalAnsiCharacterArray+0x1426
fc09ca28 804dd89e 804dca0d e1807220 fc09ca5c nt!PsGetCurrentProcess+0x21d
fc09ca38 bf800b1e 811d7ca0 00000001 bf808d66 nt!PsGetCurrentProcess+0x24f
fc09ca5c bf8847e4 00000002 811c70a8 bf887742 win32k+0xb1e
fc09cd30 bf86d7dc bf9a8b00 00000001 fc09cd54 win32k+0x847e4
fc09cd40 bf8010ba bf9a8b00 fc09cd64 0071fff4 win32k+0x6d7dc
fc09cd54 804d77ec 00000000 00000022 00000000 win32k+0x10ba
fc09cd64 7c90eb93 badb0d00 0071ffec 00000000 nt!ZwYieldExecution+0xb78
00000000 00000000 00000000 00000000 00000000 ntdll!KiFastSystemCallRet+0x4
FOLLOWUP_IP:
win32k+b1e
bf800b1e ff15e0a798bf call dword ptr [win32k+0x18a7e0 (bf98a7e0)]
SYMBOL_STACK_INDEX: 8
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: win32k+b1e
IMAGE_NAME: win32k.sys
STACK_COMMAND: kb
BUCKET_ID: WRONG_SYMBOLS