Disk MAnagement Operations BSOD

OSR_Community_User · November 6, 2006, 12:14pm

Hi All,
I have written a volume filter driver. This driver contains the code for
querying the volume names from mount manger. The code was working fine till
date but from last two days the same code which was working fine from last
six months stated giving me BSODs. From code looks like whenever the I tried
to free the allocated memory in this function the code gives BSOD. Strange
thing is the BSOD shows that the memory refrence during ExFreePool is
0x00000000. Even though before freeing I have checked whether memory is
non-null.
The BSOD occurs only when there is some operation carried using disk manager
like disabling the active disk.
Can anybody help me with this please? I am using the Non-Paged pool. Even
the memory which refernced the address is constant across many BSODs.

kd> !analyze -v
ERROR: FindPlugIns 8007007b
******************************
*************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8088d613, address which referenced memory

Debugging Details:

The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.

READ_ADDRESS: The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExpCheckForResource+64
8088d613 8b36 mov esi,[esi]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LOCK_ADDRESS: 808a7a20 – (!locks 808a7a20)
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.

Resource @ nt!IopDeviceTreeLock (0x808a7a20) Shared 1 owning threads
Threads: 81821b40-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0x808a7a20
Thread Count : 1
Thread address: 0x81821b40
Thread wait : 0x150d

LAST_CONTROL_TRANSFER: from 8088d613 to 80826493

STACK_TEXT:
fa07277c 8088d613 badb0d00 fa0727fc fa0727c0 nt!KiTrap0E+0x2a1
fa072810 809dfce5 822aeef8 00000108 822aef4c nt!ExpCheckForResource+0x64
fa072828 809cd0eb 822aeef8 fa072898 f9a90508 nt!ExFreePoolSanityChecks+0x4d
fa072834 f9a90508 822aeef8 00000000 f9a90437
nt!VerifierExFreePoolWithTag+0x1c
fa072840 f9a90437 80a6ea90 81444a20 00000000
BexWinCj!__CjVFGetVolumeDeviceName+0x268
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 674]
fa072898 f9a91230 81683c00 81444af4 80a6ea90
BexWinCj!__CjVFGetVolumeDeviceName+0x197
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 652]
fa0728dc f9a8f731 81444ad8 80a6ea90 81444a20
BexWinCj!__CjVFAddVolumeInformation+0x80
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 1063]
fa072918 f9a8f877 81444a20 82150e48 80a6ea90
BexWinCj!__CjVFDispatchPnPStartDevice+0x71
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 209]
fa072954 f9a90069 81444a20 82150e48 0000001b BexWinCj!__CjVFDispatchPnP+0x47
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 267]
fa072974 f9a8eb44 81444a20 82150e48 80a6ea90 BexWinCj!CjVFMainDispatch+0x49
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 508]
fa0729b8 809cc57d 81444a20 82150e48 82150fd0
BexWinCj!__CjMainDriverDispatch+0x94
[f:\workingdir\winchangejournal\journaldriver\cjmain.c @ 52]
fa0729e8 80853648 809ddb81 fa072a08 809ddb81 nt!IovCallDriver+0x112
fa0729f4 809ddb81 80a6ea90 8161fb68 00000000 nt!IofCallDriver+0x13
fa072a08 809cc57d 81444a20 82150e48 82150ffc nt!ViFilterDispatchPnp+0xd7
fa072a38 80853648 808ef45b fa072a70 808ef45b nt!IovCallDriver+0x112
fa072a44 808ef45b 8169f030 fa072ab0 00000000 nt!IofCallDriver+0x13
fa072a70 808da132 8161fb68 fa072a8c 00000000 nt!IopSynchronousCall+0xbe
fa072ab4 808da176 8169f030 812964c0 00000001 nt!IopStartDevice+0x4d
fa072ad0 808da1b5 8169f030 8169f001 812964c0 nt!PipProcessStartPhase1+0x4e
fa072d28 80983def ff97d330 00000001 00000000 nt!PipProcessDevNodeTree+0x1db
fa072d58 8080ef24 00000003 81821b40 808b059c nt!PiRestartDevice+0x80
fa072d80 808203bd 00000000 00000000 81821b40 nt!PipDeviceActionWorker+0x17e
fa072dac 80905d2c 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
fa072ddc 80828499 80820300 00000001 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
BexWinCj!__CjVFGetVolumeDeviceName+268
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 674]
f9a90508 c745e400000000 mov dword ptr [ebp-0x1c],0x0

FAULTING_SOURCE_CODE:
670: }
671:
672: if (NULL != pBuffer) {
673: ExFreePool(pBuffer);

674: pBuffer=NULL;
675: }
676: }
677:
678:
679: // Here i inserter code for completion and freeing of IRP
which was then removed

SYMBOL_STACK_INDEX: 4

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: BexWinCj!__CjVFGetVolumeDeviceName+268

MODULE_NAME: BexWinCj

IMAGE_NAME: BexWinCj.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 454ed10a

FAILURE_BUCKET_ID: 0xA_VRF_BexWinCj!__CjVFGetVolumeDeviceName+268

BUCKET_ID: 0xA_VRF_BexWinCj!__CjVFGetVolumeDeviceName+268

Followup: MachineOwner

OSR_Community_User · November 6, 2006, 1:27pm

The bugcheck shows that the referenced address is zero, but that does
not mean that pBuffer was NULL. pBuffer could simply have been garbage
or stale or the pool headers around pBuffer could have been corrupted by
programmer error. You should be able to find pBuffer in the stack trace.
Try running !pool on it. Better yet,

CHORUS:

turn driver verifier on and run with the checked OS

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Giri
Sent: Monday, November 06, 2006 12:14 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Disk MAnagement Operations BSOD

Hi All,
I have written a volume filter driver. This driver contains the code
for querying the volume names from mount manger. The code was working
fine till date but from last two days the same code which was working
fine from last six months stated giving me BSODs. From code looks like
whenever the I tried to free the allocated memory in this function the
code gives BSOD. Strange thing is the BSOD shows that the memory
refrence during ExFreePool is 0x00000000. Even though before freeing I
have checked whether memory is non-null.
The BSOD occurs only when there is some operation carried using disk
manager like disabling the active disk.
Can anybody help me with this please? I am using the Non-Paged pool.
Even the memory which refernced the address is constant across many
BSODs.

kd> !analyze -v
ERROR: FindPlugIns 8007007b
******************************

*************************************************
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8088d613, address which referenced memory

Debugging Details:

The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
*** Error in in reading nt!_ETHREAD @ 00000000
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.

READ_ADDRESS: The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.
00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExpCheckForResource+64
8088d613 8b36 mov esi,[esi]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LOCK_ADDRESS: 808a7a20 – (!locks 808a7a20)
The call to LoadLibrary(kext) failed, Win32 error 193
“%1 is not a valid Win32 application.”
Please check your debugger configuration and/or network access.

Resource @ nt!IopDeviceTreeLock (0x808a7a20) Shared 1 owning threads
Threads: 81821b40-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0x808a7a20
Thread Count : 1
Thread address: 0x81821b40
Thread wait : 0x150d

LAST_CONTROL_TRANSFER: from 8088d613 to 80826493

STACK_TEXT:
fa07277c 8088d613 badb0d00 fa0727fc fa0727c0 nt!KiTrap0E+0x2a1
fa072810 809dfce5 822aeef8 00000108 822aef4c nt!ExpCheckForResource+0x64

fa072828 809cd0eb 822aeef8 fa072898 f9a90508
nt!ExFreePoolSanityChecks+0x4d
fa072834 f9a90508 822aeef8 00000000 f9a90437
nt!VerifierExFreePoolWithTag+0x1c
fa072840 f9a90437 80a6ea90 81444a20 00000000
BexWinCj!__CjVFGetVolumeDeviceName+0x268
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 674]
fa072898 f9a91230 81683c00 81444af4 80a6ea90
BexWinCj!__CjVFGetVolumeDeviceName+0x197
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 652]
fa0728dc f9a8f731 81444ad8 80a6ea90 81444a20
BexWinCj!__CjVFAddVolumeInformation+0x80
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 1063]
fa072918 f9a8f877 81444a20 82150e48 80a6ea90
BexWinCj!__CjVFDispatchPnPStartDevice+0x71
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 209]
fa072954 f9a90069 81444a20 82150e48 0000001b
BexWinCj!__CjVFDispatchPnP+0x47
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 267]
fa072974 f9a8eb44 81444a20 82150e48 80a6ea90
BexWinCj!CjVFMainDispatch+0x49
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 508]
fa0729b8 809cc57d 81444a20 82150e48 82150fd0
BexWinCj!__CjMainDriverDispatch+0x94
[f:\workingdir\winchangejournal\journaldriver\cjmain.c @ 52]
fa0729e8 80853648 809ddb81 fa072a08 809ddb81 nt!IovCallDriver+0x112
fa0729f4 809ddb81 80a6ea90 8161fb68 00000000 nt!IofCallDriver+0x13
fa072a08 809cc57d 81444a20 82150e48 82150ffc nt!ViFilterDispatchPnp+0xd7
fa072a38 80853648 808ef45b fa072a70 808ef45b nt!IovCallDriver+0x112
fa072a44 808ef45b 8169f030 fa072ab0 00000000 nt!IofCallDriver+0x13
fa072a70 808da132 8161fb68 fa072a8c 00000000 nt!IopSynchronousCall+0xbe
fa072ab4 808da176 8169f030 812964c0 00000001 nt!IopStartDevice+0x4d
fa072ad0 808da1b5 8169f030 8169f001 812964c0
nt!PipProcessStartPhase1+0x4e
fa072d28 80983def ff97d330 00000001 00000000
nt!PipProcessDevNodeTree+0x1db
fa072d58 8080ef24 00000003 81821b40 808b059c nt!PiRestartDevice+0x80
fa072d80 808203bd 00000000 00000000 81821b40
nt!PipDeviceActionWorker+0x17e
fa072dac 80905d2c 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
fa072ddc 80828499 80820300 00000001 00000000
nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
BexWinCj!__CjVFGetVolumeDeviceName+268
[f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 674]
f9a90508 c745e400000000 mov dword ptr [ebp-0x1c],0x0

FAULTING_SOURCE_CODE:
670: }
671:
672: if (NULL != pBuffer) {
673: ExFreePool(pBuffer);

674: pBuffer=NULL;
675: }
676: }
677:
678:
679: // Here i inserter code for completion and freeing of
IRP which was then removed

SYMBOL_STACK_INDEX: 4

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: BexWinCj!__CjVFGetVolumeDeviceName+268

MODULE_NAME: BexWinCj

IMAGE_NAME: BexWinCj.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 454ed10a

FAILURE_BUCKET_ID: 0xA_VRF_BexWinCj!__CjVFGetVolumeDeviceName+268

BUCKET_ID: 0xA_VRF_BexWinCj!__CjVFGetVolumeDeviceName+268

Followup: MachineOwner

— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

deepumon_es · November 7, 2006, 2:47am

Can be a pool corruption, the result is same with OUT driver verifier also?
~Sisimon

On 11/6/06, Roddy, Mark wrote:
>
> The bugcheck shows that the referenced address is zero, but that does not
> mean that pBuffer was NULL. pBuffer could simply have been garbage or stale
> or the pool headers around pBuffer could have been corrupted by programmer
> error. You should be able to find pBuffer in the stack trace. Try running
> !pool on it. Better yet,
>
>
>
> CHORUS:
>
> turn driver verifier on and run with the checked OS
>
>
>
>
>
>
> ------------------------------
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] On Behalf Of Giri
> Sent: Monday, November 06, 2006 12:14 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Disk MAnagement Operations BSOD
>
>
>
> Hi All,
> I have written a volume filter driver. This driver contains the code
> for querying the volume names from mount manger. The code was working fine
> till date but from last two days the same code which was working fine from
> last six months stated giving me BSODs. From code looks like whenever the I
> tried to free the allocated memory in this function the code gives BSOD.
> Strange thing is the BSOD shows that the memory refrence during ExFreePool
> is 0x00000000. Even though before freeing I have checked whether memory is
> non-null.
> The BSOD occurs only when there is some operation carried using disk
> manager like disabling the active disk.
> Can anybody help me with this please? I am using the Non-Paged pool. Even
> the memory which refernced the address is constant across many BSODs.
>
> kd> !analyze -v
> ERROR: FindPlugIns 8007007b
>
>
>*****************
> *
> *
> * Bugcheck
> Analysis *
> *
> *
> ***************************************************************************
>
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid) address
> at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000000, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: 8088d613, address which referenced memory
>
> Debugging Details:
> ------------------
>
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> Error in in reading nt!_ETHREAD @ 00000000
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> Error in in reading nt!_ETHREAD @ 00000000
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> Error in in reading nt!_ETHREAD @ 00000000
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> *** Error in in reading nt!_ETHREAD @ 00000000
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
>
> READ_ADDRESS: The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
> 00000000
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!ExpCheckForResource+64
> 8088d613 8b36 mov esi,[esi]
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LOCK_ADDRESS: 808a7a20 – (!locks 808a7a20)
> The call to LoadLibrary(kext) failed, Win32 error 193
> “%1 is not a valid Win32 application.”
> Please check your debugger configuration and/or network access.
>
> Resource @ nt!IopDeviceTreeLock (0x808a7a20) Shared 1 owning threads
> Threads: 81821b40-01<>
> 1 total locks, 1 locks currently held
>
> PNP_TRIAGE:
> Lock address : 0x808a7a20
> Thread Count : 1
> Thread address: 0x81821b40
> Thread wait : 0x150d
>
> LAST_CONTROL_TRANSFER: from 8088d613 to 80826493
>
> STACK_TEXT:
> fa07277c 8088d613 badb0d00 fa0727fc fa0727c0 nt!KiTrap0E+0x2a1
> fa072810 809dfce5 822aeef8 00000108 822aef4c nt!ExpCheckForResource+0x64
> fa072828 809cd0eb 822aeef8 fa072898 f9a90508
> nt!ExFreePoolSanityChecks+0x4d
> fa072834 f9a90508 822aeef8 00000000 f9a90437
> nt!VerifierExFreePoolWithTag+0x1c
> fa072840 f9a90437 80a6ea90 81444a20 00000000
> BexWinCj!__CjVFGetVolumeDeviceName+0x268
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 674]
> fa072898 f9a91230 81683c00 81444af4 80a6ea90
> BexWinCj!__CjVFGetVolumeDeviceName+0x197
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 652]
> fa0728dc f9a8f731 81444ad8 80a6ea90 81444a20
> BexWinCj!__CjVFAddVolumeInformation+0x80
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 1063]
> fa072918 f9a8f877 81444a20 82150e48 80a6ea90
> BexWinCj!__CjVFDispatchPnPStartDevice+0x71
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 209]
> fa072954 f9a90069 81444a20 82150e48 0000001b
> BexWinCj!__CjVFDispatchPnP+0x47
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 267]
> fa072974 f9a8eb44 81444a20 82150e48 80a6ea90
> BexWinCj!CjVFMainDispatch+0x49
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 508]
> fa0729b8 809cc57d 81444a20 82150e48 82150fd0
> BexWinCj!__CjMainDriverDispatch+0x94
> [f:\workingdir\winchangejournal\journaldriver\cjmain.c @ 52]
> fa0729e8 80853648 809ddb81 fa072a08 809ddb81 nt!IovCallDriver+0x112
> fa0729f4 809ddb81 80a6ea90 8161fb68 00000000 nt!IofCallDriver+0x13
> fa072a08 809cc57d 81444a20 82150e48 82150ffc nt!ViFilterDispatchPnp+0xd7
> fa072a38 80853648 808ef45b fa072a70 808ef45b nt!IovCallDriver+0x112
> fa072a44 808ef45b 8169f030 fa072ab0 00000000 nt!IofCallDriver+0x13
> fa072a70 808da132 8161fb68 fa072a8c 00000000 nt!IopSynchronousCall+0xbe
> fa072ab4 808da176 8169f030 812964c0 00000001 nt!IopStartDevice+0x4d
> fa072ad0 808da1b5 8169f030 8169f001 812964c0 nt!PipProcessStartPhase1+0x4e
> fa072d28 80983def ff97d330 00000001 00000000
> nt!PipProcessDevNodeTree+0x1db
> fa072d58 8080ef24 00000003 81821b40 808b059c nt!PiRestartDevice+0x80
> fa072d80 808203bd 00000000 00000000 81821b40
> nt!PipDeviceActionWorker+0x17e
> fa072dac 80905d2c 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
> fa072ddc 80828499 80820300 00000001 00000000
> nt!PspSystemThreadStartup+0x2e
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> BexWinCj!__CjVFGetVolumeDeviceName+268
> [f:\workingdir\winchangejournal\journaldriver\cjvolfilter.c @ 674]
> f9a90508 c745e400000000 mov dword ptr [ebp-0x1c],0x0
>
> FAULTING_SOURCE_CODE:
> 670: }
> 671:
> 672: if (NULL != pBuffer) {
> 673: ExFreePool(pBuffer);
> > 674: pBuffer=NULL;
> 675: }
> 676: }
> 677:
> 678:
> 679: // Here i inserter code for completion and freeing of IRP
> which was then removed
>
>
> SYMBOL_STACK_INDEX: 4
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: BexWinCj!__CjVFGetVolumeDeviceName+268
>
> MODULE_NAME: BexWinCj
>
> IMAGE_NAME: BexWinCj.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 454ed10a
>
> FAILURE_BUCKET_ID: 0xA_VRF_BexWinCj! CjVFGetVolumeDeviceName+268
>
> BUCKET_ID: 0xA_VRF_BexWinCj! CjVFGetVolumeDeviceName+268
>
> Followup: MachineOwner
> ---------
>
> — Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List
> Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html