You’re overwriting some memory. Try enabling Special Pool in the Verifier.
Is it enabled?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “ganesh pashupathi”
To: “Windows File Systems Devs Interest List”
Sent: Tuesday, October 17, 2006 7:27 PM
Subject: [ntfsd] DRIVER_CORRUPTED_MMPOOL error
Hi,
This happens when I am doing a ExAllocatePoolWithTag(NonPagedPool,) at line
112 of the file crypt.c. I am running the driver verifier against the driver.
Meanwhile it would be great if anyone can provide some insight into the same.
~ganesh
kd> !analyze -v
Bugcheck Analysis
DRIVER_CORRUPTED_MMPOOL (d0)
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8089337c, address which referenced memory
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool. You can also set
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\ProtectNonPagedPool
to a DWORD 1 value and reboot. Then the system will unmap freed nonpaged pool,
preventing drivers (although not DMA-hardware) from corrupting the pool.
Debugging Details:
------------------
READ_ADDRESS: 00000008
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiAllocatePoolPages+e1
8089337c 3938 cmp [eax],edi
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD0
TRAP_FRAME: f638f448 – (.trap fffffffff638f448)
ErrCode = 00000000
eax=00000008 ebx=808a8a68 ecx=808a8a00 edx=00000000 esi=00000000 edi=00000002
eip=8089337c esp=f638f4bc ebp=f638f56c iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!MiAllocatePoolPages+0xe1:
8089337c 3938 cmp [eax],edi ds:0023:00000008=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 80895dc8 to 8089337c
STACK_TEXT:
f638f56c 80895dc8 00000000 00001048 854db334 nt!MiAllocatePoolPages+0xe1
f638f5b8 f617d607 00000000 00001048 43525950 nt!ExAllocatePoolWithTag+0xc8
f638f60c f617e37a 00000000 85e2bb98 f638f6fc MyFilter!Decrypt+0x97
[e:\My\myfilter\crypt.c @ 112]
f638f768 f617f71b 854db2dc f638f7dc 00180016 MyFilter!SetHeader+0x26a
[e:\My\myfilter\usermodecommands.c @ 248]
f638f7b8 f734cb83 854db2dc f638f7dc 00000000 MyFilter!PostCreateOperation+0x11b
[e:\My\myfilter\operations.c @ 124]
WARNING: Stack unwind information not available. Following frames may be wrong.
f638f820 f734efe0 004db280 00000000 854db280 fltmgr+0x1b83
f638f834 f734f50f 854db280 8545b2b8 f638f874 fltmgr+0x3fe0
f638f844 f734fba1 854a3020 8545b2b8 854db280 fltmgr+0x450f
f638f874 f735d5af f638f894 00000000 00000000 fltmgr+0x4ba1
f638f8b0 80828c95 854a3020 8545b2b8 8545b2b8 fltmgr+0x125af
f638f8c4 80907bfa f638fa6c 8634cb58 00000000 nt!IofCallDriver+0x45
f638f9ac 80902fad 8634cb70 00000000 854fa008 nt!IopParseDevice+0xa35
f638fa2c 80906a15 00000000 f638fa6c 00000040 nt!ObpLookupObjectName+0x5a9
f638fa80 8090613b 00000000 00000000 00000000 nt!ObOpenObjectByName+0xea
f638fafc 8092b2c2 f638fcb0 00100080 f638fc7c nt!IopCreateFile+0x447
f638fb58 8092ca4c f638fcb0 00100080 f638fc7c nt!IoCreateFile+0xa3
f638fb98 8082337b f638fcb0 00100080 f638fc7c nt!NtCreateFile+0x30
f638fb98 80821470 f638fcb0 00100080 f638fc7c nt!KiFastCallEntry+0xf8
f638fc3c f66be9f6 f638fcb0 00100080 f638fc7c nt!ZwCreateFile+0x11
f638fcb8 f66c38c3 e23ce478 f638fcd8 00000000 TmXPFlt+0x69f6
f638fd00 f66c4345 e23ce478 00000000 00000000 TmXPFlt+0xb8c3
f638fd78 f66c4921 e23ce41c f66e74d8 00000000 TmXPFlt+0xc345
f638fd94 f66c4a39 00000000 85834810 00000000 TmXPFlt+0xc921
f638fdac 80905d2c f66e74d8 00000000 00000000 TmXPFlt+0xca39
f638fddc 80828499 f66c49ee f66e74d8 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
MyFilter!Decrypt+97 [e:\My\myfilter\crypt.c @ 112]
f617d607 8945f8 mov [ebp-0x8],eax
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: MyFilter!Decrypt+97
MODULE_NAME: MyFilter
IMAGE_NAME: MyFilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4534ec0b
STACK_COMMAND: .trap fffffffff638f448 ; kb
BUCKET_ID: 0xD0_MyFilter!Decrypt+97
Followup: MachineOwner
---------
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com