Yes, it’s in my driver:
t!DbgBreakPointWithStatus+0x4:
804e8b25 cc int 3
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 897d267c, memory referenced
Arg2: 00000016, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: baadd6b9, address which referenced memory
Debugging Details:
ANALYSIS: Kernel with unknown size. Will force reload symbols with known
size.
ANALYSIS: Force reload command: .reload /f
ntoskrnl.exe=FFFFFFFF804DC000,214600,41108004
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
FAULTING_MODULE: 804dc000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 46adae2b
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
897d267c
CURRENT_IRQL: 16
FAULTING_IP:
sg_nevada+6b9
baadd6b9 8b8c1024010000 mov ecx,dword ptr [eax+edx+124h]
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 805383be to 804e8b25
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
bacb632c 805383be 00000003 897d267c baadd6b9 nt!DbgBreakPointWithStatus+0x4
bacb670c 804e7158 0000000a 897d267c 00000016
nt!KeDeregisterBugCheckReasonCallback+0x6c7
bacb67b4 804dfd9f 89668008 896fd0d8 00010016 nt!Kei386EoiHelper+0x285d
bacb67f8 baea5da1 00000001 8975c370 00000000 nt!KeSynchronizeExecution+0x24d
bacb6848 804dfd7d 0001000c 0000003f bacb685c atapi+0x2da1
00000000 00000000 00000000 00000000 00000000 nt!KeSynchronizeExecution+0x22b
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
sg_nevada+6b9
baadd6b9 8b8c1024010000 mov ecx,dword ptr [eax+edx+124h]
SYMBOL_NAME: sg_nevada+6b9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sg_nevada
IMAGE_NAME: sg_nevada.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Monday, July 30, 2007 11:08 AM
Subject: RE:[ntdev] DRIVER_IRQL_NOT_LESS_OR_EQUAL
> Is it your driver’s module where the crash occurs? Please note that it
> does not necessarily have to be your driver’s module - for example, your
> driver may corrupt some other driver’s memory, so that
> you can bluescreen when this driver tries to access corrupt memory (
> please note that DRIVER_IRQL_NOT_LESS_OR_EQUAL may be displayed not only
> if some operation that requires low IRQL was attempted at elevated one -
> for example, if the target address is just plainly invalid and you access
> it at elevated IRQL, you will get exactly the same BSOD message)…
>
> Anton Bassov
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>