Hi,
My driver communicate with user-mode using a collection of IOCTLs handled by a corresponding IRP_MJ_DEVICE_CONTROL handler in the kernel, occasionally I get IRQL_NOT_LESS_OR_EQUAL exception from this context, I have dumped the memory and used WinDbg + !analyze -v expecting to see the code was executed at IRQL = PASSIVE_LEVEL BUT Surprisingly the IRQL was set to 0xFF, apparently this caused the IRQL_NOT_LESS_OR_EQUAL exception.
Why may cause the IRQL to be 0xFF ( -1 signed ), I my code doesn’t change the IRQL deliberately… what may cause such a problem [???]
Many thanks
Naddav.
WinDbg !analyze -v output:
****************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
…
Arguments:
Arg1: 81828fb8, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80512922, address which referenced memory
Debugging Details:
MODULE_NAME: nt
FAULTING_MODULE: 804d4000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 3d6de35c
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
unable to get nt!MiSessionPoolStart
unable to get nt!MiSessionPoolEnd
81828fb8
CURRENT_IRQL: ff
FAULTING_IP:
nt!ExfInterlockedInsertTailList+d
80512922 8910 mov [eax],edx
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 804dce53 to 805266db
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
fa6fea90 804dce53 0000000a 81828fb8 000000ff nt!KeBugCheckEx+0x19
fa6feaac fffff000 8065ac36 00005376 8065ac48 nt!Kei386EoiHelper+0x251c
c0207898 00004000 03fcc163 00004000 81e3a000 0xfffff000
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_NAME: MachineOwner
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com