IoGetDeviceInterfaces -> IRQL_NOT_LESS_OR_EQUAL

dan-3 · November 11, 2010, 8:54pm

Hi there,

I am hitting the IRQL_NOT_LESS_OR_EQUAL bugcheck when calling
IoGetDeviceInterfaces.

The conditions for this to occur are:

Plugging in a second device
WinXP 32bit
Verifier enabled

The code to call IoGetDeviceInterfaces is:

WCHAR *pwchNameList = NULL;

  
ntStatus = IoGetDeviceInterfaces( (GUID \*)&GUID_DEVINTERFACE_HID,  
 NULL,  
 0,  
 &pwchNameList);  
  
The bugcheck parameters are:  
  
IRQL_NOT_LESS_OR_EQUAL (a)  
An attempt was made to access a pageable (or completely invalid) address at  
an  
interrupt request level (IRQL) that is too high. This is usually  
caused by drivers using improper addresses.  
If a kernel debugger is available get the stack backtrace.  
Arguments:  
Arg1: e367d7fc, memory referenced  
Arg2: 0000001c, IRQL  
Arg3: 00000000, bitfield :  
 bit 0 : value 0 = read operation, 1 = write operation  
 bit 3 : value 0 = not an execute operation, 1 = execute operation (only  
on chips which support this level of status)  
Arg4: 808231af, address which referenced memory  
  
Stack trace from IoGetDeviceInterfaces:  
  
b84f6f38 808231af badb0d00 e367d7fc 80a0d106 nt!KiTrap0E+0x238  
b84f6fb4 80a0d98e e367d7f4 00000000 00000000 nt!KeSetEventBoostPriority+0x1f  
b84f6fc4 80892d29 e29010f8 e367d7d8 808823a0 hal!ExReleaseFastMutex+0x1a  
b84f6fd8 80892d77 e367d7d8 b84f6ff4 b84f721c  
nt!CmpCheckRecursionAndRecordThreadInfo+0x47  
b84f7008 8095652a 0000000c b84f71f8 00000000 nt!CmpCallCallBacks+0x3b  
b84f71d8 808e69ad e104ffb8 8b660140 8a567b28 nt!CmpParseKey+0xa2  
b84f7250 808e3458 80000a60 b84f7290 00000240 nt!ObpLookupObjectName+0x119  
b84f72a4 8094c6ac 00000000 8b660140 808af400 nt!ObOpenObjectByName+0xea  
b84f73a0 8086989c b84f74dc 00020019 b84f7438 nt!NtOpenKey+0x1c8  
b84f73a0 80828bd1 b84f74dc 00020019 b84f7438 nt!KiFastCallEntry+0xfc  
b84f7424 808b2c79 b84f74dc 00020019 b84f7438 nt!ZwOpenKey+0x11  
b84f7450 808af948 b84f74dc 80000a60 b84f74c4 nt!IopOpenRegistryKeyEx+0x39  
b84f74f0 808afc13 00000012 00000000 00000000 nt!IopGetDeviceInterfaces+0x41a  
b84f7510 b375c68f b3773628 00000000 00000000 nt!IoGetDeviceInterfaces+0x39  
  
This function is being called from EvtDeviceSelfManagedIoInit so it should  
be at PASSIVE_LEVEL.  
  
Any help much appreciated.  
  
Cheers,  
Daniel

anton_bassov · November 11, 2010, 10:44pm

Don’t get obsessed with IRQL - you may get IRQL_NOT_LESS_OR_EQUAL or PAGE_FAULT_IN_NIONPAGED_AREA messages even when calling a function at low IRQL if your target address is invalid. I know it is misleading, but that’s the way it is - after all, a callee may elevate IRQL behind the scenes before having accessed the invalid pointer that you have passed to it…

Therefore, you have to check the addresses that you pass to your target callee…

Anton Bassov