legacy filter driver help needed

OSR_Community_User · July 23, 2006, 8:32am

Hi All,

I have a legacy file system filter driver on XP and has a crash with
following stack ouput from windbg and on stack I see set of calls being
called twice by OS? why is this behaviour, am I oversseeing something here.

*******************************************************************************

*
*

* Bugcheck Analysis
*

*
*

*******************************************************************************

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad
IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 00180003, Memory contents of the pool block

Arg4: 81e039f8, Address of the block of pool being deallocated

Debugging Details:

*******************************************************************************

*
*

* Bugcheck Analysis
*

*
*

*******************************************************************************

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad
IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 00180003, Memory contents of the pool block

Arg4: 81e039f8, Address of the block of pool being deallocated

Debugging Details:

Kp

WARNING: Stack unwind information not available. Following frames may be
wrong.

a9ab3a9c 80550fc5 nt+0x601aa

a9ab3aec 805503e3 nt+0x79fc5

a9ab3afc aaaf614d nt+0x793e3

a9ab3b08 aaaf7d2c fsfd!ExFreeToNPagedLookasideList(struct
_NPAGED_LOOKASIDE_LIST * Lookaside = 0xaaaff540, void * Entry =
0x81e039f8)+0x3d [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 18738]

a9ab3b18 aaafa20c fsfd!P2PFreetoNPagedList(struct _KREQUEST_INFO *
pKRqstInfo = 0x81e039f8)+0x1c
[c:\p2p\code\client\drivers\fsfd\win2k_xp\suprtfns.c @ 3291]

a9ab3b84 aaafca6a fsfd!ProcessDCMReadRequest(struct _DEVICE_OBJECT *
pDeviceObject = 0x81f86030, void * pvInputBuffer = 0x8166d000, unsigned long
ulInputBufferLength = 0xc, void * pvOutputBuffer = 0x8166d000, unsigned long
ulOutputBufferLength = 0x14ad, struct _IO_STATUS_BLOCK * pIoStatus =
0x81cf3938)+0x384 [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @
1618]

a9ab3c10 aaafc616 fsfd!DispatchDeviceIOCTL(struct _DEVICE_OBJECT *
pDeviceObject = 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x199
[c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3428]

a9ab3a9c 80550fc5 nt+0x601aa

a9ab3aec 805503e3 nt+0x79fc5

a9ab3afc aaaf614d nt+0x793e3

a9ab3b08 aaaf7d2c fsfd!ExFreeToNPagedLookasideList(struct
_NPAGED_LOOKASIDE_LIST * Lookaside = 0xaaaff540, void * Entry =
0x81e039f8)+0x3d [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 18738]

a9ab3b18 aaafa20c fsfd!P2PFreetoNPagedList(struct _KREQUEST_INFO *
pKRqstInfo = 0x81e039f8)+0x1c
[c:\p2p\code\client\drivers\fsfd\win2k_xp\suprtfns.c @ 3291]

a9ab3b84 aaafca6a fsfd!ProcessDCMReadRequest(struct _DEVICE_OBJECT *
pDeviceObject = 0x81f86030, void * pvInputBuffer = 0x8166d000, unsigned long
ulInputBufferLength = 0xc, void * pvOutputBuffer = 0x8166d000, unsigned long
ulOutputBufferLength = 0x14ad, struct _IO_STATUS_BLOCK * pIoStatus =
0x81cf3938)+0x384 [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @
1618]

a9ab3c10 aaafc616 fsfd!DispatchDeviceIOCTL(struct _DEVICE_OBJECT *
pDeviceObject = 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x199
[c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3428]

a9ab3c30 aaaf23d2 fsfd!DeviceRoutine(struct _DEVICE_OBJECT * pDeviceObject =
0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x46
[c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3312]

a9ab3c40 804e13d9 fsfd!PassThrough(struct _DEVICE_OBJECT * pDeviceObject =
0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x22
[c:\p2p\code\client\drivers\fsfd\win2k_xp\entry.c @ 1305]

a9ab3c64 80580fb1 nt+0xa3d9

a9ab3d00 8058709e nt+0xa9fb1

a9ab3d34 804dd99f nt+0xb009e

a9ab3d64 7c90eb94 nt+0x699f

02ece3b4 00000000 0x7c90eb94

a9ab3c30 aaaf23d2 fsfd!DeviceRoutine(struct _DEVICE_OBJECT * pDeviceObject =
0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x46
[c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3312]

a9ab3c40 804e13d9 fsfd!PassThrough(struct _DEVICE_OBJECT * pDeviceObject =
0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x22
[c:\p2p\code\client\drivers\fsfd\win2k_xp\entry.c @ 1305]

a9ab3c64 80580fb1 nt+0xa3d9

a9ab3d00 8058709e nt+0xa9fb1

a9ab3d34 804dd99f nt+0xb009e

a9ab3d64 7c90eb94 nt+0x699f

02ece3b4 00000000 0x7c90eb94

Any information is helpful.

thanks,

Kedar.

OSR_Community_User · July 23, 2006, 8:58am

----- Original Message -----
From: “Kedar”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Sunday, July 23, 2006 7:31 AM
Subject: [ntfsd] legacy filter driver help needed

> Hi All,
>
> I have a legacy file system filter driver on XP and has a crash with
> following stack ouput from windbg and on stack I see set of calls being
> called twice by OS? why is this behaviour, am I oversseeing something
here.
>

“WARNING: Stack unwind information not available. Following frames may be
wrong.” - that could explain a lot.

And driver verifier is turned on?

m.

>
>
*************************************************************************

>
> *
> *
>
> * Bugcheck Analysis
> *
>
> *
> *
>
>
*************************************************************************

>
>
>
> BAD_POOL_CALLER (c2)
>
> The current thread is making a bad pool request. Typically this is at a
bad
> IRQL level or double freeing the same allocation, etc.
>
> Arguments:
>
> Arg1: 00000007, Attempt to free pool which was already freed
>
> Arg2: 00000cd4, (reserved)
>
> Arg3: 00180003, Memory contents of the pool block
>
> Arg4: 81e039f8, Address of the block of pool being deallocated
>
>
>
> Debugging Details:
>
> ------------------
>
>
>
>
*************************************************************************

>
> *
> *
>
> * Bugcheck Analysis
> *
>
> *
> *
>
>
*************************************************************************

>
>
>
> BAD_POOL_CALLER (c2)
>
> The current thread is making a bad pool request. Typically this is at a
bad
> IRQL level or double freeing the same allocation, etc.
>
> Arguments:
>
> Arg1: 00000007, Attempt to free pool which was already freed
>
> Arg2: 00000cd4, (reserved)
>
> Arg3: 00180003, Memory contents of the pool block
>
> Arg4: 81e039f8, Address of the block of pool being deallocated
>
>
>
> Debugging Details:
>
> ------------------
>
>
>
> > Kp
>
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
>
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
>
> a9ab3a9c 80550fc5 nt+0x601aa
>
> a9ab3aec 805503e3 nt+0x79fc5
>
> a9ab3afc aaaf614d nt+0x793e3
>
> a9ab3b08 aaaf7d2c fsfd!ExFreeToNPagedLookasideList(struct
> _NPAGED_LOOKASIDE_LIST * Lookaside = 0xaaaff540, void * Entry =
> 0x81e039f8)+0x3d [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 18738]
>
> a9ab3b18 aaafa20c fsfd!P2PFreetoNPagedList(struct _KREQUEST_INFO *
> pKRqstInfo = 0x81e039f8)+0x1c
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\suprtfns.c @ 3291]
>
> a9ab3b84 aaafca6a fsfd!ProcessDCMReadRequest(struct _DEVICE_OBJECT *
> pDeviceObject = 0x81f86030, void * pvInputBuffer = 0x8166d000, unsigned
long
> ulInputBufferLength = 0xc, void * pvOutputBuffer = 0x8166d000, unsigned
long
> ulOutputBufferLength = 0x14ad, struct _IO_STATUS_BLOCK * pIoStatus =
> 0x81cf3938)+0x384 [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @
> 1618]
>
> a9ab3c10 aaafc616 fsfd!DispatchDeviceIOCTL(struct _DEVICE_OBJECT *
> pDeviceObject = 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x199
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3428]
>
> a9ab3a9c 80550fc5 nt+0x601aa
>
> a9ab3aec 805503e3 nt+0x79fc5
>
> a9ab3afc aaaf614d nt+0x793e3
>
> a9ab3b08 aaaf7d2c fsfd!ExFreeToNPagedLookasideList(struct
> _NPAGED_LOOKASIDE_LIST * Lookaside = 0xaaaff540, void * Entry =
> 0x81e039f8)+0x3d [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 18738]
>
> a9ab3b18 aaafa20c fsfd!P2PFreetoNPagedList(struct _KREQUEST_INFO *
> pKRqstInfo = 0x81e039f8)+0x1c
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\suprtfns.c @ 3291]
>
> a9ab3b84 aaafca6a fsfd!ProcessDCMReadRequest(struct _DEVICE_OBJECT *
> pDeviceObject = 0x81f86030, void * pvInputBuffer = 0x8166d000, unsigned
long
> ulInputBufferLength = 0xc, void * pvOutputBuffer = 0x8166d000, unsigned
long
> ulOutputBufferLength = 0x14ad, struct _IO_STATUS_BLOCK * pIoStatus =
> 0x81cf3938)+0x384 [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @
> 1618]
>
> a9ab3c10 aaafc616 fsfd!DispatchDeviceIOCTL(struct _DEVICE_OBJECT *
> pDeviceObject = 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x199
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3428]
>
> a9ab3c30 aaaf23d2 fsfd!DeviceRoutine(struct _DEVICE_OBJECT * pDeviceObject
=
> 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x46
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3312]
>
> a9ab3c40 804e13d9 fsfd!PassThrough(struct _DEVICE_OBJECT * pDeviceObject =
> 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x22
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\entry.c @ 1305]
>
> a9ab3c64 80580fb1 nt+0xa3d9
>
> a9ab3d00 8058709e nt+0xa9fb1
>
> a9ab3d34 804dd99f nt+0xb009e
>
> a9ab3d64 7c90eb94 nt+0x699f
>
> 02ece3b4 00000000 0x7c90eb94
>
> a9ab3c30 aaaf23d2 fsfd!DeviceRoutine(struct _DEVICE_OBJECT * pDeviceObject
=
> 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x46
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3312]
>
> a9ab3c40 804e13d9 fsfd!PassThrough(struct _DEVICE_OBJECT * pDeviceObject =
> 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x22
> [c:\p2p\code\client\drivers\fsfd\win2k_xp\entry.c @ 1305]
>
> a9ab3c64 80580fb1 nt+0xa3d9
>
> a9ab3d00 8058709e nt+0xa9fb1
>
> a9ab3d34 804dd99f nt+0xb009e
>
> a9ab3d64 7c90eb94 nt+0x699f
>
> 02ece3b4 00000000 0x7c90eb94
>
>
>
>
>
>
>
>
> Any information is helpful.
>
>
>
> thanks,
>
> Kedar.
>
>
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com

deepumon_es · July 24, 2006, 8:59am

Use dt and check the irp, stack loc, check what is the major/minor
functions. Are you handling the IRP properly ? What are you doing against
this major/minor function. Ensure the IRP is completed/forwarded properly.
Seems you are getting same IRP with *your* same in/out buffers.

~Sisimon
Bangalore

On 7/23/06, matt wrote:
>
>
> ----- Original Message -----
> From: “Kedar”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Sunday, July 23, 2006 7:31 AM
> Subject: [ntfsd] legacy filter driver help needed
>
>
> > Hi All,
> >
> > I have a legacy file system filter driver on XP and has a crash with
> > following stack ouput from windbg and on stack I see set of calls being
> > called twice by OS? why is this behaviour, am I oversseeing something
> here.
> >
>
>
> “WARNING: Stack unwind information not available. Following frames may be
> wrong.” - that could explain a lot.
>
> And driver verifier is turned on?
>
> m.
>
>
> >
> >
>
> *************************************************************************
>
> >
> > *
> > *
> >
> > * Bugcheck Analysis
> > *
> >
> > *
> > *
> >
> >
>
> *************************************************************************
>
> >
> >
> >
> > BAD_POOL_CALLER (c2)
> >
> > The current thread is making a bad pool request. Typically this is at a
> bad
> > IRQL level or double freeing the same allocation, etc.
> >
> > Arguments:
> >
> > Arg1: 00000007, Attempt to free pool which was already freed
> >
> > Arg2: 00000cd4, (reserved)
> >
> > Arg3: 00180003, Memory contents of the pool block
> >
> > Arg4: 81e039f8, Address of the block of pool being deallocated
> >
> >
> >
> > Debugging Details:
> >
> > ------------------
> >
> >
> >
> >
>
> *************************************************************************
>
> >
> > *
> > *
> >
> > * Bugcheck Analysis
> > *
> >
> > *
> > *
> >
> >
>
> *************************************************************************
>
> >
> >
> >
> > BAD_POOL_CALLER (c2)
> >
> > The current thread is making a bad pool request. Typically this is at a
> bad
> > IRQL level or double freeing the same allocation, etc.
> >
> > Arguments:
> >
> > Arg1: 00000007, Attempt to free pool which was already freed
> >
> > Arg2: 00000cd4, (reserved)
> >
> > Arg3: 00180003, Memory contents of the pool block
> >
> > Arg4: 81e039f8, Address of the block of pool being deallocated
> >
> >
> >
> > Debugging Details:
> >
> > ------------------
> >
> >
> >
> > > Kp
> >
> > WARNING: Stack unwind information not available. Following frames may be
> > wrong.
> >
> > WARNING: Stack unwind information not available. Following frames may be
> > wrong.
> >
> > a9ab3a9c 80550fc5 nt+0x601aa
> >
> > a9ab3aec 805503e3 nt+0x79fc5
> >
> > a9ab3afc aaaf614d nt+0x793e3
> >
> > a9ab3b08 aaaf7d2c fsfd!ExFreeToNPagedLookasideList(struct
> > _NPAGED_LOOKASIDE_LIST * Lookaside = 0xaaaff540, void * Entry =
> > 0x81e039f8)+0x3d [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 18738]
> >
> > a9ab3b18 aaafa20c fsfd!P2PFreetoNPagedList(struct _KREQUEST_INFO *
> > pKRqstInfo = 0x81e039f8)+0x1c
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\suprtfns.c @ 3291]
> >
> > a9ab3b84 aaafca6a fsfd!ProcessDCMReadRequest(struct _DEVICE_OBJECT *
> > pDeviceObject = 0x81f86030, void * pvInputBuffer = 0x8166d000, unsigned
> long
> > ulInputBufferLength = 0xc, void * pvOutputBuffer = 0x8166d000, unsigned
> long
> > ulOutputBufferLength = 0x14ad, struct _IO_STATUS_BLOCK * pIoStatus =
> > 0x81cf3938)+0x384 [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @
> > 1618]
> >
> > a9ab3c10 aaafc616 fsfd!DispatchDeviceIOCTL(struct _DEVICE_OBJECT *
> > pDeviceObject = 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x199
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3428]
> >
> > a9ab3a9c 80550fc5 nt+0x601aa
> >
> > a9ab3aec 805503e3 nt+0x79fc5
> >
> > a9ab3afc aaaf614d nt+0x793e3
> >
> > a9ab3b08 aaaf7d2c fsfd!ExFreeToNPagedLookasideList(struct
> > _NPAGED_LOOKASIDE_LIST * Lookaside = 0xaaaff540, void * Entry =
> > 0x81e039f8)+0x3d [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 18738]
> >
> > a9ab3b18 aaafa20c fsfd!P2PFreetoNPagedList(struct _KREQUEST_INFO *
> > pKRqstInfo = 0x81e039f8)+0x1c
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\suprtfns.c @ 3291]
> >
> > a9ab3b84 aaafca6a fsfd!ProcessDCMReadRequest(struct _DEVICE_OBJECT *
> > pDeviceObject = 0x81f86030, void * pvInputBuffer = 0x8166d000, unsigned
> long
> > ulInputBufferLength = 0xc, void * pvOutputBuffer = 0x8166d000, unsigned
> long
> > ulOutputBufferLength = 0x14ad, struct _IO_STATUS_BLOCK * pIoStatus =
> > 0x81cf3938)+0x384 [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @
> > 1618]
> >
> > a9ab3c10 aaafc616 fsfd!DispatchDeviceIOCTL(struct _DEVICE_OBJECT *
> > pDeviceObject = 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x199
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3428]
> >
> > a9ab3c30 aaaf23d2 fsfd!DeviceRoutine(struct _DEVICE_OBJECT *
> pDeviceObject
> =
> > 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x46
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3312]
> >
> > a9ab3c40 804e13d9 fsfd!PassThrough(struct _DEVICE_OBJECT * pDeviceObject
> =
> > 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x22
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\entry.c @ 1305]
> >
> > a9ab3c64 80580fb1 nt+0xa3d9
> >
> > a9ab3d00 8058709e nt+0xa9fb1
> >
> > a9ab3d34 804dd99f nt+0xb009e
> >
> > a9ab3d64 7c90eb94 nt+0x699f
> >
> > 02ece3b4 00000000 0x7c90eb94
> >
> > a9ab3c30 aaaf23d2 fsfd!DeviceRoutine(struct _DEVICE_OBJECT *
> pDeviceObject
> =
> > 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x46
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\dispatch.c @ 3312]
> >
> > a9ab3c40 804e13d9 fsfd!PassThrough(struct _DEVICE_OBJECT * pDeviceObject
> =
> > 0x81f86030, struct _IRP * pIrp = 0x81cf3920)+0x22
> > [c:\p2p\code\client\drivers\fsfd\win2k_xp\entry.c @ 1305]
> >
> > a9ab3c64 80580fb1 nt+0xa3d9
> >
> > a9ab3d00 8058709e nt+0xa9fb1
> >
> > a9ab3d34 804dd99f nt+0xb009e
> >
> > a9ab3d64 7c90eb94 nt+0x699f
> >
> > 02ece3b4 00000000 0x7c90eb94
> >
> >
> >
> >
> >
> >
> >
> >
> > Any information is helpful.
> >
> >
> >
> > thanks,
> >
> > Kedar.
> >
> >
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@comcast.net
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html