Memory addres at 0xBADxxxxx

OSR_Community_User · December 12, 2001, 10:04am

Hi,
I’m “wrestling” with BSOD on NT 4.0-SP6 that occasionally occurs after the
system is running for quite some time. From crash dump file I saw that the
memory referenced that triggers BSOD was 0xBADxxxxx. I would like to find
out if that 0xBADxxxxx is really “bad” address used by NT (or other) kernel
components to “watchdog” the access to un-initialized (or failed
initialization) NT internal structure members. In my case the
nt!ObOpenObjectByName was accessing 0xBADxxxxx address. I have suspects that
BSOD is triggered due to leak of system resources (kernel memory pools,
fragmentation of system memory, etc).
If anybody is aware, if such techniques (using memory range at 0xBADxxxxx to
mark un-initialized pointers) are used in NT 4.0 kernel components, please
reply.
Thanks in advance.
wbr Primoz

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · December 12, 2001, 5:13pm

Memory addres at 0xBADxxxxxSurely they are used.
Such bug is usually freeing the structure and then working with it, sometimes it occurs due to reference counting bugs.

Max
----- Original Message -----
From: Primoz Beltram
To: NT Developers Interest List
Sent: Wednesday, December 12, 2001 6:01 PM
Subject: [ntdev] Memory addres at 0xBADxxxxx

Hi,

I’m “wrestling” with BSOD on NT 4.0-SP6 that occasionally occurs after the system is running for quite some time. From crash dump file I saw that the memory referenced that triggers BSOD was 0xBADxxxxx. I would like to find out if that 0xBADxxxxx is really “bad” address used by NT (or other) kernel components to “watchdog” the access to un-initialized (or failed initialization) NT internal structure members. In my case the nt!ObOpenObjectByName was accessing 0xBADxxxxx address. I have suspects that BSOD is triggered due to leak of system resources (kernel memory pools, fragmentation of system memory, etc).

If anybody is aware, if such techniques (using memory range at 0xBADxxxxx to mark un-initialized pointers) are used in NT 4.0 kernel components, please reply.

Thanks in advance.

wbr Primoz

You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com