Memory problem

Bill_Green · August 20, 2007, 7:20pm

Hello -

I was starting a test driver on my xp system when I got the crash dump below. Looks like a memory corruption problem. Does anyone know what may cause this? Thanks!

!analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805188cc, address which referenced memory

Debugging Details:

WRITE_ADDRESS: 0000001c

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiDecrementCloneBlockReference+8
805188cc ff4b1c dec dword ptr [ebx+0x1c]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 80517bb7 to 805188cc

TRAP_FRAME: ff5da748 -- (.trap ffffffffff5da748)
.trap ffffffffff5da748
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=c0001000 edx=893026dc esi=f66a9554
edi=00000000
eip=805188cc esp=ff5da7bc ebp=ff5da7c4 iopl=0 nv up ei pl zr na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
nt!MiDecrementCloneBlockReference+0x8:
805188cc ff4b1c dec dword ptr [ebx+0x1c]
ds:0023:0000001c=????????
.trap
Resetting default scope

STACK_TEXT:
ff5da7c4 80517bb7 00000000 f66a9554 893025b8
nt!MiDecrementCloneBlockReference+0x8
ff5da7fc 80517dfd c0001000 00400000 00000000 nt!MiDeletePte+0x32b
ff5da8bc 80510417 e1460288 00a11fff 00000000
nt!MiDeleteVirtualAddresses+0x149
ff5da968 8059673c 893025b8 00000001 ff5da9d8
nt!MiRemoveMappedView+0x211
ff5da9ac 8059681a 880339e0 856bc6f8 00000000
nt!MiUnmapViewOfSection+0x12a
ff5da9c8 805311b4 ffffffff 893025b8 00000000
nt!NtUnmapViewOfSection+0x52
ff5da9c8 804fb675 ffffffff 893025b8 00000000 nt!KiSystemService+0xc9
ff5daa48 805917fb ffffffff 00170000 8054c278
nt!ZwUnmapViewOfSection+0x11
ff5daae8 80591f1e 8000128c 00000000 8054c278
nt!MmCheckSystemImage+0x12f
ff5dac88 8056793b ff5dad48 00000000 00000000 nt!MmLoadSystemImage+0x25e
ff5dad54 80567d0d 00001298 00000001 00000000 nt!IopLoadDriver+0x311
ff5dad7c 80529055 00001298 00000000 892ff020
nt!IopLoadUnloadDriver+0x43
ff5dadac 805b27f2 96377cf4 00000000 00000000 nt!ExpWorkerThread+0xed
ff5daddc 805358f6 80528f68 00000001 00000000
nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP:
nt!MiDecrementCloneBlockReference+8
805188cc ff4b1c dec dword ptr [ebx+0x1c]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!MiDecrementCloneBlockReference+8

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 3f8d8ab2

STACK_COMMAND: .trap ffffffffff5da748 ; kb

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+8

BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+8

Tim_Roberts · August 20, 2007, 8:17pm

xxxxx@gmail.com wrote:

Hello -

I was starting a test driver on my xp system when I got the crash dump below. Looks like a memory corruption problem. Does anyone know what may cause this? Thanks!

Somebody zeroed a block of memory that didn’t belong to them, somewhere
in the page tables. It’s hard to go any further than that.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · August 20, 2007, 8:18pm

It's hard to say without some more information. Certainly, that EBX is
zero is not good, but I'm not familiar with the internals of the two
surrounding functions to say what EBX is supposed to be. Before
disassembleing, in particular, a deeper stack trace would be nice (kv
50), and some idea of when this problem is occurring. It looks like it
might be happening during your DriverEntry; maybe the MmLoadSystemImage
is not for your driver. What does your driver do? If you haven't
already, add some trace statements in your driver to help figure out
roughly where it is failing.

A lot of things can cause this problem, including faulty hardware, so
you need to figure out your driver's role in it first.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Monday, August 20, 2007 19:23
To: Windows System Software Devs Interest List
Subject: [ntdev] Memory problem

Hello -

I was starting a test driver on my xp system when I got the crash dump
below. Looks like a memory corruption problem. Does anyone know what may
cause this? Thanks!

!analyze -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805188cc, address which referenced memory

Debugging Details:

WRITE_ADDRESS: 0000001c

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiDecrementCloneBlockReference+8
805188cc ff4b1c dec dword ptr [ebx+0x1c]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 80517bb7 to 805188cc

TRAP_FRAME: ff5da748 -- (.trap ffffffffff5da748)
.trap ffffffffff5da748
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=c0001000 edx=893026dc esi=f66a9554
edi=00000000
eip=805188cc esp=ff5da7bc ebp=ff5da7c4 iopl=0 nv up ei pl zr na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
nt!MiDecrementCloneBlockReference+0x8:
805188cc ff4b1c dec dword ptr [ebx+0x1c]
ds:0023:0000001c=????????
.trap
Resetting default scope

STACK_TEXT:
ff5da7c4 80517bb7 00000000 f66a9554 893025b8
nt!MiDecrementCloneBlockReference+0x8
ff5da7fc 80517dfd c0001000 00400000 00000000 nt!MiDeletePte+0x32b
ff5da8bc 80510417 e1460288 00a11fff 00000000
nt!MiDeleteVirtualAddresses+0x149
ff5da968 8059673c 893025b8 00000001 ff5da9d8
nt!MiRemoveMappedView+0x211
ff5da9ac 8059681a 880339e0 856bc6f8 00000000
nt!MiUnmapViewOfSection+0x12a
ff5da9c8 805311b4 ffffffff 893025b8 00000000
nt!NtUnmapViewOfSection+0x52
ff5da9c8 804fb675 ffffffff 893025b8 00000000 nt!KiSystemService+0xc9
ff5daa48 805917fb ffffffff 00170000 8054c278
nt!ZwUnmapViewOfSection+0x11
ff5daae8 80591f1e 8000128c 00000000 8054c278
nt!MmCheckSystemImage+0x12f
ff5dac88 8056793b ff5dad48 00000000 00000000 nt!MmLoadSystemImage+0x25e
ff5dad54 80567d0d 00001298 00000001 00000000 nt!IopLoadDriver+0x311
ff5dad7c 80529055 00001298 00000000 892ff020
nt!IopLoadUnloadDriver+0x43
ff5dadac 805b27f2 96377cf4 00000000 00000000 nt!ExpWorkerThread+0xed
ff5daddc 805358f6 80528f68 00000001 00000000
nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP:
nt!MiDecrementCloneBlockReference+8
805188cc ff4b1c dec dword ptr [ebx+0x1c]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!MiDecrementCloneBlockReference+8

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 3f8d8ab2

STACK_COMMAND: .trap ffffffffff5da748 ; kb

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+8

BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+8

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:

To unsubscribe, visit the List Server section of OSR Online at

Bill_Green · August 21, 2007, 12:22am

Output of kd 500 -

ff5da72c ff5da748
ff5da730 80533fc1 nt!KiTrap0E+0x2b5
ff5da734 0000000a
ff5da738 0000001c
ff5da73c 00000002
ff5da740 00000001
ff5da744 805188cc nt!MiDecrementCloneBlockReference+0x8
ff5da748 00000000
ff5da74c 00000000
ff5da750 00000000
ff5da754 00000000
ff5da758 00000000
ff5da75c 00000000
ff5da760 00000000
ff5da764 00000000
ff5da768 00000000
ff5da76c 00000000
ff5da770 00000000
ff5da774 00000000
ff5da778 00000000
ff5da77c 00000023
ff5da780 00000023
ff5da784 893026dc
ff5da788 c0001000
ff5da78c 00000000
ff5da790 00000000
ff5da794 ffffffff
ff5da798 00000030
ff5da79c 00000000
ff5da7a0 f66a9554
ff5da7a4 00000000
ff5da7a8 ff5da7c4
ff5da7ac 00000002
ff5da7b0 805188cc nt!MiDecrementCloneBlockReference+0x8
ff5da7b4 00000008
ff5da7b8 00010246
ff5da7bc 893025b8
ff5da7c0 c0001000
ff5da7c4 ff5da7fc
ff5da7c8 80517bb7 nt!MiDeletePte+0x32b
ff5da7cc 00000000
ff5da7d0 f66a9554
ff5da7d4 893025b8
ff5da7d8 00400000
ff5da7dc c0300004
ff5da7e0 848c53d8
ff5da7e4 ffdff540
ff5da7e8 848c5302
ff5da7ec 00000000
ff5da7f0 ff5da828
ff5da7f4 848c53d8
ff5da7f8 805177ad nt!MiFlushPteList+0x39
ff5da7fc ff5da854
ff5da800 80517dfd nt!MiDeleteVirtualAddresses+0x149
ff5da804 c0001000
ff5da808 00400000
ff5da80c 00000000
ff5da810 893025b8
ff5da814 e145ea40
ff5da818 ff5da828
ff5da81c 867e02a0
ff5da820 848c53d8
ff5da824 00000000
ff5da828 00000000
ff5da82c c00005c0
ff5da830 c00005c4
ff5da834 c00005c8
ff5da838 c00005cc
ff5da83c c00005d0
ff5da840 c00005d4
ff5da844 c00005d8
ff5da848 c00005dc
ff5da84c c00005e0
ff5da850 c00005e4
ff5da854 c00005e8
ff5da858 c00005ec
ff5da85c c00005f0
ff5da860 c00005f4
ff5da864 c00005f8
ff5da868 00170000
ff5da86c 00171000
ff5da870 00172000
ff5da874 00173000
ff5da878 00174000
ff5da87c 00175000
ff5da880 00176000
ff5da884 00177000
ff5da888 00178000
ff5da88c 00179000
ff5da890 0017a000
ff5da894 0017b000
ff5da898 0017c000
ff5da89c 0017d000
ff5da8a0 0017e000
ff5da8a4 00000000
ff5da8a8 c050303e
ff5da8ac 893025b8
ff5da8b0 c0001000
ff5da8b4 00000000
ff5da8b8 01000ffc
ff5da8bc ff5da8f8
ff5da8c0 80510417 nt!MiRemoveMappedView+0x211
ff5da8c4 e1460288
ff5da8c8 00a11fff
ff5da8cc 00000000
ff5da8d0 e145ea40
ff5da8d4 848c53d8
ff5da8d8 893025b8
ff5da8dc 00170000
ff5da8e0 c0000ffc
ff5da8e4 00000000
ff5da8e8 ff67764a kdcom!CpReadLsr+0x8d
ff5da8ec 000003fe
ff5da8f0 00000000
ff5da8f4 ff677d20 kdcom!Port
ff5da8f8 c0000ffc
ff5da8fc 806bd8cc HAL_I0!KeAcquireQueuedSpinLock
ff5da900 8052a2c0 nt!_except_handler3
ff5da904 804d6508 nt!GUID_DOCK_INTERFACE+0x414
ff5da908 ffffffff
ff5da90c 804f0952 nt!IopCompleteRequest+0x32c
ff5da910 80561ed8 nt!NtQueryInformationFile+0x54e
ff5da914 8464e048
ff5da918 ff5da938
ff5da91c ff5da93c
ff5da920 00000000
ff5da924 00000000
ff5da928 00000002
ff5da92c 00000001
ff5da930 00000017
ff5da934 ff5da95c
ff5da938 ff5da95c
ff5da93c 8059917f nt!MiReturnPageTablePageCommitment+0x103
ff5da940 893025b8
ff5da944 00000002
ff5da948 848c53d8
ff5da94c 893025b8
ff5da950 00170000
ff5da954 00007ffe
ff5da958 c0502000
ff5da95c ff5da9ac
ff5da960 867e02a0
ff5da964 00170001
ff5da968 ff5da9ac
ff5da96c 8059673c nt!MiUnmapViewOfSection+0x12a
ff5da970 893025b8
ff5da974 00000001
ff5da978 ff5da9d8
ff5da97c 00170000
ff5da980 805967c8 nt!NtUnmapViewOfSection
ff5da984 804fc2d4 nt!KiQuantumEnd+0xa4
ff5da988 02627666
ff5da98c 00000005
ff5da990 ff5da9d8
ff5da994 00170000
ff5da998 805967c8 nt!NtUnmapViewOfSection
ff5da99c 008a2000
ff5da9a0 00a11fff
ff5da9a4 00000000
ff5da9a8 00000000
ff5da9ac ff5da9c8
ff5da9b0 8059681a nt!NtUnmapViewOfSection+0x52
ff5da9b4 880339e0
ff5da9b8 856bc6f8
ff5da9bc 00000000
ff5da9c0 ff5daa58
ff5da9c4 00000000
ff5da9c8 ff5da9d8
ff5da9cc 805311b4 nt!KiSystemService+0xc9
ff5da9d0 ffffffff
ff5da9d4 893025b8
ff5da9d8 00000000
ff5da9dc 00000000
ff5da9e0 00000005
ff5da9e4 00000001
ff5da9e8 00000000
ff5da9ec 00000023
ff5da9f0 00000023
ff5da9f4 00000000
ff5da9f8 0017d749
ff5da9fc 00716cef
ff5daa00 01000100
ff5daa04 ff5daad8
ff5daa08 00000030
ff5daa0c 008a1b80
ff5daa10 0000a69f
ff5daa14 00000000
ff5daa18 ff5daa30
ff5daa1c 00000000
ff5daa20 01000100
ff5daa24 ff5daad8
ff5daa28 00000030
ff5daa2c 00000018
ff5daa30 00000000
ff5daa34 00000000
ff5daa38 ff5daae8
ff5daa3c 00000000
ff5daa40 804fb675 nt!ZwUnmapViewOfSection+0x11
ff5daa44 00000008
ff5daa48 00000286
ff5daa4c 805917fb nt!MmCheckSystemImage+0x12f
ff5daa50 ffffffff
ff5daa54 00170000
ff5daa58 8054c278 nt!PsLoadedModuleList
ff5daa5c 00000000
ff5daa60 00000000
ff5daa64 00000000
ff5daa68 8465107c
ff5daa6c 00000008
ff5daa70 c0000221
ff5daa74 00000000
ff5daa78 00000018
ff5daa7c 008a2000
ff5daa80 00000000
ff5daa84 008a1b80
ff5daa88 00000000
ff5daa8c 00000001
ff5daa90 00000000
ff5daa94 8054c278 nt!PsLoadedModuleList
ff5daa98 00000000
ff5daa9c 00000000
ff5daaa0 e125b1b8
ff5daaa4 00000001
ff5daaa8 c9049000
ff5daaac 008a2000
ff5daab0 00170000
ff5daab4 80000b9c
ff5daab8 00000018
ff5daabc 00000000
ff5daac0 00000000
ff5daac4 00000240
ff5daac8 00000000
ff5daacc 00000000
ff5daad0 ff5daa58
ff5daad4 00000008
ff5daad8 ff5dac78
ff5daadc 8052a2c0 nt!_except_handler3
ff5daae0 804d6cc0 nt!MMTEMPORARY+0xa0
ff5daae4 ffffffff
ff5daae8 ff5dac88
ff5daaec 80591f1e nt!MmLoadSystemImage+0x25e
ff5daaf0 8000128c
ff5daaf4 00000000
ff5daaf8 8054c278 nt!PsLoadedModuleList
ff5daafc 8054c2a0 nt!PsLoadedModuleResource
ff5dab00 00000000
ff5dab04 805ebff3 nt!ExMapHandleToPointerEx+0x19
ff5dab08 e1003e68
ff5dab0c 00001298
ff5dab10 ff5dab80
ff5dab14 ff5dab38
ff5dab18 00000000
ff5dab1c 00000000
ff5dab20 c9048ca4
ff5dab24 ff5daaf0
ff5dab28 00000000
ff5dab2c ff5dabc4
ff5dab30 8052a2c0 nt!_except_handler3
ff5dab34 804dd9d0 nt!string'+0x118 ff5dab38 ffffffff ff5dab3c 8060d0f2 nt!CmQueryKey+0x152 ff5dab40 806020b1 nt!NtQueryKey+0x20f ff5dab44 ff5dac90 ff5dab48 e16ed348 ff5dab4c ff5dabd4 ff5dab50 00000000 ff5dab54 8060214e nt!NtQueryKey+0x2ac ff5dab58 ff5dabf0 ff5dab5c ff5dac7c ff5dab60 80601ea2 nt!NtQueryKey ff5dab64 00000000 ff5dab68 8061ac76 nt!CmpQueryKeyData+0x25a ff5dab6c 84651018 ff5dab70 ff5dab84 ff5dab74 e125b1b8 ff5dab78 805265e3 nt!ExReleaseResourceLite+0x93 ff5dab7c 00000000 ff5dab80 e16ed348 ff5dab84 00000000 ff5dab88 e16ed348 ff5dab8c ffffffff ff5dab90 ffffffff ff5dab94 8052a2c0 nt!_except_handler3 ff5dab98 804dd500 nt!string’+0xc
ff5dab9c ffffffff
ff5daba0 805fefc2 nt!NtQueryValueKey+0x326
ff5daba4 805311b4 nt!KiSystemService+0xc9
ff5daba8 00001298
ff5dabac ff5dac5c
ff5dabb0 00000001
ff5dabb4 84651068
ff5dabb8 00000000
ff5dabbc ff5dab58
ff5dabc0 e1003e68
ff5dabc4 ffffffff
ff5dabc8 8052a2c0 nt!_except_handler3
ff5dabcc 804dd868 nt!`string’+0x32c
ff5dabd0 ffffffff
ff5dabd4 8060214e nt!NtQueryKey+0x2ac
ff5dabd8 805311b4 nt!KiSystemService+0xc9
ff5dabdc 00001298
ff5dabe0 00000000
ff5dabe4 86812268
ff5dabe8 0000001a
ff5dabec ff5dac90
ff5dabf0 00000024
ff5dabf4 8060d0f2 nt!CmQueryKey+0x152
ff5dabf8 00000000
ff5dabfc 00000000
ff5dac00 00000000
ff5dac04 00000001
ff5dac08 00000018
ff5dac0c 00000000
ff5dac10 ff5dad48
ff5dac14 00000240
ff5dac18 00000000
ff5dac1c 00000000
ff5dac20 00000000
ff5dac24 892ff020
ff5dac28 00000000
ff5dac2c 005e005c
ff5dac30 e1242250
ff5dac34 004a004a
ff5dac38 e1242250
ff5dac3c 00120012
ff5dac40 e124229a
ff5dac44 8054c0c0 nt!MmSession
ff5dac48 00000000
ff5dac4c 00000000
ff5dac50 ffffffff
ff5dac54 84696f00
ff5dac58 00000000
ff5dac5c 00000000
ff5dac60 00000000
ff5dac64 8000128c
ff5dac68 ffffffff
ff5dac6c fffffffe
ff5dac70 ff5daaf8
ff5dac74 84651068
ff5dac78 ff5dadcc
ff5dac7c 8052a2c0 nt!_except_handler3
ff5dac80 804d6cd0 nt!MMTEMPORARY+0xb0
ff5dac84 ffffffff
ff5dac88 ff5dacec
ff5dac8c 8056793b nt!IopLoadDriver+0x311
ff5dac90 ff5dad48
ff5dac94 00000000
ff5dac98 00000000
ff5dac9c 00000000
ff5daca0 ff5dad2c
ff5daca4 ff5dad38
ff5daca8 00000000
ff5dacac 96377cf4
ff5dacb0 00000000
ff5dacb4 00000003
ff5dacb8 d4654641
ff5dacbc 20b9ea2a
ff5dacc0 e2f6a47f
ff5dacc4 806bdba9 HAL_I0!HalpDispatchInterrupt+0xa5
ff5dacc8 804fc55e nt!KiInsertTimerTable+0x1a
ff5daccc ffe17b80
ff5dacd0 ffffffff
ff5dacd4 fd137a02
ff5dacd8 0000001f
ff5dacdc ffdff540
ff5dace0 805353c3 nt!SwapContext+0xf3
ff5dace4 ff5dadcc
ff5dace8 00000246
ff5dacec 805351db nt!KiSwapContext+0x2f
ff5dacf0 00000000
ff5dacf4 892ff020
ff5dacf8 ffdff120
ff5dacfc 01000100
ff5dad00 00000018
ff5dad04 00000000
ff5dad08 ff5dad24
ff5dad0c 00000010
ff5dad10 00000000
ff5dad14 00000000
ff5dad18 84651008
ff5dad1c 804faae5 nt!ZwOpenKey+0x11
ff5dad20 00000008
ff5dad24 001a001a
ff5dad28 845fc268
ff5dad2c ff5dad84
ff5dad30 0000001a
ff5dad34 ff5dad38
ff5dad38 00000018
ff5dad3c 000c000a
ff5dad40 e167fe60
ff5dad44 00000040
ff5dad48 005e005c
ff5dad4c e1242250
ff5dad50 00000000
ff5dad54 ff5dad7c
ff5dad58 80567d0d nt!IopLoadUnloadDriver+0x43
ff5dad5c 00001298
ff5dad60 00000001
ff5dad64 00000000
ff5dad68 ff5dad78
ff5dad6c 96377cf4
ff5dad70 8054f21c nt!ExWorkerQueue+0x3c
ff5dad74 892ff020
ff5dad78 00000000
ff5dad7c ff5dadac
ff5dad80 80529055 nt!ExpWorkerThread+0xed
ff5dad84 00001298
ff5dad88 00000000
ff5dad8c 892ff020
ff5dad90 00000000
ff5dad94 00000000
ff5dad98 00000000
ff5dad9c 00000001
ff5dada0 892ff020
ff5dada4 00000000
ff5dada8 80567cca nt!IopLoadUnloadDriver
ff5dadac ff5daddc
ff5dadb0 805b27f2 nt!PspSystemThreadStartup+0x34
ff5dadb4 96377cf4
ff5dadb8 00000000
ff5dadbc 00000000
ff5dadc0 00000000
ff5dadc4 ff5dadb8
ff5dadc8 00000000
ff5dadcc ffffffff
ff5dadd0 8052a2c0 nt!_except_handler3
ff5dadd4 804d7798 nt!ObWatchHandles+0x5f4
ff5dadd8 00000000
ff5daddc 00000000
ff5dade0 805358f6 nt!KiThreadStartup+0x16
ff5dade4 80528f68 nt!ExpWorkerThread

On 8/20/07, Martin O’Brien wrote:
>
> It’s hard to say without some more information. Certainly, that EBX is
> zero is not good, but I’m not familiar with the internals of the two
> surrounding functions to say what EBX is supposed to be. Before
> disassembleing, in particular, a deeper stack trace would be nice (kv
> 50), and some idea of when this problem is occurring. It looks like it
> might be happening during your DriverEntry; maybe the MmLoadSystemImage
> is not for your driver. What does your driver do? If you haven’t
> already, add some trace statements in your driver to help figure out
> roughly where it is failing.
>
> A lot of things can cause this problem, including faulty hardware, so
> you need to figure out your driver’s role in it first.
>
> mm
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@gmail.com
> Sent: Monday, August 20, 2007 19:23
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Memory problem
>
> Hello -
>
> I was starting a test driver on my xp system when I got the crash dump
> below. Looks like a memory corruption problem. Does anyone know what may
> cause this? Thanks!
>
>
> !analyze -v
> *****************************************************************
>
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *****************************************************************
>
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 0000001c, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000001, value 0 = read operation, 1 = write operation
> Arg4: 805188cc, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> WRITE_ADDRESS: 0000001c
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!MiDecrementCloneBlockReference+8
> 805188cc ff4b1c dec dword ptr [ebx+0x1c]
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 80517bb7 to 805188cc
>
> TRAP_FRAME: ff5da748 – (.trap ffffffffff5da748)
> .trap ffffffffff5da748
> ErrCode = 00000002
> eax=00000000 ebx=00000000 ecx=c0001000 edx=893026dc esi=f66a9554
> edi=00000000
> eip=805188cc esp=ff5da7bc ebp=ff5da7c4 iopl=0 nv up ei pl zr na
> po nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010246
> nt!MiDecrementCloneBlockReference+0x8:
> 805188cc ff4b1c dec dword ptr [ebx+0x1c]
> ds:0023:0000001c=???
> .trap
> Resetting default scope
>
> STACK_TEXT:
> ff5da7c4 80517bb7 00000000 f66a9554 893025b8
> nt!MiDecrementCloneBlockReference+0x8
> ff5da7fc 80517dfd c0001000 00400000 00000000 nt!MiDeletePte+0x32b
> ff5da8bc 80510417 e1460288 00a11fff 00000000
> nt!MiDeleteVirtualAddresses+0x149
> ff5da968 8059673c 893025b8 00000001 ff5da9d8
> nt!MiRemoveMappedView+0x211
> ff5da9ac 8059681a 880339e0 856bc6f8 00000000
> nt!MiUnmapViewOfSection+0x12a
> ff5da9c8 805311b4 ffffffff 893025b8 00000000
> nt!NtUnmapViewOfSection+0x52
> ff5da9c8 804fb675 ffffffff 893025b8 00000000 nt!KiSystemService+0xc9
> ff5daa48 805917fb ffffffff 00170000 8054c278
> nt!ZwUnmapViewOfSection+0x11
> ff5daae8 80591f1e 8000128c 00000000 8054c278
> nt!MmCheckSystemImage+0x12f
> ff5dac88 8056793b ff5dad48 00000000 00000000 nt!MmLoadSystemImage+0x25e
> ff5dad54 80567d0d 00001298 00000001 00000000 nt!IopLoadDriver+0x311
> ff5dad7c 80529055 00001298 00000000 892ff020
> nt!IopLoadUnloadDriver+0x43
> ff5dadac 805b27f2 96377cf4 00000000 00000000 nt!ExpWorkerThread+0xed
> ff5daddc 805358f6 80528f68 00000001 00000000
> nt!PspSystemThreadStartup+0x34
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> FOLLOWUP_IP:
> nt!MiDecrementCloneBlockReference+8
> 805188cc ff4b1c dec dword ptr [ebx+0x1c]
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: nt!MiDecrementCloneBlockReference+8
>
> MODULE_NAME: nt
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3f8d8ab2
>
> STACK_COMMAND: .trap ffffffffff5da748 ; kb
>
> IMAGE_NAME: memory_corruption
>
> FAILURE_BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+8
>
> BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+8
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>