Please help with a mirror driver. I use Visual Studio 2012, WDK 8 and template from WDK 7.1 When I converting a template of the driver, compile, and deploy to remote computer, so miniport start with no problems. But when I reset the system, they fall into a blue screen on the first instruction of the driver (dll). I’m trying to find a solution for two weeks, but without success.
Thanks.
There is the kernel log:
KDTARGET: Refreshing KD connection
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for mirror.sys on Build 7600 BCuuBYrbyhC9d8VTr0kBsH
*
*******************************************************************************
Mirrored Driver VideoPort [Driver Entry]
FindAdapter Called.
Mirror Sample: Not used ‘MirrorGetChildDescriptor’.
Initialize Called.
Mirror Sample: Not used ‘MirrorGetChildDescriptor’.
*** Fatal System Error: 0x000000be
(0xA5F3C858,0xB3E2B021,0xA4CDB614,0x0000000B)
.
Break instruction exception - code 80000003 (first chance)
Connected to Windows 7 7600 x86 compatible target at (Wed Jul 17 23:20:17.517 2013 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
…
…
…
Loading User Symbols
…
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck BE, {a5f3c858, b3e2b021, a4cdb614, b}
Probably caused by : ntkrpamp.exe ( nt!KiTrap0E+dc )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
82889554 cc int 3
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: a5f3c858, Virtual address for the attempted write.
Arg2: b3e2b021, PTE contents.
Arg3: a4cdb614, (reserved)
Arg4: 0000000b, (reserved)
Debugging Details:
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 2
TRAP_FRAME: a4cdb614 – (.trap 0xffffffffa4cdb614)
ErrCode = 00000003
eax=a5c00000 ebx=a5f3c858 ecx=a4cdb6a0 edx=a5d5f406 esi=99d0c07e edi=99d0c1b0
eip=a5c00003 esp=a4cdb688 ebp=a4cdb6b3 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
mirror_a5c00000!DebugPrint (mirror_a5c00000+0x3):
a5c00003 0003 add byte ptr [ebx],al ds:0023:a5f3c858=67
Resetting default scope
LAST_CONTROL_TRANSFER: from 828fbc9d to 82889554
STACK_TEXT:
a4cdb164 828fbc9d 00000003 c5f6daa7 00000065 nt!RtlpBreakWithStatusInstruction
a4cdb1b4 828fc799 00000003 b3e2b021 00000000 nt!KiBugCheckDebugBreak+0x1c
a4cdb578 828a3aa3 000000be a5f3c858 b3e2b021 nt!KeBugCheck2+0x68b
a4cdb5fc 828648c8 00000001 a5f3c858 00000000 nt!MmAccessFault+0x106
a4cdb5fc a5c00003 00000001 a5f3c858 00000000 nt!KiTrap0E+0xdc
a4cdb6b3 d5fcf1a4 b8f008a5 000001ff b90c8800 mirror_a5c00000!DebugPrint (mirror_a5c00000+0x3)
WARNING: Frame IP not in any known module. Following frames may be wrong.
a4cdb6b7 b8f008a5 000001ff b90c8800 b917e0ff 0xd5fcf1a4
a4cdb6bb 00000000 b90c8800 b917e0ff 000000ff 0xb8f008a5
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+dc
828648c8 85c0 test eax,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!KiTrap0E+dc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5147d3b2
FAILURE_BUCKET_ID: 0xBE_VRF_nt!KiTrap0E+dc
BUCKET_ID: 0xBE_VRF_nt!KiTrap0E+dc
Followup: MachineOwner