Did somebody encounter this:
In W2K, trying to use MmGetSystemRoutineAddress to get an unavailable
routine, and the kernel bugchecks?
Below is a sample code, which bugchecks on some routine names and works
fine on others. Noteworthy,
the failing routine names start with “Cm” (but perhaps it’s a
coincidence).
// testdrv.c
#include “ntddk.h”
//#define FUNC_NAME L"RtlInitAnsiString" // in W2K, works
//#define FUNC_NAME L"RtlGetVersion" // not in W2K, works
//#define FUNC_NAME L"CmRegisterCallback" // not in W2K,
crashes
#define FUNC_NAME L"CmUnexistingRoutine" // not in W2K, crashes
//#define FUNC_NAME L"SomeUnexistingRoutine" // not in W2K, works
VOID DriverUnload (IN PDRIVER_OBJECT DriverObject) {}
NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING
RegistryPath)
{
PVOID pf;
UNICODE_STRING uName;
DriverObject->DriverUnload = DriverUnload;
RtlInitUnicodeString( &uName, FUNC_NAME);
pf = MmGetSystemRoutineAddress( &uName); // this might crash with
0xC0000005
DbgPrint(“testdrv!DriverEntry: %wZ is %p\n”, &uName, pf);
return STATUS_SUCCESS;
}
Attempt to start this driver results in an 0xC0000005 access violation
at
STACK_TEXT:
eb44bc3c 804ef721 e3548408 e3548408 85a0b8d8
nt!MiFindExportedRoutineByName+0x54
eb44bc78 eb301089 00000001 00280026 eb301010
nt!MmGetSystemRoutineAddress+0xb5
eb44bc90 8049a03a 85bf0c50 856f5000 f1c82d08 testdrv!DriverEntry+0x29
[c:\work\test\testdrv\testdrv.c @ 21]
eb44bd58 804d9247 000001ac 856f5000 f1c82d08 nt!IopLoadDriver+0x672
eb44bd78 804191b5 f1c82d08 00000000 00000000 nt!IopLoadUnloadDriver+0x3f
eb44bda8 80455a16 f1c82d08 00000000 00000000 nt!ExpWorkerThread+0xae
eb44bddc 80469bb2 804190f0 00000001 00000000
nt!PspSystemThreadStartup+0x69
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
Wondering if it’s a known issue (I tried at W2K Pro SP4 and W2K Server
SP3). Thanks!
- Vitaly