Hi, i just got a mini dump from one of my colleagues who was testing the
application which includes a driver i have written.
I just do not really get the output in this crash and hope you (ntdev users)
can help me or guide me to the path which will help me solve this issue.
Thanks for all your help.
Here comes the bugcheck analysis.
PS. It’s a TDI Filter Driver.
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffffe0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 805364b6, address which referenced memory
Debugging Details:
READ_ADDRESS: ffffffe0
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiEndingOffset+106
805364b6 8b51e0 mov edx,[ecx-0x20]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 80536a82 to 805364b6
STACK_TEXT:
bad1fd2c 80536a82 80563b50 80563b48 8053f053 nt!MiEndingOffset+0x106
bad1fdac 805ce7d4 00000000 00000000 00000000 nt!MiFlushDirtyBitsToPfn+0x112
bad1fddc 805451ce 8053efc6 00000000 00000000 nt!MiPageFileTraces+0x1014
00000000 00000000 00000000 00000000 00000000
nt!MiAddValidPageToWorkingSet+0x224
FOLLOWUP_IP:
nt!MiEndingOffset+106
805364b6 8b51e0 mov edx,[ecx-0x20]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!MiEndingOffset+106
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 434c50c7
STACK_COMMAND: kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiEndingOffset+106
BUCKET_ID: 0xA_nt!MiEndingOffset+106