Hi friends,
My mirror driver is crashing(Bug Check id = 0x50) on
win7-32bits/Vista-32bits if I am setting 16bits color depth from display
properties window. Error is happening in EngBitBlt() and as per error code
“Page fault occurred in non paged area”.
My doubts:
1.) Is any know issue with Mirror driver + 16 bits color depth?
2.) Why page fault is happening with 16 bits color depth not 32bits?
3.) I am creating shared memory using EngMapeFile of size = width X hight X
(bits per pixel/8), is this not correct?
Please let know if I am missing something here. I have given error code,
call stack and analyze results. Please let me know if anything else is
needed.
*Error code*:
BugCheck 50, {fd98e288, 1, 8219f8aa, 0}
*Below is the call stack*:
ChildEBP RetAddr Args to Child
a72dfe2c 82913e71 00000003 2510f246 00000065
nt!RtlpBreakWithStatusInstruction
a72dfe7c 8291496d 00000003 85f73578 00000000 nt!KiBugCheckDebugBreak+0x1c
a72e0240 828bc8e3 00000050 fd98e288 00000001 nt!KeBugCheck2+0x68b
a72e02cc 8287d5f8 00000001 fd98e288 00000000 nt!MmAccessFault+0x106
a72e02cc 8219f8aa 00000001 fd98e288 00000000 nt!KiTrap0E+0xdc
a72e0374 82147096 0000000f 250462a2 ffb86900 win32k!vSrcCopyS16D32+0xb3
a72e05b4 8214f8b7 ffb86910 fe052010 a72e08a4 win32k!EngCopyBits+0x604
a72e062c 82371c5a ffb86910 fe052010 00000000 win32k!EngBitBlt+0x4ec
WARNING: Stack unwind information not available. Following frames may be
wrong.
a72e0678 82371cff ffb86910 fe052010 00000000 MyMirrorDriver_82370000+0x1c5a
a72e06ac 820aa3ae ffb86910 fe052010 a72e08a4 MyMirrorDriver_82370000+0x1cff
a72e06f8 82178e27 fe0f8c90 fe052010 a72e08a4 win32k!WatchdogDrvCopyBits+0x53
a72e0740 8215eac4 820aa35b a72e09d0 ffb86910 win32k!OffCopyBits+0x7d
a72e09e4 8217c401 ffb86910 fe052010 00000000 win32k!SpBitBlt+0x252
a72e0a18 82178e27 ffb86910 fe052010 fe6e1248 win32k!SpCopyBits+0x27
a72e0a60 8225e8e0 8217c3da fe765d70 ffb86910 win32k!OffCopyBits+0x7d
a72e0ba0 8225ea49 ffb9a7f0 fe052010 00000000 win32k!MulBitBlt+0x372
a72e0be4 8217cc53 ffb9a7f0 fe052010 00000000 win32k!MulCopyBits+0xcc
a72e0ccc 82164e36 ffbacea8 ffa2c120 fe4dc388
win32k!NtGdiBitBltInternal+0x6ab
a72e0d00 8287a42a 02010867 00000000 00000000 win32k!NtGdiBitBlt+0x2f
a72e0d00 771364f4 02010867 00000000 00000000 nt!KiFastCallEntry+0x12a
0224f3d0 75a67209 75a671f1 02010867 00000000 ntdll!KiFastSystemCallRet
0224f3d4 75a671f1 02010867 00000000 00000000 GDI32!NtGdiBitBlt+0xc
0224f418 73f05bb7 02010867 00000000 00000000 GDI32!BitBlt+0x1fa
0224f454 73f05b46 00651278 e60107e8 80004005
UxTheme!CPaintBuffer::_PaintTargetRect+0x52
0224f484 73f040a8 e60107e8 02010867 00646a70
UxTheme!CPaintBuffer::_PaintImmediate+0x3a
0224f49c 73f04020 00000001 000054d6 80004005
UxTheme!CPaintBuffer::EndPaint+0x9e
0224f4b4 73f03fd4 000054d6 00000001 00179a38
UxTheme!CPaintBufferPool::Impl::End+0x22
0224f4d4 007dfd5b 000054d6 00000001 00000000 UxTheme!EndBufferedPaint+0x36
0224f55c 007dfcc2 00000000 0000000f 00179a38
Explorer!CShowDesktopButton::_HandlePaint+0x97
0224f578 007b2029 00020092 0000000f 00000000
Explorer!CShowDesktopButton::v_WndProc+0x40e
0224f59c 755f86ef 00020092 0000000f 00000000
Explorer!CImpWndProc::s_WndProc+0x68
0224f5c8 755f79cc 007b1fe7 00020092 0000000f USER32!InternalCallWinProc+0x23
0224f640 755f70f4 00000000 007b1fe7 00020092
USER32!UserCallWinProcCheckWow+0xe0
0224f69c 755f738f 00a38df0 0000000f 00000000
USER32!DispatchClientMessage+0xda
0224f6c4 7713642e 0224f6dc 00000018 0224f868 USER32!__fnDWORD+0x24
0224f6f0 755f4341 755f2bfe 0003006c 00000060
ntdll!KiUserCallbackDispatcher+0x2e
0224f6f4 755f2bfe 0003006c 00000060 0224f7b0 USER32!NtUserCallHwndLock+0xc
0224f704 007dfcb5 0003006c 00000085 00860180 USER32!UpdateWindow+0x32
0224f7b0 007b2029 0003006c 00000085 00000001 Explorer!CTray::v_WndProc+0x783
0224f7d4 755f86ef 0003006c 00000085 00000001
Explorer!CImpWndProc::s_WndProc+0x68
0224f800 755f79cc 007b1fe7 0003006c 00000085 USER32!InternalCallWinProc+0x23
0224f878 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0xe0
0224f8d4 755f738f 00a38030 00000085 00000001
USER32!DispatchClientMessage+0xda
0224f8fc 7713642e 0224f914 00000018 0224fa04 USER32!__fnDWORD+0x24
0224f928 755f732e 755f7361 0003006c 00000088
ntdll!KiUserCallbackDispatcher+0x2e
0224f92c 755f7361 0003006c 00000088 00000020 USER32!NtUserMessageCall+0xc
0224f9b0 755f7308 0003006c 00000088 00000020
USER32!RealDefWindowProcWorker+0x72
0224f9cc 755f729f 0003006c 00000088 00000020 USER32!RealDefWindowProcW+0x47
0224fa14 007b2203 0003006c 00000088 00000020 USER32!DefWindowProcW+0x6f
0224facc 007b2029 0003006c 00000088 00000020
Explorer!CTray::v_WndProc+0x1440
0224faf0 755f86ef 0003006c 00000088 00000020
Explorer!CImpWndProc::s_WndProc+0x68
0224fb1c 755f8876 007b1fe7 0003006c 00000088 USER32!InternalCallWinProc+0x23
0224fb94 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0x14b
0224fbf0 755f738f 00a38030 00000088 00000020
USER32!DispatchClientMessage+0xda
0224fc18 7713642e 0224fc30 00000018 0224fd04 USER32!__fnDWORD+0x24
0224fc44 755f93df 73d41430 0224fccc 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fc48 73d41430 0224fccc 00000000 00000000
USER32!NtUserRealInternalGetMessage+0xc
0224fc84 73d414e9 0224fccc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xfb
0224fcac 755f9429 0224fccc 00000000 00000000 DUser!MphProcessMessage+0x5e
0224fcf4 7713642e 0224fd0c 00000014 0224fe98
USER32!__ClientGetMessageMPH+0x30
0224fd1c 755f914b 755f9180 0224fd9c 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fd20 755f9180 0224fd9c 00000000 00000000 USER32!NtUserPeekMessage+0xc
0224fd48 755f92a9 0224fd9c 00000000 00000000 USER32!_PeekMessage+0x73
0224fd74 007b1dd4 0224fd9c 00000000 00000000 USER32!PeekMessageW+0xfb
0224fdc4 007d5816 00000000 772d18f2 0224fe5c
Explorer!CTray::_MessageLoop+0x2b
0224fdd4 772d46bc 00860180 00000000 00000000
Explorer!CTray::MainThreadProc+0x8a
0224fe5c 75d71174 0015f910 0224fea8 7714b3f5 SHLWAPI!WrapperThreadProc+0x1b5
0224fe68 7714b3f5 0015f910 753822cd 00000000
kernel32!BaseThreadInitThunk+0xe
0224fea8 7714b3c8 772d45e9 0015f910 00000000 ntdll!__RtlUserThreadStart+0x70
0224fec0 00000000 772d45e9 0015f910 00000000 ntdll!_RtlUserThreadStart+0x1b
*analyze -v spew:*
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad or
it
is pointing at freed memory.
Arguments:
Arg1: fd98e288, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 8219f8aa, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
WRITE_ADDRESS: fd98e288 Paged session pool
FAULTING_IP:
win32k!vSrcCopyS16D32+b3
8219f8aa 8917 mov dword ptr [edi],edx
MM_INTERNAL_CODE: 0
DEBUG_FLR_IMAGE_TIMESTAMP: 4cbd870f
FAULTING_MODULE: 820a0000 win32k
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 2
TRAP_FRAME: a72e02e4 – (.trap 0xffffffffa72e02e4)
ErrCode = 00000002
eax=00000200 ebx=00000103 ecx=000004c2 edx=005a6573 esi=fe05df6d
edi=fd98e288
eip=8219f8aa esp=a72e0358 ebp=a72e0374 iopl=0 nv up ei ng nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
win32k!vSrcCopyS16D32+0xb3:
8219f8aa 8917 mov dword ptr [edi],edx
ds:0023:fd98e288=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 82913e71 to 828a2394
STACK_TEXT:
a72dfe2c 82913e71 00000003 2510f246 00000065
nt!RtlpBreakWithStatusInstruction
a72dfe7c 8291496d 00000003 85f73578 00000000 nt!KiBugCheckDebugBreak+0x1c
a72e0240 828bc8e3 00000050 fd98e288 00000001 nt!KeBugCheck2+0x68b
a72e02cc 8287d5f8 00000001 fd98e288 00000000 nt!MmAccessFault+0x106
a72e02cc 8219f8aa 00000001 fd98e288 00000000 nt!KiTrap0E+0xdc
a72e0374 82147096 0000000f 250462a2 ffb86900 win32k!vSrcCopyS16D32+0xb3
a72e05b4 8214f8b7 ffb86910 fe052010 a72e08a4 win32k!EngCopyBits+0x604
a72e062c 82371c5a ffb86910 fe052010 00000000 win32k!EngBitBlt+0x4ec
WARNING: Stack unwind information not available. Following frames may be
wrong.
a72e0678 82371cff ffb86910 fe052010 00000000 MyMirrorDriver_82370000+0x1c5a
a72e06ac 820aa3ae ffb86910 fe052010 a72e08a4 MyMirrorDriver_82370000+0x1cff
a72e06f8 82178e27 fe0f8c90 fe052010 a72e08a4 win32k!WatchdogDrvCopyBits+0x53
a72e0740 8215eac4 820aa35b a72e09d0 ffb86910 win32k!OffCopyBits+0x7d
a72e09e4 8217c401 ffb86910 fe052010 00000000 win32k!SpBitBlt+0x252
a72e0a18 82178e27 ffb86910 fe052010 fe6e1248 win32k!SpCopyBits+0x27
a72e0a60 8225e8e0 8217c3da fe765d70 ffb86910 win32k!OffCopyBits+0x7d
a72e0ba0 8225ea49 ffb9a7f0 fe052010 00000000 win32k!MulBitBlt+0x372
a72e0be4 8217cc53 ffb9a7f0 fe052010 00000000 win32k!MulCopyBits+0xcc
a72e0ccc 82164e36 ffbacea8 ffa2c120 fe4dc388
win32k!NtGdiBitBltInternal+0x6ab
a72e0d00 8287a42a 02010867 00000000 00000000 win32k!NtGdiBitBlt+0x2f
a72e0d00 771364f4 02010867 00000000 00000000 nt!KiFastCallEntry+0x12a
0224f3d0 75a67209 75a671f1 02010867 00000000 ntdll!KiFastSystemCallRet
0224f3d4 75a671f1 02010867 00000000 00000000 GDI32!NtGdiBitBlt+0xc
0224f418 73f05bb7 02010867 00000000 00000000 GDI32!BitBlt+0x1fa
0224f454 73f05b46 00651278 e60107e8 80004005
UxTheme!CPaintBuffer::_PaintTargetRect+0x52
0224f484 73f040a8 e60107e8 02010867 00646a70
UxTheme!CPaintBuffer::_PaintImmediate+0x3a
0224f49c 73f04020 00000001 000054d6 80004005
UxTheme!CPaintBuffer::EndPaint+0x9e
0224f4b4 73f03fd4 000054d6 00000001 00179a38
UxTheme!CPaintBufferPool::Impl::End+0x22
0224f4d4 007dfd5b 000054d6 00000001 00000000 UxTheme!EndBufferedPaint+0x36
0224f55c 007dfcc2 00000000 0000000f 00179a38
Explorer!CShowDesktopButton::_HandlePaint+0x97
0224f578 007b2029 00020092 0000000f 00000000
Explorer!CShowDesktopButton::v_WndProc+0x40e
0224f59c 755f86ef 00020092 0000000f 00000000
Explorer!CImpWndProc::s_WndProc+0x68
0224f5c8 755f79cc 007b1fe7 00020092 0000000f USER32!InternalCallWinProc+0x23
0224f640 755f70f4 00000000 007b1fe7 00020092
USER32!UserCallWinProcCheckWow+0xe0
0224f69c 755f738f 00a38df0 0000000f 00000000
USER32!DispatchClientMessage+0xda
0224f6c4 7713642e 0224f6dc 00000018 0224f868 USER32!__fnDWORD+0x24
0224f6f0 755f4341 755f2bfe 0003006c 00000060
ntdll!KiUserCallbackDispatcher+0x2e
0224f6f4 755f2bfe 0003006c 00000060 0224f7b0 USER32!NtUserCallHwndLock+0xc
0224f704 007dfcb5 0003006c 00000085 00860180 USER32!UpdateWindow+0x32
0224f7b0 007b2029 0003006c 00000085 00000001 Explorer!CTray::v_WndProc+0x783
0224f7d4 755f86ef 0003006c 00000085 00000001
Explorer!CImpWndProc::s_WndProc+0x68
0224f800 755f79cc 007b1fe7 0003006c 00000085 USER32!InternalCallWinProc+0x23
0224f878 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0xe0
0224f8d4 755f738f 00a38030 00000085 00000001
USER32!DispatchClientMessage+0xda
0224f8fc 7713642e 0224f914 00000018 0224fa04 USER32!__fnDWORD+0x24
0224f928 755f732e 755f7361 0003006c 00000088
ntdll!KiUserCallbackDispatcher+0x2e
0224f92c 755f7361 0003006c 00000088 00000020 USER32!NtUserMessageCall+0xc
0224f9b0 755f7308 0003006c 00000088 00000020
USER32!RealDefWindowProcWorker+0x72
0224f9cc 755f729f 0003006c 00000088 00000020 USER32!RealDefWindowProcW+0x47
0224fa14 007b2203 0003006c 00000088 00000020 USER32!DefWindowProcW+0x6f
0224facc 007b2029 0003006c 00000088 00000020
Explorer!CTray::v_WndProc+0x1440
0224faf0 755f86ef 0003006c 00000088 00000020
Explorer!CImpWndProc::s_WndProc+0x68
0224fb1c 755f8876 007b1fe7 0003006c 00000088 USER32!InternalCallWinProc+0x23
0224fb94 755f70f4 00000000 007b1fe7 0003006c
USER32!UserCallWinProcCheckWow+0x14b
0224fbf0 755f738f 00a38030 00000088 00000020
USER32!DispatchClientMessage+0xda
0224fc18 7713642e 0224fc30 00000018 0224fd04 USER32!__fnDWORD+0x24
0224fc44 755f93df 73d41430 0224fccc 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fc48 73d41430 0224fccc 00000000 00000000
USER32!NtUserRealInternalGetMessage+0xc
0224fc84 73d414e9 0224fccc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xfb
0224fcac 755f9429 0224fccc 00000000 00000000 DUser!MphProcessMessage+0x5e
0224fcf4 7713642e 0224fd0c 00000014 0224fe98
USER32!__ClientGetMessageMPH+0x30
0224fd1c 755f914b 755f9180 0224fd9c 00000000
ntdll!KiUserCallbackDispatcher+0x2e
0224fd20 755f9180 0224fd9c 00000000 00000000 USER32!NtUserPeekMessage+0xc
0224fd48 755f92a9 0224fd9c 00000000 00000000 USER32!_PeekMessage+0x73
0224fd74 007b1dd4 0224fd9c 00000000 00000000 USER32!PeekMessageW+0xfb
0224fdc4 007d5816 00000000 772d18f2 0224fe5c
Explorer!CTray::_MessageLoop+0x2b
0224fdd4 772d46bc 00860180 00000000 00000000
Explorer!CTray::MainThreadProc+0x8a
0224fe5c 75d71174 0015f910 0224fea8 7714b3f5 SHLWAPI!WrapperThreadProc+0x1b5
0224fe68 7714b3f5 0015f910 753822cd 00000000
kernel32!BaseThreadInitThunk+0xe
0224fea8 7714b3c8 772d45e9 0015f910 00000000 ntdll!__RtlUserThreadStart+0x70
0224fec0 00000000 772d45e9 0015f910 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: kb
FOLLOWUP_IP:
MyMirrorDriver_82370000+1c5a
82371c5a 8945e8 mov dword ptr [ebp-18h],eax
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: MyMirrorDriver_82370000+1c5a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MyMirrorDriver_82370000
IMAGE_NAME: MyMirrorDriver.dll
FAILURE_BUCKET_ID: 0x50_ MyMirrorDriver_82370000+1c5a
BUCKET_ID: 0x50_ MyMirrorDriver_82370000+1c5a
Followup: MachineOwner
/sarbojit