Hi all,
I have this little problem: I trap IRP_MJ_CREATE , and if the file was successfully created , I reference the FILE_OBJECT, post a work item into delayed work queue, and complete the IRP. In the work queue, I need to make a copy of the file , if it matches a specific pattern. After that, I do ObDereferenceObject() and free the work item.
But , this approach causes random bugchecks, one which I seen more often is (see below): If I do not reference the file
object in IRP_MJ_CREATE and dereference in the work routine, all works OK. (I mention that in this case I commented the file copy routine, and I tried ObReference in create / ObDereference whithout any other processing in the work routine, with the same disastrous results.) Anyone can cast a bit of light on this problem?
Thank you , and a merry Xmass to everybody.
******************************************************************************************
PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc) , with this stack dump:
STACK_TEXT:
f8233b20 8059e1fd e1cb5000 f8233d23 00000000 nt!HvpFillFileName+0x3d
f8233b3c 8059dbb9 e1cb3101 00000005 00000000 nt!HvInitializeHive+0x212
f8233ba8 8059ea14 f8233be4 00000005 00000000 nt!CmpInitializeHive+0x26b
f8233c00 8059f9e1 f8233d23 00000000 f8233ca4 nt!CmpInitHiveFromFile+0xa1
f8233c28 8059f940 f8233cd8 f8233c54 f8233c9c nt!CmpCmdHiveOpen+0x1f
f8233cac 8059f877 f8233d00 f8233cd8 00000000 nt!CmLoadKey+0x80
f8233d44 8059f710 0006e058 0006e040 00000000 nt!NtLoadKey2+0x227
f8233d54 804d4e91 0006e058 0006e040 00000000 nt!NtLoadKey+0xf
f8233d54 7ffe0304 0006e058 0006e040 00000000 nt!_KiSystemService+0xc4
0006e084 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x
FOLLOWUP_IP:
nt!HvpFillFileName+3d
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com