PFN Crash

MDL mismanagement usually. For instance, if you have created a partial MDL, you must destroy it by IoFreeMdl or MmPrepareMdlForReuse before taking your hands off the master MDL (i.e. before completing the IRP or before destroying the master MDL if it was created by your own).

Maxim Shatskih, Windows DDK MVP
Hi all,

I am writing a sector lever disk encryptor, that has the capability of encrypting a single partition of the disk.

The driver, encrypts all sectors starting from the first to the last for that partition.

My problem is, when I try to create the new partition, and format it I get the PFN crash. WinDbg shows…

*** Fatal System Error: 0x0000004e

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

eax=00000003 ebx=0000004e ecx=ffffffff edx=00000000 esi=00000007 edi=f241fb74
eip=80530e70 esp=f241fb30 ebp=f241fb5c iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
80530e70 cc int 3
ChildEBP RetAddr Args to Child
f241fb5c 8050a068 00000003 00001d5b 820ab088 ntoskrnl!DbgBreakPointWithStatus+0x4
f241fee4 80527cbb 00000000 00000007 00001d5b ntoskrnl!KeBugCheckEx+0x154
81de4d84 00001d5a 0000200b 0000200c 0000200d ntoskrnl!MmTrimAllSystemPagableMemory+0x6c8a
8055c6c0 0000004e 00000007 00001d5b 00000001
8055c6d0 00000000
80530e70 cc int 3

I cannot understand what PFN has to do with this, is it because of a stray pointer or a mis managed MDL?

I read the article in osr (

As of now I am only tapping IRP_MJ_READ and IRP_MJ_WRITE to encrypt and decrypt, can that be a problem.

Does format bypass the driver stack, or Issue some other IRP to write system information (like MFT) in th disk?

thanks in advance,



