question on interpretation of 0xC1 bugcheck

OSR_Community_User · March 17, 2004, 5:08pm

Hello. I have two questions on the 0xC1 bugcheck, mixed with “verify start”
using gflags.

First question: If I set “Verify Start” using gflags, and turn on special
pool in driver verifier (Win2k SP4) does this mean that a bugcheck 0xC1 with
param4=24 means that an underrun has been found because the page marked
invalid *before* the allocation has been stomped on? Concerning param4=24,
the documentation states “A driver freed an address when bytes after end of
allocation have been overwritten”. There seems to be no separate code for
underrun vs overrun. My interpretation would be that an underrun occurred
as detected by someone stomping on the invalid page before the allocation.

Second question (very closely related): in the case of Verify Start being
set, special pool active in driver verifier, and bugcheck 0xC1 param4=23,
does this mean that the byte pattern after the allocation has been
disturbed?

Are both these interpretations correct?

thanks,

Philip Lukidis

OSR_Community_User · March 17, 2004, 6:09pm

My mistake, bugcheck 0xD6 indicates overrun due to an invalid page being
stomped on; bugcheck 0xC1 param23/24 refers to the guard bits only.

thanks,

Philip Lukidis

PS: My problem in fact was overrun and is now fixed. I assume that if
verify start is selected, this means that 0xD6 refers to detected underrun
(via invalid page). Is this correct? (unless I am missing yet another
bugcheck)

----- Original Message -----
From: “Philip Lukidis”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, March 17, 2004 5:07 PM
Subject: [ntdev] question on interpretation of 0xC1 bugcheck

> Hello. I have two questions on the 0xC1 bugcheck, mixed with “verify
start”
> using gflags.
>
> First question: If I set “Verify Start” using gflags, and turn on special
> pool in driver verifier (Win2k SP4) does this mean that a bugcheck 0xC1
with
> param4=24 means that an underrun has been found because the page marked
> invalid before the allocation has been stomped on? Concerning
param4=24,
> the documentation states “A driver freed an address when bytes after end
of
> allocation have been overwritten”. There seems to be no separate code for
> underrun vs overrun. My interpretation would be that an underrun occurred
> as detected by someone stomping on the invalid page before the allocation.
>
> Second question (very closely related): in the case of Verify Start being
> set, special pool active in driver verifier, and bugcheck 0xC1 param4=23,
> does this mean that the byte pattern after the allocation has been
> disturbed?
>
> Are both these interpretations correct?
>
> thanks,
>
> Philip Lukidis
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@hotmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>