i am sorry to dredge back this long forgotten old thread
but google only shows two posts for my search query and both points to osronline
i dont know if any of you would be able to see this whole thread again without visiting the forum
and not from email
anyway the problem is i find a crash happening in MMGetSystemRoutineAddress
and i was searching if this a known problem and only this and another unreplied in ntdev exist
and both the threads seems to be yet unresolved
i see the routine crashes in
nt!MiFindExportedRoutineByName+0x54:
804ef7c7 8b348a mov esi,dword ptr [edx+ecx*4] ds:0023:0006e340=???
and like ladislav states in previous posts
it happens when it is checking for exported name in hal
ntMiFindExportedRoutineByName is called twice once for kernel and second time for hal it seems
and the crash always happen in hal
Breakpoint 0 hit
nt!MiFindExportedRoutineByName:
804ef778 55 push ebp
kd> wt
Tracing nt!MiFindExportedRoutineByName to return address 804ef721
14 0 [0] nt!MiFindExportedRoutineByName
8 0 [1] nt!RtlImageDirectoryEntryToData
16 0 [2] nt!RtlImageNtHeader
19 16 [1] nt!RtlImageDirectoryEntryToData
28 0 [2] nt!RtlpImageDirectoryEntryToData32
22 44 [1] nt!RtlImageDirectoryEntryToData
275 66 [0] nt!MiFindExportedRoutineByName
341 instructions were executed in 5 events (0 from other threads)
Function Name Invocations MinInst MaxInst AvgInst
nt!MiFindExportedRoutineByName 1 275 275 275
nt!RtlImageDirectoryEntryToData 1 22 22 22
nt!RtlImageNtHeader 1 16 16 16
nt!RtlpImageDirectoryEntryToData32 1 28 28 28
nt!MmGetSystemRoutineAddress+0xb5:
804ef721 85c0 test eax,eax
kd> g
Breakpoint 0 hit
nt!MiFindExportedRoutineByName:
804ef778 55 push ebp
kd> wt
Tracing nt!MiFindExportedRoutineByName to return address 804ef721
14 0 [0] nt!MiFindExportedRoutineByName
8 0 [1] nt!RtlImageDirectoryEntryToData
16 0 [2] nt!RtlImageNtHeader
19 16 [1] nt!RtlImageDirectoryEntryToData
Access violation - code c0000005 (!!! second chance !!!)
nt!MiFindExportedRoutineByName+0x54:
804ef7c7 8b348a mov esi,dword ptr [edx+ecx*4]
the crash happens in w2k sp4 running in vpc
and also in winxp-sp2 in physical machine
any one if interested for further details i will be happy to provide
are there any workaround existing