Hi,
I found the problem: I didn’t supply a FAST_MUTEX to
FsRtlSetupAdvancedHeader. I got confused by the documentation and I
though it was OK to leave it to NULL.
On 31/01/2011 13:57, Thanos Makatos wrote:
Hello,
I am trying to implement a virtual file object. Specifically, I detect
in pre-create that a certain (non-existent) file path is of my interest,
initialize the file object and its FCB, and finally complete the
pre-create without allowing it to reach the file system.I am facing problems doing paging I/O on this virtual file object. In
order to “force” notepad to try to read the file, I noticed that I have
to set EndOfFile.QuadPart (FILE_STANDARD_INFORMATION) to something
positive, getting the bug-check below. If I set EndOfFile.QuadPart to
zero, I don’t get this bug-check, but notepad doesn’t even try to read
the file.I suspect something is wrong in the FO/FCB initialization but I can’t
suspect what. I’ve schemed through FastFat source code but I didn’t find
anything helpful.Thank you
Access violation - code c0000005 (!!! second chance !!!)
nt!CcZeroEndOfLastPage+0x50:
828f7459 f00fba3000 lock btr dword ptr [eax],0
kd> !analyze -v
Connected to Windows 7 7600 x86 compatible target at (Mon Jan 31
10:28:10.517 2011 (UTC + 1:00)), ptr64 FALSE
Loading Kernel Symbols
…
…
…
Loading User Symbols
…
Loading unloaded module list
…
******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000Debugging Details:
PROCESS_NAME: notepad.exe
FAULTING_IP:
nt!CcZeroEndOfLastPage+50
828f7459 f00fba3000 lock btr dword ptr [eax],0EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 828f7459 (nt!CcZeroEndOfLastPage+0x00000050)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000000
Attempt to write to address 00000000ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00000000
WRITE_ADDRESS: 00000000
FOLLOWUP_IP:
nt!CcZeroEndOfLastPage+50
828f7459 f00fba3000 lock btr dword ptr [eax],0BUGCHECK_STR: ACCESS_VIOLATION
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
CURRENT_IRQL: 1
LAST_CONTROL_TRANSFER: from 82a67e7f to 828f7459
STACK_TEXT:
9a483cbc 82a67e7f 192be8f1 001ff9bc 001ff968 nt!CcZeroEndOfLastPage+0x50
9a483d10 8287a42a 001ff9bc 000f0005 00000000 nt!NtCreateSection+0x19c
9a483d10 772b64f4 001ff9bc 000f0005 00000000 nt!KiFastCallEntry+0x12a
001ff940 772b4b3c 7559a276 001ff9bc 000f0005 ntdll!KiFastSystemCallRet
001ff944 7559a276 001ff9bc 000f0005 00000000 ntdll!NtCreateSection+0xc
001ff9a0 007128ce 000000d0 00000000 00000000
KERNELBASE!CreateFileMappingW+0xe5
001ffc5c 00712bee 0071cae0 ffffffff 00381660 notepad!LoadFile+0xb8
001ffd20 00711455 00710000 00381672 0000000a notepad!NPInit+0x56b
001ffd5c 007116ec 00710000 00000000 00381cf9 notepad!WinMain+0x50
001ffdec 76dd1174 7ffd8000 001ffe38 772cb3f5 notepad!_initterm_e+0x1a1
001ffdf8 772cb3f5 7ffd8000 77298b9b 00000000
kernel32!BaseThreadInitThunk+0xe
001ffe38 772cb3c8 00713689 7ffd8000 00000000
ntdll!__RtlUserThreadStart+0x70
001ffe50 00000000 00713689 7ffd8000 00000000 ntdll!_RtlUserThreadStart+0x1bSTACK_COMMAND: kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CcZeroEndOfLastPage+50
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc007
FAILURE_BUCKET_ID: ACCESS_VIOLATION_VRF_nt!CcZeroEndOfLastPage+50
BUCKET_ID: ACCESS_VIOLATION_VRF_nt!CcZeroEndOfLastPage+50
Followup: MachineOwner
–
Thanos Makatos
Software engineer
Barcelona Supercomputing Center
WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.