SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

From a Work Item Routine in the driver I am sending an IRP created using IoBuildDeviceIoControlRequest to the lower driver.
I have even set an IoCompletion Routine.

But when the call to the IoCallDriver returns the system bugchecks with
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION.
Param 1: (Address that the driver tried to free Address) points to the IRP which was sent down.
Param 4: 0x24 (A driver freed an address when bytes after end of allocation have been overwritten.)

But if I don’t set the Completion Routine, then the bug check doesn’t occurs.

Driver Verifier - I/O verification is set to level 2.

Where am I going wrong ?

Abhijit.

Are you calling IoMarkIrpPending in the completion routine? For irps you allocated yourself, you cannot do this b/c when the irp completes there is no current irp stack location and IoMarkIrpPending manipulates the current stack location.

d

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Abhijit
Sent: Thursday, October 07, 2004 1:28 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

From a Work Item Routine in the driver I am sending an IRP created using IoBuildDeviceIoControlRequest to the lower driver.
I have even set an IoCompletion Routine.
?
But when the call to the IoCallDriver returns the system bugchecks with
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION.
Param 1: (Address that the driver tried to free Address)? points to the IRP which was sent down.
Param 4: 0x24 (A driver freed an address when bytes after end of allocation have been overwritten.)
?
But if I don't set the Completion Routine, then the bug check doesn't occurs.
?
Driver Verifier - I/O verification is set to level 2.
?
Where am I going wrong ?
?
Abhijit.

?

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ''
To unsubscribe send a blank email to xxxxx@lists.osr.com

Doron,

You are right :-). I was calling IoMarkIrpPending from the CR.
I have deleted the code and now I am returning
STATUS_MORE_PROCESSING_REQUIRED from CR. The code is working without any
bugcheck.

The new code structure looks like:

WorkItemRoutine()
{
KeInitializeEvent ( &CompletionEvent , SynchronizationEvent , FALSE ) ;
irp = IoBuildDeviceIoControlRequest ( … &CompletionEvent … )
IoSetCompletionRoutine ( irp , IrpCR ) ;
status = IoCallDriver ( … , irp ) ;
if ( status == STATUS_PENDING )
{
KeWaitForSingleObject ( &CompletionEvent ,
Executive , KernelMode ,FALSE , NULL ) ;
}

IoCompleteRequest ( irp , IO_NO_INCREMENT );
}

IrpCR (…,irp,…)
{
status = irp->IoStatus.Status ;

:
// Some processing related to the IRP here
:

return STATUS_MORE_PROCESSING_REQUIRED ;
}

I haven’t encountered any bug till now. But “will this code work always” ?

Abhijit.

“Doron Holan” wrote in message
news:xxxxx@ntdev…
Are you calling IoMarkIrpPending in the completion routine? For irps you
allocated yourself, you cannot do this b/c when the irp completes there is
no current irp stack location and IoMarkIrpPending manipulates the current
stack location.

d

Subject: [ntdev] SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

From a Work Item Routine in the driver I am sending an IRP created using
IoBuildDeviceIoControlRequest to the lower driver.
I have even set an IoCompletion Routine.

But when the call to the IoCallDriver returns the system bugchecks with
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION.
Param 1: (Address that the driver tried to free Address) points to the IRP
which was sent down.
Param 4: 0x24 (A driver freed an address when bytes after end of allocation
have been overwritten.)

But if I don’t set the Completion Routine, then the bug check doesn’t
occurs.

Driver Verifier - I/O verification is set to level 2.

Where am I going wrong ?

Abhijit.

That should work, but I am just seeing a very small context of what you
are doing.

D

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Abhijit
Sent: Friday, October 08, 2004 4:33 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

Doron,

You are right :-). I was calling IoMarkIrpPending from the CR.
I have deleted the code and now I am returning
STATUS_MORE_PROCESSING_REQUIRED from CR. The code is working without any
bugcheck.

The new code structure looks like:

WorkItemRoutine()
{
KeInitializeEvent ( &CompletionEvent , SynchronizationEvent , FALSE ) ;
irp = IoBuildDeviceIoControlRequest ( … &CompletionEvent … )
IoSetCompletionRoutine ( irp , IrpCR ) ;
status = IoCallDriver ( … , irp ) ;
if ( status == STATUS_PENDING )
{
KeWaitForSingleObject ( &CompletionEvent ,
Executive , KernelMode ,FALSE , NULL ) ;
}

IoCompleteRequest ( irp , IO_NO_INCREMENT );
}

IrpCR (…,irp,…)
{
status = irp->IoStatus.Status ;

:
// Some processing related to the IRP here
:

return STATUS_MORE_PROCESSING_REQUIRED ;
}

I haven’t encountered any bug till now. But “will this code work always”
?

Abhijit.

“Doron Holan” wrote in message
news:xxxxx@ntdev…
Are you calling IoMarkIrpPending in the completion routine? For irps
you
allocated yourself, you cannot do this b/c when the irp completes there
is
no current irp stack location and IoMarkIrpPending manipulates the
current
stack location.

d

Subject: [ntdev] SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

From a Work Item Routine in the driver I am sending an IRP created using
IoBuildDeviceIoControlRequest to the lower driver.
I have even set an IoCompletion Routine.

But when the call to the IoCallDriver returns the system bugchecks with
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION.
Param 1: (Address that the driver tried to free Address) points to the
IRP
which was sent down.
Param 4: 0x24 (A driver freed an address when bytes after end of
allocation
have been overwritten.)

But if I don’t set the Completion Routine, then the bug check doesn’t
occurs.

Driver Verifier - I/O verification is set to level 2.

Where am I going wrong ?

Abhijit.

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com