Stack overflow?

I suspect that this is a stack overflow. Can someone
verify that it is and tell me how you determine if it
is or not?

Thank you!

One reason that I believe it is a stack overflow, is
because it happens when I do a ZwCreateFile. I have
not hooked in though, so it is not due to reentry in
my driver.

*** Fatal System Error: 0x0000007f

(0x00000008,0x80042000,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first
chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have
not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target,
ptr64 FALSE
Loading Kernel Symbols

Loading unloaded module list

Loading User Symbols
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80042000, 0, 0}

*** ERROR: Module load completed but symbols could not
be loaded for Cdr4_xp.SYS
*** ERROR: Module load completed but symbols could not
be loaded for Cdralw2k.SYS
*** ERROR: Symbol file could not be found. Defaulted
to export symbols for pwd_2k.SYS -
*** ERROR: Module load completed but symbols could not
be loaded for cdudf_xp.SYS
Probably caused by : atapi.sys (
atapi!IssueSyncAtapiCommand+32 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
804e3b25 cc int 3
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it’s a
trap of a kind
that the kernel isn’t allowed to have/catch (bound
trap) or that
is always instant death (double fault). The first
number in the
bugcheck params is the number of the trap (8 = double
fault, etc)
Consult an Intel x86 family manual to learn more about
what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then
kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where
the trap was taken
(on x86, this will be the ebp that goes with
the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

BUGCHECK_STR: 0x7f_8

TSS: 00000028 – (.tss 28)
eax=00000200 ebx=87384e50 ecx=00000000 edx=87384e50
esi=50656449 edi=8734d0e8
eip=8054b051 esp=f7b0dfd8 ebp=f7b0e020 iopl=0
nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010296
nt!ExAllocatePoolWithTag+0xd:
8054b051 56 push esi
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from f761c954 to 8054b051

STACK_TEXT:
f7b0e020 f761c954 00000004 00000012 50656449
nt!ExAllocatePoolWithTag+0xd
f7b0e0b4 f762405e 8734d0e8 87384e50 f7b0e0e8
atapi!IssueSyncAtapiCommand+0x32
f7b0e0fc f76220c8 8734d0e8 87384e50 f7b0e140
atapi!IssueInquirySafe+0x6a
f7b0e1cc f7616f25 87384e50 871bb7d0 f7b0e1fc
atapi!DeviceBuildStorageDeviceDescriptor+0x148
f7b0e1f4 f761c5ab 00000061 00177008 f7b0e220
atapi!DeviceDeviceIoControl+0x243
f7b0e204 804e3d77 87384d98 87177008 f76b8720
atapi!IdePortDispatchDeviceControl+0x19
f7b0e214 f76a4626 f76b8720 f7b0e230 f76b875d
nt!IopfCallDriver+0x31
f7b0e220 f76b875d 873a78a8 87177008 f7b0e260
ACPI!ACPIDispatchForwardIrp+0x2a
f7b0e230 f76a4e12 873a78a8 87177008 8710b0d8
ACPI!ACPIIrpDispatchDeviceControl+0x3d
f7b0e260 804e3d77 873a78a8 f76b9f8c 87177008
ACPI!ACPIDispatchIrp+0x15a
f7b0e270 f78fe289 00000000 87177008 8710b0d8
nt!IopfCallDriver+0x31
f7b0e284 f78ff9fe 00000000 87177008 87177190
imapi!ImapiDefaultIrpHandler+0x7b
f7b0e2b4 804e3d77 8710b020 87177008 87166708
imapi!ImapiDispatchIoctl+0x6b0
f7b0e2c4 f70b5cee 8710b020 87162b40 f7b0ec50
nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available.
Following frames may be wrong.
f7b0e2d4 f70bb6dd 87162a88 87177008 87166708
Cdr4_xp+0x2cee
f7b0ec50 804e3d77 87162a88 87177008 871771b4
Cdr4_xp+0x86dd
f7b0ec60 f772fc3a 00000000 00000000 87177008
nt!IopfCallDriver+0x31
f7b0ece4 f79116ef 871425e8 87177008 87177008
CLASSPNP!ClassDeviceControl+0x87e
f7b0ed78 f772e47f 871425e8 87177008 8715dd10
cdrom!CdRomDeviceControlDispatch+0x4b7
f7b0ed94 804e3d77 871425e8 87177008 871632c8
CLASSPNP!ClassDeviceControlDispatch+0x48
f7b0eda4 f791da35 f7b0edf0 f791ec28 8710cc60
nt!IopfCallDriver+0x31
f7b0edac f791ec28 8710cc60 87177008 f7733c8b
redbook!RedBookSendToNextDriver+0x35
f7b0edf0 804e3d77 8710cc60 87177008 8715dd10
redbook!RedBookDeviceControl+0x548
f7b0ee00 f7a10ae2 87177008 f7a0e071 8715dc58
nt!IopfCallDriver+0x31
f7b0ee30 804e3d77 8715dc58 87177008 87164420
Cdralw2k+0x3ae2
f7b0ee40 f70735ff 804e8ee4 87164420 00000000
nt!IopfCallDriver+0x31
f7b0eea4 804e3d77 86fed018 87177008 87166708
pwd_2k+0x5ff
f7b0eeb4 f70b3695 00000000 80043f00 00000000
nt!IopfCallDriver+0x31
f7b0ef14 f70b4a4c 86fed018 f7b0ef68 87166708
Cdr4_xp+0x695
f7b0ef7c f70b7abc 86ffe0e0 87162a88 87166708
Cdr4_xp+0x1a4c
f7b0f8f8 804e3d77 86ffe028 8734de58 86d95930
Cdr4_xp+0x4abc
f7b0f908 aacfbb9e 00000001 00000000 f704fa00
nt!IopfCallDriver+0x31
f7b0f930 aacfd2ab 00000044 87267ca8 87267ca8
cdudf_xp+0x3b9e
f7b0fa08 f7b0fad8 8734ba60 00000000 00000000
cdudf_xp+0x52ab
00000000 00000000 00000000 00000000 00000000
0xf7b0fad8

FOLLOWUP_IP:
atapi!IssueSyncAtapiCommand+32
f761c954 85c0 test eax,eax

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: atapi!IssueSyncAtapiCommand+32

MODULE_NAME: atapi

IMAGE_NAME: atapi.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107b4d

STACK_COMMAND: .tss 28 ; kb

BUCKET_ID: 0x7f_8_atapi!IssueSyncAtapiCommand+32

Followup: MachineOwner

Yup, sure looks like a stack overflow. The key hints are:

(1) Bug check 0x7F which is generally a double fault
(2) Parameter # 1 - 8, which indicates a double fault
(3) The “push esi” instruction is a dead giveaway (only reason I know a
register push operation faults is that the stack address is bad)

My guess is that this is the first access to the stack after allocating
local variable storage space (probably setting up for a function call).
Hence the ESP is 8 bytes below the page boundary…

Other ways to confirm: use “!thread” to obtain the stack limits, and
then ensure the stack pointer (ESP) is within those boundaries.

Another thing to note is that the debugger only displays a finite number
of stack frames by default with the kv/kb/kn commands. I generally set
that limit very high (.kframes 0x100) when debugging stack overflows so
I can see all the frames - it is also possible to ask for more frames
within the format of the command (look at the docs) but I never remember
what it is, while I always remember .kframes.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Randy Cook
Sent: Thursday, January 20, 2005 5:43 PM
To: ntfsd redirect
Subject: [ntfsd] Stack overflow?

I suspect that this is a stack overflow. Can someone
verify that it is and tell me how you determine if it
is or not?

Thank you!

One reason that I believe it is a stack overflow, is
because it happens when I do a ZwCreateFile. I have
not hooked in though, so it is not due to reentry in
my driver.

*** Fatal System Error: 0x0000007f

(0x00000008,0x80042000,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first
chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have
not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target,
ptr64 FALSE
Loading Kernel Symbols


Loading unloaded module list

Loading User Symbols
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80042000, 0, 0}

*** ERROR: Module load completed but symbols could not
be loaded for Cdr4_xp.SYS
*** ERROR: Module load completed but symbols could not
be loaded for Cdralw2k.SYS
*** ERROR: Symbol file could not be found. Defaulted
to export symbols for pwd_2k.SYS -
*** ERROR: Module load completed but symbols could not
be loaded for cdudf_xp.SYS
Probably caused by : atapi.sys (
atapi!IssueSyncAtapiCommand+32 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
804e3b25 cc int 3
kd> !analyze -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it’s a
trap of a kind
that the kernel isn’t allowed to have/catch (bound
trap) or that
is always instant death (double fault). The first
number in the
bugcheck params is the number of the trap (8 = double
fault, etc)
Consult an Intel x86 family manual to learn more about
what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then
kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where
the trap was taken
(on x86, this will be the ebp that goes with
the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

BUGCHECK_STR: 0x7f_8

TSS: 00000028 – (.tss 28)
eax=00000200 ebx=87384e50 ecx=00000000 edx=87384e50
esi=50656449 edi=8734d0e8
eip=8054b051 esp=f7b0dfd8 ebp=f7b0e020 iopl=0
nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010296
nt!ExAllocatePoolWithTag+0xd:
8054b051 56 push esi
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from f761c954 to 8054b051

STACK_TEXT:
f7b0e020 f761c954 00000004 00000012 50656449
nt!ExAllocatePoolWithTag+0xd
f7b0e0b4 f762405e 8734d0e8 87384e50 f7b0e0e8
atapi!IssueSyncAtapiCommand+0x32
f7b0e0fc f76220c8 8734d0e8 87384e50 f7b0e140
atapi!IssueInquirySafe+0x6a
f7b0e1cc f7616f25 87384e50 871bb7d0 f7b0e1fc
atapi!DeviceBuildStorageDeviceDescriptor+0x148
f7b0e1f4 f761c5ab 00000061 00177008 f7b0e220
atapi!DeviceDeviceIoControl+0x243
f7b0e204 804e3d77 87384d98 87177008 f76b8720
atapi!IdePortDispatchDeviceControl+0x19
f7b0e214 f76a4626 f76b8720 f7b0e230 f76b875d
nt!IopfCallDriver+0x31
f7b0e220 f76b875d 873a78a8 87177008 f7b0e260
ACPI!ACPIDispatchForwardIrp+0x2a
f7b0e230 f76a4e12 873a78a8 87177008 8710b0d8
ACPI!ACPIIrpDispatchDeviceControl+0x3d
f7b0e260 804e3d77 873a78a8 f76b9f8c 87177008
ACPI!ACPIDispatchIrp+0x15a
f7b0e270 f78fe289 00000000 87177008 8710b0d8
nt!IopfCallDriver+0x31
f7b0e284 f78ff9fe 00000000 87177008 87177190
imapi!ImapiDefaultIrpHandler+0x7b
f7b0e2b4 804e3d77 8710b020 87177008 87166708
imapi!ImapiDispatchIoctl+0x6b0
f7b0e2c4 f70b5cee 8710b020 87162b40 f7b0ec50
nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available.
Following frames may be wrong.
f7b0e2d4 f70bb6dd 87162a88 87177008 87166708
Cdr4_xp+0x2cee
f7b0ec50 804e3d77 87162a88 87177008 871771b4
Cdr4_xp+0x86dd
f7b0ec60 f772fc3a 00000000 00000000 87177008
nt!IopfCallDriver+0x31
f7b0ece4 f79116ef 871425e8 87177008 87177008
CLASSPNP!ClassDeviceControl+0x87e
f7b0ed78 f772e47f 871425e8 87177008 8715dd10
cdrom!CdRomDeviceControlDispatch+0x4b7
f7b0ed94 804e3d77 871425e8 87177008 871632c8
CLASSPNP!ClassDeviceControlDispatch+0x48
f7b0eda4 f791da35 f7b0edf0 f791ec28 8710cc60
nt!IopfCallDriver+0x31
f7b0edac f791ec28 8710cc60 87177008 f7733c8b
redbook!RedBookSendToNextDriver+0x35
f7b0edf0 804e3d77 8710cc60 87177008 8715dd10
redbook!RedBookDeviceControl+0x548
f7b0ee00 f7a10ae2 87177008 f7a0e071 8715dc58
nt!IopfCallDriver+0x31
f7b0ee30 804e3d77 8715dc58 87177008 87164420
Cdralw2k+0x3ae2
f7b0ee40 f70735ff 804e8ee4 87164420 00000000
nt!IopfCallDriver+0x31
f7b0eea4 804e3d77 86fed018 87177008 87166708
pwd_2k+0x5ff
f7b0eeb4 f70b3695 00000000 80043f00 00000000
nt!IopfCallDriver+0x31
f7b0ef14 f70b4a4c 86fed018 f7b0ef68 87166708
Cdr4_xp+0x695
f7b0ef7c f70b7abc 86ffe0e0 87162a88 87166708
Cdr4_xp+0x1a4c
f7b0f8f8 804e3d77 86ffe028 8734de58 86d95930
Cdr4_xp+0x4abc
f7b0f908 aacfbb9e 00000001 00000000 f704fa00
nt!IopfCallDriver+0x31
f7b0f930 aacfd2ab 00000044 87267ca8 87267ca8
cdudf_xp+0x3b9e
f7b0fa08 f7b0fad8 8734ba60 00000000 00000000
cdudf_xp+0x52ab
00000000 00000000 00000000 00000000 00000000
0xf7b0fad8

FOLLOWUP_IP:
atapi!IssueSyncAtapiCommand+32
f761c954 85c0 test eax,eax

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: atapi!IssueSyncAtapiCommand+32

MODULE_NAME: atapi

IMAGE_NAME: atapi.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107b4d

STACK_COMMAND: .tss 28 ; kb

BUCKET_ID: 0x7f_8_atapi!IssueSyncAtapiCommand+32

Followup: MachineOwner


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Stack overflow nearly for sure. This is a CPU double fault, a way Windows
handles kernel stack overflow.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Randy Cook”
To: “Windows File Systems Devs Interest List”
Sent: Friday, January 21, 2005 1:42 AM
Subject: [ntfsd] Stack overflow?

> I suspect that this is a stack overflow. Can someone
> verify that it is and tell me how you determine if it
> is or not?
>
> Thank you!
>
> One reason that I believe it is a stack overflow, is
> because it happens when I do a ZwCreateFile. I have
> not hooked in though, so it is not due to reentry in
> my driver.
>
> Fatal System Error: 0x0000007f
>
> (0x00000008,0x80042000,0x00000000,0x00000000)
>
> Break instruction exception - code 80000003 (first
> chance)
>
> A fatal system error has occurred.
> Debugger entered on first try; Bugcheck callbacks have
> not been invoked.
>
> A fatal system error has occurred.
>
> Connected to Windows XP 2600 x86 compatible target,
> ptr64 FALSE
> Loading Kernel Symbols
>


> Loading unloaded module list
> …
> Loading User Symbols
>
****************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
>

>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck 7F, {8, 80042000, 0, 0}
>
>
ERROR: Module load completed but symbols could not
> be loaded for Cdr4_xp.SYS
> ERROR: Module load completed but symbols could not
> be loaded for Cdralw2k.SYS
>
ERROR: Symbol file could not be found. Defaulted
> to export symbols for pwd_2k.SYS -
> ERROR: Module load completed but symbols could not
> be loaded for cdudf_xp.SYS
> Probably caused by : atapi.sys (
> atapi!IssueSyncAtapiCommand+32 )
>
> Followup: MachineOwner
> ---------
>
> nt!RtlpBreakWithStatusInstruction:
> 804e3b25 cc int 3
> kd> !analyze -v
>

> *
> *
> * Bugcheck Analysis
> *
> *
> *
>
*******************************************************************************
>
> UNEXPECTED_KERNEL_MODE_TRAP (7f)
> This means a trap occurred in kernel mode, and it’s a
> trap of a kind
> that the kernel isn’t allowed to have/catch (bound
> trap) or that
> is always instant death (double fault). The first
> number in the
> bugcheck params is the number of the trap (8 = double
> fault, etc)
> Consult an Intel x86 family manual to learn more about
> what these
> traps are. Here is a portion of those codes:
> If kv shows a taskGate
> use .tss on the part before the colon, then
> kv.
> Else if kv shows a trapframe
> use .trap on that value
> Else
> .trap on the appropriate frame will show where
> the trap was taken
> (on x86, this will be the ebp that goes with
> the procedure KiTrap)
> Endif
> kb will then show the corrected stack.
> Arguments:
> Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
> Arg2: 80042000
> Arg3: 00000000
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
>
> BUGCHECK_STR: 0x7f_8
>
> TSS: 00000028 – (.tss 28)
> eax=00000200 ebx=87384e50 ecx=00000000 edx=87384e50
> esi=50656449 edi=8734d0e8
> eip=8054b051 esp=f7b0dfd8 ebp=f7b0e020 iopl=0
> nv up ei ng nz ac po nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010296
> nt!ExAllocatePoolWithTag+0xd:
> 8054b051 56 push esi
> Resetting default scope
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> LAST_CONTROL_TRANSFER: from f761c954 to 8054b051
>
> STACK_TEXT:
> f7b0e020 f761c954 00000004 00000012 50656449
> nt!ExAllocatePoolWithTag+0xd
> f7b0e0b4 f762405e 8734d0e8 87384e50 f7b0e0e8
> atapi!IssueSyncAtapiCommand+0x32
> f7b0e0fc f76220c8 8734d0e8 87384e50 f7b0e140
> atapi!IssueInquirySafe+0x6a
> f7b0e1cc f7616f25 87384e50 871bb7d0 f7b0e1fc
> atapi!DeviceBuildStorageDeviceDescriptor+0x148
> f7b0e1f4 f761c5ab 00000061 00177008 f7b0e220
> atapi!DeviceDeviceIoControl+0x243
> f7b0e204 804e3d77 87384d98 87177008 f76b8720
> atapi!IdePortDispatchDeviceControl+0x19
> f7b0e214 f76a4626 f76b8720 f7b0e230 f76b875d
> nt!IopfCallDriver+0x31
> f7b0e220 f76b875d 873a78a8 87177008 f7b0e260
> ACPI!ACPIDispatchForwardIrp+0x2a
> f7b0e230 f76a4e12 873a78a8 87177008 8710b0d8
> ACPI!ACPIIrpDispatchDeviceControl+0x3d
> f7b0e260 804e3d77 873a78a8 f76b9f8c 87177008
> ACPI!ACPIDispatchIrp+0x15a
> f7b0e270 f78fe289 00000000 87177008 8710b0d8
> nt!IopfCallDriver+0x31
> f7b0e284 f78ff9fe 00000000 87177008 87177190
> imapi!ImapiDefaultIrpHandler+0x7b
> f7b0e2b4 804e3d77 8710b020 87177008 87166708
> imapi!ImapiDispatchIoctl+0x6b0
> f7b0e2c4 f70b5cee 8710b020 87162b40 f7b0ec50
> nt!IopfCallDriver+0x31
> WARNING: Stack unwind information not available.
> Following frames may be wrong.
> f7b0e2d4 f70bb6dd 87162a88 87177008 87166708
> Cdr4_xp+0x2cee
> f7b0ec50 804e3d77 87162a88 87177008 871771b4
> Cdr4_xp+0x86dd
> f7b0ec60 f772fc3a 00000000 00000000 87177008
> nt!IopfCallDriver+0x31
> f7b0ece4 f79116ef 871425e8 87177008 87177008
> CLASSPNP!ClassDeviceControl+0x87e
> f7b0ed78 f772e47f 871425e8 87177008 8715dd10
> cdrom!CdRomDeviceControlDispatch+0x4b7
> f7b0ed94 804e3d77 871425e8 87177008 871632c8
> CLASSPNP!ClassDeviceControlDispatch+0x48
> f7b0eda4 f791da35 f7b0edf0 f791ec28 8710cc60
> nt!IopfCallDriver+0x31
> f7b0edac f791ec28 8710cc60 87177008 f7733c8b
> redbook!RedBookSendToNextDriver+0x35
> f7b0edf0 804e3d77 8710cc60 87177008 8715dd10
> redbook!RedBookDeviceControl+0x548
> f7b0ee00 f7a10ae2 87177008 f7a0e071 8715dc58
> nt!IopfCallDriver+0x31
> f7b0ee30 804e3d77 8715dc58 87177008 87164420
> Cdralw2k+0x3ae2
> f7b0ee40 f70735ff 804e8ee4 87164420 00000000
> nt!IopfCallDriver+0x31
> f7b0eea4 804e3d77 86fed018 87177008 87166708
> pwd_2k+0x5ff
> f7b0eeb4 f70b3695 00000000 80043f00 00000000
> nt!IopfCallDriver+0x31
> f7b0ef14 f70b4a4c 86fed018 f7b0ef68 87166708
> Cdr4_xp+0x695
> f7b0ef7c f70b7abc 86ffe0e0 87162a88 87166708
> Cdr4_xp+0x1a4c
> f7b0f8f8 804e3d77 86ffe028 8734de58 86d95930
> Cdr4_xp+0x4abc
> f7b0f908 aacfbb9e 00000001 00000000 f704fa00
> nt!IopfCallDriver+0x31
> f7b0f930 aacfd2ab 00000044 87267ca8 87267ca8
> cdudf_xp+0x3b9e
> f7b0fa08 f7b0fad8 8734ba60 00000000 00000000
> cdudf_xp+0x52ab
> 00000000 00000000 00000000 00000000 00000000
> 0xf7b0fad8
>
>
> FOLLOWUP_IP:
> atapi!IssueSyncAtapiCommand+32
> f761c954 85c0 test eax,eax
>
> SYMBOL_STACK_INDEX: 1
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: atapi!IssueSyncAtapiCommand+32
>
> MODULE_NAME: atapi
>
> IMAGE_NAME: atapi.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 41107b4d
>
> STACK_COMMAND: .tss 28 ; kb
>
> BUCKET_ID: 0x7f_8_atapi!IssueSyncAtapiCommand+32
>
> Followup: MachineOwner
> ---------
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com