The following bugcheck occurs while trying to read a memory mapped file using my mini-filter. It manages its own FCBs for a portion of the file hierarchy and redirects the I/O for the files to various archive files using FltCreateFile() and ZwReadFile() to access data during the filter’s create and read pre-operation callbacks. I get this when using the driver verifier. Normal reads work fine. Any idea what the next step would be in trying to figure this one out? Thanks.
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 0000000080000003, Exception code that caused the bugcheck
Arg2: fffff80001c91ad8, Address of the instruction which caused the bugcheck
Arg3: fffff8800ca21aa0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
FAULTING_IP:
nt!DebugPrompt+18
fffff800`01c91ad8 c3 ret
CONTEXT: fffff8800ca21aa0 – (.cxr 0xfffff8800ca21aa0)
.cxr 0xfffff8800ca21aa0
rax=0000000000000002 rbx=fffff88001496a80 rcx=fffff880014b9070
rdx=fffff8800ca2001f rsi=00000000000001e7 rdi=fffff880014b9090
rip=fffff80001c91ad7 rsp=fffff8800ca22488 rbp=fffffa8008558660
r8=fffff8800ca22500 r9=fffff880014b0002 r10=0000000000000000
r11=fffff8800ca224d8 r12=0000000000000004 r13=0000000000000000
r14=fffffa8008558600 r15=000000000000004a
iopl=0 nv up ei pl nz ac pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000212
nt!DebugPrompt+0x17:
fffff800`01c91ad7 cc int 3
.cxr
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: notepad.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001d21ceb to fffff80001c91ad7
STACK_TEXT:
fffff8800ca22488 fffff800
01d21ceb : fffff88001496a80 fffff800
01cd5718 fffff88001496a80 00000000
000001e7 : nt!DebugPrompt+0x17
fffff8800ca22490 fffff880
014b94bb : 0000000000000000 00000000
00000000 fffff880014b9060 00000000
00000007 : nt!DbgPrompt+0x3b
fffff8800ca224e0 fffff880
014ba36d : 0000000000000037 fffffa80
08bbf7e0 fffffa8008831a10 00000000
00000004 : fltmgr!FltpvPrintErrors+0x11b
fffff8800ca22740 fffff880
014badb7 : 0000000000000001 00000000
00000044 0000000000000004 fffffa80
08831a10 : fltmgr!FltpvVerifyPreOperationStatus+0xad
fffff8800ca22780 fffff880
0147c067 : fffff9800cb16ab0 fffff800
0212b27e 0000000000000010 fffffa80
08831ab0 : fltmgr!FltvPreOperation+0x237
fffff8800ca22890 fffff880
0147d329 : fffff8800ca22a00 fffffa80
03c0980c fffffa8003c09800 fffff800
0213ea00 : fltmgr!FltpPerformPreCallbacks+0x2f7
fffff8800ca22990 fffff880
0147b6c7 : fffff9800cb16ab0 fffffa80
04ac4040 fffffa8007e11490 fffff800
01f8340d : fltmgr!FltpPassThrough+0x2d9
fffff8800ca22a10 fffff800
0213fc16 : fffff9800cb16ab0 00000000
00000002 fffffa8007f18090 00000000
00000000 : fltmgr!FltpDispatch+0xb7
fffff8800ca22a70 fffff800
01f8340d : fffff9800cb16ab0 00000000
00000001 fffffa8007f18090 fffffa80
08b951b0 : nt!IovCallDriver+0x566
fffff8800ca22ad0 fffff800
01c98ed3 : fffffa800884b870 fffff880
0ca22ca0 000000000013da68 fffff880
0ca22bc8 : nt!NtQueryDirectoryFile+0x1ad
fffff8800ca22bb0 00000000
776d166a : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiSystemServiceCopyEnd+0x13
000000000013da48 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : 0x776d166a
FOLLOWUP_IP:
nt!DebugPrompt+18
fffff800`01c91ad8 c3 ret
SYMBOL_NAME: nt!DebugPrompt+18
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800ca21aa0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_VRF_nt!DebugPrompt+18
BUCKET_ID: X64_0x3B_VRF_nt!DebugPrompt+18
Followup: MachineOwner