In my filter driver I’m getting a bugcheck 0x7f
(UNEXPECTED_KERNEL_MODE_TRAP) with p1=8 (double fault) and other parameters
equal zero when calling ZwCreateFile for a root directory (C:). I have NTFS
mounted on C
I get that only in the following scenario:
- My driver creates virtual drive V that redirects IRPs to FSD that serves
drive C - My driver is also filtering drive C
- V is shared and mapped to a drive X on the same machine.
- Clicking on X in Explorer causes stop 0x7f
What I see in Softice is:
IRP_MJ_CREATE for V:\
as part of the handling I need to search files in C:, so I call
ZwCreateFile for C’s root folder and see that IRP_MJ_CREATE
in my filter. As soon as I pass that IRP down to the filtered FSD I get stop
0x7f
Without sharing/mapping (i.e. accessing V directly) everything works just
fine and execution flaw in my driver goes the same
path as in the fault case.
I’ve been searching KB for that type of stop and found a bunch of articles,
but all of them refer to NT 3.51 (I have 4.0 SP6, multi-processor). One
article, though, was talking about filter drivers (Q238735). But there was
not much info, except that there is a fix
that I need to obtain from MS.
So, can anyone give me an idea what may be wrong and what would be the fix?
Can this type of stop been caused by the
stack exhaustion? That’s the only thing I can think of.
TIA,
Vladimir