I’ve managed to get a vista driver verifier failure with this subclass ID
and haven’t been able to find documentation on what it might be trying to
indicate to me.
This happened with a driver making a call at IRQL 0 to ZwQueryValueKey()
in the context of a user process.
Thanks,
Tracy Camp
Found in WDK 6000 doc:
0xE3 (Windows Vista and later operating systems only)
A driver has made a call to a kernel-mode ZwXxx routine with a user-mode
address as a parameter.
“Tracy Camp” wrote news:xxxxx@ntfsd…
>
> I’ve managed to get a vista driver verifier failure with this subclass ID
> and haven’t been able to find documentation on what it might be trying to
> indicate to me.
>
> This happened with a driver making a call at IRQL 0 to ZwQueryValueKey()
> in the context of a user process.
>
> Thanks,
>
> Tracy Camp
>
ms-help://MS.WDK.v10.6000/DevTest_g/hh/DevTest_g/t06_bugs_B0_77bda7e9-4f41-49e9-86db-04446dc9c7b7.xml.htm
Parameter 1: 0xE3 (Windows Vista and later operating systems only)
Parameter 2: Address of the call to the API
Parameter 3: User-mode address used as a parameter in the API
Parameter 4: Reserved
Cause of Error: A driver has made a call to a kernel-mode ZwXxx routine with
a user-mode address
“Tracy Camp” wrote in message news:xxxxx@ntfsd…
>
> I’ve managed to get a vista driver verifier failure with this subclass ID
> and haven’t been able to find documentation on what it might be trying to
> indicate to me.
>
> This happened with a driver making a call at IRQL 0 to ZwQueryValueKey()
> in the context of a user process.
>
> Thanks,
>
> Tracy Camp
>