Virtual disk driver cause BugCheck in Windows XP

Hi all,

I’m developping a encrypted virtual disk driver which simulate a hard disk partition using a data file. The virtual disk is formatted in NTFS using the system format function. It seems work well in Windows 2000, but it cause BugCheck frequently in XP. Obviously the crash is caused by my driver but it don’t happen within my code. I’ve been engaged in this problem for weeks, I’ll appreciate any advise or suggestion.

The following is the dump diagnosis I’ve got the last time. How can I derive the code that cause this crash?

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80535600, address which referenced memory

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xC5

LAST_CONTROL_TRANSFER: from 8058fc06 to 80535600

STACK_TEXT:
f6f98b2c 8058fc06 00000001 00000000 f6f98bf0 nt!ExFreePoolWithTag+0x4a8
f6f98bd8 8052e571 ffffffff f6f98c88 f6f98c8c nt!NtFreeVirtualMemory+0x49e
f6f98bd8 804f9a9d ffffffff f6f98c88 f6f98c8c nt!KiSystemService+0xc4
f6f98c60 805ad658 ffffffff f6f98c88 f6f98c8c nt!ZwFreeVirtualMemory+0x11
f6f98d14 805ada20 00000000 00000000 84332c10 nt!PspExitThread+0x531
f6f98d34 805add46 84332c10 00000000 f6f98d64 nt!PspTerminateThreadByPointer+0x50
f6f98d54 8052e571 00000000 00000000 805466e0 nt!NtTerminateThread+0x6e
f6f98d54 7ffe0304 00000000 00000000 805466e0 nt!KiSystemService+0xc4
00aaff64 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4

FOLLOWUP_IP:
nt!KiTrap0E+2ad
80531335 f7457000000200 test dword ptr [ebp+0x70],0x20000

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!KiTrap0E+2ad

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 3ea80977

STACK_COMMAND: .trap fffffffff6f98a8c ; kb

BUCKET_ID: 0xC5_nt!KiTrap0E+2ad

Followup: MachineOwner

kd> .trap fffffffff6f98a8c ; kb
ErrCode = 00000002
eax=00000000 ebx=8429b6d8 ecx=000001ff edx=00000000 esi=8429ae28 edi=805479a0
eip=80535600 esp=f6f98b00 ebp=f6f98b2c iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000297
nt!ExFreePoolWithTag+0x4a8:
80535600 8902 mov [edx],eax ds:0023:00000000=???
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
f6f98b2c 8058fc06 00000001 00000000 f6f98bf0 nt!ExFreePoolWithTag+0x4a8
f6f98bd8 8052e571 ffffffff f6f98c88 f6f98c8c nt!NtFreeVirtualMemory+0x49e
f6f98bd8 804f9a9d ffffffff f6f98c88 f6f98c8c nt!KiSystemService+0xc4
f6f98c60 805ad658 ffffffff f6f98c88 f6f98c8c nt!ZwFreeVirtualMemory+0x11
f6f98d14 805ada20 00000000 00000000 84332c10 nt!PspExitThread+0x531
f6f98d34 805add46 84332c10 00000000 f6f98d64 nt!PspTerminateThreadByPointer+0x50
f6f98d54 8052e571 00000000 00000000 805466e0 nt!NtTerminateThread+0x6e
f6f98d54 7ffe0304 00000000 00000000 805466e0 nt!KiSystemService+0xc4
00aaff64 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.

Best regards,
lu0
TTC Senior Engineer
http://ttcone.com
Inside Programming
http://lu0.126.com
----- Original Message -----
From: Bruce Zhang
To: Windows File Systems Devs Interest List
Sent: Monday, August 30, 2004 10:23 AM
Subject: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

Hi all,

I’m developping a encrypted virtual disk driver which simulate a hard disk partition using a data file. The virtual disk is formatted in NTFS using the system format function. It seems work well in Windows 2000, but it cause BugCheck frequently in XP. Obviously the crash is caused by my driver but it don’t happen within my code. I’ve been engaged in this problem for weeks, I’ll appreciate any advise or suggestion.

The following is the dump diagnosis I’ve got the last time. How can I derive the code that cause this crash?

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arguments:

I know the meaning of this ERROR CODE, but I can’t find what cause this error. the stack content implies the functions last executed exactly before the BugCheck happened are un-documented. I’ve no clue to find out what’s wrong with my code.

----- Original Message -----
From: lu0
To: Windows File Systems Devs Interest List
Sent: Monday, August 30, 2004 1:10 PM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.

Best regards,
lu0
TTC Senior Engineer
http://ttcone.com
Inside Programming
http://lu0.126.com
----- Original Message -----
From: Bruce Zhang
To: Windows File Systems Devs Interest List
Sent: Monday, August 30, 2004 10:23 AM
Subject: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

Hi all,

I’m developping a encrypted virtual disk driver which simulate a hard disk partition using a data file. The virtual disk is formatted in NTFS using the system format function. It seems work well in Windows 2000, but it cause BugCheck frequently in XP. Obviously the crash is caused by my driver but it don’t happen within my code. I’ve been engaged in this problem for weeks, I’ll appreciate any advise or suggestion.

The following is the dump diagnosis I’ve got the last time. How can I derive the code that cause this crash?

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arguments:


Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Just now I got another crash, the dump file tells:

Is this familiar to you?

Thanks in advance.

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80535600, address which referenced memory

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xC5

LAST_CONTROL_TRANSFER: from 8058fc06 to 80535600

STACK_TEXT:
f6f98b2c 8058fc06 00000001 00000000 f6f98bf0 nt!ExFreePoolWithTag+0x4a8
f6f98bd8 8052e571 ffffffff f6f98c88 f6f98c8c nt!NtFreeVirtualMemory+0x49e
f6f98bd8 804f9a9d ffffffff f6f98c88 f6f98c8c nt!KiSystemService+0xc4
f6f98c60 805ad658 ffffffff f6f98c88 f6f98c8c nt!ZwFreeVirtualMemory+0x11
f6f98d14 805ada20 00000000 00000000 84332c10 nt!PspExitThread+0x531
f6f98d34 805add46 84332c10 00000000 f6f98d64 nt!PspTerminateThreadByPointer+0x50
f6f98d54 8052e571 00000000 00000000 805466e0 nt!NtTerminateThread+0x6e
f6f98d54 7ffe0304 00000000 00000000 805466e0 nt!KiSystemService+0xc4
00aaff64 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4

FOLLOWUP_IP:
nt!KiTrap0E+2ad
80531335 f7457000000200 test dword ptr [ebp+0x70],0x20000

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!KiTrap0E+2ad

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 3ea80977

STACK_COMMAND: .trap fffffffff6f98a8c ; kb

BUCKET_ID: 0xC5_nt!KiTrap0E+2ad

Followup: MachineOwner
----- Original Message -----
From: lu0
To: Windows File Systems Devs Interest List
Sent: Monday, August 30, 2004 1:10 PM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.

Best regards,
lu0
TTC Senior Engineer
http://ttcone.com
Inside Programming
http://lu0.126.com
----- Original Message -----
From: Bruce Zhang
To: Windows File Systems Devs Interest List
Sent: Monday, August 30, 2004 10:23 AM
Subject: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

Hi all,

I’m developping a encrypted virtual disk driver which simulate a hard disk partition using a data file. The virtual disk is formatted in NTFS using the system format function. It seems work well in Windows 2000, but it cause BugCheck frequently in XP. Obviously the crash is caused by my driver but it don’t happen within my code. I’ve been engaged in this problem for weeks, I’ll appreciate any advise or suggestion.

The following is the dump diagnosis I’ve got the last time. How can I derive the code that cause this crash?

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arguments:


Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Turn on Special Pool of Driver Verifier. It will give you a more
accurate error. (It will bugcheck as soon as you do the faulty bit, not
after, such as here)


Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Thank you for the rapid answer.

I’ve tried to use this method to check the driver, but I seldom see the system crash when I open the special pool of Driver Verifier. It’s much strange.

----- Original Message -----
From: “Dejan Maksimovic”
To: “Windows File Systems Devs Interest List”
Sent: Monday, August 30, 2004 3:29 PM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

>
> Turn on Special Pool of Driver Verifier. It will give you a more
> accurate error. (It will bugcheck as soon as you do the faulty bit, not
> after, such as here)
>
> –
> Kind regards, Dejan M. MVP for DDK
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@vip.sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

That would be strange. But at least when it happens you will know the source code line (most probably, at least with correct symbols).
Alternately… since I think this is freeing a NULL pointer, redefine the ExFreePool with the following Macro:

#undef ExFreePool
#define ExFreePool(a) \
DbgPrint(“Line %d: freeing %p\n”, LINE, a); \
ExFreePool(a)
If you’re using ExFreePoolWithTag, by any chance, redefine it.
That might be more informative. (Sometimes I had to trace this way…)
It might not be as simple, but it’s worth a try. Give DV more time, your patience will be rewarded :stuck_out_tongue:

Regards, Dejan.

Bruce Zhang wrote:

Thank you for the rapid answer.

I’ve tried to use this method to check the driver, but I seldom see the system crash when I open the special pool of Driver Verifier. It’s much strange.


Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

It is then possible that you are UNDER-running a buffer and thereby
corrupting pool. Such errors do sometimes occur but are far less
frequent - the default for verifier is for OVER-run checking. You may
change this within driver verifier.

In either case, verifier allocates an entire page of pool memory. In
overrun checking, the pointer is at the end of the pool block. In
under-run checking the pointer is at the beginning of the page.

Very recent versions of Windows have also added a magic number value (a
“canary”) around pool allocations in order to further improve pool
consistency checks even without verifier. I am not sure if this was
included in XPSP2 or not, but it is certainly worth checking.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class October
18, 2004 in Silicon Valley!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bruce Zhang
Sent: Monday, August 30, 2004 4:16 AM
To: ntfsd redirect
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

Thank you for the rapid answer.

I’ve tried to use this method to check the driver, but I seldom see the
system crash when I open the special pool of Driver Verifier. It’s much
strange.

----- Original Message -----
From: “Dejan Maksimovic”
To: “Windows File Systems Devs Interest List”
Sent: Monday, August 30, 2004 3:29 PM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

>
> Turn on Special Pool of Driver Verifier. It will give you a more
> accurate error. (It will bugcheck as soon as you do the faulty bit,
not
> after, such as here)
>
> –
> Kind regards, Dejan M. MVP for DDK
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption
services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@vip.sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to $subst(‘List.Name’) as:
$subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to $subst(‘Email.UnSub’)

Thanks, and how can I change the Driver Verifier to check Under-running error?
I just see a graphic interface without any menu such as “Option”.

----- Original Message -----
From: “Tony Mason”
To: “Windows File Systems Devs Interest List”
Sent: Monday, August 30, 2004 8:21 PM
Subject: RE: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

It is then possible that you are UNDER-running a buffer and thereby
corrupting pool. Such errors do sometimes occur but are far less
frequent - the default for verifier is for OVER-run checking. You may
change this within driver verifier.

In either case, verifier allocates an entire page of pool memory. In
overrun checking, the pointer is at the end of the pool block. In
under-run checking the pointer is at the beginning of the page.

Very recent versions of Windows have also added a magic number value (a
“canary”) around pool allocations in order to further improve pool
consistency checks even without verifier. I am not sure if this was
included in XPSP2 or not, but it is certainly worth checking.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class October
18, 2004 in Silicon Valley!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bruce Zhang
Sent: Monday, August 30, 2004 4:16 AM
To: ntfsd redirect
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

Thank you for the rapid answer.

I’ve tried to use this method to check the driver, but I seldom see the
system crash when I open the special pool of Driver Verifier. It’s much
strange.

----- Original Message -----
From: “Dejan Maksimovic”
To: “Windows File Systems Devs Interest List”
Sent: Monday, August 30, 2004 3:29 PM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

>
> Turn on Special Pool of Driver Verifier. It will give you a more
> accurate error. (It will bugcheck as soon as you do the faulty bit,
not
> after, such as here)
>
> –
> Kind regards, Dejan M. MVP for DDK
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption
services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@vip.sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as:
xxxxx@vip.sina.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

I see, I can set it in global flags utility.

----- Original Message -----
From: “Bruce Zhang”
To: “Windows File Systems Devs Interest List”
Sent: Tuesday, August 31, 2004 9:49 AM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

> Thanks, and how can I change the Driver Verifier to check Under-running error?
> I just see a graphic interface without any menu such as “Option”.
>
> ----- Original Message -----
> From: “Tony Mason”
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, August 30, 2004 8:21 PM
> Subject: RE: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
>
>
> It is then possible that you are UNDER-running a buffer and thereby
> corrupting pool. Such errors do sometimes occur but are far less
> frequent - the default for verifier is for OVER-run checking. You may
> change this within driver verifier.
>
> In either case, verifier allocates an entire page of pool memory. In
> overrun checking, the pointer is at the end of the pool block. In
> under-run checking the pointer is at the beginning of the page.
>
> Very recent versions of Windows have also added a magic number value (a
> “canary”) around pool allocations in order to further improve pool
> consistency checks even without verifier. I am not sure if this was
> included in XPSP2 or not, but it is certainly worth checking.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
>
> Looking forward to seeing you at the Next OSR File Systems Class October
> 18, 2004 in Silicon Valley!
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Bruce Zhang
> Sent: Monday, August 30, 2004 4:16 AM
> To: ntfsd redirect
> Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
>
> Thank you for the rapid answer.
>
> I’ve tried to use this method to check the driver, but I seldom see the
> system crash when I open the special pool of Driver Verifier. It’s much
> strange.
>
>
> ----- Original Message -----
> From: “Dejan Maksimovic”
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, August 30, 2004 3:29 PM
> Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
>
>
> >
> > Turn on Special Pool of Driver Verifier. It will give you a more
> > accurate error. (It will bugcheck as soon as you do the faulty bit,
> not
> > after, such as here)
> >
> > –
> > Kind regards, Dejan M. MVP for DDK
> > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > Alfa Transparent File Encryptor - Transparent file encryption
> services.
> > Alfa File Protector - File protection and hiding library for Win32
> > developers.
> > Alfa File Monitor - File monitoring library for Win32 developers.
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@vip.sina.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@vip.sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to $subst(‘List.Name’) as: $subst(‘Recip.EmailAddr’)
> To unsubscribe send a blank email to $subst(‘Email.UnSub’)

I found if I open the driver verifier, the system don’t crash.

Now I guess the reason is that some queueing irp aren’t cancelled. I add Cancel-Safe IRP Queue frame into my code, this part of code is from the example named Cancel delivered with DDK. But now when i call CsqInsertIrp , the driver verifier halt the system with a error code c9, parameters imply that the reason is that the IRQL changed during a call to the driver dispatch routine, it change form 0 to 2.

Who can help me to solve this problem?

----- Original Message -----
From: “Bruce Zhang”
To: “Windows File Systems Devs Interest List”
Sent: Tuesday, August 31, 2004 11:25 AM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

> I see, I can set it in global flags utility.
>
>
> ----- Original Message -----
> From: “Bruce Zhang”
> To: “Windows File Systems Devs Interest List”
> Sent: Tuesday, August 31, 2004 9:49 AM
> Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
>
>
> > Thanks, and how can I change the Driver Verifier to check Under-running error?
> > I just see a graphic interface without any menu such as “Option”.
> >
> > ----- Original Message -----
> > From: “Tony Mason”
> > To: “Windows File Systems Devs Interest List”
> > Sent: Monday, August 30, 2004 8:21 PM
> > Subject: RE: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
> >
> >
> > It is then possible that you are UNDER-running a buffer and thereby
> > corrupting pool. Such errors do sometimes occur but are far less
> > frequent - the default for verifier is for OVER-run checking. You may
> > change this within driver verifier.
> >
> > In either case, verifier allocates an entire page of pool memory. In
> > overrun checking, the pointer is at the end of the pool block. In
> > under-run checking the pointer is at the beginning of the page.
> >
> > Very recent versions of Windows have also added a magic number value (a
> > “canary”) around pool allocations in order to further improve pool
> > consistency checks even without verifier. I am not sure if this was
> > included in XPSP2 or not, but it is certainly worth checking.
> >
> > Regards,
> >
> > Tony
> >
> > Tony Mason
> > Consulting Partner
> > OSR Open Systems Resources, Inc.
> > http://www.osr.com
> >
> > Looking forward to seeing you at the Next OSR File Systems Class October
> > 18, 2004 in Silicon Valley!
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Bruce Zhang
> > Sent: Monday, August 30, 2004 4:16 AM
> > To: ntfsd redirect
> > Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
> >
> > Thank you for the rapid answer.
> >
> > I’ve tried to use this method to check the driver, but I seldom see the
> > system crash when I open the special pool of Driver Verifier. It’s much
> > strange.
> >
> >
> > ----- Original Message -----
> > From: “Dejan Maksimovic”
> > To: “Windows File Systems Devs Interest List”
> > Sent: Monday, August 30, 2004 3:29 PM
> > Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP
> >
> >
> > >
> > > Turn on Special Pool of Driver Verifier. It will give you a more
> > > accurate error. (It will bugcheck as soon as you do the faulty bit,
> > not
> > > after, such as here)
> > >
> > > –
> > > Kind regards, Dejan M. MVP for DDK
> > > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > > Alfa Transparent File Encryptor - Transparent file encryption
> > services.
> > > Alfa File Protector - File protection and hiding library for Win32
> > > developers.
> > > Alfa File Monitor - File monitoring library for Win32 developers.
> > >
> > >
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as: xxxxx@vip.sina.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
> > xxxxx@vip.sina.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> > —
> > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to $subst(‘List.Name’) as: $subst(‘Recip.EmailAddr’)
> > To unsubscribe send a blank email to $subst(‘Email.UnSub’)
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to $subst(‘List.Name’) as: $subst(‘Recip.EmailAddr’)
> To unsubscribe send a blank email to $subst(‘Email.UnSub’)

On Wed, 2004-09-01 at 04:39, Bruce Zhang wrote:

I found if I open the driver verifier, the system don’t crash.

Now I guess the reason is that some queueing irp aren’t cancelled. I add Cancel-Safe IRP Queue frame into my code, this part of code is from the example named Cancel delivered with DDK. But now when i call CsqInsertIrp , the driver verifier halt the system with a error code c9, parameters imply that the reason is that the IRQL changed during a call to the driver dispatch routine, it change form 0 to 2.

It sounds to me like your CSQ callback functions are using locks
incorrectly. You probably only need a very smiple set of CSQ
callbacks. The CSQ library will do all of the lock acquisition and
releasing for you, so as long as your CsqAcquireLock and CsqReleaseLock
functions are correct, you shouldn’t have locking problems.

The samples in the DDK work correctly, so try comparing your code
against those. Focus on the cancel sample, unless you need startio
functionality (which you probably don’t in a virtual disk).

There is a CSQ paper from Microsoft at
http://go.microsoft.com/?linkid=567504, and I had a 3-part series on how
to use CSQ In your drivers on my blog at www.kernelmustard.com a couple
of weeks ago.

HTH.

-sd


Steve Dispensa
MVP - Windows DDK
www.kernelmustard.com

I checked my code and found that I call KeReleaseSemaphore function with TRUE as the last parameter, but it isn’t followed by a Waitxxx function. What a stupid error! It’s none of the bussiness of Cancel-Safe Irp Queue.

----- Original Message -----
From: “Steve Dispensa”
To: “Windows File Systems Devs Interest List”
Sent: Thursday, September 02, 2004 12:49 AM
Subject: Re: [ntfsd] Virtual disk driver cause BugCheck in Windows XP

> On Wed, 2004-09-01 at 04:39, Bruce Zhang wrote:
> > I found if I open the driver verifier, the system don’t crash.
> >
> > Now I guess the reason is that some queueing irp aren’t cancelled. I add Cancel-Safe IRP Queue frame into my code, this part of code is from the example named Cancel delivered with DDK. But now when i call CsqInsertIrp , the driver verifier halt the system with a error code c9, parameters imply that the reason is that the IRQL changed during a call to the driver dispatch routine, it change form 0 to 2.
>
> It sounds to me like your CSQ callback functions are using locks
> incorrectly. You probably only need a very smiple set of CSQ
> callbacks. The CSQ library will do all of the lock acquisition and
> releasing for you, so as long as your CsqAcquireLock and CsqReleaseLock
> functions are correct, you shouldn’t have locking problems.
>
> The samples in the DDK work correctly, so try comparing your code
> against those. Focus on the cancel sample, unless you need startio
> functionality (which you probably don’t in a virtual disk).
>
> There is a CSQ paper from Microsoft at
> http://go.microsoft.com/?linkid=567504, and I had a 3-part series on how
> to use CSQ In your drivers on my blog at www.kernelmustard.com a couple
> of weeks ago.
>
> HTH.
>
> -sd
>
> –
> ____________________________
> Steve Dispensa
> MVP - Windows DDK
> www.kernelmustard.com
>
>
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@vip.sina.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>