My driver is crashing a WS2008 R2 system when it unloads if verifier is
enabled. fltmgr!FltpvDoLostObjectCheck+0x144 is attempting to break.
Can anyone tell me what FltpvDoLostObjectCheck is actually checking?
I thought it was seeing if I had any pool still allocated, but it
reports zero on the !verifier 0xf command…
fffffa8012c201f0 Loaded 00000000 00000000 htdafd.sys
Current Pool Allocations 00000000 00000000
Current Pool Bytes 00000000 00000000
Peak Pool Allocations 0000000a 00000002
Peak Pool Bytes 00000450 0000081c
Any clues, ideas, hints or tips gratefully received!
Thanks,
John
— Here’s an extract from the windbg analyze -v —
STACK_TEXT:
fffff8800217e948 fffff80001752ceb : 00000000000001e7 fffff98004856c20 0000000000000001 fffff80001752cb0 : nt!DebugPrompt+0x17
fffff8800217e950 fffff88000e3f4bb : 09700000019fc500 0960000001962500 fffff88000e3f060 0000000000000007 : nt!DbgPrompt+0x3b
fffff8800217e9a0 fffff88000e3feb1 : 0000000000000029 fffff98004856c20 fffff98007016ff0 0000000000000000 :
fltmgr!FltpvPrintErrors+0x11b
fffff8800217ec00 fffff800016d5001 : fffffffffff0bdc0 fffff88000e3fd00 fffff8000186b2b8 fffffa8000000000 :
fltmgr!FltpvDoLostObjectCheck+0x1b1
fffff8800217ecb0 fffff80001965fee : 0000000000000000 fffffa8012daf040 0000000000000080 fffffa8012d9b450 :
nt!ExpWorkerThread+0x111
fffff8800217ed40 fffff800016bc5e6 : fffff80001840e80 fffffa8012daf040 fffffa8012dae680 0000000000000000 :
nt!PspSystemThreadStartup+0x5a
fffff8800217ed80 0000000000000000 : fffff8800217f000 fffff88002179000 fffff8800217d450 0000000000000000 :
nt!KxStartSystemThread+0x16
Unfortunately (IMO), if you are running a mini filter driver under verifier
you need to attach a debugger.
That will produce some debugger output to tell you exactly what is missing
and how to find out more information.
This got some airing last month…
http://www.osronline.com/showThread.cfm?link=214745
Thanks for that Rod… Yes, running with the debugger produces a nice
load of information which helps me understand what is wrong.
In this case, I think it is a verifier limitation I must work around -
allocating a generic workitem in the DriverEntry routine seems to cause
problems.
FILTER VERIFIER WARNING: Filter manager verifier object tracking may be
out of sync for the system
because the verifier was unable to identify the calling filter for 0 object
allocation(s)/reference(s) and for 1 object deallocation(s)/release(s).
Failure to identify the calling filter for an object deallocation/release
may cause verifier to complain when the filter is unloaded even though
the filter is not leaking any objects.
FILTER VERIFIER ERROR: A filter (Filter = FFFFF9800694AC20 (htdafd))
leaked references to the following resources:
00000000 Filter Context Structures
00000000 FLT_CALLBACK_DATA structures
00000000 FLT_DEFERRED_IO_WORKITEM structures
00000001 FLT_GENERIC_WORKITEM structures
00000000 FLT_FILE_NAME_INFORMATION structures
00000000 FILE_OBJECT structures
00000000 FLT_OBJECT structures
On 28/11/2011 17:04, Rod Widdowson wrote:
Unfortunately (IMO), if you are running a mini filter driver under
verifier you need to attach a debugger.
That will produce some debugger output to tell you exactly what is
missing and how to find out more information.
This got some airing last month…
http://www.osronline.com/showThread.cfm?link=214745