在Windows XP系统上运行良好。

时间:2021-08-11 09:22:05

After we have changed kernel driver code from C to C++ IoVolumeDeviceToDosName function's call produces BSOD on Windows 7 but this code still works fine on Windows XP.

在我们将内核驱动程序代码从C更改为c++ IoVolumeDeviceToDosName函数之后,在Windows 7上产生了BSOD,但这段代码仍然适用于Windows XP。

Can anyone give me a hint how to resolve this problem?

谁能给我一个提示,如何解决这个问题?

2 个解决方案

#1


0  

Yes driver complied for Windows 7. I not using static code analyzer

是的,司机遵守了Windows 7。我不使用静态代码分析器。

BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=908b92ec ebx=00000000 ecx=908b9360 edx=00000000 esi=908b9374 edi=908b9374
eip=826c5035 esp=908b8e74 ebp=908b92c8 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
nt!_woutput_l+0x1b:
826c5035 57              push    edi
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  1f

LAST_CONTROL_TRANSFER:  from 826bedad to 826c5035

STACK_TEXT:  
908b92c8 826bedad 908b92ec 86d70560 00000000 nt!_woutput_l+0x1b
908b930c 826c7667 908b9374 00000063 86d70560 nt!_vsnwprintf_l+0x7b
908b9328 86d66160 908b9374 00000063 86d70560 nt!_vsnwprintf+0x18
908b934c 86d6cf44 908b9374 000000c8 86d70560 volmgr!RtlStringCbPrintfW+0x3a
908b9440 86d668ab 851080e8 843b0248 00004000 volmgr!VmpQueryDeviceName+0x46
908b9464 826434bc 85108030 843b03b4 85104be8 volmgr!VmDeviceControl+0x2f1
908b947c 87001854 908b94c4 8700274d 85104b30 nt!IofCallDriver+0x63
908b9484 8700274d 85104b30 843b0248 85103990 fvevol!FveFilterSkip+0x1e
908b94c4 826434bc 85104b30 843b0248 85103978 fvevol!FveFilterDeviceControl+0x16f
908b94dc 873d1083 908b957c 843b0248 908b9534 nt!IofCallDriver+0x63
908b94ec 873d96ea 851038c0 843b0248 17b5c100 rdyboost!SmdDispatchPassthrough+0x6d
908b9534 826434bc 851038c0 843b0248 843b0248 rdyboost!SmdDispatchDeviceControl+0x68
908b954c 873b2fcc 00000000 85108660 85108660 nt!IofCallDriver+0x63
908b9580 826434bc 00000000 843b0248 00000200 volsnap!VolSnapDeviceControl+0x50
908b9598 827f549f 85f09030 93acd748 843dd030 nt!IofCallDriver+0x63
908b9dfc 90cef31f 85108660 908b9e14 0030002e nt!IoVolumeDeviceToDosName+0x7e
908ba668 90cef541 00000d78 85108030 908bb538 ProcObsrv!GetProcessImageName+0x21f [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 381]
908bb53c 8285e238 843dd030 00000d78 908bb560 ProcObsrv!OnCreateProcessEx+0x91 [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 469]
908bb5f4 8285d523 85f09030 013dd030 908bb650 nt!PspInsertThread+0x5be
908bbd00 8264a42a 00b0eacc 00b0eaa8 02000000 nt!NtCreateUserProcess+0x742
908bbd00 77b164f4 00b0eacc 00b0eaa8 02000000 nt!KiFastCallEntry+0x12a
00b0e78c 77b14bcc 761e4a0b 00b0eacc 00b0eaa8 ntdll!KiFastSystemCallRet
00b0e790 761e4a0b 00b0eacc 00b0eaa8 02000000 ntdll!NtCreateUserProcess+0xc
00b0edec 76192059 00000000 00000000 000f2188 kernel32!CreateProcessInternalW+0xe75
00b0ee24 6b3669a8 00000000 000f2188 00000000 kernel32!CreateProcessW+0x2c
00b0eeb4 6b34ee3b 00b0eeec 000f20d8 00000020 mpsvc!CommonUtil::UtilCreateProcess+0x8c
00b0eef8 6b3558b5 00948b98 00000000 c4d82385 mpsvc!MpService::MpTaskSchedulerCmdRun+0x7f
00b0ef44 6b355c60 00000001 c4d8234d 00b0efc8 mpsvc!CommonUtil::CStdBasicString<unsigned short,CommonUtil::mp_char_traits<unsigned short>,std::allocator<unsigned short> >::operator+=+0x73
00b0ef8c 6b355d94 00b0efdc 00958830 00948b40 mpsvc!MpService::CMpSignaturesUpdateManager::RpcStartUpdate+0x1d0
00b0efc4 7654fc8f 00307f90 00000011 00b0f1f8 mpsvc!ServerMpRpcSigUpdClientOpen+0x32
00b0efec 765b4c53 6b355d62 00b0f1d8 00000005 RPCRT4!Invoke+0x2a
00b0f3f4 765b430e 00000000 00000000 00308048 RPCRT4!NdrStubCall2+0x2d6
00b0f410 7654f34a 00308048 c82f34ca 00318238 RPCRT4!NdrServerCall2+0x19
00b0f44c 7654f4da 6b39096e 00308048 00b0f4fc RPCRT4!DispatchToStubInCNoAvrf+0x4a
00b0f4a4 7654f3c6 00318238 00000000 00000000 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x16c
00b0f4cc 76543974 00000000 00000000 00b0f4fc RPCRT4!RPC_INTERFACE::DispatchToStub+0x8b
00b0f518 7654f7a4 00307f90 00b0f534 0031c188 RPCRT4!LRPC_SCALL::DispatchRequest+0x257
00b0f538 7654f763 00307f90 0033d380 0031c188 RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0xbd
00b0f554 7654f5ff 00000000 0033d368 00318238 RPCRT4!LRPC_SCALL::HandleRequest+0x34f
00b0f588 7654f573 00000000 0033d368 00319e90 RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x144
00b0f5c0 7654ee4f 00318150 00000000 00319e90 RPCRT4!LRPC_ADDRESS::HandleRequest+0xbd
00b0f63c 7654ece7 00000000 00b0f658 76551357 RPCRT4!LRPC_ADDRESS::ProcessIO+0x50a
00b0f648 76551357 003181ec 00000000 00b0f680 RPCRT4!LrpcServerIoHandler+0x16
00b0f658 77afd3a3 00b0f6c4 003181ec 0031f898 RPCRT4!LrpcIoComplete+0x16
00b0f680 77b00748 00b0f6c4 00000000 00000000 ntdll!TppAlpcpExecuteCallback+0x1c5
00b0f7e8 761e1174 002e1da8 00b0f834 77b2b3f5 ntdll!TppWorkerThread+0x5a4
00b0f7f4 77b2b3f5 002e1da8 7709baea 00000000 kernel32!BaseThreadInitThunk+0xe
00b0f834 77b2b3c8 77afd63e 002e1da8 00000000 ntdll!__RtlUserThreadStart+0x70
00b0f84c 00000000 77afd63e 002e1da8 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP: 
volmgr!RtlStringCbPrintfW+3a
86d66160 83c410          add     esp,10h

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  volmgr!RtlStringCbPrintfW+3a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: volmgr

IMAGE_NAME:  volmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf1d

FAILURE_BUCKET_ID:  0x7f_8_volmgr!RtlStringCbPrintfW+3a

BUCKET_ID:  0x7f_8_volmgr!RtlStringCbPrintfW+3a

Followup: MachineOwner
---------

#2


0  

You might be converting Device Type of FILE_DEVICE_NETWORK_FILE_SYSTEM to dos name. FILE_DEVICE_NETWORK_FILE_SYSTEM is not a volume device object. so before calling ioVolumeDeviceToDosName you should check

您可以将FILE_DEVICE_NETWORK_FILE_SYSTEM的设备类型转换为dos名称。FILE_DEVICE_NETWORK_FILE_SYSTEM不是一个卷设备对象。在调用ioVolumeDeviceToDosName之前,应该检查一下。

if(IoGetCurrentIrpStackLocation(Irp)->FileObject->DeviceObject->DeviceType == FILE_DEVICE_DISK && !KeAreAllApcsDisabled())
{
    //Do you ioVolumeDeviceTioDosName Here
}

#1


0  

Yes driver complied for Windows 7. I not using static code analyzer

是的,司机遵守了Windows 7。我不使用静态代码分析器。

BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=908b92ec ebx=00000000 ecx=908b9360 edx=00000000 esi=908b9374 edi=908b9374
eip=826c5035 esp=908b8e74 ebp=908b92c8 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
nt!_woutput_l+0x1b:
826c5035 57              push    edi
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  1f

LAST_CONTROL_TRANSFER:  from 826bedad to 826c5035

STACK_TEXT:  
908b92c8 826bedad 908b92ec 86d70560 00000000 nt!_woutput_l+0x1b
908b930c 826c7667 908b9374 00000063 86d70560 nt!_vsnwprintf_l+0x7b
908b9328 86d66160 908b9374 00000063 86d70560 nt!_vsnwprintf+0x18
908b934c 86d6cf44 908b9374 000000c8 86d70560 volmgr!RtlStringCbPrintfW+0x3a
908b9440 86d668ab 851080e8 843b0248 00004000 volmgr!VmpQueryDeviceName+0x46
908b9464 826434bc 85108030 843b03b4 85104be8 volmgr!VmDeviceControl+0x2f1
908b947c 87001854 908b94c4 8700274d 85104b30 nt!IofCallDriver+0x63
908b9484 8700274d 85104b30 843b0248 85103990 fvevol!FveFilterSkip+0x1e
908b94c4 826434bc 85104b30 843b0248 85103978 fvevol!FveFilterDeviceControl+0x16f
908b94dc 873d1083 908b957c 843b0248 908b9534 nt!IofCallDriver+0x63
908b94ec 873d96ea 851038c0 843b0248 17b5c100 rdyboost!SmdDispatchPassthrough+0x6d
908b9534 826434bc 851038c0 843b0248 843b0248 rdyboost!SmdDispatchDeviceControl+0x68
908b954c 873b2fcc 00000000 85108660 85108660 nt!IofCallDriver+0x63
908b9580 826434bc 00000000 843b0248 00000200 volsnap!VolSnapDeviceControl+0x50
908b9598 827f549f 85f09030 93acd748 843dd030 nt!IofCallDriver+0x63
908b9dfc 90cef31f 85108660 908b9e14 0030002e nt!IoVolumeDeviceToDosName+0x7e
908ba668 90cef541 00000d78 85108030 908bb538 ProcObsrv!GetProcessImageName+0x21f [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 381]
908bb53c 8285e238 843dd030 00000d78 908bb560 ProcObsrv!OnCreateProcessEx+0x91 [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 469]
908bb5f4 8285d523 85f09030 013dd030 908bb650 nt!PspInsertThread+0x5be
908bbd00 8264a42a 00b0eacc 00b0eaa8 02000000 nt!NtCreateUserProcess+0x742
908bbd00 77b164f4 00b0eacc 00b0eaa8 02000000 nt!KiFastCallEntry+0x12a
00b0e78c 77b14bcc 761e4a0b 00b0eacc 00b0eaa8 ntdll!KiFastSystemCallRet
00b0e790 761e4a0b 00b0eacc 00b0eaa8 02000000 ntdll!NtCreateUserProcess+0xc
00b0edec 76192059 00000000 00000000 000f2188 kernel32!CreateProcessInternalW+0xe75
00b0ee24 6b3669a8 00000000 000f2188 00000000 kernel32!CreateProcessW+0x2c
00b0eeb4 6b34ee3b 00b0eeec 000f20d8 00000020 mpsvc!CommonUtil::UtilCreateProcess+0x8c
00b0eef8 6b3558b5 00948b98 00000000 c4d82385 mpsvc!MpService::MpTaskSchedulerCmdRun+0x7f
00b0ef44 6b355c60 00000001 c4d8234d 00b0efc8 mpsvc!CommonUtil::CStdBasicString<unsigned short,CommonUtil::mp_char_traits<unsigned short>,std::allocator<unsigned short> >::operator+=+0x73
00b0ef8c 6b355d94 00b0efdc 00958830 00948b40 mpsvc!MpService::CMpSignaturesUpdateManager::RpcStartUpdate+0x1d0
00b0efc4 7654fc8f 00307f90 00000011 00b0f1f8 mpsvc!ServerMpRpcSigUpdClientOpen+0x32
00b0efec 765b4c53 6b355d62 00b0f1d8 00000005 RPCRT4!Invoke+0x2a
00b0f3f4 765b430e 00000000 00000000 00308048 RPCRT4!NdrStubCall2+0x2d6
00b0f410 7654f34a 00308048 c82f34ca 00318238 RPCRT4!NdrServerCall2+0x19
00b0f44c 7654f4da 6b39096e 00308048 00b0f4fc RPCRT4!DispatchToStubInCNoAvrf+0x4a
00b0f4a4 7654f3c6 00318238 00000000 00000000 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x16c
00b0f4cc 76543974 00000000 00000000 00b0f4fc RPCRT4!RPC_INTERFACE::DispatchToStub+0x8b
00b0f518 7654f7a4 00307f90 00b0f534 0031c188 RPCRT4!LRPC_SCALL::DispatchRequest+0x257
00b0f538 7654f763 00307f90 0033d380 0031c188 RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0xbd
00b0f554 7654f5ff 00000000 0033d368 00318238 RPCRT4!LRPC_SCALL::HandleRequest+0x34f
00b0f588 7654f573 00000000 0033d368 00319e90 RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x144
00b0f5c0 7654ee4f 00318150 00000000 00319e90 RPCRT4!LRPC_ADDRESS::HandleRequest+0xbd
00b0f63c 7654ece7 00000000 00b0f658 76551357 RPCRT4!LRPC_ADDRESS::ProcessIO+0x50a
00b0f648 76551357 003181ec 00000000 00b0f680 RPCRT4!LrpcServerIoHandler+0x16
00b0f658 77afd3a3 00b0f6c4 003181ec 0031f898 RPCRT4!LrpcIoComplete+0x16
00b0f680 77b00748 00b0f6c4 00000000 00000000 ntdll!TppAlpcpExecuteCallback+0x1c5
00b0f7e8 761e1174 002e1da8 00b0f834 77b2b3f5 ntdll!TppWorkerThread+0x5a4
00b0f7f4 77b2b3f5 002e1da8 7709baea 00000000 kernel32!BaseThreadInitThunk+0xe
00b0f834 77b2b3c8 77afd63e 002e1da8 00000000 ntdll!__RtlUserThreadStart+0x70
00b0f84c 00000000 77afd63e 002e1da8 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP: 
volmgr!RtlStringCbPrintfW+3a
86d66160 83c410          add     esp,10h

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  volmgr!RtlStringCbPrintfW+3a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: volmgr

IMAGE_NAME:  volmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf1d

FAILURE_BUCKET_ID:  0x7f_8_volmgr!RtlStringCbPrintfW+3a

BUCKET_ID:  0x7f_8_volmgr!RtlStringCbPrintfW+3a

Followup: MachineOwner
---------

#2


0  

You might be converting Device Type of FILE_DEVICE_NETWORK_FILE_SYSTEM to dos name. FILE_DEVICE_NETWORK_FILE_SYSTEM is not a volume device object. so before calling ioVolumeDeviceToDosName you should check

您可以将FILE_DEVICE_NETWORK_FILE_SYSTEM的设备类型转换为dos名称。FILE_DEVICE_NETWORK_FILE_SYSTEM不是一个卷设备对象。在调用ioVolumeDeviceToDosName之前,应该检查一下。

if(IoGetCurrentIrpStackLocation(Irp)->FileObject->DeviceObject->DeviceType == FILE_DEVICE_DISK && !KeAreAllApcsDisabled())
{
    //Do you ioVolumeDeviceTioDosName Here
}