After we have changed kernel driver code from C to C++ IoVolumeDeviceToDosName function's call produces BSOD on Windows 7 but this code still works fine on Windows XP.
在我们将内核驱动程序代码从C更改为c++ IoVolumeDeviceToDosName函数之后,在Windows 7上产生了BSOD,但这段代码仍然适用于Windows XP。
Can anyone give me a hint how to resolve this problem?
谁能给我一个提示,如何解决这个问题?
2 个解决方案
#1
0
Yes driver complied for Windows 7. I not using static code analyzer
是的,司机遵守了Windows 7。我不使用静态代码分析器。
BUGCHECK_STR: 0x7f_8
TSS: 00000028 -- (.tss 0x28)
eax=908b92ec ebx=00000000 ecx=908b9360 edx=00000000 esi=908b9374 edi=908b9374
eip=826c5035 esp=908b8e74 ebp=908b92c8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt!_woutput_l+0x1b:
826c5035 57 push edi
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 1f
LAST_CONTROL_TRANSFER: from 826bedad to 826c5035
STACK_TEXT:
908b92c8 826bedad 908b92ec 86d70560 00000000 nt!_woutput_l+0x1b
908b930c 826c7667 908b9374 00000063 86d70560 nt!_vsnwprintf_l+0x7b
908b9328 86d66160 908b9374 00000063 86d70560 nt!_vsnwprintf+0x18
908b934c 86d6cf44 908b9374 000000c8 86d70560 volmgr!RtlStringCbPrintfW+0x3a
908b9440 86d668ab 851080e8 843b0248 00004000 volmgr!VmpQueryDeviceName+0x46
908b9464 826434bc 85108030 843b03b4 85104be8 volmgr!VmDeviceControl+0x2f1
908b947c 87001854 908b94c4 8700274d 85104b30 nt!IofCallDriver+0x63
908b9484 8700274d 85104b30 843b0248 85103990 fvevol!FveFilterSkip+0x1e
908b94c4 826434bc 85104b30 843b0248 85103978 fvevol!FveFilterDeviceControl+0x16f
908b94dc 873d1083 908b957c 843b0248 908b9534 nt!IofCallDriver+0x63
908b94ec 873d96ea 851038c0 843b0248 17b5c100 rdyboost!SmdDispatchPassthrough+0x6d
908b9534 826434bc 851038c0 843b0248 843b0248 rdyboost!SmdDispatchDeviceControl+0x68
908b954c 873b2fcc 00000000 85108660 85108660 nt!IofCallDriver+0x63
908b9580 826434bc 00000000 843b0248 00000200 volsnap!VolSnapDeviceControl+0x50
908b9598 827f549f 85f09030 93acd748 843dd030 nt!IofCallDriver+0x63
908b9dfc 90cef31f 85108660 908b9e14 0030002e nt!IoVolumeDeviceToDosName+0x7e
908ba668 90cef541 00000d78 85108030 908bb538 ProcObsrv!GetProcessImageName+0x21f [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 381]
908bb53c 8285e238 843dd030 00000d78 908bb560 ProcObsrv!OnCreateProcessEx+0x91 [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 469]
908bb5f4 8285d523 85f09030 013dd030 908bb650 nt!PspInsertThread+0x5be
908bbd00 8264a42a 00b0eacc 00b0eaa8 02000000 nt!NtCreateUserProcess+0x742
908bbd00 77b164f4 00b0eacc 00b0eaa8 02000000 nt!KiFastCallEntry+0x12a
00b0e78c 77b14bcc 761e4a0b 00b0eacc 00b0eaa8 ntdll!KiFastSystemCallRet
00b0e790 761e4a0b 00b0eacc 00b0eaa8 02000000 ntdll!NtCreateUserProcess+0xc
00b0edec 76192059 00000000 00000000 000f2188 kernel32!CreateProcessInternalW+0xe75
00b0ee24 6b3669a8 00000000 000f2188 00000000 kernel32!CreateProcessW+0x2c
00b0eeb4 6b34ee3b 00b0eeec 000f20d8 00000020 mpsvc!CommonUtil::UtilCreateProcess+0x8c
00b0eef8 6b3558b5 00948b98 00000000 c4d82385 mpsvc!MpService::MpTaskSchedulerCmdRun+0x7f
00b0ef44 6b355c60 00000001 c4d8234d 00b0efc8 mpsvc!CommonUtil::CStdBasicString<unsigned short,CommonUtil::mp_char_traits<unsigned short>,std::allocator<unsigned short> >::operator+=+0x73
00b0ef8c 6b355d94 00b0efdc 00958830 00948b40 mpsvc!MpService::CMpSignaturesUpdateManager::RpcStartUpdate+0x1d0
00b0efc4 7654fc8f 00307f90 00000011 00b0f1f8 mpsvc!ServerMpRpcSigUpdClientOpen+0x32
00b0efec 765b4c53 6b355d62 00b0f1d8 00000005 RPCRT4!Invoke+0x2a
00b0f3f4 765b430e 00000000 00000000 00308048 RPCRT4!NdrStubCall2+0x2d6
00b0f410 7654f34a 00308048 c82f34ca 00318238 RPCRT4!NdrServerCall2+0x19
00b0f44c 7654f4da 6b39096e 00308048 00b0f4fc RPCRT4!DispatchToStubInCNoAvrf+0x4a
00b0f4a4 7654f3c6 00318238 00000000 00000000 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x16c
00b0f4cc 76543974 00000000 00000000 00b0f4fc RPCRT4!RPC_INTERFACE::DispatchToStub+0x8b
00b0f518 7654f7a4 00307f90 00b0f534 0031c188 RPCRT4!LRPC_SCALL::DispatchRequest+0x257
00b0f538 7654f763 00307f90 0033d380 0031c188 RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0xbd
00b0f554 7654f5ff 00000000 0033d368 00318238 RPCRT4!LRPC_SCALL::HandleRequest+0x34f
00b0f588 7654f573 00000000 0033d368 00319e90 RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x144
00b0f5c0 7654ee4f 00318150 00000000 00319e90 RPCRT4!LRPC_ADDRESS::HandleRequest+0xbd
00b0f63c 7654ece7 00000000 00b0f658 76551357 RPCRT4!LRPC_ADDRESS::ProcessIO+0x50a
00b0f648 76551357 003181ec 00000000 00b0f680 RPCRT4!LrpcServerIoHandler+0x16
00b0f658 77afd3a3 00b0f6c4 003181ec 0031f898 RPCRT4!LrpcIoComplete+0x16
00b0f680 77b00748 00b0f6c4 00000000 00000000 ntdll!TppAlpcpExecuteCallback+0x1c5
00b0f7e8 761e1174 002e1da8 00b0f834 77b2b3f5 ntdll!TppWorkerThread+0x5a4
00b0f7f4 77b2b3f5 002e1da8 7709baea 00000000 kernel32!BaseThreadInitThunk+0xe
00b0f834 77b2b3c8 77afd63e 002e1da8 00000000 ntdll!__RtlUserThreadStart+0x70
00b0f84c 00000000 77afd63e 002e1da8 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: .tss 0x28 ; kb
FOLLOWUP_IP:
volmgr!RtlStringCbPrintfW+3a
86d66160 83c410 add esp,10h
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: volmgr!RtlStringCbPrintfW+3a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: volmgr
IMAGE_NAME: volmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf1d
FAILURE_BUCKET_ID: 0x7f_8_volmgr!RtlStringCbPrintfW+3a
BUCKET_ID: 0x7f_8_volmgr!RtlStringCbPrintfW+3a
Followup: MachineOwner
---------
#2
0
You might be converting Device Type of FILE_DEVICE_NETWORK_FILE_SYSTEM
to dos name. FILE_DEVICE_NETWORK_FILE_SYSTEM
is not a volume device object. so before calling ioVolumeDeviceToDosName
you should check
您可以将FILE_DEVICE_NETWORK_FILE_SYSTEM的设备类型转换为dos名称。FILE_DEVICE_NETWORK_FILE_SYSTEM不是一个卷设备对象。在调用ioVolumeDeviceToDosName之前,应该检查一下。
if(IoGetCurrentIrpStackLocation(Irp)->FileObject->DeviceObject->DeviceType == FILE_DEVICE_DISK && !KeAreAllApcsDisabled())
{
//Do you ioVolumeDeviceTioDosName Here
}
#1
0
Yes driver complied for Windows 7. I not using static code analyzer
是的,司机遵守了Windows 7。我不使用静态代码分析器。
BUGCHECK_STR: 0x7f_8
TSS: 00000028 -- (.tss 0x28)
eax=908b92ec ebx=00000000 ecx=908b9360 edx=00000000 esi=908b9374 edi=908b9374
eip=826c5035 esp=908b8e74 ebp=908b92c8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt!_woutput_l+0x1b:
826c5035 57 push edi
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 1f
LAST_CONTROL_TRANSFER: from 826bedad to 826c5035
STACK_TEXT:
908b92c8 826bedad 908b92ec 86d70560 00000000 nt!_woutput_l+0x1b
908b930c 826c7667 908b9374 00000063 86d70560 nt!_vsnwprintf_l+0x7b
908b9328 86d66160 908b9374 00000063 86d70560 nt!_vsnwprintf+0x18
908b934c 86d6cf44 908b9374 000000c8 86d70560 volmgr!RtlStringCbPrintfW+0x3a
908b9440 86d668ab 851080e8 843b0248 00004000 volmgr!VmpQueryDeviceName+0x46
908b9464 826434bc 85108030 843b03b4 85104be8 volmgr!VmDeviceControl+0x2f1
908b947c 87001854 908b94c4 8700274d 85104b30 nt!IofCallDriver+0x63
908b9484 8700274d 85104b30 843b0248 85103990 fvevol!FveFilterSkip+0x1e
908b94c4 826434bc 85104b30 843b0248 85103978 fvevol!FveFilterDeviceControl+0x16f
908b94dc 873d1083 908b957c 843b0248 908b9534 nt!IofCallDriver+0x63
908b94ec 873d96ea 851038c0 843b0248 17b5c100 rdyboost!SmdDispatchPassthrough+0x6d
908b9534 826434bc 851038c0 843b0248 843b0248 rdyboost!SmdDispatchDeviceControl+0x68
908b954c 873b2fcc 00000000 85108660 85108660 nt!IofCallDriver+0x63
908b9580 826434bc 00000000 843b0248 00000200 volsnap!VolSnapDeviceControl+0x50
908b9598 827f549f 85f09030 93acd748 843dd030 nt!IofCallDriver+0x63
908b9dfc 90cef31f 85108660 908b9e14 0030002e nt!IoVolumeDeviceToDosName+0x7e
908ba668 90cef541 00000d78 85108030 908bb538 ProcObsrv!GetProcessImageName+0x21f [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 381]
908bb53c 8285e238 843dd030 00000d78 908bb560 ProcObsrv!OnCreateProcessEx+0x91 [d:\oc\sources\drivers2005\ocdrivers\procobsrv\procobsrv.c @ 469]
908bb5f4 8285d523 85f09030 013dd030 908bb650 nt!PspInsertThread+0x5be
908bbd00 8264a42a 00b0eacc 00b0eaa8 02000000 nt!NtCreateUserProcess+0x742
908bbd00 77b164f4 00b0eacc 00b0eaa8 02000000 nt!KiFastCallEntry+0x12a
00b0e78c 77b14bcc 761e4a0b 00b0eacc 00b0eaa8 ntdll!KiFastSystemCallRet
00b0e790 761e4a0b 00b0eacc 00b0eaa8 02000000 ntdll!NtCreateUserProcess+0xc
00b0edec 76192059 00000000 00000000 000f2188 kernel32!CreateProcessInternalW+0xe75
00b0ee24 6b3669a8 00000000 000f2188 00000000 kernel32!CreateProcessW+0x2c
00b0eeb4 6b34ee3b 00b0eeec 000f20d8 00000020 mpsvc!CommonUtil::UtilCreateProcess+0x8c
00b0eef8 6b3558b5 00948b98 00000000 c4d82385 mpsvc!MpService::MpTaskSchedulerCmdRun+0x7f
00b0ef44 6b355c60 00000001 c4d8234d 00b0efc8 mpsvc!CommonUtil::CStdBasicString<unsigned short,CommonUtil::mp_char_traits<unsigned short>,std::allocator<unsigned short> >::operator+=+0x73
00b0ef8c 6b355d94 00b0efdc 00958830 00948b40 mpsvc!MpService::CMpSignaturesUpdateManager::RpcStartUpdate+0x1d0
00b0efc4 7654fc8f 00307f90 00000011 00b0f1f8 mpsvc!ServerMpRpcSigUpdClientOpen+0x32
00b0efec 765b4c53 6b355d62 00b0f1d8 00000005 RPCRT4!Invoke+0x2a
00b0f3f4 765b430e 00000000 00000000 00308048 RPCRT4!NdrStubCall2+0x2d6
00b0f410 7654f34a 00308048 c82f34ca 00318238 RPCRT4!NdrServerCall2+0x19
00b0f44c 7654f4da 6b39096e 00308048 00b0f4fc RPCRT4!DispatchToStubInCNoAvrf+0x4a
00b0f4a4 7654f3c6 00318238 00000000 00000000 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x16c
00b0f4cc 76543974 00000000 00000000 00b0f4fc RPCRT4!RPC_INTERFACE::DispatchToStub+0x8b
00b0f518 7654f7a4 00307f90 00b0f534 0031c188 RPCRT4!LRPC_SCALL::DispatchRequest+0x257
00b0f538 7654f763 00307f90 0033d380 0031c188 RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0xbd
00b0f554 7654f5ff 00000000 0033d368 00318238 RPCRT4!LRPC_SCALL::HandleRequest+0x34f
00b0f588 7654f573 00000000 0033d368 00319e90 RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x144
00b0f5c0 7654ee4f 00318150 00000000 00319e90 RPCRT4!LRPC_ADDRESS::HandleRequest+0xbd
00b0f63c 7654ece7 00000000 00b0f658 76551357 RPCRT4!LRPC_ADDRESS::ProcessIO+0x50a
00b0f648 76551357 003181ec 00000000 00b0f680 RPCRT4!LrpcServerIoHandler+0x16
00b0f658 77afd3a3 00b0f6c4 003181ec 0031f898 RPCRT4!LrpcIoComplete+0x16
00b0f680 77b00748 00b0f6c4 00000000 00000000 ntdll!TppAlpcpExecuteCallback+0x1c5
00b0f7e8 761e1174 002e1da8 00b0f834 77b2b3f5 ntdll!TppWorkerThread+0x5a4
00b0f7f4 77b2b3f5 002e1da8 7709baea 00000000 kernel32!BaseThreadInitThunk+0xe
00b0f834 77b2b3c8 77afd63e 002e1da8 00000000 ntdll!__RtlUserThreadStart+0x70
00b0f84c 00000000 77afd63e 002e1da8 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: .tss 0x28 ; kb
FOLLOWUP_IP:
volmgr!RtlStringCbPrintfW+3a
86d66160 83c410 add esp,10h
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: volmgr!RtlStringCbPrintfW+3a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: volmgr
IMAGE_NAME: volmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf1d
FAILURE_BUCKET_ID: 0x7f_8_volmgr!RtlStringCbPrintfW+3a
BUCKET_ID: 0x7f_8_volmgr!RtlStringCbPrintfW+3a
Followup: MachineOwner
---------
#2
0
You might be converting Device Type of FILE_DEVICE_NETWORK_FILE_SYSTEM
to dos name. FILE_DEVICE_NETWORK_FILE_SYSTEM
is not a volume device object. so before calling ioVolumeDeviceToDosName
you should check
您可以将FILE_DEVICE_NETWORK_FILE_SYSTEM的设备类型转换为dos名称。FILE_DEVICE_NETWORK_FILE_SYSTEM不是一个卷设备对象。在调用ioVolumeDeviceToDosName之前,应该检查一下。
if(IoGetCurrentIrpStackLocation(Irp)->FileObject->DeviceObject->DeviceType == FILE_DEVICE_DISK && !KeAreAllApcsDisabled())
{
//Do you ioVolumeDeviceTioDosName Here
}