I am working on an audio miniport driver for Windows 10. During the initalization of the driver in StartDevice() function i am providing the driver owned resources to Windows by calling AddStreamResource() function after retrieving IID_IPortClsStreamResourceManager interface.
I am providing all the resources in the PCSTREAMRESOURCE_DESCRIPTOR properly. But i am seeing a crash with Access violation. Below is the code.
PCSTREAMRESOURCE_DESCRIPTOR Streamresource;
PCSTREAMRESOURCE hRes = NULL;
PDEVICE_OBJECT pdo = NULL;
//m_pDeviceObject is a device FDO.
PcGetPhysicalDeviceObject(m_pDeviceObject, &pdo);
ASSERT(pdo != NULL);
PCSTREAMRESOURCE_DESCRIPTOR_INIT(&Streamresource);
Streamresource.Pdo = pdo;
Streamresource.Type = ePcStreamResourceThread;
Streamresource.Resource.Thread = (PETHREAD )m_Thread;
ntStatus = m_pPortClsStreamResourceManager->AddStreamResource(
NULL, &Streamresource, &hRes);
This function is crashing with SYSTEM_THREAD_EXCEPTION_NOT_HANDLED error code.
However if i call the function PcAddStreamResource() with the same parameters, it doesn’t crash and the driver loads properly.
I validated that m_pPortClsStreamResourceManager, PDO and m_thread are not NULL.
Below is the crash dump.
BugCheck 7E, {ffffffffc0000005, fffff800d650a160, ffffd0005dbac3d8, ffffd0005dbabbf0}
Probably caused by : portcls.sys ( portcls!PcGetPhysicalDeviceObject+0 )
Followup: MachineOwner
nt!DbgBreakPointWithStatus:
fffff802`39bd6900 cc int 3
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800d650a160, The address that the exception occurred at
Arg3: ffffd0005dbac3d8, Exception Record Address
Arg4: ffffd0005dbabbf0, Context Record Address
Debugging Details:
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff800d650a160
BUGCHECK_P3: ffffd0005dbac3d8
BUGCHECK_P4: ffffd0005dbabbf0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
portcls!PcGetPhysicalDeviceObject+0
fffff800`d650a160 488b4140 mov rax,qword ptr [rcx+40h]
EXCEPTION_RECORD: ffffd0005dbac3d8 – (.exr 0xffffd0005dbac3d8)
ExceptionAddress: fffff800d650a160 (portcls!PcGetPhysicalDeviceObject)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000040
Attempt to read from address 0000000000000040
CONTEXT: ffffd0005dbabbf0 – (.cxr 0xffffd0005dbabbf0)
rax=ffffd0005dbac648 rbx=ffffe001d0064520 rcx=0000000000000000
rdx=ffffd0005dbac650 rsi=0000000000000000 rdi=ffffd0005dbac7a8
rip=fffff800d650a160 rsp=ffffd0005dbac618 rbp=0000000000000000
r8=ffffd0005dbac7a8 r9=ffffe001d0064520 r10=0000000000000000
r11=fffff800d64e400b r12=0000000000000000 r13=ffffe001d167ea80
r14=ffffe001cddbfca0 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
portcls!PcGetPhysicalDeviceObject:
fffff800d650a160 488b4140 mov rax,qword ptr [rcx+40h] ds:002b:00000000
00000040=???
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: 5a0
CPU_FAMILY: 6
CPU_MODEL: 4c
CPU_STEPPING: 3
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000040
READ_ADDRESS: 0000000000000040
FOLLOWUP_IP:
portcls!PcGetPhysicalDeviceObject+0
fffff800`d650a160 488b4140 mov rax,qword ptr [rcx+40h]
BUGCHECK_STR: AV
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
ANALYSIS_VERSION: 10.0.10240.9 x86fre
LAST_CONTROL_TRANSFER: from fffff800d650f76b to fffff800d650a160
STACK_TEXT:
ffffd0005dbac618 fffff800
d650f76b : ffffd0005dbac7a0 00000000
00001000 ffffe001cf9e19e0 00000000
00000000 : portcls!PcGetPhysicalDeviceObject
ffffd0005dbac620 fffff800
d6458c65 : 0000000000000000 00000000
00000001 ffffe001cddbfdf0 fffff802
00000000 : portcls!CPortWaveRT::AddStreamResource+0x2b
ffffd0005dbac650 fffff800
d643f3f5 : ffffe001d0063000 ffffe001
cddbfca0 ffffe001cf81c210 ffffe001
d167ea80 : xxxxxx!CAudioEnginePnw::Init+0x1245 [c:\users\ushaikhx\desktop\threshold_10135\source-jay\audio\audiorealtek\audiodriver-coreisolation\lpepnw.cpp @ 435]
ffffd0005dbac7f0 fffff800
d642b89a : ffffe001cf9e1740 ffffe001
cf81c210 ffffc000d2aee480 ffffe001
cddbfca0 : xxxxxx!CSstAdapterCommon::Init+0x4b5 [c:\users\ushaikhx\desktop\threshold_10135\source-jay\audio\audiorealtek\audiodriver-coreisolation\common.cpp @ 141]
ffffd0005dbac9e0 fffff800
d642e1ca : ffffe001cf81c210 ffffc000
d2aee480 ffffe001cddbfca0 ffffe001
d167ea80 : xxxxxx!!CAudioAdapter::Init+0x4aa [c:\users\ushaikhx\desktop\threshold_10135\source-jay\audio\audiorealtek\audiodriver-coreisolation\adapter.cpp @ 604]
ffffd0005dbacb20 fffff800
d65115c1 : ffffe001cddbfca0 ffffe001
d167ea80 ffffc000d2aee480 00000000
00000000 : xxxxxx!CAudioAdapter::StartDevice+0x23a [c:\users\ushaikhx\desktop\threshold_10135\source-jay\audio\audiorealtek\audiodriver-coreisolation\adapter.cpp @ 888]
ffffd0005dbacbb0 fffff800
d651396d : ffffc000d2aee480 ffffc000
d548d3c0 0000000000000000 00000000
00000000 : portcls!PnpStartDevice+0xb1
ffffd0005dbacc10 fffff802
39afd054 : ffffe001cd9a7040 fffff802
39afcb58 0000000000000000 00000000
00000000 : portcls!EnqueuedIoWorkItemCallback+0x2d
ffffd0005dbacc40 fffff802
39afc769 : fffff80239e5d340 ffffe001
cd9a7040 fffff80239afcf60 00000000
00000000 : nt!IopProcessWorkItem+0xf4
ffffd0005dbaccb0 fffff802
39b69698 : 0000000000000000 00000000
00000080 fffff80239e5d340 ffffe001
cd9a7040 : nt!ExpWorkerThread+0xe9
ffffd0005dbacd40 fffff802
39bd6306 : ffffd0005da34180 ffffe001
cd9a7040 ffffd0005da40bc0 00000000
00000000 : nt!PspSystemThreadStartup+0x58
ffffd0005dbacda0 00000000
00000000 : ffffd0005dbad000 ffffd000
5dba7000 0000000000000000 00000000
00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: portcls!PcGetPhysicalDeviceObject+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: portcls
IMAGE_NAME: portcls.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 559f3a45
STACK_COMMAND: .cxr 0xffffd0005dbabbf0 ; kb
BUCKET_ID_FUNC_OFFSET: 0
FAILURE_BUCKET_ID: AV_portcls!PcGetPhysicalDeviceObject
BUCKET_ID: AV_portcls!PcGetPhysicalDeviceObject
PRIMARY_PROBLEM_CLASS: AV_portcls!PcGetPhysicalDeviceObject
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_portcls!pcgetphysicaldeviceobject
FAILURE_ID_HASH: {4876d867-80a6-e48d-f660-fef38180e433}
Followup: MachineOwner
What i can’t figure out is why AddStreamResource function is calling PcGetPhysicalDeviceObject, when i already used this function , retrieved the PDO and passed it to AddStreamResource.