|
RE: Bugcheck Analysis
<![CDATA[If I understand what you wrote, it means the this pointer is null, which means
you called through a bad pointer.
See where the pointer you called into the current function from is supposed to
be setup. (Most likely in the
stack above your current one).
-Jeff
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmx.de
Sent: Wednesday, February 16, 2005 4:18 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Bugcheck Analysis
Hi,
I do have a Bugcheck Analysis of my filter driver (see below) and I am not sure
if I interpret it right. The Bugcheck occurs in a piece of code like
this:
NTSTATUS KLowerDevice::Call(KIrp I)
{
return IoCallDriver(m_pDeviceObject, I.m_Irp);
}
The compiler generates this:
00031 8b 55 08 mov edx, DWORD PTR _I$[ebp]
00034 8b 4d fc mov ecx, DWORD PTR _this$[ebp]
00037 8b 49 04 mov ecx, DWORD PTR [ecx+4]
0003a ff 15 00 00 00
00 call DWORD PTR __imp_@IofCallDriver@8
I think the Bugcheck "says", that the "this-pointer" isn't valid anymore (means
the object has been deleted). Is this correct?
Thanks in
advance
Dirk
*******************************************************************************
* =20
*
* Bugcheck Analysis =20
*
* =20
*
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints the
driver/function that caused the problem. Always note this address as well as
the link date of the driver/image that contains this address. Some common
problems are exception code 0x80000003. This means a hard coded breakpoint or
assertion was hit, but this system was booted /NODEBUG. This is not supposed to
happen as developers should never have hardcoded breakpoints in retail code, but
... If this happens, make sure a debugger gets connected, and the system is
booted /DEBUG. This will let us see why this breakpoint is happening. An
exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates that an
unaligned data reference was encountered. The trap frame will supply additional
information.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ef4fe7c7, The address that the exception occurred at
Arg3: f8996c30, Exception Record Address
Arg4: f8996930, Context Record Address
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Database SolnDb not connected
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
myfilter+137c7
ef4fe7c7 8b4904 mov ecx,[ecx+0x4]
EXCEPTION_PARAMETER1: f8996c30
CONTEXT: f8996930 -- (.cxr fffffffff8996930)
eax=0000000a ebx=81fca8b8 ecx=00000004 edx=81ad6368 esi=8054f11c edi=81ad60fc
eip=ef4fe7c7 esp=f8996cf8 ebp=f8996cfc iopl=0 nv up ei ng nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 =20
efl=00010282
myfilter+137c7:
ef4fe7c7 8b4904 mov ecx,[ecx+0x4]
ds:0023:00000008=????????
Resetting default context
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from ef4fe788 to ef4fe7c7
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f8996cfc ef4fe788 81ad6368 81c29940 f8996d5c myfilter+0x137c7 f8996d0c ef4f1e3d
81ad6368 00000001 81adba58 myfilter+0x13788 f8996d5c ef4f398f 81ad60fc f8996d7c
ef4f262f myfilter+0x6e3d f8996d68 ef4f262f 81ad60fc 81c29940 81ad60fc
myfilter+0x898f f8996d7c 805296ad 81ad60fc 00000000 81fca8b8 myfilter+0x762f
f8996dac 805b282c 81ad60fc 00000000 00000000 nt+0x556ad f8996ddc 8053602a
805295c0 00000001 00000000 nt+0xde82c 00000000 00000000 00000000 00000000
00000000 nt+0x6202a
FOLLOWUP_IP:
myfilter+137c7
ef4fe7c7 8b4904 mov ecx,[ecx+0x4]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: myfilter+137c7
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr fffffffff8996930 ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
--
DSL Komplett von GMX +++ Superg?nstig und stressfrei einsteigen! AKTION "Kein
Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
---
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@concord.com To unsubscribe send
a blank email to xxxxx@lists.osr.com
*********************************************************************************
**
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete this e-mail from your
system. E-mail transmission cannot be guaranteed to be secured or error-free as
information could be intercepted, corrupted, lost, destroyed, received late or
incomplete, or could contain viruses. The sender therefore does not accept
liability for any error or omission in the contents of this message, which
arises as a result of e-mail transmission. If verification is required, please
request a hard-copy version from the sender.
*********************************************************************************
**
]]>
|
Bugcheck Analysis