locked
FwppBfeStateSubscribeChanges Faults on Windows 8 - Bugcheck 18 (REFERENCE_BY_POINTER) RRS feed

  • Question

  • When my WFP callout driver calls FwpmBfeStateSubscribeChanges0() on Windows 8, it results in a BSOD with bugcheck 18. This is not seen on Windows 7 x86 or amd64. The BSOD shows the fault is in FwppBfeStateSubscribeChanges at offset 0x3f, and it appears that it is referencing an invalid object.

        REFERENCE_BY_POINTER (18)
        Arguments:
        Arg1: 00000000, Object type of the object whose reference count is being lowered
        Arg2: 8c8c8044, Object whose reference count is being lowered
        Arg3: 00000010, Reserved
        Arg4: 00000001, Reserved

        1: kd> !object 8c8c8044
        8c8c8044: Not a valid object (ObjectType invalid)

    My callout driver is a WDM driver and not WDF. Here's the code that creates a device obejct used within the driver:

        status = IoCreateDevice(
                        Globals.DriverObject,
                        0,
                        &deviceName,
                        FILE_DEVICE_NETWORK,
                        FILE_DEVICE_SECURE_OPEN,
                        FALSE,
                        &Globals.DeviceObject
                        );

        if (!NT_SUCCESS(status))
            {
            goto exit;
            }

        ClearFlag(Globals.DeviceObject->Flags, DO_DEVICE_INITIALIZING);

    Here's the code that calls FwpmBfeStateSubscribeChanges0:

        status = FwpmBfeStateSubscribeChanges0(
                        &Globals.DeviceObject,
                        WfpBfeStateCallback,
                        pWfpInfo,
                        &pWfpInfo->BfeCallbackHandle);

    I looked at the code in the WFP samplers driver, but that sample is WDF. However, the only thing that looks different is the sample calls WdfDeviceWdmGetDeviceObject() to get a pointer to the WDM device:

       g_pWDMDevice = WdfDeviceWdmGetDeviceObject(g_WDFDevice);

    Is there something I need to do with the WDM device object before calling FwpmBfeStateSubscribeChanges0? For example, do I need to increment the object reference count first (I assume that is what WdfDeviceWdmGetDeviceObject() does)? And why does this work in Win7 and blow up in Win8?

    Thanks!

    Monday, March 4, 2013 8:26 PM

Answers

  • Globals.DeviceObject is a PDEVICE_OBJECT.  you should not be passing the address of this, but rather pass it straight through

    status = FwpmBfeStateSubscribeChanges0(Globals.DeviceObject,
                                                                   WfpBfeStateCallback,
                                                                   pWfpInfo,
                                                                   &(pWfpInfo->BfeCallbackHandle));

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, March 5, 2013 9:28 PM
    Moderator