none
Blue screen after a long period of time RRS feed

  • Question

  • Hi,

    I have developed a driver which code has become rather big and it gives me a blue screen after running for a long period of time (on what seems to be a 'page fault in non paged area'). I have no idea why.

    Is there a generic way to determine what is causing this bsod and in which part of my code?

    Franck

    Thursday, June 6, 2013 6:27 AM

All replies

  • Post the output of !analyze -v and make sure symbols for your driver, ntos and the entire stack are valid

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, June 6, 2013 9:39 AM
  • I was testing in a virtual machine which has been reset since the last crash. I will wait for the next crash (~6 to 8 hours) to post the output.

    In the meantime, I can tell you what the driver is about. What I am doing is a filsystem filter driver which looks at the IRP_MJ_CREATE and deny access to one specific file. I am under the impression that the denying part is the problem which makes it crash. Here is my code to deny access once I have recognized the file (in my dispatch function):

                    Irp->IoStatus.Status=STATUS_ACCESS_DENIED;
                    Irp->IoStatus.Information=0;
                    IoCompleteRequest(Irp,IO_NO_INCREMENT);
                    return  STATUS_ACCESS_DENIED;

    Is it correct? I mean, I have tested it and it does what I want in the short terms but is there something wrong with that which could make the driver crash at some point? I was using IoCancelFileOpen before it at some point but it seemed to make the driver crash faster (I don't know if it's related though) and as it was working without it I removed it.

    Thursday, June 6, 2013 11:14 AM
  • This looks like a legacy filter, these are extremely hard to get right.  Have you thought of doing this as a mini-filter driver they are less likely to hit some of these problems.  You code is fine for rejecting the request, but I suspect that the determination of the correct file is probably got a problem.  Code like that is harder than most people think.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Thursday, June 6, 2013 3:44 PM