calling ExAllocatePoolWithTag causes problems

  • Thread starter Thread starter 0darkghost0
  • Start date Start date
0

0darkghost0

Guest
Hello, when I call ExAllocatePool from my DriverEntry, I get a PAGE_FAULT_IN_NONPAGED_AREA violation. I am calling with PASSIVE_LEVEL IRQL and requesting memory from nonpaged pool. If anyone could help, I would appreciate it. This bug doesn't occur in my virtual machine, which is strange. Thanks in Advance!

This is the crash dump:


PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffba046798a000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff80635e8f66f, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 3796

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-RJMI7MF

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 4351

Key : Analysis.Memory.CommitPeak.Mb
Value: 88

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 50

BUGCHECK_P1: ffffba046798a000

BUGCHECK_P2: 2

BUGCHECK_P3: fffff80635e8f66f

BUGCHECK_P4: 2

READ_ADDRESS: ffffba046798a000 Nonpaged pool

MM_INTERNAL_CODE: 2

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: System

TRAP_FRAME: ffffcd8daabdb360 -- (.trap 0xffffcd8daabdb360)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000001
rdx=ffffffffffffffff rsi=0000000000000000 rdi=0000000000000000
rip=fffff80635e8f66f rsp=ffffcd8daabdb4f0 rbp=ffffba046798a000
r8=0000000000001ffd r9=00000000ffffffff r10=0000000000000000
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!RtlpHpVsSubsegmentCreate+0xff:
fffff80635e8f66f 0f114500 movups xmmword ptr [rbp],xmm0 ss:0018:ffffba046798a000=????????????????????????????????
Resetting default scope

STACK_TEXT:
ffffcd8daabdb0b8 fffff8063607a665 : 0000000000000050 ffffba046798a000 0000000000000002 ffffcd8daabdb360 : nt!KeBugCheckEx
ffffcd8daabdb0c0 fffff80635eea4a0 : 0000000000000000 0000000000000002 ffffcd8daabdb3e0 0000000000000000 : nt!MiSystemFault+0x172315
ffffcd8daabdb1c0 fffff8063600335e : ffffffffffffffff 0000000021000000 ffffba0467901140 0000000000000021 : nt!MmAccessFault+0x400
ffffcd8daabdb360 fffff80635e8f66f : 0000000000020000 ffffba0467a00280 0000000000000000 0000000000000000 : nt!KiPageFault+0x35e
ffffcd8daabdb4f0 fffff80635ec7afb : 0000000000000000 0000000000000000 0000000000000000 ffffe38200000010 : nt!RtlpHpVsSubsegmentCreate+0xff
ffffcd8daabdb550 fffff80635ecad6d : 000000000000e2b0 ffffcd8d0000e2b0 ffffcd8daabdb691 00000000656e6f4e : nt!RtlpHpVsContextAllocateInternal+0x36b
ffffcd8daabdb5b0 fffff806365b1094 : ffffba0400000000 ffffffff80004898 00000000656e6f4e 0000000000000000 : nt!ExAllocateHeapPool+0x6ed
ffffcd8daabdb6f0 fffff80635ead16f : ffffba0474023000 ffffcd8daabdba60 ffffba04745ab510 0000000000000000 : nt!ExAllocatePoolWithTag+0x64
ffffcd8daabdb740 fffff80649922f43 : 0000000000060005 fffff80649925ad0 ffffba04418a5c00 ffffba046798a000 : nt!ExAllocatePool+0xf
ffffcd8daabdb770 fffff8064992471d : 0000000000000000 fffff80649925aa0 0000000000000000 fffff806499244da : kernel!Utils::GetDriverBaseAddress+0x73 [C:\Users\user1\source\repos\MyDriver\Kernel\utils.h @ 50]
ffffcd8daabdb7f0 fffff8064992176e : fffff80649925e70 000000000000000e 0000000000000065 0000000000000003 : kernel!NIC::EnumerateModules+0x15 [C:\Users\user1\source\repos\MyDriver\Kernel\NIC.h @ 100]
ffffcd8daabdb890 fffff8064992398f : ffffba0474146310 ffffba0474023000 ffffba0471c8b490 0000000000000100 : kernel!Entry+0x36 [C:\Users\user1\source\repos\MyDriver\Kernel\Driver.cpp @ 142]
ffffcd8daabdb900 fffff8063631e3cd : 000000000000000e 0000000000000000 0000000000000000 0000000000001000 : nt!PnpCallDriverEntry+0x4c
ffffcd8daabdb960 fffff80636364207 : 0000000000000000 0000000000000000 fffff80636925440 ffffba0472f2ca18 : nt!IopLoadDriver+0x4e5
ffffcd8daabdbb30 fffff80635f034b5 : ffffba0400000000 ffffffff80004898 ffffba0471c50040 ffffba0400000000 : nt!IopLoadUnloadDriver+0x57
ffffcd8daabdbb70 fffff80635ea29a5 : ffffba0471c50040 0000000000000080 ffffba0467eae080 0000000000000080 : nt!ExpWorkerThread+0x105
ffffcd8daabdbc10 fffff80635ffc868 : ffff9081f1ea1180 ffffba0471c50040 fffff80635ea2950 0000000000000000 : nt!PspSystemThreadStartup+0x55
ffffcd8daabdbc60 0000000000000000 : ffffcd8daabdc000 ffffcd8daabd6000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x28

SYMBOL_NAME: nt!ExAllocatePool+f

IMAGE_NAME: Pool_Corruption

MODULE_NAME: Pool_Corruption

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: f

FAILURE_BUCKET_ID: AV_INVALID_nt!ExAllocatePool

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {bf01aada-9771-ad56-bb83-80fbba6594cf}

Followup: Pool_corruption

Continue reading...
 
You must log in or register to reply here.

Similar threads

T
When I open csgo (game) it runs for a while and crashes with IRQL not less error. But other heavy softwares runs fine.
Replies
0
Views
23
TTM99
T
D
BSOD caused by NVIDIA Driver?
Replies
0
Views
12
Default_968
D
X
BSOD caused by NVIDIA Driver?
Replies
0
Views
17
XxBaddaskillerX
X
B
BSOD HOW CAN I FIX THIS
Replies
0
Views
2
breth_x
B
B
BSOD HOW CAN I FIX THIS
Replies
0
Views
3
breth_x
B
Back
Top