O
OverflowAtMsdn
Guest
DumpFileObject(*(pVolDev->fileObject));
CC_FILE_SIZES fileSize;
fileSize.AllocationSize.QuadPart = fileSize.FileSize.QuadPart = sizeof(PACKED_BOOT_SECTOR);
fileSize.ValidDataLength.QuadPart = 0xFFFFFFFF;
CcInitializeCacheMap(pVolDev->fileObject,
&fileSize,
TRUE,
&HrfsData.CacheManagerNoOpCallbacks,
Vcb);
In this Code segment a crash occured when I call the CcInitializeCacheMap function.
The FILE_OBJECT and the dump infomation is as below :
fileObject.Type : 5
fileObject.Size : d8
fileObject.DeviceObject : c2221670
fileObject.Vpb : c39302e0
fileObject.FsContext : 32166f0
fileObject.FsContext2 : 0
fileObject.SectionObjectPointer : 0
fileObject.PrivateCacheMap : 0
fileObject.FinalStatus : 0
fileObject.RelatedFileObject : 0
fileObject.LockOperation : 0
fileObject.DeletePending : 0
fileObject.ReadAccess : 1
fileObject.WriteAccess : 1
fileObject.DeleteAccess : 1
fileObject.SharedRead : 0
fileObject.SharedWrite : 0
fileObject.SharedDelete : 0
fileObject.Flags : 40100
fileObject.FileName : 247bb70
fileObject.CurrentByteOffset : 0
fileObject.Waiters : 0
fileObject.Busy : 0
fileObject.LastLock : 0
fileObject.FileObjectExtension : 0
The stack text is as below:
STACK_TEXT:
fffff880`0247bac0 fffff880`03241c78 : fffff880`00000000 00000000`00000000 00000000`00000001 fffff880`032166c8 : nt!CcInitializeCacheMap+0xd3
fffff880`0247bba0 fffff880`0323e095 : fffffa80`c303b010 fffffa80`c2222040 fffffa80`c39302e0 fffffa80`c3d56a40 : fastfatDemo!FatMountVolume+0xaf8 [G:\BaiduNetdiskDownload\fastfat_V1G13\fastfat_File_System_Driver\FsCtrl.c @ 1460]
fffff880`0247c2f0 fffff880`0323ecb7 : fffffa80`c303b010 fffffa80`c259bb40 00000000`00000065 00000000`00000003 : fastfatDemo!FatCommonFileSystemControl+0xe5 [G:\BaiduNetdiskDownload\fastfat_V1G13\fastfat_File_System_Driver\FsCtrl.c @ 1053]
fffff880`0247c340 fffff880`0113d4bc : fffffa80`c3d56a40 fffffa80`c259bb40 00000000`00000000 00000000`00000000 : fastfatDemo!FatFsdFileSystemControl+0x127 [G:\BaiduNetdiskDownload\fastfat_V1G13\fastfat_File_System_Driver\FsCtrl.c @ 969]
fffff880`0247c3a0 fffff880`01138971 : fffffa80`c3d56450 00000000`00000000 fffffa80`c3024200 fffffa80`c3129cb0 : fltmgr!FltpFsControlMountVolume+0x28c
fffff880`0247c470 fffff800`04334e6b : fffffa80`c3d56450 00000000`00000000 fffffa80`c3d56450 fffffa80`c259bb40 : fltmgr!FltpFsControl+0x101
fffff880`0247c4d0 fffff800`040789e7 : fffff880`0247c7c0 fffff880`0247c701 fffffa80`c2221600 00000000`00000000 : nt!IopMountVolume+0x28f
fffff880`0247c590 fffff800`044fac6d : 00000000`00000025 00000000`00000000 fffff880`0247c7c0 fffff880`0247c768 : nt!IopCheckVpbMounted+0x1b7
fffff880`0247c600 fffff800`044229a4 : fffffa80`c2221670 00000000`00000000 fffffa80`c31dbb10 fffff8a0`00000001 : nt!IopParseDevice+0xb4d
fffff880`0247c760 fffff800`042fd756 : 00000000`00000000 fffff880`0247c8e0 00000000`00000040 fffffa80`c15c07b0 : nt!ObpLookupObjectName+0x784
fffff880`0247c860 fffff800`044c9d88 : fffffa80`c3d20cb0 00000000`00000000 00000000`00000401 fffff800`043fdef6 : nt!ObOpenObjectByName+0x306
fffff880`0247c930 fffff800`0435d7f4 : fffffa80`c629f870 fffff8a0`80100080 00000000`0029f4f8 00000000`0029f448 : nt!IopCreateFile+0xa08
fffff880`0247c9e0 fffff800`040b4bd3 : fffffa80`c3539b00 00000000`00000001 fffffa80`c629f870 fffff800`042fe1e4 : nt!NtCreateFile+0x78
fffff880`0247ca70 00000000`77629dda : 000007fe`fd3760d6 00000000`00000000 00000000`80000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0029f428 000007fe`fd3760d6 : 00000000`00000000 00000000`80000000 00000000`00000000 00000000`000c0000 : ntdll!ZwCreateFile+0xa
00000000`0029f430 00000000`773b0add : 00000000`0034bec0 00000000`80000000 00000000`00000003 00000000`0029f892 : KERNELBASE!CreateFileW+0x2cd
00000000`0029f590 000007fe`f1971c1e : 00000000`00000000 00000000`00000000 00000000`01d14280 00000000`0029f830 : kernel32!CreateFileWImplementation+0x7d
00000000`0029f5f0 00000000`00000000 : 00000000`00000000 00000000`01d14280 00000000`0029f830 00000000`00000003 : FVEAPI+0x1c1e
I traced the address to nt!CcInitializeCacheMap+0xd3 and found there is a compaire instruction .
nt!CcInitializeCacheMap:
fffff800`0405c000 4c894c2420 mov qword ptr [rsp+20h],r9
fffff800`0405c005 4488442418 mov byte ptr [rsp+18h],r8b
fffff800`0405c00a 53 push rbx
fffff800`0405c00b 55 push rbp
fffff800`0405c00c 56 push rsi
fffff800`0405c00d 4154 push r12
fffff800`0405c00f 4155 push r13
fffff800`0405c011 4881ecb0000000 sub rsp,0B0h
fffff800`0405c018 4533d2 xor r10d,r10d
fffff800`0405c01b 488bf1 mov rsi,rcx
fffff800`0405c01e 65488b0c2588010000 mov rcx,qword ptr gs:[188h]
fffff800`0405c027 488b02 mov rax,qword ptr [rdx]
fffff800`0405c02a 4c8b6970 mov r13,qword ptr [rcx+70h]
fffff800`0405c02e 450fb6e0 movzx r12d,r8b
fffff800`0405c032 4c8d442468 lea r8,[rsp+68h]
fffff800`0405c037 498be9 mov rbp,r9
fffff800`0405c03a 4c89542448 mov qword ptr [rsp+48h],r10
fffff800`0405c03f 498900 mov qword ptr [r8],rax
fffff800`0405c042 488b4208 mov rax,qword ptr [rdx+8]
fffff800`0405c046 44899424e8000000 mov dword ptr [rsp+0E8h],r10d
fffff800`0405c04e 49894008 mov qword ptr [r8+8],rax
fffff800`0405c052 488b4210 mov rax,qword ptr [rdx+10h]
fffff800`0405c056 4489542458 mov dword ptr [rsp+58h],r10d
fffff800`0405c05b 49894010 mov qword ptr [r8+10h],rax
fffff800`0405c05f 488b442468 mov rax,qword ptr [rsp+68h]
fffff800`0405c064 4489942480000000 mov dword ptr [rsp+80h],r10d
fffff800`0405c06c 4c89542450 mov qword ptr [rsp+50h],r10
fffff800`0405c071 48898c2488000000 mov qword ptr [rsp+88h],rcx
fffff800`0405c079 44899424e0000000 mov dword ptr [rsp+0E0h],r10d
fffff800`0405c081 4885c0 test rax,rax
fffff800`0405c084 0f84fe090000 je nt!CcInitializeCacheMap+0xa88 (fffff800`0405ca88)
fffff800`0405c08a 0fba614c0d bt dword ptr [rcx+4Ch],0Dh
fffff800`0405c08f 418bda mov ebx,r10d
fffff800`0405c092 ba01000000 mov edx,1
fffff800`0405c097 0f43da cmovae ebx,edx
fffff800`0405c09a 4438564b cmp byte ptr [rsi+4Bh],r10b
fffff800`0405c09e 0f85f3030000 jne nt!CcInitializeCacheMap+0x497 (fffff800`0405c497)
fffff800`0405c0a4 4805ffff0300 add rax,3FFFFh
fffff800`0405c0aa 4889442468 mov qword ptr [rsp+68h],rax
fffff800`0405c0af 816424680000fcff and dword ptr [rsp+68h],0FFFC0000h
fffff800`0405c0b7 488b4628 mov rax,qword ptr [rsi+28h]
fffff800`0405c0bb 4889bc24a8000000 mov qword ptr [rsp+0A8h],rdi
fffff800`0405c0c3 4c89b424a0000000 mov qword ptr [rsp+0A0h],r14
fffff800`0405c0cb 4c89bc2498000000 mov qword ptr [rsp+98h],r15
fffff800`0405c0d3 4c395008 cmp qword ptr [rax+8],r10
So what courced the crash to CcInitializeCacheMap by my program ?
Continue reading...
CC_FILE_SIZES fileSize;
fileSize.AllocationSize.QuadPart = fileSize.FileSize.QuadPart = sizeof(PACKED_BOOT_SECTOR);
fileSize.ValidDataLength.QuadPart = 0xFFFFFFFF;
CcInitializeCacheMap(pVolDev->fileObject,
&fileSize,
TRUE,
&HrfsData.CacheManagerNoOpCallbacks,
Vcb);
In this Code segment a crash occured when I call the CcInitializeCacheMap function.
The FILE_OBJECT and the dump infomation is as below :
fileObject.Type : 5
fileObject.Size : d8
fileObject.DeviceObject : c2221670
fileObject.Vpb : c39302e0
fileObject.FsContext : 32166f0
fileObject.FsContext2 : 0
fileObject.SectionObjectPointer : 0
fileObject.PrivateCacheMap : 0
fileObject.FinalStatus : 0
fileObject.RelatedFileObject : 0
fileObject.LockOperation : 0
fileObject.DeletePending : 0
fileObject.ReadAccess : 1
fileObject.WriteAccess : 1
fileObject.DeleteAccess : 1
fileObject.SharedRead : 0
fileObject.SharedWrite : 0
fileObject.SharedDelete : 0
fileObject.Flags : 40100
fileObject.FileName : 247bb70
fileObject.CurrentByteOffset : 0
fileObject.Waiters : 0
fileObject.Busy : 0
fileObject.LastLock : 0
fileObject.FileObjectExtension : 0
The stack text is as below:
STACK_TEXT:
fffff880`0247bac0 fffff880`03241c78 : fffff880`00000000 00000000`00000000 00000000`00000001 fffff880`032166c8 : nt!CcInitializeCacheMap+0xd3
fffff880`0247bba0 fffff880`0323e095 : fffffa80`c303b010 fffffa80`c2222040 fffffa80`c39302e0 fffffa80`c3d56a40 : fastfatDemo!FatMountVolume+0xaf8 [G:\BaiduNetdiskDownload\fastfat_V1G13\fastfat_File_System_Driver\FsCtrl.c @ 1460]
fffff880`0247c2f0 fffff880`0323ecb7 : fffffa80`c303b010 fffffa80`c259bb40 00000000`00000065 00000000`00000003 : fastfatDemo!FatCommonFileSystemControl+0xe5 [G:\BaiduNetdiskDownload\fastfat_V1G13\fastfat_File_System_Driver\FsCtrl.c @ 1053]
fffff880`0247c340 fffff880`0113d4bc : fffffa80`c3d56a40 fffffa80`c259bb40 00000000`00000000 00000000`00000000 : fastfatDemo!FatFsdFileSystemControl+0x127 [G:\BaiduNetdiskDownload\fastfat_V1G13\fastfat_File_System_Driver\FsCtrl.c @ 969]
fffff880`0247c3a0 fffff880`01138971 : fffffa80`c3d56450 00000000`00000000 fffffa80`c3024200 fffffa80`c3129cb0 : fltmgr!FltpFsControlMountVolume+0x28c
fffff880`0247c470 fffff800`04334e6b : fffffa80`c3d56450 00000000`00000000 fffffa80`c3d56450 fffffa80`c259bb40 : fltmgr!FltpFsControl+0x101
fffff880`0247c4d0 fffff800`040789e7 : fffff880`0247c7c0 fffff880`0247c701 fffffa80`c2221600 00000000`00000000 : nt!IopMountVolume+0x28f
fffff880`0247c590 fffff800`044fac6d : 00000000`00000025 00000000`00000000 fffff880`0247c7c0 fffff880`0247c768 : nt!IopCheckVpbMounted+0x1b7
fffff880`0247c600 fffff800`044229a4 : fffffa80`c2221670 00000000`00000000 fffffa80`c31dbb10 fffff8a0`00000001 : nt!IopParseDevice+0xb4d
fffff880`0247c760 fffff800`042fd756 : 00000000`00000000 fffff880`0247c8e0 00000000`00000040 fffffa80`c15c07b0 : nt!ObpLookupObjectName+0x784
fffff880`0247c860 fffff800`044c9d88 : fffffa80`c3d20cb0 00000000`00000000 00000000`00000401 fffff800`043fdef6 : nt!ObOpenObjectByName+0x306
fffff880`0247c930 fffff800`0435d7f4 : fffffa80`c629f870 fffff8a0`80100080 00000000`0029f4f8 00000000`0029f448 : nt!IopCreateFile+0xa08
fffff880`0247c9e0 fffff800`040b4bd3 : fffffa80`c3539b00 00000000`00000001 fffffa80`c629f870 fffff800`042fe1e4 : nt!NtCreateFile+0x78
fffff880`0247ca70 00000000`77629dda : 000007fe`fd3760d6 00000000`00000000 00000000`80000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0029f428 000007fe`fd3760d6 : 00000000`00000000 00000000`80000000 00000000`00000000 00000000`000c0000 : ntdll!ZwCreateFile+0xa
00000000`0029f430 00000000`773b0add : 00000000`0034bec0 00000000`80000000 00000000`00000003 00000000`0029f892 : KERNELBASE!CreateFileW+0x2cd
00000000`0029f590 000007fe`f1971c1e : 00000000`00000000 00000000`00000000 00000000`01d14280 00000000`0029f830 : kernel32!CreateFileWImplementation+0x7d
00000000`0029f5f0 00000000`00000000 : 00000000`00000000 00000000`01d14280 00000000`0029f830 00000000`00000003 : FVEAPI+0x1c1e
I traced the address to nt!CcInitializeCacheMap+0xd3 and found there is a compaire instruction .
nt!CcInitializeCacheMap:
fffff800`0405c000 4c894c2420 mov qword ptr [rsp+20h],r9
fffff800`0405c005 4488442418 mov byte ptr [rsp+18h],r8b
fffff800`0405c00a 53 push rbx
fffff800`0405c00b 55 push rbp
fffff800`0405c00c 56 push rsi
fffff800`0405c00d 4154 push r12
fffff800`0405c00f 4155 push r13
fffff800`0405c011 4881ecb0000000 sub rsp,0B0h
fffff800`0405c018 4533d2 xor r10d,r10d
fffff800`0405c01b 488bf1 mov rsi,rcx
fffff800`0405c01e 65488b0c2588010000 mov rcx,qword ptr gs:[188h]
fffff800`0405c027 488b02 mov rax,qword ptr [rdx]
fffff800`0405c02a 4c8b6970 mov r13,qword ptr [rcx+70h]
fffff800`0405c02e 450fb6e0 movzx r12d,r8b
fffff800`0405c032 4c8d442468 lea r8,[rsp+68h]
fffff800`0405c037 498be9 mov rbp,r9
fffff800`0405c03a 4c89542448 mov qword ptr [rsp+48h],r10
fffff800`0405c03f 498900 mov qword ptr [r8],rax
fffff800`0405c042 488b4208 mov rax,qword ptr [rdx+8]
fffff800`0405c046 44899424e8000000 mov dword ptr [rsp+0E8h],r10d
fffff800`0405c04e 49894008 mov qword ptr [r8+8],rax
fffff800`0405c052 488b4210 mov rax,qword ptr [rdx+10h]
fffff800`0405c056 4489542458 mov dword ptr [rsp+58h],r10d
fffff800`0405c05b 49894010 mov qword ptr [r8+10h],rax
fffff800`0405c05f 488b442468 mov rax,qword ptr [rsp+68h]
fffff800`0405c064 4489942480000000 mov dword ptr [rsp+80h],r10d
fffff800`0405c06c 4c89542450 mov qword ptr [rsp+50h],r10
fffff800`0405c071 48898c2488000000 mov qword ptr [rsp+88h],rcx
fffff800`0405c079 44899424e0000000 mov dword ptr [rsp+0E0h],r10d
fffff800`0405c081 4885c0 test rax,rax
fffff800`0405c084 0f84fe090000 je nt!CcInitializeCacheMap+0xa88 (fffff800`0405ca88)
fffff800`0405c08a 0fba614c0d bt dword ptr [rcx+4Ch],0Dh
fffff800`0405c08f 418bda mov ebx,r10d
fffff800`0405c092 ba01000000 mov edx,1
fffff800`0405c097 0f43da cmovae ebx,edx
fffff800`0405c09a 4438564b cmp byte ptr [rsi+4Bh],r10b
fffff800`0405c09e 0f85f3030000 jne nt!CcInitializeCacheMap+0x497 (fffff800`0405c497)
fffff800`0405c0a4 4805ffff0300 add rax,3FFFFh
fffff800`0405c0aa 4889442468 mov qword ptr [rsp+68h],rax
fffff800`0405c0af 816424680000fcff and dword ptr [rsp+68h],0FFFC0000h
fffff800`0405c0b7 488b4628 mov rax,qword ptr [rsi+28h]
fffff800`0405c0bb 4889bc24a8000000 mov qword ptr [rsp+0A8h],rdi
fffff800`0405c0c3 4c89b424a0000000 mov qword ptr [rsp+0A0h],r14
fffff800`0405c0cb 4c89bc2498000000 mov qword ptr [rsp+98h],r15
fffff800`0405c0d3 4c395008 cmp qword ptr [rax+8],r10
So what courced the crash to CcInitializeCacheMap by my program ?
Continue reading...