Windows Driver BugCheck 7E On driver load

StackOverflow https://stackoverflow.com/questions/10998612

Question

This one is stumping me.

My driver works perfectly fine in all of the guest virtual systems (Windows xp/7 both x86 and x64), as well as a few certain hosts.

However, on my PC I'm receiving a 0x7E stop code right as I start up the driver in OSRLoader.

Yes, Testsigning and debug mode are both enabled.

Here is some dump information (warning, huge):

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff88000c0af0f, The address that the exception occurred at
Arg3: fffff88002fb1d78, Exception Record Address
Arg4: fffff88002fb15e0, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

FAULTING_IP: 
CI!CiValidateImageHeader+167
fffff880`00c0af0f cc              int     3

EXCEPTION_RECORD:  fffff88002fb1d78 -- (.exr 0xfffff88002fb1d78)
ExceptionAddress: fffff88000c0af0f (CI!CiValidateImageHeader+0x0000000000000167)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 0000000000000000

CONTEXT:  fffff88002fb15e0 -- (.cxr 0xfffff88002fb15e0)
rax=0000000000000000 rbx=00000000000000ff rcx=1748c3f2dac60000
rdx=0000000000000008 rsi=fffff88002fb2100 rdi=00000000c0000428
rip=fffff88000c0af0f rsp=fffff88002fb1fb0 rbp=0000000000000000
 r8=0000000000000001  r9=fffff80002d0bbe0 r10=fffff80002e4a900
r11=fffff88002fb1fa8 r12=0000000000006000 r13=fffff98018700000
r14=fffffa8002621520 r15=0000000000000001
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000282
CI!CiValidateImageHeader+0x167:
fffff880`00c0af0f cc              int     3
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x7E

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_PARAMETER1:  0000000000000000

LAST_CONTROL_TRANSFER:  from fffff80002f35b18 to fffff88000c0af0f

STACK_TEXT:  
fffff880`02fb1fb0 fffff800`02f35b18 : 00000000`00000006 00000000`000fffff fffffa80`02621520 00000000`00000000 : CI!CiValidateImageHeader+0x167
fffff880`02fb2090 fffff800`02f3591a : 00000000`00000000 00000000`01000000 fffffa80`055e6010 00000000`00000000 : nt!SeValidateImageHeader+0x58
fffff880`02fb20d0 fffff800`0302dea2 : fffffa80`02621520 fffffa80`055e6010 00000000`00000001 00000000`00000006 : nt!MiValidateImageHeader+0x21a
fffff880`02fb21a0 fffff800`02fba3cf : fffff880`02fb2400 00000000`00000000 fffff880`02fb26b8 fffff880`02fb23f8 : nt! ?? ::NNGAKEGL::`string'+0x4e3e3
fffff880`02fb23b0 fffff800`02cce293 : fffffa80`02505b60 fffff880`02fb2658 fffff880`02fb2448 00000000`00000000 : nt!NtCreateSection+0x162
fffff880`02fb2430 fffff800`02cca830 : fffff800`030a7f16 00000000`00000000 fffff800`02fbc607 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x13
fffff880`02fb2638 fffff800`030a7f16 : 00000000`00000000 fffff800`02fbc607 00000000`00000001 fffffa80`0254c518 : nt!KiServiceLinkage
fffff880`02fb2640 fffff800`030a82dc : ffffffff`80000ea4 fffffa80`00100000 fffffa80`0254c518 00000000`00000000 : nt!MmCheckSystemImage+0x96
fffff880`02fb2770 fffff800`030a84f7 : ffffffff`80000ea4 fffff800`00000001 fffff8a0`0b36c500 00000000`00000000 : nt!MiCreateSectionForDriver+0xcc
fffff880`02fb2820 fffff800`030b3d9a : 00000000`00000000 fffff880`02fb29f8 fffffa80`02505b60 fffff800`02e48e00 : nt!MiObtainSectionForDriver+0xd7
fffff880`02fb2880 fffff800`030b69bd : fffff880`02fb29f8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmLoadSystemImage+0x23a
fffff880`02fb29a0 fffff800`030b7375 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`02829388 : nt!IopLoadDriver+0x44d
fffff880`02fb2c70 fffff800`02cdc1e1 : fffff8a0`00000000 ffffffff`80000e90 fffff800`030b7320 fffffa80`02505b60 : nt!IopLoadUnloadDriver+0x55
fffff880`02fb2cb0 fffff800`02f6e6e6 : b9ce705b`ee973fcb fffffa80`02505b60 00000000`00000080 fffffa80`024ef5f0 : nt!ExpWorkerThread+0x111
fffff880`02fb2d40 fffff800`02cad566 : fffff880`009eb180 fffffa80`02505b60 fffff880`009f5f40 50320c1b`3fdc0847 : nt!PspSystemThreadStartup+0x5a
fffff880`02fb2d80 00000000`00000000 : fffff880`02fb3000 fffff880`02fad000 fffff880`02fb13f0 00000000`00000000 : nt!KiStartSystemThread+0x16


FOLLOWUP_IP: 
CI!CiValidateImageHeader+167
fffff880`00c0af0f cc              int     3

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  CI!CiValidateImageHeader+167

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: CI

IMAGE_NAME:  CI.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5be01d

STACK_COMMAND:  .cxr 0xfffff88002fb15e0 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_CI!CiValidateImageHeader+167

BUCKET_ID:  X64_0x7E_CI!CiValidateImageHeader+167

Followup: MachineOwner
---------

As the little bit at the top states, I have booted with /DEBUG on and it shows nothing more than I already have.

The first log in my code doesn't even get hit:

/*
 * DriverEntry
 *  Driver entry point
 */
NTSTATUS DriverEntry(IN PDRIVER_OBJECT driver, IN PUNICODE_STRING path)
{
    // Setup vars
    UNICODE_STRING devLink, devName;
    PDEVICE_OBJECT devObj = NULL;
    NTSTATUS ntsReturn;

    // Log Entry
    LOG("Driver Entry");

    // Setup driver unload function
    driver->DriverUnload = DrvUnload;

WinDbg shows nothing of the sort in its view.

How do I know what is causing this? The breakpoint causes a BSOD when windbg isn't attached, and (obviously) freezes my computer when it is attached, giving me no real usable data.

Était-ce utile?

La solution

It looks like you hit a debug assert in CI.dll. You can just type g from the debugger and continue loading your driver.

That is the default behavior of x64 builds of Windows. If you don't want to see that assertion you have to F8 at boot time and select "Disable Driver Signature Enforcement" which is valid per boot. (You have to do it every time you restart). Or, you can use 32-bit Windows and 32-bit version of your driver for debugging.

Here is more info:

http://msdn.microsoft.com/en-us/library/ff547565(v=vs.85).aspx

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top