Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Building Kernel Driver - Memory Access Violation

24 Apr 2014   #1
phalse

Windows 7 x64
 
 
Building Kernel Driver - Memory Access Violation

I am trying to understand drivers better and have built a very basic one from scratch.
Code:
#include <ntddk.h>
VOID onUnload(IN PDRIVER_OBJECT pDriver_Object)
{
    DbgPrint("Unloading Driver\n");
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriver_Object, IN PUNICODE_STRING regPath)
{
    DbgPrint("Driver Loaded");
    (*pDriver_Object).DriverUnload = onUnload;
    return(STATUS_SUCCESS);
}
I am installing it on a Windows 7 x64 machine with driver signing enforcement off. The driver installs just fine but when I try to start it, I get:
Code:
[SC] StartService FAILED 6:
The handle is invalid.
Upon further investigation with Windbg, I get a:
Code:
*** Fatal System Error: 0x0000007e
(0xFFFFFFFFC0000005,0xFFFFF80002C7501D,0xFFFFF88002F89768,0xFFFFF88002F88FC0)
doing !analyze -v gets me:
Code:
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c7501d, The address that the exception occurred at
Arg3: fffff88002f89768, Exception Record Address
Arg4: fffff88002f88fc0, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!IopLoadDriver+5ad
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h]

EXCEPTION_RECORD:  fffff88002f89768 -- (.exr 0xfffff88002f89768)
ExceptionAddress: fffff80002c7501d (nt!IopLoadDriver+0x00000000000005ad)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000044
Attempt to read from address 0000000000000044

CONTEXT:  fffff88002f88fc0 -- (.cxr 0xfffff88002f88fc0;r)
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88002f89a08
rdx=fffff88003981000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c7501d rsp=fffff88002f899a0 rbp=0000000020206f49
 r8=fffff88003981000  r9=fffff88002f899a8 r10=00000000c000007b
r11=0000000000000000 r12=0000000000000001 r13=ffffffff80000064
r14=fffffa800f359490 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!IopLoadDriver+0x5ad:
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h] ds:002b:00000000`00000044=????
Last set context:
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88002f89a08
rdx=fffff88003981000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c7501d rsp=fffff88002f899a0 rbp=0000000020206f49
 r8=fffff88003981000  r9=fffff88002f899a8 r10=00000000c000007b
r11=0000000000000000 r12=0000000000000001 r13=ffffffff80000064
r14=fffffa800f359490 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!IopLoadDriver+0x5ad:
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h] ds:002b:00000000`00000044=????
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000044

READ_ADDRESS:  0000000000000044 

FOLLOWUP_IP: 
nt!IopLoadDriver+5ad
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h]

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80002c75875 to fffff80002c7501d

STACK_TEXT:  
fffff880`02f899a0 fffff800`02c75875 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`0f4195f0 : nt!IopLoadDriver+0x5ad
fffff880`02f89c70 fffff800`0289b161 : fffff800`00000000 ffffffff`80000064 fffff800`02c75820 00000000`00000000 : nt!IopLoadUnloadDriver+0x55
fffff880`02f89cb0 fffff800`02b31166 : 00000000`00000000 fffffa80`0cd99680 00000000`00000080 fffffa80`0cd7e890 : nt!ExpWorkerThread+0x111
fffff880`02f89d40 fffff800`0286c486 : fffff800`02a06e80 fffffa80`0cd99680 fffffa80`0cd99b60 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02f89d80 00000000`00000000 : fffff880`02f8a000 fffff880`02f84000 fffff880`02f89230 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!IopLoadDriver+5ad

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

IMAGE_VERSION:  6.1.7600.16385

STACK_COMMAND:  .cxr 0xfffff88002f88fc0 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_VRF_nt!IopLoadDriver+5ad

BUCKET_ID:  X64_0x7E_VRF_nt!IopLoadDriver+5ad

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x7e_vrf_nt!ioploaddriver+5ad

FAILURE_ID_HASH:  {9a15ac25-64d6-8f42-e8da-2a5880ae0901}

Followup: MachineOwner
It seems like windows is not even able to get to my DriverEntry function. Any idea on how to fix this or debug further? Thanks!


My System SpecsSystem Spec
.

25 Apr 2014   #2
Gandalf

Microsoft Windows 7 Ultimate 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Is this a programming question or are you trying to download a needed driver?
My System SpecsSystem Spec
25 Apr 2014   #3
phalse

Windows 7 x64
 
 

This would be more of a programming question.
My System SpecsSystem Spec
.


25 Apr 2014   #4
Gandalf

Microsoft Windows 7 Ultimate 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I've requested this thread to be moved to the Software forum for you.
My System SpecsSystem Spec
Reply

 Building Kernel Driver - Memory Access Violation




Thread Tools





Similar help and support threads
Thread Forum
Access Violation
EXCEPTION_ACCESS_VIOLATION (C0000005) Shuts me off during flight simulation. Can this be repaired/corrected? Thank you. I am also getting oc0000142 fail. Everything works fine..just annoying.
Gaming
Get Access Violation When Run ERUNT on Win 7 Pro (64 bit)
Am sure the problem is with my OS/PC and not ERUNT.exe ... because on my previous PC - win 7 home (64 bit) I used Erunt many many times without this problem. Used previous (old) Erunt-Setup.exe to install, but after got the error I removed Erunt and downloaded new & installed - same error. Was...
Software
Occasional Kernel 41 crashes but always in memory disgnostic
I've been running Win 7 Ultimate Retail happily for over a year on this PC. I started getting occasional crashes a few weeks ago, no BSOD just a complete and sudden restart. It started getting more and more frequent until it always crashed during startup. BUT, it worked fine in safe mode -...
BSOD Help and Support
high paged kernel memory
I'm just wondering if this is something abnormal. I keep my system up 24/7 just shutting off display without putting it to sleep/hibernate. Every morning when I wake up and check the kernel memory, it's quite high >500mb. I checked with a friend and his is onli about ~300. What does this mean, a...
Performance & Maintenance
Dumping Physical Memory to Kernel
It started like this: Every few days of being switched on, my computer would unexpectedly crash without any lag whatsoever and a BSOD would appear informing me that my computer was dumping its physical memory to my kernel. Recently, whenever I attempt to run a certain application it instantly...
BSOD Help and Support
Kernel mode memory patch
Recently i scanned my computer and there is a message about the Keylogger 9/9/2010 12:05:45 PM Detected: PDM.Keylogger kernel mode memory patch Absent So, what is kernel mode memory patch? My riskware program keep increasing everyday. It show me that I got 2 viruses in my computer,...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App