Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Building Kernel Driver - Memory Access Violation


24 Apr 2014   #1

Windows 7 x64
 
 
Building Kernel Driver - Memory Access Violation

I am trying to understand drivers better and have built a very basic one from scratch.
Code:
#include <ntddk.h>
VOID onUnload(IN PDRIVER_OBJECT pDriver_Object)
{
    DbgPrint("Unloading Driver\n");
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriver_Object, IN PUNICODE_STRING regPath)
{
    DbgPrint("Driver Loaded");
    (*pDriver_Object).DriverUnload = onUnload;
    return(STATUS_SUCCESS);
}
I am installing it on a Windows 7 x64 machine with driver signing enforcement off. The driver installs just fine but when I try to start it, I get:
Code:
[SC] StartService FAILED 6:
The handle is invalid.
Upon further investigation with Windbg, I get a:
Code:
*** Fatal System Error: 0x0000007e
(0xFFFFFFFFC0000005,0xFFFFF80002C7501D,0xFFFFF88002F89768,0xFFFFF88002F88FC0)
doing !analyze -v gets me:
Code:
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c7501d, The address that the exception occurred at
Arg3: fffff88002f89768, Exception Record Address
Arg4: fffff88002f88fc0, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!IopLoadDriver+5ad
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h]

EXCEPTION_RECORD:  fffff88002f89768 -- (.exr 0xfffff88002f89768)
ExceptionAddress: fffff80002c7501d (nt!IopLoadDriver+0x00000000000005ad)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000044
Attempt to read from address 0000000000000044

CONTEXT:  fffff88002f88fc0 -- (.cxr 0xfffff88002f88fc0;r)
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88002f89a08
rdx=fffff88003981000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c7501d rsp=fffff88002f899a0 rbp=0000000020206f49
 r8=fffff88003981000  r9=fffff88002f899a8 r10=00000000c000007b
r11=0000000000000000 r12=0000000000000001 r13=ffffffff80000064
r14=fffffa800f359490 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!IopLoadDriver+0x5ad:
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h] ds:002b:00000000`00000044=????
Last set context:
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88002f89a08
rdx=fffff88003981000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c7501d rsp=fffff88002f899a0 rbp=0000000020206f49
 r8=fffff88003981000  r9=fffff88002f899a8 r10=00000000c000007b
r11=0000000000000000 r12=0000000000000001 r13=ffffffff80000064
r14=fffffa800f359490 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!IopLoadDriver+0x5ad:
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h] ds:002b:00000000`00000044=????
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000044

READ_ADDRESS:  0000000000000044 

FOLLOWUP_IP: 
nt!IopLoadDriver+5ad
fffff800`02c7501d 0fb77044        movzx   esi,word ptr [rax+44h]

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80002c75875 to fffff80002c7501d

STACK_TEXT:  
fffff880`02f899a0 fffff800`02c75875 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`0f4195f0 : nt!IopLoadDriver+0x5ad
fffff880`02f89c70 fffff800`0289b161 : fffff800`00000000 ffffffff`80000064 fffff800`02c75820 00000000`00000000 : nt!IopLoadUnloadDriver+0x55
fffff880`02f89cb0 fffff800`02b31166 : 00000000`00000000 fffffa80`0cd99680 00000000`00000080 fffffa80`0cd7e890 : nt!ExpWorkerThread+0x111
fffff880`02f89d40 fffff800`0286c486 : fffff800`02a06e80 fffffa80`0cd99680 fffffa80`0cd99b60 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02f89d80 00000000`00000000 : fffff880`02f8a000 fffff880`02f84000 fffff880`02f89230 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!IopLoadDriver+5ad

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

IMAGE_VERSION:  6.1.7600.16385

STACK_COMMAND:  .cxr 0xfffff88002f88fc0 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_VRF_nt!IopLoadDriver+5ad

BUCKET_ID:  X64_0x7E_VRF_nt!IopLoadDriver+5ad

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x7e_vrf_nt!ioploaddriver+5ad

FAILURE_ID_HASH:  {9a15ac25-64d6-8f42-e8da-2a5880ae0901}

Followup: MachineOwner
It seems like windows is not even able to get to my DriverEntry function. Any idea on how to fix this or debug further? Thanks!

My System SpecsSystem Spec
.

25 Apr 2014   #2

Microsoft Windows 7 Ultimate 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Is this a programming question or are you trying to download a needed driver?
My System SpecsSystem Spec
25 Apr 2014   #3

Windows 7 x64
 
 

This would be more of a programming question.
My System SpecsSystem Spec
.


25 Apr 2014   #4

Microsoft Windows 7 Ultimate 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I've requested this thread to be moved to the Software forum for you.
My System SpecsSystem Spec
Reply

 Building Kernel Driver - Memory Access Violation




Thread Tools



Similar help and support threads for2: Building Kernel Driver - Memory Access Violation
Thread Forum
sysdata.xml kernel memory dump BSOD problem error 0x000000d1 BSOD Help and Support
Occasional Kernel 41 crashes but always in memory disgnostic BSOD Help and Support
high paged kernel memory Performance & Maintenance
Dumping Physical Memory to Kernel BSOD Help and Support
Kernel mode memory patch System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:27 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33