Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
Description
0.4.14-dev-400-gb7076dc2bc
Access violation - code c0000005 (!!! second chance !!!)
|
nt!ObpCaptureObjectName+0xc5:
|
80509655 8b11 mov edx,dword ptr [ecx]
|
kd> kp
|
# ChildEBP RetAddr
|
00 f78aaaec 80509482 nt!ObpCaptureObjectName(struct _UNICODE_STRING * CapturedName = 0xf78aabc0 "", struct _UNICODE_STRING * ObjectName = 0x11310007 , char AccessMode = 0n0 '', unsigned char UseLookaside = 0x01 '')+0xc5 [r:\src\dev\ntoskrnl\ob\oblife.c @ 404]
|
01 f78aab80 80504323 nt!ObpCaptureObjectCreateInformation(struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0xf78aaed8, char AccessMode = 0n0 '', char CreatorMode = 0n0 '', unsigned char AllocateFromLookaside = 0x01 '', struct _OBJECT_CREATE_INFORMATION * ObjectCreateInfo = 0xb4d73374, struct _UNICODE_STRING * ObjectName = 0xf78aabc0 "")+0x222 [r:\src\dev\ntoskrnl\ob\oblife.c @ 575]
|
02 f78aabd8 8047315e nt!ObOpenObjectByName(struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0xf78aaed8, struct _OBJECT_TYPE * ObjectType = 0x00000000, char AccessMode = 0n0 '', struct _ACCESS_STATE * PassedAccessState = 0x00000000, unsigned long DesiredAccess = 0x80, void * ParseContext = 0xb4d7f510, void ** Handle = 0xf78aacec)+0x83 [r:\src\dev\ntoskrnl\ob\obhandle.c @ 2563]
|
03 f78aad10 80470ac6 nt!IopCreateFile(void ** FileHandle = 0xf78aaeb0, unsigned long DesiredAccess = 0x80, struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0xf78aaed8, struct _IO_STATUS_BLOCK * IoStatusBlock = 0xf78aaec8, union _LARGE_INTEGER * AllocationSize = 0x00000000, unsigned long FileAttributes = 0, unsigned long ShareAccess = 0, unsigned long Disposition = 1, unsigned long CreateOptions = 0x40, void * EaBuffer = 0x00000000, unsigned long EaLength = 0, _CREATE_FILE_TYPE CreateFileType = CreateFileTypeNone (0n0), void * ExtraCreateParameters = 0x00000000, unsigned long Options = 0, unsigned long Flags = 0, struct _DEVICE_OBJECT * DeviceObject = 0x00000000)+0x113e [r:\src\dev\ntoskrnl\io\iomgr\file.c @ 2872]
|
04 f78aad58 804780e2 nt!IoCreateFile(void ** FileHandle = 0xf78aaeb0, unsigned long DesiredAccess = 0x80, struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0xf78aaed8, struct _IO_STATUS_BLOCK * IoStatusBlock = 0xf78aaec8, union _LARGE_INTEGER * AllocationSize = 0x00000000, unsigned long FileAttributes = 0, unsigned long ShareAccess = 0, unsigned long Disposition = 1, unsigned long CreateOptions = 0x40, void * EaBuffer = 0x00000000, unsigned long EaLength = 0, _CREATE_FILE_TYPE CreateFileType = CreateFileTypeNone (0n0), void * ExtraCreateParameters = 0x00000000, unsigned long Options = 0)+0x46 [r:\src\dev\ntoskrnl\io\iomgr\file.c @ 3042]
|
05 f78aad98 8054c38b nt!NtOpenFile(void ** FileHandle = 0xf78aaeb0, unsigned long DesiredAccess = 0x80, struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0xf78aaed8, struct _IO_STATUS_BLOCK * IoStatusBlock = 0xf78aaec8, unsigned long ShareAccess = 0, unsigned long OpenOptions = 0x40)+0x32 [r:\src\dev\ntoskrnl\io\iomgr\file.c @ 3973]
|
06 f78aadc0 8054a038 nt!KiSystemCallTrampoline(void * Handler = 0x804780b0, void * Arguments = 0xf78aae8c, unsigned long StackBytes = 0x18)+0x1b [r:\src\dev\ntoskrnl\include\internal\i386\ke.h @ 766]
|
07 f78aae0c 80403d16 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf78aae14, void * Arguments = 0xf78aae8c)+0x278 [r:\src\dev\ntoskrnl\ke\i386\traphdlr.c @ 1833]
|
08 f78aae0c 804019a5 nt!KiInterruptTemplateDispatch+0x60
|
09 f78aae84 80467bbf nt!ZwOpenFile+0x11
|
0a f78aaef4 804667fc nt!IopGetDeviceObjectPointer(struct _UNICODE_STRING * ObjectName = 0x11310007 , unsigned long DesiredAccess = 0x80, struct _FILE_OBJECT ** FileObject = 0xf78aaf58, struct _DEVICE_OBJECT ** DeviceObject = 0xf78aaf44, unsigned long AttachFlag = 0)+0x5f [r:\src\dev\ntoskrnl\io\iomgr\device.c @ 281]
|
0b f78aaf10 f78bf5b9 nt!IoGetDeviceObjectPointer(struct _UNICODE_STRING * ObjectName = 0x11310007 , unsigned long DesiredAccess = 0x80, struct _FILE_OBJECT ** FileObject = 0xf78aaf58, struct _DEVICE_OBJECT ** DeviceObject = 0xf78aaf44)+0x1c [r:\src\dev\ntoskrnl\io\iomgr\device.c @ 1446]
|
0c f78aaf84 f78b9b32 mountmgr!SendLinkCreated(struct _UNICODE_STRING * SymbolicName = 0x11310007 )+0x39 [r:\src\dev\drivers\filters\mountmgr\symlink.c @ 173]
|
0d f78ab2fc f78b6a02 mountmgr!MountMgrMountedDeviceArrival(struct _DEVICE_EXTENSION * DeviceExtension = 0xb4d57a58, struct _UNICODE_STRING * SymbolicName = 0xf78ab31c "\Device\CdRom0", unsigned char ManuallyRegistered = 0x01 '')+0xc52 [r:\src\dev\drivers\filters\mountmgr\mountmgr.c @ 1270]
|
0e f78ab334 f78b36f7 mountmgr!MountMgrVolumeArrivalNotification(struct _DEVICE_EXTENSION * DeviceExtension = 0xb4d57a58, struct _IRP * Irp = 0xb4d745a0)+0xc2 [r:\src\dev\drivers\filters\mountmgr\device.c @ 1684]
|
0f f78ab364 80482e27 mountmgr!MountMgrDeviceControl(struct _DEVICE_OBJECT * DeviceObject = 0xb4d579a0 Device for "\Driver\mountmgr", struct _IRP * Irp = 0xb4d745a0)+0x317 [r:\src\dev\drivers\filters\mountmgr\device.c @ 2769]
|
10 f78ab390 f7ad5733 nt!IofCallDriver(struct _DEVICE_OBJECT * DeviceObject = 0xb4d579a0 Device for "\Driver\mountmgr", struct _IRP * Irp = 0xb4d745a0)+0xc7 [r:\src\dev\ntoskrnl\io\iomgr\irp.c @ 1286]
|
11 f78ab40c f7adccaf cdrom!ReportToMountMgr(struct _DEVICE_OBJECT * CdDeviceObject = 0xb4cff540 Device for "\Driver\cdrom")+0x193 [r:\src\dev\drivers\storage\class\cdrom\cdrom.c @ 838]
|
12 f78ab50c f7add623 cdrom!CreateCdRomDeviceObject(struct _DRIVER_OBJECT * DriverObject = 0xb4cff780 Driver "\Driver\cdrom", struct _DEVICE_OBJECT * PortDeviceObject = 0xb4d80560 Device for "\Driver\uniata", unsigned long PortNumber = 1, unsigned long * DeviceCount = 0x805c72a0, struct _IO_SCSI_CAPABILITIES * PortCapabilities = 0xb4d80710, struct _SCSI_INQUIRY_DATA * LunInfo = 0xe105e644, struct _CLASS_INIT_DATA * InitializationData = 0xf78ab704, struct _UNICODE_STRING * RegistryPath = 0xf78ab8e4 "\Registry\Machine\System\CurrentControlSet\Services\cdrom")+0xaef [r:\src\dev\drivers\storage\class\cdrom\cdrom.c @ 1457]
|
13 f78ab570 f7af5792 cdrom!ScsiCdRomFindDevices(struct _DRIVER_OBJECT * DriverObject = 0xb4cff780 Driver "\Driver\cdrom", struct _UNICODE_STRING * RegistryPath = 0xf78ab8e4 "\Registry\Machine\System\CurrentControlSet\Services\cdrom", struct _CLASS_INIT_DATA * InitializationData = 0xf78ab704, struct _DEVICE_OBJECT * PortDeviceObject = 0xb4d80560 Device for "\Driver\uniata", unsigned long PortNumber = 1)+0x143 [r:\src\dev\drivers\storage\class\cdrom\cdrom.c @ 628]
|
14 f78ab6e8 f7adce9f class2!ScsiClassInitialize(void * Argument1 = 0xb4cff780, void * Argument2 = 0xf78ab8e4, struct _CLASS_INIT_DATA * InitializationData = 0xf78ab704)+0x212 [r:\src\dev\drivers\storage\class\class2\class2.c @ 276]
|
15 f78ab738 8046d4ce cdrom!DriverEntry(struct _DRIVER_OBJECT * DriverObject = 0xb4cff780 Driver "\Driver\cdrom", struct _UNICODE_STRING * RegistryPath = 0xf78ab8e4 "\Registry\Machine\System\CurrentControlSet\Services\cdrom")+0x8f [r:\src\dev\drivers\storage\class\cdrom\cdrom.c @ 525]
|
16 f78ab8a4 8046bff6 nt!IopCreateDriver(struct _UNICODE_STRING * DriverName = 0xf78ab8f4 "\Driver\cdrom", <function> * InitializationFunction = 0xf7adce10, struct _UNICODE_STRING * RegistryPath = 0xf78ab8e4 "\Registry\Machine\System\CurrentControlSet\Services\cdrom", struct _UNICODE_STRING * ServiceName = 0xb4cffa24 "cdrom", struct _LDR_DATA_TABLE_ENTRY * ModuleObject = 0xb4db1820, struct _DRIVER_OBJECT ** pDriverObject = 0xf78ab8d4)+0x41e [r:\src\dev\ntoskrnl\io\iomgr\driver.c @ 1631]
|
17 f78ab908 805f193d nt!IopInitializeDriverModule(struct _DEVICE_NODE * DeviceNode = 0xb4cff978, struct _LDR_DATA_TABLE_ENTRY * ModuleObject = 0xb4db1820, struct _UNICODE_STRING * ServiceName = 0xb4cffa24 "cdrom", unsigned char FileSystemDriver = 0x00 '', struct _DRIVER_OBJECT ** DriverObject = 0xf78ab964)+0x166 [r:\src\dev\ntoskrnl\io\iomgr\driver.c @ 529]
|
18 f78ab978 805f151c nt!IopInitializeBuiltinDriver(struct _LDR_DATA_TABLE_ENTRY * BootLdrEntry = 0x8010545c)+0x29d [r:\src\dev\ntoskrnl\io\iomgr\driver.c @ 902]
|
19 f78aba44 805f1de9 nt!IopInitializeBootDrivers(void)+0x3fc [r:\src\dev\ntoskrnl\io\iomgr\driver.c @ 1124]
|
1a f78abbd8 805ecf15 nt!IoInitSystem(struct _LOADER_PARAMETER_BLOCK * LoaderBlock = 0x80083000)+0x3e9 [r:\src\dev\ntoskrnl\io\iomgr\iomgr.c @ 557]
|
1b f78abd7c 8043447e nt!Phase1InitializationDiscard(void * Context = 0x80083000)+0xa95 [r:\src\dev\ntoskrnl\ex\init.c @ 1805]
|
1c f78abd88 80527746 nt!Phase1Initialization(void * Context = 0x80083000)+0xe [r:\src\dev\ntoskrnl\ex\init.c @ 2022]
|
1d f78abdbc 80549463 nt!PspSystemThreadStartup(<function> * StartRoutine = 0x80434470, void * StartContext = 0x80083000)+0x76 [r:\src\dev\ntoskrnl\ps\thread.c @ 156]
|
1e f78abddc 805276cf nt!KiThreadStartup(void)+0x63 [r:\src\dev\ntoskrnl\ke\i386\thrdini.c @ 78]
|
1f f78abde0 8043446f nt!PspCreateThread+0xedf
|
20 f78abde4 80083000 nt!RtlStringVPrintfWorkerA+0xaf
|
|
ObjectName is garbage.
This can be traced back to MountMgrMountedDeviceArrival, where the DeviceInformation is garbage:
kd> ?? DeviceInformation
|
struct _DEVICE_INFORMATION * 0xe105005a
|
+0x000 DeviceListEntry : _LIST_ENTRY [ 0x10000 - 0xffff0000 ]
|
+0x008 SymbolicLinksListHead : _LIST_ENTRY [ 0x1130ffff - 0x18000 ]
|
+0x010 ReplicatedUniqueIdsListHead : _LIST_ENTRY [ 0xe700000 - 0xffff8000 ]
|
+0x018 AssociatedDevicesHead : _LIST_ENTRY [ 0xffffffff - 0x8ffff ]
|
+0x020 SymbolicName : _UNICODE_STRING "--- memory read error at address 0x00180000 ---"
|
+0x028 UniqueId : 0x00040000 _MOUNTDEV_UNIQUE_ID
|
+0x02c DeviceName : _UNICODE_STRING "--- memory read error at address 0x000e0000 ---"
|
+0x034 KeepLinks : 0 ''
|
+0x035 SuggestedDriveLetter : 0 ''
|
+0x036 ManuallyRegistered : 0x4c 'L'
|
+0x037 Removable : 0x45 'E'
|
+0x038 LetterAssigned : 0x47 'G'
|
+0x039 NeedsReconcile : 0x41 'A'
|
+0x03a NoDatabase : 0x43 'C'
|
+0x03b SkipNotifications : 0x59 'Y'
|
+0x03c Migrated : 0x4253555f
|
+0x040 MountState : 0n1346847555
|
+0x044 TargetDeviceNotificationEntry : 0xffd00000 Void
|
+0x048 DeviceExtension : 0x6b76ffff _DEVICE_EXTENSION
|
|