BSOD-PAGE_FAULT_IN_NON_PAGED_AREA
-
Hi there people, I have problem running the following driver code. It worked for sometime but without no obvious reason whenever I try to stop the driver service a BSOD appears with the PAGE_FAULT_IN_NON_PAGED_AREA error. I found out that when I remove the set DriverName code the problem disappears but the question is why. I'm desperate I cant find a way to fix this thing. I load the driver with the instdrv.In the Debug Viewer only the HI message apperars Any ideas? Here is the code
VOID UnLoadMe(IN PDRIVER_OBJECT obj); UNICODE_STRING us; NTSTATUS DriverEntry ( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath ) { DbgPrint("HELLO"); RtlInitUnicodeString( &us, L"TEST\0" ); theDriverObject->DriverName=us; theDriverObject->DriverUnload=UnLoadMe; return STATUS_SUCCESS; } VOID UnLoadMe(IN PDRIVER_OBJECT obj) { DbgPrint("BYE"); } -
Hi there people, I have problem running the following driver code. It worked for sometime but without no obvious reason whenever I try to stop the driver service a BSOD appears with the PAGE_FAULT_IN_NON_PAGED_AREA error. I found out that when I remove the set DriverName code the problem disappears but the question is why. I'm desperate I cant find a way to fix this thing. I load the driver with the instdrv.In the Debug Viewer only the HI message apperars Any ideas? Here is the code
VOID UnLoadMe(IN PDRIVER_OBJECT obj); UNICODE_STRING us; NTSTATUS DriverEntry ( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath ) { DbgPrint("HELLO"); RtlInitUnicodeString( &us, L"TEST\0" ); theDriverObject->DriverName=us; theDriverObject->DriverUnload=UnLoadMe; return STATUS_SUCCESS; } VOID UnLoadMe(IN PDRIVER_OBJECT obj) { DbgPrint("BYE"); } -
Hi there people, I have problem running the following driver code. It worked for sometime but without no obvious reason whenever I try to stop the driver service a BSOD appears with the PAGE_FAULT_IN_NON_PAGED_AREA error. I found out that when I remove the set DriverName code the problem disappears but the question is why. I'm desperate I cant find a way to fix this thing. I load the driver with the instdrv.In the Debug Viewer only the HI message apperars Any ideas? Here is the code
VOID UnLoadMe(IN PDRIVER_OBJECT obj); UNICODE_STRING us; NTSTATUS DriverEntry ( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath ) { DbgPrint("HELLO"); RtlInitUnicodeString( &us, L"TEST\0" ); theDriverObject->DriverName=us; theDriverObject->DriverUnload=UnLoadMe; return STATUS_SUCCESS; } VOID UnLoadMe(IN PDRIVER_OBJECT obj) { DbgPrint("BYE"); }First, listen to fat-boy - he's correct!! However, to help understand what is causing your problem ... Given that error (which is very precise in telling you what the problem is), my guess is that your
usvariable is stored in a paged data area. You have to be careful with global variables in drivers that they are stored how you think they are stored. There may be a pragma in effect putting all code and data into paged-pool - this is quite common for initialization code. Judy -
First, listen to fat-boy - he's correct!! However, to help understand what is causing your problem ... Given that error (which is very precise in telling you what the problem is), my guess is that your
usvariable is stored in a paged data area. You have to be careful with global variables in drivers that they are stored how you think they are stored. There may be a pragma in effect putting all code and data into paged-pool - this is quite common for initialization code. JudyUnless he didnt paste all his code in (ie he is using the PAGED pragma) then all driver code is memory resident, and global vars. But, since DriverEntry runs at passive level you can access paged out code without any problem. This is probably one of those odd errors where the error used doesnt really reflect what went on. Probably, its read only memory, or the unicode string actually points to part of the registry file or some such.
Morality is indistinguishable from social proscription
-
Unless he didnt paste all his code in (ie he is using the PAGED pragma) then all driver code is memory resident, and global vars. But, since DriverEntry runs at passive level you can access paged out code without any problem. This is probably one of those odd errors where the error used doesnt really reflect what went on. Probably, its read only memory, or the unicode string actually points to part of the registry file or some such.
Morality is indistinguishable from social proscription
fat_boy wrote:
Unless he didnt paste all his code in (ie he is using the PAGED pragma)
That is what I was suspecting and was referring to when I talked about a pragma asociated with the initialization code. My guess on the crash is that after the OP changes the driver name to use that paged variable and DriverEntry returns, the page fault occurs as soon as the driver object is used somewhere not at Passive level since it references paged memory. Judy
-
fat_boy wrote:
Unless he didnt paste all his code in (ie he is using the PAGED pragma)
That is what I was suspecting and was referring to when I talked about a pragma asociated with the initialization code. My guess on the crash is that after the OP changes the driver name to use that paged variable and DriverEntry returns, the page fault occurs as soon as the driver object is used somewhere not at Passive level since it references paged memory. Judy
-
Hi there people, I have problem running the following driver code. It worked for sometime but without no obvious reason whenever I try to stop the driver service a BSOD appears with the PAGE_FAULT_IN_NON_PAGED_AREA error. I found out that when I remove the set DriverName code the problem disappears but the question is why. I'm desperate I cant find a way to fix this thing. I load the driver with the instdrv.In the Debug Viewer only the HI message apperars Any ideas? Here is the code
VOID UnLoadMe(IN PDRIVER_OBJECT obj); UNICODE_STRING us; NTSTATUS DriverEntry ( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath ) { DbgPrint("HELLO"); RtlInitUnicodeString( &us, L"TEST\0" ); theDriverObject->DriverName=us; theDriverObject->DriverUnload=UnLoadMe; return STATUS_SUCCESS; } VOID UnLoadMe(IN PDRIVER_OBJECT obj) { DbgPrint("BYE"); }By the way, when you get a crash like this, then you can look at the memory dump in WinDbg. The crash dump will either be called memory.dmp in the windows dir or it'll be in the minidump dir dependig on how your machine is set up. The best way to fix bugs though is kernel debuging. Take alook in the DDK for how to do this. (Null modem cable, modify boot.ini, and use windbg)
Morality is indistinguishable from social proscription