vcsrave
Wed Dec 27 16:16:17 CST 2006
Thanks, that was very helpful.
I could able to find the cause of the problem. I was overwriting a
memory which was allocated for another driver.
Dan Mihai [MSFT] wrote:
> What is the output of !pool fb286cd0? (one of parameters of the bugcheck)
>
>
> BugCheck 19, {20, fb286cd0, fb286ce0, a0202e0}
>
> 0x20 : a pool block header size is corrupt.
> Parameter 2 - The pool entry we were looking for within the page.
>
> Parameter 3 - The next pool entry.
>
> Parameter 4 - (reserved)
>
>
> If you try !pool for a few of these breaks, maybe you will notice inside
> that !pool output that one of the pool blocks (with a particular tag) may
> have been overrun and corrupted the next pool block.
>
>
> If not, it might help to try:
>
> verifier.exe /flags 0x11 /all
>
> i.e. turn on Special Pool + Pool Tracking for all drivers.
>
> This kind of settings on Windows XP is likely to exhaust quickly the virtual
> address space available for Special Pool. Then many of the pool allocations
> will go to regular pool, rather than special pool, because of the memory
> pressure. So Special Pool might not be very effective when using /all on XP.
>
> However, if you have the option of testing on Windows Vista, Special Pool
> can grow much larger there, and should be more effective when enabled for
> /all.
>
> Special Pool can also be more effective if you have more RAM installed on
> the test system.
>
>
> Dan
> --
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> <vcsrave@yahoo.com> wrote in message
> news:1166665073.640111.102230@80g2000cwy.googlegroups.com...
> > Thanks for your suggestion. I tried special pool but it didnot show any
> > errors.
> > Will special pool can detect pool corruption for the memory which are
> > not allocated my the same driver. For example the memory shared between
> > the application and the driver.
> >
> >
> > Don Burn wrote:
> >> You are corrupting the storage pool. Turn on the driver verifier special
> >> pool code, you may need to use the "verify start" and "verify end"
> >> options
> >> to find it.
> >>
> >>
> >> --
> >> Don Burn (MVP, Windows DDK)
> >> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> >>
http://www.windrvr.com
> >> Remove StopSpam from the email to reply
> >>
> >>
> >>
> >> <vcsrave@yahoo.com> wrote in message
> >> news:1166555518.255576.139230@i12g2000cwa.googlegroups.com...
> >> > Hi,
> >> >
> >> > I am writing a usb bus driver (wdm driver) , once I install my driver I
> >> > am getting blue screens at very random times, sometime in the middle of
> >> > transactions and sometime even after my driver got unloaded. But all
> >> > the BSODs shows the same bug check code (0x19). I have installed the
> >> > driver in Windows XP sp2.
> >> >
> >> > Any suggestions will be appreciated.
> >> >
> >> > Thanks.
> >> >
> >> > ===============================================================
> >> >
> >> > BugCheck 19, {20, fb286cd0, fb286ce0, a0202e0}
> >> >
> >> > Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+2c1 )
> >> >
> >> > Debugging Details:
> >> > ------------------
> >> >
> >> >
> >> > BUGCHECK_STR: 0x19_20
> >> >
> >> > POOL_ADDRESS: 81bf3100 Nonpaged pool
> >> >
> >> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >> >
> >> > LAST_CONTROL_TRANSFER: from 805360bf to 804e2a52
> >> >
> >> > STACK_TEXT:
> >> > aa7bb79c 805360bf 00000003 aa7bbaf8 00000000
> >> > nt!RtlpBreakWithStatusInstruction
> >> > aa7bb7e8 80536b96 00000003 813c2214 81bf3100
> >> > nt!KiBugCheckDebugBreak+0x19
> >> > aa7bbbc8 805371aa 00000019 00000020 81bf3100 nt!KeBugCheck2+0x574
> >> > aa7bbbe8 80550fc5 00000019 00000020 81bf3100 nt!KeBugCheckEx+0x1b
> >> > aa7bbc38 8058c38c 81bf3108 00000000 00000000 nt!ExFreePoolWithTag+0x2c1
> >> > aa7bbc6c 8056c78f 813c2020 00000000 813c2008 nt!PspProcessDelete+0x7a
> >> > aa7bbc88 804e1957 813c2020 00000000 813c208c
> >> > nt!ObpRemoveObjectRoutine+0xdf
> >> > aa7bbca0 80573b43 00000000 8140fa68 aa7bbccc
> >> > nt!ObfDereferenceObject+0x4c
> >> > aa7bbcb0 8056c78f 813c2020 00000000 8140fa68 nt!PspThreadDelete+0xd2
> >> > aa7bbccc 804e1957 8140fa80 00000000 000000d4
> >> > nt!ObpRemoveObjectRoutine+0xdf
> >> > aa7bbce4 8056ea9e fd235ba0 e230a310 fd235580
> >> > nt!ObfDereferenceObject+0x4c
> >> > aa7bbcfc 8056e9bc e230a310 8140fa80 000000d4
> >> > nt!ObpCloseHandleTableEntry+0x155
> >> > aa7bbd44 8056ea06 000000d4 00000001 00000000 nt!ObpCloseHandle+0x87
> >> > aa7bbd58 804dd99f 000000d4 0012f80c 7c90eb94 nt!NtClose+0x1d
> >> > aa7bbd58 7c90eb94 000000d4 0012f80c 7c90eb94 nt!KiFastCallEntry+0xfc
> >> > 0012f7fc 7c90d592 7c809bbb 000000d4 0012fb44 ntdll!KiFastSystemCallRet
> >> > 0012f800 7c809bbb 000000d4 0012fb44 0041385d ntdll!ZwClose+0xc
> >> > 0012f80c 0041385d 000000d4 004115a5 00143d78 kernel32!CloseHandle+0x51
> >> >
> >