How to find Invalid Nonpaged memory address?

Hi..

I have allocated memory from Nonpaged pool using ExAllocatePoolWithTag.

I am passing the pointer to the allocated memory location into a function
call, and sometime when tried to access the same, gives a
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

The allocated memory is not freed. The access violation happends randomly..

EXCEPTION_RECORD: badd0b3c -- (.exr ffffffffbadd0b3c)
ExceptionAddress: b9ceb90c (mydriver!MyBox::MyBoxType+0x0000000c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 004d98a4
Attempt to read from address 004d98a4

Is there any way find out whether the address in the Nonpaged is valid or
not..

I tried using MmIsAddressValid, it's mentioned in documentation that it's
not recommended to use it.. also I am not able to compile with WDK 6000 build.

Thanks..

Gianluca
Tue Apr 29 10:52:00 CDT 2008


"ShivaP" <ShivaP@discussions.microsoft.com> wrote in message
news:C82E4ABB-8134-4AD8-AA01-A58E783FFBD9@microsoft.com...
> Hi..
>
> I have allocated memory from Nonpaged pool using ExAllocatePoolWithTag.
>
> I am passing the pointer to the allocated memory location into a function
> call, and sometime when tried to access the same, gives a
> SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
>
> The allocated memory is not freed. The access violation happends
> randomly..
>
> EXCEPTION_RECORD: badd0b3c -- (.exr ffffffffbadd0b3c)
> ExceptionAddress: b9ceb90c (mydriver!MyBox::MyBoxType+0x0000000c)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 00000000
> Parameter[1]: 004d98a4
> Attempt to read from address 004d98a4
>
> Is there any way find out whether the address in the Nonpaged is valid or
> not..
>

No. If you are responsible for allocating/freeing that memory, you need to
find out why that memory becomes invalid randomly.
MmIsAddressValid is useless. By the time that function returns (and maybe
tells you that the memory is valid) some other code in your driver (another
thread? a dispatch routine?) can have freed that same chunk of memory.

Have you tried turning the verifier on and see if it catches any issue?

Hope it helps
GV


--
Gianluca Varenni, Windows DDK MVP

CACE Technologies
http://www.cacetech.com


> I tried using MmIsAddressValid, it's mentioned in documentation that it's
> not recommended to use it.. also I am not able to compile with WDK 6000
> build.
>
> Thanks..

Ivan
Mon May 05 12:22:33 CDT 2008

The address `004d98a4` does look like a user-mode address.
Are you using the `Probe` macros and memcpy in a __try/__except
in your user-to-kernel entry-point ?
On average, you should either create a kernl copy of a structure, if small,
or lock pages and create adequate mappings.

--

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"ShivaP" <ShivaP@discussions.microsoft.com> wrote in message
news:C82E4ABB-8134-4AD8-AA01-A58E783FFBD9@microsoft.com...
> Hi..
>
> I have allocated memory from Nonpaged pool using ExAllocatePoolWithTag.
>
> I am passing the pointer to the allocated memory location into a function
> call, and sometime when tried to access the same, gives a
> SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
>
> The allocated memory is not freed. The access violation happends
> randomly..
>
> EXCEPTION_RECORD: badd0b3c -- (.exr ffffffffbadd0b3c)
> ExceptionAddress: b9ceb90c (mydriver!MyBox::MyBoxType+0x0000000c)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 00000000
> Parameter[1]: 004d98a4
> Attempt to read from address 004d98a4
>
> Is there any way find out whether the address in the Nonpaged is valid or
> not..
>
> I tried using MmIsAddressValid, it's mentioned in documentation that it's
> not recommended to use it.. also I am not able to compile with WDK 6000
> build.
>
> Thanks..