Reputation: 273
BSOD 0xC4 on Windows 10
I have a driver built with WDK 8.1 which I'm trying to run on Windows 10 with
the Verifier enabled with Code Integrity check. I receive the following BSOD when the driver is started:
Do I need to rebuild the Driver with changing any settings.
And what is the meaning of "Arg1: 00002000, subclass of driver violation."
Bugcheck Analysis:
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00002000, subclass of driver violation.
Arg2: 93d76b70
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
Failed calling InternetOpenUrl, GLE=12007
BUGCHECK_STR: 0xc4_2000
IMAGE_NAME: McPvDrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5317613a
MODULE_NAME: McPvDrv
FAULTING_MODULE: 93d70000 McPvDrv
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8277336a to 8233bac4
STACK_TEXT:
876c76d8 8277336a 000000c4 00002000 93d76b70 nt!KeBugCheckEx
876c76fc 8241f7ea 93d76b70 00000000 00000000 nt!VerifierBugCheckIfAppropriate+0x36
876c771c 8276c018 93d76b70 00000000 00000000 nt!VfReportIssueWithOptions+0xd3
876c773c 8276a4b7 00000000 00000000 876c77c4 nt!VfCheckPoolType+0x61
876c774c 93d76b70 00000000 00000014 0000002d nt!VerifierExAllocatePool+0x15
WARNING: Stack unwind information not available. Following frames may be wrong.
876c77c4 93d7581d 93d7e14c 00000020 876c79ec McPvDrv+0x6b70
876c7a34 93d75fc1 93d73dba 00000001 71bfe534 McPvDrv+0x581d
876c7ae0 93d7145c b27cef30 860ebbe0 82217938 McPvDrv+0x5fc1
876c7b20 825a2920 b27cef30 b27ef000 ab95fcf0 McPvDrv+0x145c
876c7d00 825bd192 00000000 876c7d1c ab95fcf0 nt!IopLoadDriver+0x62a
876c7d20 82314145 ab95fcf0 00000000 861a8700 nt!IopLoadUnloadDriver+0x42
876c7d70 822a3da1 82487220 71bfe2e4 00000000 nt!ExpWorkerThread+0xd5
876c7db0 8234f2f1 82314070 82487220 00000000 nt!PspSystemThreadStartup+0x5b
876c7dbc 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x15
STACK_COMMAND: kb
FOLLOWUP_IP:
McPvDrv+6b70
93d76b70 8bf0 mov esi,eax
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: McPvDrv+6b70
FOLLOWUP_NAME: wintriag
FAILURE_BUCKET_ID: 0xc4_2000_VRF_McPvDrv+6b70
BUCKET_ID: 0xc4_2000_VRF_McPvDrv+6b70
Followup: wintriag
Upvotes: 1
Views: 928
Answers (1)
Reputation: 66
according to https://msdn.microsoft.com/en-us/library/windows/hardware/ff560187(v=vs.85).aspx arg 0x2000 suggests you are calling StorPortInitialize function
please double check that you are using the correct OS symbols otherwise debugger output can be completely wrong! Also include a symbol folder path for your driver (File -> symbol file path). You have here: https://msdn.microsoft.com/en-us/library/windows/desktop/ms681416(v=vs.85).aspx details on how to use the Microsoft symbols server in order download required OS symbols. You can add to your symbol path something like srvc:\MyTempSymbolFolderhttp://msdl.microsoft.com/download/symbols but be sure to use ";" do delimit symbol paths
After doing this should be able to do this commands in windbg successfully: .reload /f nt .reload /f McPvDrv.sys
and now rerun the !analyze -v command which might show you a modified call stack
Upvotes: 1
Related Questions
- Bluescreen on windows 10 after using android emulator
- Got BSOD with KeSaveExtendedProcessorState
- Windows 10: Error code 52 in device manager with correct signature in cross-signed driver
- how to get memory dump after blue screen
- Kernel driver check if memory is mapped (BugCheck 0xC2)
- BugCheck 0xCE: DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
- Windows Driver BugCheck 7E On driver load
- Windows device driver don't start with parameter 0
- bsod every time a handle to a driver is created
- PAGE_FAULT_IN_NONPAGED_AREA error at KeWaitForSingleObject function