bsod

[ddkwork]

i am got a bsod 0x139 on win10 1809 when unload driver ,and bsod page fult on win7 when load driver ,tested on with my notebook cpu intel i3.

[dro]

@DiskGetor Please attach the accompanying crash dump.

[ddkwork]

hello,i was do some test:
log_("KeGenericCallDpc-->0x%p", KeGenericCallDpc);
auto irql = KeGetCurrentIrql();
log_("irql-->%03u", irql);
if (irql >= PASSIVE_LEVEL && irql <= APC_LEVEL) {
// Generates a DPC that makes all processors execute the broadcast function.
KeGenericCallDpc(HvpDPCBroadcastFunction, (PVOID)GlobalContext);//windows7 X64 BSID 0x1E
}
else{
return NULL;
}

HvpDPCBroadcastFunction was bsod:0x1e on windows7 X64
121818-11731-01.zip

[Gbps]

The dump file you attached does not have enough information to debug the crash.

Could you provide a log output from DebugView before the crash?

[ddkwork]

您附加的转储文件没有足够的信息来调试崩溃。

你可以在崩溃之前提供DebugView的日志输出吗？
for get log,i do this-->
//KeGenericCallDpc(HvpDPCBroadcastFunction, (PVOID)GlobalContext);
kGe64.log

[ddkwork]

A strange problem is that hook NtCreateFile works well over a long period of time, but hook NtDeviceIoControlFile automatically exits EPT SHADOW PAGE after about 20 minutes.

NTSTATUS fake_NtDeviceIoControlFile (

In HANDLE FileHandle,

IN HANDLE Event OPTIONAL,

In PIO_APC_ROUTINE Apc Routine OPTIONAL,

IN PVOID ApcContext OPTIONAL,

OUT PIO_STATUS_BLOCK IoStatus Block,

In ULONG IoControl Code,

In PVOID InputBuffer OPTIONAL,

In ULONG Input Buffer Length,

OUT PVOID Output Buffer OPTIONAL,

IN ULONG Output Buffer Length

{

Log_("on fake_NtDeviceIoControlFile");

Return orig_NtDeviceIoControlFile (

FileHandle,

Event,

ApcRoutine,

ApcContext,

IoStatusBlock,

IoControl Code,

InputBuffer,

Input Buffer Length,

Output Buffer,

Output Buffer Length

);

}
nt.log