We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Win7 failed to hook \driver\pcw at DPC_LEVEL
\driver\pcw
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff880011e90b0, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff880044a9d77, address which referenced memory Debugging Details: ------------------ *** WARNING: Unable to verify checksum for Broker.exe KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 1 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on PH0NY Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 26 Key : Analysis.Memory.CommitPeak.Mb Value: 65 Key : Analysis.System Value: CreateObject BUGCHECK_CODE: d1 BUGCHECK_P1: fffff880011e90b0 BUGCHECK_P2: 2 BUGCHECK_P3: 1 BUGCHECK_P4: fffff880044a9d77 WRITE_ADDRESS: fffff880011e90b0 PROCESS_NAME: Broker.exe TRAP_FRAME: fffff880028e05f0 -- (.trap 0xfffff880028e05f0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff880044a94d0 rbx=0000000000000000 rcx=fffff880011e9060 rdx=0000000000000150 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880044a9d77 rsp=fffff880028e0780 rbp=fffff880028e07d0 r8=0000000000000000 r9=0000000080000005 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc IrpDumper!AddObjectByName+0x1a3: fffff880`044a9d77 48874150 xchg rax,qword ptr [rcx+50h] ds:fffff880`011e90b0={pcw!PcwpFastIoDeviceControl (fffff880`011e3db0)} Resetting default scope STACK_TEXT: fffff880`028dfd38 fffff800`029a7c22 : fffff880`011e90b0 fffffa83`02431940 00000000`00000065 fffff800`028c4378 : nt!RtlpBreakWithStatusInstruction fffff880`028dfd40 fffff800`029a8a12 : 00000000`00000003 00000000`00000000 fffff800`028fc5d0 00000000`000000d1 : nt!KiBugCheckDebugBreak+0x12 fffff880`028dfda0 fffff800`028ecfa4 : fffff8a0`00075130 fffff880`028e05a0 00000000`00000000 fffff880`028e05f0 : nt!KeBugCheck2+0x722 fffff880`028e0470 fffff800`028fb2e9 : 00000000`0000000a fffff880`011e90b0 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx+0x104 fffff880`028e04b0 fffff800`028f90ce : 00000000`00000001 fffff880`011e90b0 00000000`00000000 fffffa83`023cccc0 : nt!KiBugCheckDispatch+0x69 fffff880`028e05f0 fffff880`044a9d77 : fffffa83`023cccc0 fffffa83`023cccc0 00000000`00000000 fffffa83`023ccff8 : nt!KiPageFault+0x44e fffff880`028e0780 fffff880`044a9eca : 00000000`00000007 00000000`00222004 fffffa83`02f33550 00000000`0000000e : IrpDumper!AddObjectByName+0x1a3 [D:\Code\CFB\Driver\IoAddDriver.c @ 147] fffff880`028e07f0 fffff880`044a928b : 00000000`00000002 fffffa83`026086d8 00000000`00000000 fffffa83`04edd060 : IrpDumper!HandleIoAddDriver+0xc2 [D:\Code\CFB\Driver\IoAddDriver.c @ 253] fffff880`028e0820 fffff800`02b541fa : 00000000`00000002 fffffa83`045a1d20 fffffa83`00000000 fffffa83`026085c0 : IrpDumper!DriverDeviceControlRoutine+0xdb [D:\Code\CFB\Driver\Driver.c @ 740] fffff880`028e0850 fffff800`02d118b1 : fffffa83`045a1d20 00000000`00000018 fffffa83`045a1d20 fffff800`02a3d180 : nt!IopSynchronousServiceTail+0xfa fffff880`028e08c0 fffff800`02ba23c6 : fffffa83`02431940 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc51 fffff880`028e0a00 fffff800`028faf53 : fffffa83`02431940 00000000`0296fa28 fffff880`028e0a88 00000000`00000000 : nt!NtDeviceIoControlFile+0x56 fffff880`028e0a70 00000000`77aa981a : 000007fe`fd5cc489 00000199`00100033 00000000`001e86f0 00000000`00000002 : nt!KiSystemServiceCopyEnd+0x13 00000000`0296fa38 000007fe`fd5cc489 : 00000199`00100033 00000000`001e86f0 00000000`00000002 00000000`001e83f0 : ntdll!NtDeviceIoControlFile+0xa 00000000`0296fa40 00000000`7793587f : 00000000`00222004 00000000`00000002 00000000`00211520 00000000`00213948 : KERNELBASE!DeviceIoControl+0x75 00000000`0296fab0 00000001`3f6e3778 : 00000000`00000000 00000000`00000000 00000000`0296fc59 00000000`00000000 : kernel32!DeviceIoControlImplementation+0x7f 00000000`0296fb00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Broker+0x3778 FAULTING_SOURCE_LINE: D:\Code\CFB\Driver\IoAddDriver.c FAULTING_SOURCE_FILE: D:\Code\CFB\Driver\IoAddDriver.c FAULTING_SOURCE_LINE_NUMBER: 147 FAULTING_SOURCE_CODE: 143: PFAST_IO_DISPATCH FastIoDispatch = pDriver->FastIoDispatch; 144: 145: if (FastIoDispatch) 146: { > 147: PFAST_IO_DEVICE_CONTROL OldFastIoDeviceControl = (PFAST_IO_DEVICE_CONTROL)InterlockedExchangePointer( 148: (PVOID*)&FastIoDispatch->FastIoDeviceControl, 149: (PVOID)InterceptGenericFastIoDeviceControl 150: ); 151: 152: NewDriver->FastIoDeviceControl = OldFastIoDeviceControl; SYMBOL_NAME: IrpDumper!AddObjectByName+1a3
The text was updated successfully, but these errors were encountered:
Fixed with 1728f0f
Sorry, something went wrong.
[driver] implem-ed a better solution to #10
c8f4d0d
No branches or pull requests
Win7 failed to hook
\driver\pcwat DPC_LEVELThe text was updated successfully, but these errors were encountered: