请教MINIFILTER高手

朋友写的一个MINIFILTER, 设置为开机BOOT加载,开机加载是出现BSOD,下面是MEMORY DUMP,我自己现在做LINUX的驱动开发,不懂WINDOWS MINIFILTER的. 我大至看了一下,看到是在fltmgr!FltpPerformPostCallbacks+0x337处出问题,ERROR CODE 是0XC0000005,而且在该位置第一条指令是 TEST RBP, RBP,
我猜想会不会test rbp, rbp是一个MINIFILTER注册的一个CALLBACK ROUTINE里开头的第一条指令,执行到这里的时候出现0XC0000005的错误,会不会是该CALLBACK ROUTINE被交换出去了,不在内存里,而当前的IRQL又不允许把交换出去的页读进来,由此而产生的错误?
以上只是猜想,还请高手过目,以下是MEMORY DUMP:

Loading User Symbols

Loading unloaded module list

....

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, 1010072a8, fffffa60019d7538, fffffa60019d6f10}

Probably caused by : fltmgr.sys ( fltmgr!FltpPerformPostCallbacks+337 )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

This is a very common bugcheck.  Usually the exception address pinpoints

the driver/function that caused the problem.  Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: 00000001010072a8, The address that the exception occurred at

Arg3: fffffa60019d7538, Exception Record Address

Arg4: fffffa60019d6f10, Context Record Address

Debugging Details:

------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:

+1010072a8

00000001`010072a8 ??              ???

EXCEPTION_RECORD:  fffffa60019d7538 -- (.exr 0xfffffa60019d7538)

ExceptionAddress: 00000001010072a8

   ExceptionCode: c0000005 (Access violation)

  ExceptionFlags: 00000000

NumberParameters: 2

   Parameter[0]: 0000000000000008

   Parameter[1]: 00000001010072a8

Attempt to execute non-executable address 00000001010072a8

CONTEXT:  fffffa60019d6f10 -- (.cxr 0xfffffa60019d6f10)

rax=00000000fffffa60 rbx=fffffa8003f23c60 rcx=0000000000000000

rdx=0000000000000000 rsi=0000000000000000 rdi=fffffa8003f23ee3

rip=00000001010072a8 rsp=fffffa60019d7770 rbp=fffffa800320e030

 r8=0000000000000000  r9=50003c41c6000000 r10=50003c41c60d0001

r11=fffffa60019d7858 r12=0000000000000001 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0         nv up ei ng nz na po nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286

00000001`010072a8 ??              ???

Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

WRITE_ADDRESS:  00000001010072a8

FAILED_INSTRUCTION_ADDRESS:

+1010072a8

00000001`010072a8 ??              ???

BUGCHECK_STR:  0x7E

LOCK_ADDRESS:  fffff80001856c20 -- (!locks fffff80001856c20)

Resource @ nt!PiEngineLock (0xfffff80001856c20)    Exclusively owned

    Contention Count = 4

     Threads: fffffa8001895720-01<*>

1 total locks, 1 locks currently held

PNP_TRIAGE:

                Lock address  : 0xfffff80001856c20

                Thread Count  : 1

                Thread address: 0xfffffa8001895720

                Thread wait   : 0xe1fc

LAST_CONTROL_TRANSFER:  from fffff8000199e4c4 to fffff800016b0390

STACK_TEXT:

fffffa60`019d7770 fffffa60`019d7770 : fffffa80`0320e030 fffffa80`03f23f70 fffffa60`00d3ff26 fffffa80`03f23c60 : 0x1`010072a8

fffffa60`019d7778 fffffa80`0320e030 : fffffa80`03f23f70 fffffa60`00d3ff26 fffffa80`03f23c60 fffff800`016b2705 : 0xfffffa60`019d7770

fffffa60`019d7780 fffffa80`03f23f70 : fffffa60`00d3ff26 fffffa80`03f23c60 fffff800`016b2705 fffffa80`034eb620 : 0xfffffa80`0320e030

fffffa60`019d7788 fffffa60`00d3ff26 : fffffa80`03f23c60 fffff800`016b2705 fffffa80`034eb620 fffffa60`019d7808 : 0xfffffa80`03f23f70

fffffa60`019d7790 fffffa60`00d3e007 : fffffa80`03f23c60 fffffa80`03f23c00 00000000`00000000 fffffa80`022d6460 : fltmgr!FltpPerformPostCallbacks+0x337

fffffa60`019d7860 fffffa60`00d3d0dd : fffffa80`03f23c60 fffffa80`0228a2a0 fffffa80`0228a200 fffffa80`0333e7a0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x417

fffffa60`019d78d0 fffff800`019f2011 : fffffa80`03f23c60 fffffa80`01e0ecc0 00000000`00000009 fffffa80`0320e030 : fltmgr!FltpDispatch+0xcd

fffffa60`019d7930 fffff800`01a8ea3f : fffffa80`01e0ecc0 fffffa60`019d7a80 fffffa80`0320e030 fffff800`017cf680 : nt!PnpAsynchronousCall+0xd1

fffffa60`019d7970 fffff800`01a8f43a : fffffa60`019d7bd8 fffff880`08199010 fffffa60`019d7b88 fffffa60`019d7c88 : nt!PiIrpQueryRemoveDevice+0xef

fffffa60`019d7a50 fffff800`01a8f570 : 00000000`00000000 fffffa80`01e042d0 fffffa60`019d7b88 00000000`00000000 : nt!PnpQueryRemoveLockedDeviceNode+0x6a

fffffa60`019d7a80 fffff800`01a8f640 : 00000000`00000000 fffffa80`01e04201 fffff880`0719ad30 fffff800`3f051397 : nt!PnpDeleteLockedDeviceNode+0x90

fffffa60`019d7ab0 fffff800`01a93920 : 00000000`00000002 00000000`00000000 00000000`00000000 fffffa80`01e042d0 : nt!PnpDeleteLockedDeviceNodes+0xa0

fffffa60`019d7b20 fffff800`01a9432c : fffffa60`00000000 fffffa80`037e5300 fffffa80`01895700 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0x810

fffffa60`019d7c70 fffff800`019949c7 : 00000000`00000001 fffffa80`037e5390 fffff880`08199010 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c

fffffa60`019d7ca0 fffff800`016bd066 : fffff800`018c4594 fffff880`08199010 fffff800`017ed8f8 fffffa80`01895720 : nt! ?? ::NNGAKEGL::`string'+0x4c0d4

fffffa60`019d7cf0 fffff800`018d3de3 : fffffa80`037e5390 6d388100`044e0076 fffffa80`01895720 00000000`00000080 : nt!ExpWorkerThread+0x11a

fffffa60`019d7d50 fffff800`016ea536 : fffffa60`017d2180 fffffa80`01895720 fffffa60`017dbd40 00000000`00000001 : nt!PspSystemThreadStartup+0x57

fffffa60`019d7d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

FOLLOWUP_IP:

fltmgr!FltpPerformPostCallbacks+337

fffffa60`00d3ff26 4885ed          test    rbp,rbp

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  fltmgr!FltpPerformPostCallbacks+337

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fltmgr

IMAGE_NAME:  fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  47919082

STACK_COMMAND:  .cxr 0xfffffa60019d6f10 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_BAD_IP_fltmgr!FltpPerformPostCallbacks+337

BUCKET_ID:  X64_0x7E_BAD_IP_fltmgr!FltpPerformPostCallbacks+337

帮你顶一下，我将来也会碰到这个问题