|
阅读:3254回复:2
IoQueueWorkItem引起蓝屏
函数OnCompletion在IRP完成时会被调用:
IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE) OnCompletion, pdx, TRUE, TRUE, TRUE); OnCompletion的内容如下: NTSTATUS OnCompletion(PDEVICE_OBJECT junk, PIRP Irp, PDEVICE_EXTENSION pdx) { PIO_WORKITEM pWorkItem = IoAllocateWorkItem(junk); if (NULL != pWorkItem) { IoQueueWorkItem(pWorkItem, DoBeep, DelayedWorkQueue, pWorkItem); <<<<<执行到这里的时候BSOD } ... } DoBeep: VOID DoBeep(PDEVICE_OBJECT DeviceObject, PVOID Context) { ... PIO_WORKITEM pWorkItem = (PIO_WORKITEM)Context; IoFreeWorkItem(pWorkItem); } 执行Windbg命令!analyze -v后的输出: ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: ffffffe8, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 80522bfb, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: ffffffe8 CURRENT_IRQL: 2 FAULTING_IP: nt!ObfReferenceObject+25 80522bfb 0fc101 xadd dword ptr [ecx],eax DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: Idle TRAP_FRAME: 80549bb8 -- (.trap 0xffffffff80549bb8) ErrCode = 00000002 eax=00000001 ebx=00000000 ecx=ffffffe8 edx=82a5a190 esi=82a5a190 edi=80549ca0 eip=80522bfb esp=80549c2c ebp=80549c30 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 nt!ObfReferenceObject+0x25: 80522bfb 0fc101 xadd dword ptr [ecx],eax ds:0023:ffffffe8=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 804f880d to 80527da8 STACK_TEXT: 8054976c 804f880d 00000003 80549ac8 00000000 nt!RtlpBreakWithStatusInstruction 805497b8 804f93fa 00000003 ffffffe8 80522bfb nt!KiBugCheckDebugBreak+0x19 80549b98 80540853 0000000a ffffffe8 00000002 nt!KeBugCheck2+0x574 80549b98 80522bfb 0000000a ffffffe8 00000002 nt!KiTrap0E+0x233 80549c30 804f17f7 82a6fe70 80549ca8 f88ed783 nt!ObfReferenceObject+0x25 80549c3c f88ed783 82a5a190 f88eb2ac 00000001 nt!IoQueueWorkItem+0x11 80549ca8 804f1362 00000000 82a6fe70 829f0958 USBDriver!OnCompletion+0x20b [g:\usbdriver.cpp @ 330] 80549cd8 f8171ee5 82a6fe70 8269d928 82708028 nt!IopfCompleteRequest+0xa2 80549d40 f8172b57 82a0a460 00000000 827087d8 USBPORT!USBPORT_CompleteTransfer+0x373 80549d70 f8173754 026e6f44 827080e0 827080e0 USBPORT!USBPORT_DoneTransfer+0x137 80549da8 f8174f6a 82708028 805428a8 82708230 USBPORT!USBPORT_FlushDoneTransferList+0x16c 80549dd4 f8182fb0 82708028 805428a8 82708028 USBPORT!USBPORT_DpcWorker+0x224 80549e10 f8183128 82708028 00000001 80552b80 USBPORT!USBPORT_IsrDpcWorker+0x37e 80549e2c 80541d5d 8270864c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166 80549e50 80541cd6 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46 80549e54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26 STACK_COMMAND: kb FOLLOWUP_IP: USBDriver!OnCompletion+20b [g:\usbdriver.cpp @ 330] f88ed783 8b4510 mov eax,dword ptr [ebp+10h] SYMBOL_STACK_INDEX: 6 SYMBOL_NAME: USBDriver!OnCompletion+20b FOLLOWUP_NAME: MachineOwner MODULE_NAME: USBDriver IMAGE_NAME: USBDriver.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c6cfc71 FAILURE_BUCKET_ID: 0xA_USBDriver!OnCompletion+20b BUCKET_ID: 0xA_USBDriver!OnCompletion+20b Followup: MachineOwner --------- 请指出究竟是哪里有问题?该怎么修改。谢谢! |
|
|
沙发#
发布于:2010-08-19 23:02
问题解决了,参数junk是无效的,不能使用。
|
|
|
板凳#
发布于:2010-08-21 12:34
自问自答,方便大家学习。 :)
|
|
|
