新人请教：影子设备在C分区进行ZwCreateFile操作时崩溃，其它分区正常，百思不得其解！

本人学驱动以来，在论坛里学到了不少知识！现在我在文件过滤驱动里对每个volume进行Attach的时候创建相应的影子设备，可是在C分区始终不正常，比如在D，E盘用ZwCreateFile可以将文件顺利打开 ，而在c盘立即崩溃！s:321]，百思不解！请教各位高手指点！谢谢！

在这先祝大家新年快乐！各位高人 ，请给点力啊，以下是dump：

MODULE_NAME: xspy

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4d442735

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 00000016

CURRENT_IRQL:  2

FAULTING_IP:
nt!ZwYieldExecution+1b64
80501390 6683781601      cmp     word ptr [eax+16h],1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

LAST_CONTROL_TRANSFER:  from 804f93fa to 80527da8

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f7e5de00 804f93fa 00000003 00000016 80501390 nt!DbgBreakPointWithStatus+0x4
f7e5e1e0 80540853 0000000a 00000016 00000002 nt!KeRegisterBugCheckReasonCallback+0x77c
f7e5e210 f96f0fde f96f0fab 817081d8 e10f5570 nt!Kei386EoiHelper+0x27db
f7e5e290 804f9c60 81708160 81ba9ad0 000003e8 Ntfs+0x4fde
f7e5e2a4 f96f3886 81ba9b98 00000000 00000000 nt!KeSetEvent+0x58
f7e5e2cc f96f3d47 00708160 816968b0 f7e5e33c Ntfs+0x7886
f7e5e2dc f96f4022 81708160 816968b0 00000000 Ntfs+0x7d47
f7e5e33c f9725347 81708160 816968b0 c00000d8 Ntfs+0x8022
f7e5e418 804eedf9 81bc3020 816968b0 816ed9a0 Ntfs+0x39347
f7e5e474 804eedf9 81a927e8 00000001 818b91c8 nt!IoBuildPartialMdl+0xed
f7e5e4d0 f747b03b 81689020 816968b0 816968c0 nt!IoBuildPartialMdl+0xed
f7e5e584 804eedf9 81689c18 816968b0 816968b0 xspy!SpyCreate+0x10b [d:\ddk\driverdevlopstudio\xspysln\create.c @ 264]
f7e5e674 805b465e 81689c18 00000000 816af880 nt!IoBuildPartialMdl+0xed
f7e5e6fc 805b0b3f 00000000 f7e5e73c 00000240 nt!NtDuplicateObject+0x146e
f7e5e750 8056b133 00000000 00000000 6eda1000 nt!ObOpenObjectByName+0xeb
f7e5e7cc 8056baaa f7e5e988 00000001 f7e5e954 nt!IoCreateDevice+0x753
f7e5e828 8056e17c f7e5e988 00000001 f7e5e954 nt!IoCreateFile+0x8e
f7e5e868 8053d808 f7e5e988 00000001 f7e5e954 nt!NtCreateFile+0x30
f7e5e89c 804fe569 badb0d00 f7e5e914 00000330 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f7e5e998 f747b4c0 f7e5ea1c 81689020 816a1d28 nt!ZwCreateFile+0x11
f7e5ea4c 804eedf9 81689020 816a1d18 816a1d18 xspy!SpyCreate+0x590 [d:\ddk\driverdevlopstudio\xspysln\create.c @ 494]
f7e5eb3c 805b465e 81ac5c00 00000000 816af968 nt!IoBuildPartialMdl+0xed
f7e5ebc4 805b0b3f 00000000 f7e5ec04 00000040 nt!NtDuplicateObject+0x146e
f7e5ec18 8056b133 00000000 00000000 6beea001 nt!ObOpenObjectByName+0xeb
f7e5ec94 8056baaa 0007fe0c 80100080 0007fdac nt!IoCreateDevice+0x753
f7e5ecf0 8056e17c 0007fe0c 80100080 0007fdac nt!IoCreateFile+0x8e
f7e5ed30 8053d808 0007fe0c 80100080 0007fdac nt!NtCreateFile+0x30
f7e5ed64 7c92eb94 badb0d00 0007fd74 ff000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f7e5ed68 badb0d00 0007fd74 ff000000 e8530c75 ntdll!ZwSetDefaultHardErrorPort+0xc
f7e5ed70 ff000000 e8530c75 00000000 00000000 0xbadb0d00
f7e5ed74 e8530c75 00000000 00000000 00000000 0xff000000
f7e5ed78 00000000 00000000 00000000 00000000 0xe8530c75


STACK_COMMAND:  kb

FOLLOWUP_IP:
xspy!SpyCreate+10b [d:\ddk\driverdevlopstudio\xspysln\create.c @ 264]
f747b03b 8945ec          mov     dword ptr [ebp-14h],eax

FAULTING_SOURCE_CODE:  
   260:     }
   261: else if ( DevExt->IsShadowDeviceObject )
   262:     {
   263:     FsRtlExitFileSystem();
>  264:     Status = SpyPassThrough(DevExt->SourceDeviceObject, Irp);
   265:     }
   266:
   267: else
   268:     {
   269:


SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  xspy!SpyCreate+10b

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  xspy.sys

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------