寒江独钓中键盘过滤驱动，关机引发访问违例。

win7  32bit 下，
加载驱动后，先不unload驱动。
关机， 引发连续的异常。 找不出头绪。 不知道大家有没有遇到过。 望大家帮助。

驱动卸载是正常的。

Access violation - code c0000005 (!!! second chance !!!)
kbdclass!KeyboardClassDeviceControl+0x1a5:
8c258dc7 0fb730          movzx   esi,word ptr [eax]
1: kd> kb
ChildEBP RetAddr  Args to Child              
891aead4 82c834bc 85573608 8478ced4 84656830 kbdclass!KeyboardClassDeviceControl+0x1a5
891aeaec 9191e176 846568e8 891aeb10 82c834bc nt!IofCallDriver+0x63
891aeaf8 82c834bc 84656830 8478cdf8 8478cdf8 kbdfilt!GeneralDispatch+0x76 [h:\kbdfilt\kbdfilt.c @ 114]
891aeb10 82e84eee 85e48b88 8478cdf8 8478ced4 nt!IofCallDriver+0x63
891aeb30 82ea1cd1 84656830 85e48b88 00000000 nt!IopSynchronousServiceTail+0x1f8
891aebcc 82ea44ac 84656830 8478cdf8 00000000 nt!IopXxxControlFile+0x6aa
891aec00 82c8a42a 000000cc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
891aec00 82c88201 000000cc 00000000 00000000 nt!KiFastCallEntry+0x12a
891aeca0 91ae82ee 000000cc 00000000 00000000 nt!ZwDeviceIoControlFile+0x11
891aed04 91ae8586 00000004 00000002 890f1400 win32k!RawInputThread+0x4d1
891aed18 91bac2c8 00000004 0027fe88 891aed34 win32k!xxxCreateSystemThreads+0x4a
891aed28 82c8a42a 00000004 0027fec8 770164f4 win32k!NtUserCallNoParam+0x1b
891aed28 770164f4 00000004 0027fec8 770164f4 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0027fec8 7702b3c8 75143176 00000000 00000000 0x770164f4
0027fee0 00000000 75143176 00000000 00000000 0x7702b3c8
1: kd> ~0
0: kd> k
ChildEBP RetAddr  
8078ad88 86efb0e8 ataport!IdeLogCrbActive+0xa5
8078adac 86ec5074 ataport!IdeStartIoCallBack+0x5c
8078adb8 82c14a2e PCIIDEX!BmReceiveScatterGatherList+0x1e
8078ade4 86ec5199 hal!HalBuildScatterGatherList+0x1ba
8078ae20 86efab46 PCIIDEX!BmSetup+0x3d
8078ae3c 86efb041 ataport!IdePortSetupScatterGatherList+0x2a
8078ae54 86ef9a12 ataport!IdeDispatchChannelRequest+0x59
8078ae6c 86ef9c6a ataport!IdeStartChannelRequest+0x42
8078ae80 86efb2a0 ataport!IdeStartNextDeviceRequest+0x22
8078aef4 86efb66b ataport!IdeProcessCompletedRequests+0xd8
8078af48 82caf3b5 ataport!IdePortCompletionDpc+0xab
8078afa4 82caf218 nt!KiExecuteAllDpcs+0xf9
8078aff4 82cae9dc nt!KiRetireDpcList+0xd5
8078aff8 8d293520 nt!KiDispatchInterrupt+0x2c
WARNING: Frame IP not in any known module. Following frames may be wrong.
82cae9dc 00000000 0x8d293520
0: kd> ~1
Access violation - code c0000005 (!!! second chance !!!)
1: kd> u
kbdclass!KeyboardClassDeviceControl+0x1a5:
8c258dc7 0fb730          movzx   esi,word ptr [eax]
8c258dca 8b07            mov     eax,dword ptr [edi]
8c258dcc 3b4704          cmp     eax,dword ptr [edi+4]
8c258dcf 740d            je      kbdclass!KeyboardClassDeviceControl+0x1bc (8c258dde)
8c258dd1 bebb0000c0      mov     esi,0C00000BBh
8c258dd6 897318          mov     dword ptr [ebx+18h],esi
8c258dd9 e906ffffff      jmp     kbdclass!KeyboardClassDeviceControl+0xc2 (8c258ce4)
8c258dde 3b3d8070258c    cmp     edi,dword ptr [kbdclass!Globals (8c257080)]
1: kd> r
eax=00000000 ebx=8478cdf8 ecx=000b0080 edx=8478ced4 esi=00000000 edi=855736c0
eip=8c258dc7 esp=891aeab4 ebp=891aead4 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
kbdclass!KeyboardClassDeviceControl+0x1a5:
8c258dc7 0fb730          movzx   esi,word ptr [eax]       ds:0023:00000000=????
1: kd> !thread
THREAD 85e21d48  Cid 019c.0234  Teb: 7ffd9000 Win32Thread: ffac1008 RUNNING on processor 1
IRP List:
    8478cdf8: (0006,0100) Flags: 00060000  Mdl: 00000000
    846ece00: (0006,01fc) Flags: 00060970  Mdl: 00000000
    85b1ac30: (0006,0100) Flags: 00060970  Mdl: 00000000
Not impersonating
DeviceMap                 87e050a8
Owning Process            85d8d030       Image:         csrss.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      59365          Ticks: 65 (0:00:00:01.014)
Context Switch Count      2704            
UserTime                  00:00:00.000
KernelTime                00:00:00.015
Win32 Start Address 0x75143176
Stack Init 891aefd0 Current 891aeab8 Base 891af000 Limit 891ac000 Call 0
Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr  Args to Child              
891aead4 82c834bc 85573608 8478ced4 84656830 kbdclass!KeyboardClassDeviceControl+0x1a5 (FPO: [2,5,4])
891aeaec 9191e176 846568e8 891aeb10 82c834bc nt!IofCallDriver+0x63
891aeaf8 82c834bc 84656830 8478cdf8 8478cdf8 kbdfilt!GeneralDispatch+0x76 (FPO: [Non-Fpo]) (CONV: stdcall) [h:\kbdfilt\kbdfilt.c @ 114]
891aeb10 82e84eee 85e48b88 8478cdf8 8478ced4 nt!IofCallDriver+0x63
891aeb30 82ea1cd1 84656830 85e48b88 00000000 nt!IopSynchronousServiceTail+0x1f8
891aebcc 82ea44ac 84656830 8478cdf8 00000000 nt!IopXxxControlFile+0x6aa
891aec00 82c8a42a 000000cc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
891aec00 82c88201 000000cc 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 891aec30)
891aeca0 91ae82ee 000000cc 00000000 00000000 nt!ZwDeviceIoControlFile+0x11 (FPO: [10,0,0])
891aed04 91ae8586 00000004 00000002 890f1400 win32k!RawInputThread+0x4d1 (FPO: [1,10,4])
891aed18 91bac2c8 00000004 0027fe88 891aed34 win32k!xxxCreateSystemThreads+0x4a (FPO: [0,2,0])
891aed28 82c8a42a 00000004 0027fec8 770164f4 win32k!NtUserCallNoParam+0x1b (FPO: [1,0,0])
891aed28 770164f4 00000004 0027fec8 770164f4 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 891aed34)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0027fec8 7702b3c8 75143176 00000000 00000000 0x770164f4
0027fee0 00000000 75143176 00000000 00000000 0x7702b3c8