关于Shadowdevice在IRP_MJ_CLOSE调整用zwcreatfile结果UNEXPECTED_KERNEL_MODE_TRAP请高手指点

使用Shadowdevice解决重入问题

用一个函数读一个文件
在IRP_MJ_CREATE读没有问题

而在IRP_MJ_CLOSE读就出问题
错误为UNEXPECTED_KERNEL_MODE_TRAP

分析可能是堆益出

我减少了堆栈中分配的内存还是一样错误
想问一下高手是不是在IRP_MJ_CLOSE中重入了导至UNEXPECTED_KERNEL_MODE_TRAP错误
如果是这样怎样避免

错误信息是
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000


LAST_CONTROL_TRANSFER:  from f9e6586e to f9e655c3

STACK_TEXT:  
f7cde028 f9e6586e f9e65d20 00000001 00000000 kdcom!CpReadLsr+0x6
f7cde044 f9e65994 f9e65d20 f7cde06a 00000001 kdcom!CpGetByte+0x5e
f7cde054 f9e65e32 f7cde06a f7cde100 00000000 kdcom!KdCompGetByte+0x10
f7cde06c f9e65f8f 00000004 f7cde08c 805525c8 kdcom!KdCompReceivePacketLeader+0x16
f7cde09c f9e6628f 00000004 00000000 00000000 kdcom!KdReceivePacket+0x43
f7cde0d4 8066017d 00000003 f7cde100 f7cde108 kdcom!KdSendPacket+0xdd
f7cde110 8065fe9f 00000029 8052e883 f7cde26c nt!KdpPrintString+0x89
f7cde150 8065fd5f ffffffff 00000000 f7cde6a0 nt!KdpPrint+0xd5
f7cde188 804fd8b7 f7cde5c4 00000000 f7cde570 nt!KdpTrap+0xd9
f7cde554 8053e471 f7cde570 00000000 f7cde5c4 nt!KiDispatchException+0x129
f7cde5bc 8053eb81 f7cde64c 8052e883 badb0d00 nt!CommonDispatchException+0x4d
f7cde5bc 8052e884 f7cde64c 8052e883 badb0d00 nt!KiTrap03+0xad
f7cde64c 8052e8ce 00000001 f7cde6a0 00000029 nt!DebugService+0x1c
f7cde668 805280d3 f7cde688 ffffffff 00000000 nt!DebugPrint+0x1c
f7cde8bc 80528268 80528248 ffffffff 00000000 nt!vDbgPrintExWithPrefix+0x101
f7cde8d8 f96d1c22 f96d10e4 819bfb50 81b3aa80 nt!DbgPrint+0x1a
f7cde9c0 804eefe3 81af1608 819bfb40 819bfb40 Sfilter!SfCreate+0x192 [d:\ing\fesb41\sfilter\sfilter.c @ 1501]
f7cde9d0 80578672 81af15f0 817f8b84 f7cdeb78 nt!IopfCallDriver+0x31
f7cdeab0 805b490a 81af1608 00000000 817f8ae0 nt!IopParseDevice+0xa12
f7cdeb38 805b0deb 00000000 f7cdeb78 00000240 nt!ObpLookupObjectName+0x56a
f7cdeb8c 8056b3b1 00000000 00000000 6d2d7100 nt!ObOpenObjectByName+0xeb
f7cdec08 8056bd28 f7cdf224 80000000 f7cdf1ac nt!IopCreateFile+0x407
f7cdec64 8056e3fa f7cdf224 80000000 f7cdf1ac nt!IoCreateFile+0x8e
f7cdeca4 8053da28 f7cdf224 80000000 f7cdf1ac nt!NtCreateFile+0x30
f7cdeca4 804fe735 f7cdf224 80000000 f7cdf1ac nt!KiFastCallEntry+0xf8
f7cded48 f96cde01 f7cdf224 80000000 f7cdf1ac nt!ZwCreateFile+0x11
f7cdf244 f96ce990 e189b390 f7cdf274 00000010 Sfilter!sfReadEncryptKeyForShadow+0x241 [d:\ing\fesb41\sfilter\addfilehead.c @ 226]
f7cdf2b8 f96d8e1c e189b390 f7cdf30d 81a08020 Sfilter!sfIsHaveMyHead+0x50 [d:\ing\fesb41\sfilter\addfilehead.c @ 1043]
f7cdf380 804eefe3 81a39020 817f91b0 817f91b0 Sfilter!SfClose+0x34c [d:\ing\fesb41\sfilter\sfilter.c @ 7080]
f7cdf390 80578f46 8181a728 00000000 00000000 nt!IopfCallDriver+0x31
f7cdf3c8 805b080f 0081a740 8181a728 00000000 nt!IopDeleteFile+0x132
f7cdf3e4 8052301d 8181a740 00000000 000004c4 nt!ObpRemoveObjectRoutine+0xdf
f7cdf408 805b180f 81bbd490 e1001c80 8199b720 nt!ObfDereferenceObject+0x5f
f7cdf420 805b18a5 e1001c80 8181a740 000004c4 nt!ObpCloseHandleTableEntry+0x155
f7cdf468 805b19dd 000004c4 00000000 00000000 nt!ObpCloseHandle+0x87
f7cdf47c 8053da28 800004c4 f7cdf9cc 804fe645 nt!NtClose+0x1d
f7cdf47c 804fe645 800004c4 f7cdf9cc 804fe645 nt!KiFastCallEntry+0xf8
f7cdf4f8 f96cdf99 800004c4 817f9358 81b3aa80 nt!ZwClose+0x11
f7cdf9cc f96ce990 e107a008 f7cdf9fc 00000010 Sfilter!sfReadEncryptKeyForShadow+0x3d9 [d:\ing\fesb41\sfilter\addfilehead.c @ 290]
f7cdfa40 f96d8e1c e107a008 f7cdfa95 81a08020 Sfilter!sfIsHaveMyHead+0x50 [d:\ing\fesb41\sfilter\addfilehead.c @ 1043]
f7cdfb08 804eefe3 81a39020 817f9348 817f9348 Sfilter!SfClose+0x34c [d:\ing\fesb41\sfilter\sfilter.c @ 7080]
f7cdfb18 80578f46 818896e0 00000000 00000000 nt!IopfCallDriver+0x31
f7cdfb50 805b080f 008896f8 818896e0 00000000 nt!IopDeleteFile+0x132
f7cdfb6c 8052301d 818896f8 00000000 000004c4 nt!ObpRemoveObjectRoutine+0xdf
f7cdfb90 805b180f 81bbd490 e1001c80 8199b720 nt!ObfDereferenceObject+0x5f
f7cdfba8 805b18a5 e1001c80 818896f8 000004c4 nt!ObpCloseHandleTableEntry+0x155
f7cdfbf0 805b19dd 000004c4 00000000 00000000 nt!ObpCloseHandle+0x87
f7cdfc04 8053da28 800004c4 f7ce0154 804fe645 nt!NtClose+0x1d
f7cdfc04 804fe645 800004c4 f7ce0154 804fe645 nt!KiFastCallEntry+0xf8
f7cdfc80 f96cdf99 800004c4 8180a018 81b3aa80 nt!ZwClose+0x11
f7ce0154 f96ce990 e1059c00 f7ce0184 00000010 Sfilter!sfReadEncryptKeyForShadow+0x3d9 [d:\ing\fesb41\sfilter\addfilehead.c @ 290]
f7ce01c8 f96d8e1c e1059c00 f7ce021d 81a08020 Sfilter!sfIsHaveMyHead+0x50 [d:\ing\fesb41\sfilter\addfilehead.c @ 1043]
f7ce0290 804eefe3 81a39020 8180a008 8180a008 Sfilter!SfClose+0x34c [d:\ing\fesb41\sfilter\sfilter.c @ 7080]
f7ce02a0 80578f46 819e1010 00000000 00000000 nt!IopfCallDriver+0x31
f7ce02d8 805b080f 009e1028 819e1010 00000000 nt!IopDeleteFile+0x132
f7ce02f4 8052301d 819e1028 00000000 000004c4 nt!ObpRemoveObjectRoutine+0xdf
f7ce0318 805b180f 8191e288 e1001c80 8199b720 nt!ObfDereferenceObject+0x5f
f7ce0330 805b18a5 e1001c80 819e1028 000004c4 nt!ObpCloseHandleTableEntry+0x155
f7ce0378 805b19dd 000004c4 00000000 00000000 nt!ObpCloseHandle+0x87
f7ce038c 8053da28 800004c4 f7ce08dc 804fe645 nt!NtClose+0x1d
f7ce038c 804fe645 800004c4 f7ce08dc 804fe645 nt!KiFastCallEntry+0xf8
f7ce0408 f96cdf99 800004c4 817fa4ac 817fa4d0 nt!ZwClose+0x11
f7ce08dc f96ce990 e1079040 f7ce090c 00000010 Sfilter!sfReadEncryptKeyForShadow+0x3d9 [d:\ing\fesb41\sfilter\addfilehead.c @ 290]
f7ce0950 f96d2434 e1079040 f7ce0a07 81a08020 Sfilter!sfIsHaveMyHead+0x50 [d:\ing\fesb41\sfilter\addfilehead.c @ 1043]
f7ce0a4c 804eefe3 81a39020 817fa348 817fa348 Sfilter!SfCreate+0x9a4 [d:\ing\fesb41\sfilter\sfilter.c @ 1848]
f7ce0a5c 80578672 81b3c980 81809dfc f7ce0c04 nt!IopfCallDriver+0x31
f7ce0b3c 805b490a 81b3c998 00000000 81809d58 nt!IopParseDevice+0xa12
f7ce0bc4 805b0deb 00000000 f7ce0c04 00000040 nt!ObpLookupObjectName+0x56a
f7ce0c18 8056b3b1 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
f7ce0c94 8056bd28 091af80c 80100080 091af7ac nt!IopCreateFile+0x407
f7ce0cf0 8056e3fa 091af80c 80100080 091af7ac nt!IoCreateFile+0x8e
f7ce0d30 8053da28 091af80c 80100080 091af7ac nt!NtCreateFile+0x30
f7ce0d30 7c92eb94 091af80c 80100080 091af7ac nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
091af804 00000000 00000000 00000000 00000000 0x7c92eb94


STACK_COMMAND:  .tss 0x28 ; kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntkrnlpa.exe - file not found
DBGHELP: ntkrnlpa.exe not found in C:\WINDOWS\Symbols
DBGHELP: d:\DebugSymbols\ntkrnlpa.exe\45E53F9C1f6400\ntkrnlpa.exe - OK
    805022a0-805022a3  4 bytes - nt!KiServiceTable+a4
    [ 86 9e 61 80:a3 58 da f7 ]
    805022f8-805022fb  4 bytes - nt!KiServiceTable+fc (+0x58)
    [ 16 a3 61 80:d5 58 da f7 ]
    80502300-80502303  4 bytes - nt!KiServiceTable+104 (+0x08)
    [ e6 a4 61 80:bc 58 da f7 ]
    805023e4-805023e7  4 bytes - nt!KiServiceTable+1e8 (+0xe4)
    [ 1e 0e 5c 80:71 58 da f7 ]
    805025d8-805025db  4 bytes - nt!KiServiceTable+3dc (+0x1f4)
    [ 46 85 61 80:8a 58 da f7 ]
    8053da1e-8053da23  6 bytes - nt!KiFastCallEntry+ee (+0x3b446)
    [ 0f 83 a8 01 00 00:e9 41 79 81 77 c3 ]
26 errors : !nt (805022a0-8053da23)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

BUCKET_ID:  MEMORY_CORRUPTION_LARGE

Followup: memory_corruption

自己给自己顶一下希望高人出现