透明加密驱动兼容性问题，求助！！

写了个minifilter的透明加密，最近做兼容性测试，在xp sp2上，卡巴、AVAST、瑞星、诺顿都是正常的，但NOD32老是蓝屏，发上dump信息，高手们帮忙看看：

我在postcleanup里加入加密标识，使用fltcreatefile函数打开文件，初步看dump信息好像是fltcreatefile进了多次，导致栈溢出而蓝屏

dump信息：
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------




BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  WINWORD.EXE

LAST_CONTROL_TRANSFER:  from 805422d5 to 8053bdea

STACK_TEXT:  
a74ea328 805422d5 a74ea344 00000000 a74ea398 nt!MmDbgCopyMemory+0x229
a74ea398 805320dd badb0d00 0000005d a74ea5cc nt!RtlpTraceDatabaseInitializeLock+0x2e
a74ea420 80532128 00000001 a74ea474 0000005d nt!IopCheckUnloadDriver+0x84
a74ea43c 8052b93f a74ea45c ffffffff 00000000 nt!IopUnloadDriver+0x2a
a74ea690 8052bad4 8052bab4 ffffffff 00000000 nt!`string'+0xab
a74ea6ac a7c87129 a7c8a080 e1108c88 89cd3d00 nt!`string'+0x19c
a74ea734 b9dd6ef3 89cd3d5c a74ea758 00000000 ZjuSci!SciPostCleanup+0xd9 [e:\project\trans-encrypt\filter\zjusci.c @ 1637]
a74ea79c b9dd9338 00cd3d00 893ecfb7 89cd3d00 fltMgr!FltpPerformPostCallbacks+0x117
a74ea7b0 b9dd9867 89cd3d00 893ece00 a74ea7f0 fltMgr!FltpPassThroughInternal+0x18
a74ea7c0 804f25b6 8844ab40 893ece00 89cd3d00 fltMgr!FltpNoFilterCallbackCompletion+0x45
a74ea7f0 b9d206bb e3ed1988 89cfe100 a74eaa10 nt!ExAcquireResourceSharedLite+0xb8
a74ea800 b9d45a9d a74eaa2c 893ece00 00000000 Ntfs!NtfsCompleteRequest+0x3
a74eaa10 b9d45b4d a74eaa2c 893ece00 89d21870 Ntfs!NtfsCommonCleanup+0x1bf4
a74eab88 804f0095 89cfe020 893ece00 893ece00 Ntfs!NtfsCommonCleanup+0x20e6
a74eabc4 804f0095 89d21870 893ece00 89db8ca8 nt!MiCheckControlArea+0x103
a74eabe4 804f0095 89cffdd0 893ece00 a7b25ce0 nt!MiCheckControlArea+0x103
a74eac34 804f0095 00465988 003ece00 893ece00 nt!MiCheckControlArea+0x103
a74eac68 b9dda06b a74eac88 8844ab40 00000000 nt!MiCheckControlArea+0x103
a74eaca0 804f0095 8844ab40 893ece00 893ece00 fltMgr!FltpFsRtlCompletionRoutine+0x1
a74eace0 805bc459 883d7da0 8844ab40 00100001 nt!MiCheckControlArea+0x103
a74ead10 805bbdab 883d7da0 014e8750 89e51ca0 nt!CmpCheckValueList+0x113
a74ead38 805bbe49 e3e3faa8 884e8768 0000037c nt!MiCalculatePageCommitment+0x164
a74ead80 805bbf81 0000037c 00000000 00000000 nt!NtFreeVirtualMemory+0x3d3
a74ead94 8054186c 0000037c a74eae60 80500459 nt!MiSessionRemoveImage+0x28
a74eada0 80500459 badb0d00 a74eae18 00000000 nt!RtlIpv4StringToAddressExA+0x149
a74eae60 a7ab2c49 01000017 88514608 000009ac nt!RtlpStatusTable+0x1f1
WARNING: Stack unwind information not available. Following frames may be wrong.
a74eae78 a7ab12c7 88514608 00000000 00000000 amon+0x5c49
a74eaec4 804f0095 89465988 88514890 88514890 amon+0x42c7
a74eaf04 804f0095 8844ab40 88514890 88514890 nt!MiCheckControlArea+0x103
a74eaff4 805bedc0 89dafa68 00000000 883ce410 nt!MiCheckControlArea+0x103
a74eb06c 805bb448 00000000 a74eb0ac 00000240 nt!NtCreatePagingFile+0x4ed
a74eb0c0 80575ec1 00000000 00000000 4f725300 nt!CcPfParametersRead+0x14d
a74eb13c 805768ad a74eb318 00000001 a74eb2f0 nt!FsRtlIsNameInExpressionPrivate+0x4b
a74eb184 b9de8255 a74eb318 00000001 a74eb2f0 nt!HvMarkDirty+0x1e1
a74eb230 b9de86b2 8844c2a8 89ccb3d8 a74eb318 fltMgr!FltUntagFile+0x81
a74eb274 a7c871b7 8844c2a8 89ccb3d8 a74eb318 fltMgr!IssueControlOperation+0x21c
a74eb32c b9dd6ef3 89cce9bc a74eb350 00000000 ZjuSci!SciPostCleanup+0x167 [e:\project\trans-encrypt\filter\zjusci.c @ 1660]
a74eb394 b9dd9338 00cce960 88514c4f 89cce960 fltMgr!FltpPerformPostCallbacks+0x117
a74eb3a8 b9dd9867 89cce960 88514a98 a74eb3e8 fltMgr!FltpPassThroughInternal+0x18
a74eb3b8 804f25b6 8844ab40 88514a98 89cce960 fltMgr!FltpNoFilterCallbackCompletion+0x45
a74eb3e8 b9d206bb e3ed1988 89cfe100 a74eb608 nt!ExAcquireResourceSharedLite+0xb8
a74eb3f8 b9d45a9d a74eb624 88514a98 00000000 Ntfs!NtfsCompleteRequest+0x3
a74eb608 b9d45b4d a74eb624 88514a98 89d21870 Ntfs!NtfsCommonCleanup+0x1bf4
a74eb780 804f0095 89cfe020 88514a98 88514a98 Ntfs!NtfsCommonCleanup+0x20e6
a74eb7bc 804f0095 89d21870 88514a98 89db8ca8 nt!MiCheckControlArea+0x103
a74eb7dc 804f0095 89cffdd0 88514a98 a7b25ce0 nt!MiCheckControlArea+0x103
a74eb82c 804f0095 00465988 00514a98 88514a98 nt!MiCheckControlArea+0x103
a74eb860 b9dda06b a74eb880 8844ab40 00000000 nt!MiCheckControlArea+0x103
a74eb898 804f0095 8844ab40 88514a98 88514a98 fltMgr!FltpFsRtlCompletionRoutine+0x1
a74eb8d8 805bc459 883d7da0 8844ab40 00100001 nt!MiCheckControlArea+0x103
a74eb908 805bbdab 883d7da0 01ce7180 89e51ca0 nt!CmpCheckValueList+0x113
a74eb930 805bbe49 e3e3faa8 89ce7198 0000037c nt!MiCalculatePageCommitment+0x164
a74eb978 805bbf81 0000037c 00000000 00000000 nt!NtFreeVirtualMemory+0x3d3
a74eb98c 8054186c 0000037c a74eba58 80500459 nt!MiSessionRemoveImage+0x28
a74eb998 80500459 badb0d00 a74eba10 00000000 nt!RtlIpv4StringToAddressExA+0x149
a74eba58 a7ab2c49 01000017 893e2b78 000009ac nt!RtlpStatusTable+0x1f1
a74eba70 a7ab12c7 893e2b78 00000000 00000000 amon+0x5c49
a74ebabc 804f0095 89465988 893e2e00 893e2e00 amon+0x42c7
a74ebafc 804f0095 8844ab40 893e2e00 893e2e00 nt!MiCheckControlArea+0x103
a74ebbec 805bedc0 89dafa68 00000000 887b1580 nt!MiCheckControlArea+0x103
a74ebc64 805bb448 00000000 a74ebca4 00000240 nt!NtCreatePagingFile+0x4ed
a74ebcb8 80575ec1 00000000 00000000 4f725300 nt!CcPfParametersRead+0x14d
a74ebd34 805768ad a74ebf10 00000001 a74ebee8 nt!FsRtlIsNameInExpressionPrivate+0x4b
a74ebd7c b9de8255 a74ebf10 00000001 a74ebee8 nt!HvMarkDirty+0x1e1
a74ebe28 b9de86b2 8844c2a8 89ccb3d8 a74ebf10 fltMgr!FltUntagFile+0x81
a74ebe6c a7c871b7 8844c2a8 89ccb3d8 a74ebf10 fltMgr!IssueControlOperation+0x21c
a74ebf24 b9dd6ef3 884d192c a74ebf48 00000000 ZjuSci!SciPostCleanup+0x167 [e:\project\trans-encrypt\filter\zjusci.c @ 1660]
a74ebf8c b9dd9338 004d18d0 8946371f 884d18d0 fltMgr!FltpPerformPostCallbacks+0x117
a74ebfa0 b9dd9867 884d18d0 89463568 a74ebfe0 fltMgr!FltpPassThroughInternal+0x18
a74ebfb0 804f25b6 8844ab40 89463568 884d18d0 fltMgr!FltpNoFilterCallbackCompletion+0x45
a74ebfe0 b9d206bb e3ed1988 89cfe100 a74ec200 nt!ExAcquireResourceSharedLite+0xb8
a74ebff0 b9d45a9d a74ec21c 89463568 00000000 Ntfs!NtfsCompleteRequest+0x3
a74ec200 b9d45b4d a74ec21c 89463568 89d21870 Ntfs!NtfsCommonCleanup+0x1bf4
a74ec378 804f0095 89cfe020 89463568 89463568 Ntfs!NtfsCommonCleanup+0x20e6
a74ec3b4 804f0095 89d21870 89463568 89db8ca8 nt!MiCheckControlArea+0x103


STACK_COMMAND:  kb

FOLLOWUP_IP:
ZjuSci!SciPostCleanup+d9 [e:\project\trans-encrypt\filter\zjusci.c @ 1637]
a7c87129 83c408          add     esp,8

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  ZjuSci!SciPostCleanup+d9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ZjuSci

IMAGE_NAME:  ZjuSci.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  480dd0f0

FAILURE_BUCKET_ID:  0x7f_8_ZjuSci!SciPostCleanup+d9

BUCKET_ID:  0x7f_8_ZjuSci!SciPostCleanup+d9

Followup: MachineOwner
---------

zjusci.c文件1637行附近代码为：

1635行：    if ( streamContext != NULL ) {

        LOG_PRINT( LOGFL_ERRORS,("zjuSci: SciPostCleanup -> Ready to check EncFlag, file:%wZ\n",&streamContext->FileName) );
        if( streamContext->BeEdited == TRUE ) {
            LOG_PRINT( LOGFL_ERRORS,("zjuSci: SciPostCleanup -> file be edited, file:%wZ\n",&streamContext->FileName) );
            InitializeObjectAttributes(&ObjectAttributes,
                                    &streamContext->FileName,
                                    OBJ_KERNEL_HANDLE,
                                    NULL,
                                    NULL
                                    );

            status = FltCreateFile( Globals.Filter,
                                      FltObjects->Instance,
                                      &Handle,
                                      FILE_READ_DATA,
                                      &ObjectAttributes,
                                      &IoStatus,
                                      NULL,
                                      FILE_ATTRIBUTE_NORMAL,
                                      FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
                                      FILE_OPEN,
                                      FILE_NON_DIRECTORY_FILE,//|FILE_NO_INTERMEDIATE_BUFFERING,
                                      NULL,
                                      0,
1660行：                    IO_IGNORE_SHARE_ACCESS_CHECK);
            if (!NT_SUCCESS( status )) {
    
                LOG_PRINT( LOGFL_ERRORS,
                            ("zjuSci: SciPostCleanup -> Failed to FltCreateFile: FILE_READ_DATA\n") );
                goto SciPostCleanupCleanup;
            }

发现卡巴斯基的KIS正常，但使用KAV时，装载驱动时系统不蓝屏，但会挂起，有人遇到过这种情况吗？

已解决

哥们,有没有测试 vista系统啊. 我用FltCreateFile在 xp上正常.在 vista上死锁.

引用第2楼skh2006于2008-04-29 22:57发表的  :
已解决

既然解决了，
把原因和解决方法公布出来啊！

省得后人走弯路喽！

估计是streamContext的参数在安装NOD32后发生了变化......