中断级别出现问题

NTSTATUS SfFsControlMountVolumeComplete(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PDEVICE_OBJECT NewDeviceObject)
{
   PVPB               vpb;
   PDEVICE_EXTENSION  newDevExt;
   PIO_STACK_LOCATION irpSp;
   PDEVICE_OBJECT     attachedDeviceObject;
   NTSTATUS           status=STATUS_UNSUCCESSFUL;
  
   PAGED_CODE();
  
   newDevExt = NewDeviceObject->DeviceExtension;
   irpSp = IoGetCurrentIrpStackLocation( Irp );
   vpb = newDevExt->PhysicDevice->Vpb;
   if(vpb != irpSp->Parameters.MountVolume.Vpb)
   {
     if(NT_SUCCESS( Irp->IoStatus.Status ))
     {
       ExAcquireFastMutex( &gSfilterAttachLock );
       if (!SfIsAttachedToDevice( vpb->DeviceObject, &attachedDeviceObject ))
       {
          status = SfAttachToMountedDevice( vpb->DeviceObject,  NewDeviceObject );
          if (!NT_SUCCESS( status ))
          {
            SfCleanupMountedDevice( NewDeviceObject );
            IoDeleteDevice( newDeviceObject );
          }
          ASSERT( NULL == attachedDeviceObject );
       }
       else
       {
          SfGetObjectName(((PDEVICE_EXTENSION)attachedDeviceObject->DeviceExtension)->AttachedToDevice,&(newDevExt->DeviceName));
          SfCleanupMountedDevice( NewDeviceObject );
          IoDeleteDevice( newDeviceObject );
          ObDereferenceObject( attachedDeviceObject );
       }
       ExReleaseFastMutex( &gSfilterAttachLock );
     }  
   }
   else
   {
     SfCleanupMountedDevice( NewDeviceObject );
     IoDeleteDevice( newDeviceObject );
   }
   IoCompleteRequest( Irp, IO_NO_INCREMENT );
   return status;
}

系统运行到这个函数出现这个错误irql_not_less_or_equal

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 006c0079, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80524f7e, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  006c0079

CURRENT_IRQL:  2

FAULTING_IP:
nt!PoRegisterDeviceForIdleDetection+38
80524f7e 393f            cmp     dword ptr [edi],edi

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  bacef7e8 -- (.trap 0xffffffffbacef7e8)
ErrCode = 00000000
eax=8690bfd0 ebx=8055ac08 ecx=8055ac08 edx=00000000 esi=006c0069 edi=006c0079
eip=80524f7e esp=bacef85c ebp=bacef86c iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!PoRegisterDeviceForIdleDetection+0x38:
80524f7e 393f            cmp     dword ptr [edi],edi  ds:0023:006c0079=????????
Resetting default scope


然后Wndbg定位到  IoDeleteDevice( newDeviceObject );出现问题

但是我函数中有  PAGED_CODE(); 它将中断级别限制在0  而且我打出当前的中断级别也是0  
所以不会是IRQL过高的问题

哪位兄弟熟悉  帮我看看啊

You'd better post full crash dump here.

PAGED_CODE macro cannot prevent IRQL to be raised later in the function. Your crash dump clearly specifies that the IRQL was at DISPATCH_LEVEL when your driver failed. I think your driver has memory corruption issue. You'd better enable Driver Verifier.

The Crash bump file is :

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Administrator\桌面\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

WARNING: Path element is empty
Symbol search path is: C:\WINDDK\MySymbles;C:\WINDOWS\symbols\dll;C:\WINDOWS\system32\drivers;;C:\WINDDK\sfilter\objchk\i386
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x80554fc0
Debug session time: Thu Jun 11 13:37:18.718 2009 (GMT+8)
System Uptime: 0 days 0:00:31.328
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd600c).  Type ".hh dbgerr001" for details
Loading unloaded module list
...
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {760075, 2, 0, 80524f7e}

PEB is paged out (Peb.Ldr = 7ffd600c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd600c).  Type ".hh dbgerr001" for details
Probably caused by : Sfilter.sys ( Sfilter!SfFsControlMountVolumeComplete+1b2 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00760075, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80524f7e, address which referenced memory

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffd600c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd600c).  Type ".hh dbgerr001" for details

READ_ADDRESS:  00760075

CURRENT_IRQL:  2

FAULTING_IP:
nt!PoRegisterDeviceForIdleDetection+38
80524f7e 393f            cmp     dword ptr [edi],edi

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  explorer.exe

TRAP_FRAME:  bab06f30 -- (.trap 0xffffffffbab06f30)
ErrCode = 00000000
eax=8669bfd0 ebx=8055ac08 ecx=8055ac08 edx=00000000 esi=00760065 edi=00760075
eip=80524f7e esp=bab06fa4 ebp=bab06fb4 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!PoRegisterDeviceForIdleDetection+0x38:
80524f7e 393f            cmp     dword ptr [edi],edi  ds:0023:00760075=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 80524f7e to 80541683

STACK_TEXT:  
bab06f30 80524f7e badb0d00 00000000 86ae6e78 nt!KiTrap0E+0x233
bab06fb4 80649d0e 8669bf10 00000000 00000000 nt!PoRegisterDeviceForIdleDetection+0x38
bab06fd8 804f1915 8669bf10 86786338 bab0700c nt!PoRunDownDeviceObject+0x1c
bab06fe8 ba4b58f8 8669bf10 867861b0 8678631c nt!IoDeleteDevice+0x4d
bab0700c ba4b528f 86ae61e0 867861b0 8669bf10 Sfilter!SfFsControlMountVolumeComplete+0x1b2 [c:\winddk\sfilter\sfilter.c @ 627]
bab07084 ba4b4c66 86ae61e0 867861b0 86a54da8 Sfilter!SfFsControlMountVolume+0x326 [c:\winddk\sfilter\sfilter.c @ 506]
bab070b4 804ef119 86ae61e0 867861b0 867861b0 Sfilter!SfFsControl+0x13b [c:\winddk\sfilter\sfilter.c @ 421]
bab070c4 80577fd7 bab07214 806d3298 869eddc0 nt!IopfCallDriver+0x31
bab07114 804f5345 c000014f bab07200 00000000 nt!IopMountVolume+0x1b9
bab07144 80578fdc bab07378 869eddc0 bab07278 nt!IopCheckVpbMounted+0x5b
bab07234 805b5cbc 869eddc0 00000000 86adff30 nt!IopParseDevice+0x3d8
bab072bc 805b2065 00000000 bab072fc 00000040 nt!ObpLookupObjectName+0x56a
bab07310 8056d1bf 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
bab07494 8053e638 00e6eea4 00e6ee7c 00e6eed0 nt!NtQueryAttributesFile+0xf1
bab07494 7c92e4f4 00e6eea4 00e6ee7c 00e6eed0 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e6eed0 00000000 00000000 00000000 00000000 0x7c92e4f4


STACK_COMMAND:  kb

FOLLOWUP_IP:
Sfilter!SfFsControlMountVolumeComplete+1b2 [c:\winddk\sfilter\sfilter.c @ 627]
ba4b58f8 32d2            xor     dl,dl

FAULTING_SOURCE_CODE:  
   623:      KdPrint(("SfFsControlMountVolumeComplete: %s is run on level: %08x\n", __FUNCTION__, KeGetCurrentIrql()));
   624:      IoDeleteDevice( NewDeviceObject );
   625:    }
   626:    // ¡ã????¨?¨ª¨º3¨¦¦Ì?
>  627:    IoCompleteRequest( Irp, IO_NO_INCREMENT );
   628:    return status;
   629: }
   630:
   631: NTSTATUS SfAttachToMountedDevice (IN PDEVICE_OBJECT DeviceObject,IN PDEVICE_OBJECT SFilterDeviceObject)
   632: {


SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  Sfilter!SfFsControlMountVolumeComplete+1b2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Sfilter

IMAGE_NAME:  Sfilter.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a2f74b9

FAILURE_BUCKET_ID:  0xA_Sfilter!SfFsControlMountVolumeComplete+1b2

BUCKET_ID:  0xA_Sfilter!SfFsControlMountVolumeComplete+1b2

Followup: MachineOwner