Loading Dump File [C:\Data\dvd-linux\memory dump\MEMORY.DMP]

Kernel Complete Dump File: Full address space is available

 

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;

;C:\baan\fat_gemini_76b\bin;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_rtm.040803-2158

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20

Debug session time: Fri Aug 31 11:48:53.461 2007 (GMT+2)

System Uptime: 0 days 1:18:16.351

Loading Kernel Symbols

....................................................................................................

Loading User Symbols

 

Loading unloaded module list

......................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck D1, {10, 2, 0, fbb3a018}

 

Probably caused by : STREAM.SYS ( STREAM!SCProcessCompletedDataRequest+e6 )

 

Followup: MachineOwner

---------

 

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000010, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000000, value 0 = read operation, 1 = write operation

Arg4: fbb3a018, address which referenced memory

 

Debugging Details:

------------------

 

 

READ_ADDRESS: 00000010

 

CURRENT_IRQL: 2

 

FAULTING_IP:

STREAM!SCProcessCompletedDataRequest+e6

fbb3a018 8b4010 mov eax,dword ptr [eax+10h]

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

BUGCHECK_STR: 0xD1

 

PROCESS_NAME: System

 

TRAP_FRAME: fe23ecf8 -- (.trap 0xfffffffffe23ecf8)

ErrCode = 00000000

eax=00000000 ebx=ffa07f80 ecx=01afe000 edx=00000000 esi=ffa10e88 edi=00000000

eip=fbb3a018 esp=fe23ed6c ebp=fe23ed80 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210246

STREAM!SCProcessCompletedDataRequest+0xe6:

fbb3a018 8b4010 mov eax,dword ptr [eax+10h] ds:0023:00000010=????????

Resetting default scope

 

LAST_CONTROL_TRANSFER: from fbb3a018 to 804e2158

 

STACK_TEXT:

fe23ecf8 fbb3a018 badb0d00 00000000 ffa65002 nt!KiTrap0E+0x233

fe23ed80 fbb39cf3 00000068 810912a0 ffa1d8d8 STREAM!SCProcessCompletedDataRequest+0xe6

fe23ed94 fbb3a2de ffa10e88 ffa1d8d8 ffa1d9b0 STREAM!SCCallBackSrb+0x43

fe23ee68 fbb3a5d0 00000000 ffa1d820 00000000 STREAM!StreamClassDpc+0xc2

fe23ee88 804dcaad ffa1d944 ffa1d8d8 2409cb70 STREAM!SCMinidriverDeviceTimerDpc+0x48

fe23efa4 804dc928 ef3e0420 0000000a ffdff000 nt!KiTimerListExpire+0x122

fe23efd0 804dc179 80559980 00000000 000727df nt!KiTimerExpiration+0xaf

fe23eff4 804dbe2d fe26eb58 00000000 00000000 nt!KiRetireDpcList+0x46

fe23eff8 fe26eb58 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a

WARNING: Frame IP not in any known module. Following frames may be wrong.

804dbe2d 00000000 00000009 bb835675 00000128 0xfe26eb58

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

STREAM!SCProcessCompletedDataRequest+e6

fbb3a018 8b4010 mov eax,dword ptr [eax+10h]

 

SYMBOL_STACK_INDEX: 1

 

SYMBOL_NAME: STREAM!SCProcessCompletedDataRequest+e6

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: STREAM

 

IMAGE_NAME: STREAM.SYS

 

DEBUG_FLR_IMAGE_TIMESTAMP: 41107d3e

 

FAILURE_BUCKET_ID: 0xD1_STREAM!SCProcessCompletedDataRequest+e6

 

BUCKET_ID: 0xD1_STREAM!SCProcessCompletedDataRequest+e6

 

Followup: MachineOwner

---------

 

fe23ed3c 00000000

fe23ed40 fe23ed50

fe23ed44 ffffffff

fe23ed48 00000030

fe23ed4c 00000000

fe23ed50 ffa10e88

fe23ed54 ffa07f80

fe23ed58 fe23ed80

fe23ed5c 00000000

fe23ed60 fbb3a018 STREAM!SCProcessCompletedDataRequest+0xe6

fe23ed64 00000008

fe23ed68 00210246

fe23ed6c ffa10e88

fe23ed70 00000000

fe23ed74 ffa1d8d8

fe23ed78 00000000

fe23ed7c ffa1d8d8

fe23ed80 fe23ed94

fe23ed84 fbb39cf3 STREAM!SCCallBackSrb+0x43

fe23ed88 00000068

fe23ed8c 810912a0

fe23ed90 ffa1d8d8 << Parameter 2 of SCCallBackSrb

fe23ed94 fe23ee68 << Parameter 1 of SCCallBackSrb

fe23ed98 fbb3a2de STREAM!StreamClassDpc+0xc2

 

 

int __stdcall SCCallBackSrb(int a1,int a2)

{

int v2; // edi@1

int v3; // edx@2

int v4; // esi@2

 

v2 = a1;

if ( *(_BYTE *)(a2 + 0x158) )

{

v4 = a2 + 0xD8;

LOBYTE(v3) = KfAcquireSpinLock(a2 + 0xD8);

if ( *(_DWORD *)(v2 + 0x8C) )

return KfReleaseSpinLock(v4, v3);

KfReleaseSpinLock(v4, v3);

}

return (*(int (__stdcall **)(int))(v2 + 0x6C))(v2);

}

 

v2:

ffa10e88 0000004c 0 00

ffa10e8c 00000001 1 04

ffa10e90 00000000 2 08

ffa10e94 81091348 3 0c

ffa10e98 ffa1db1c 4 10

ffa10e9c ffa10f30 5 14

ffa10ea0 ffa07aa0 6 18

ffa10ea4 0000001a 7 1c

ffa10ea8 0000000e 8 20

ffa10eac 0000000f 9 24

ffa10eb0 00000000 10 28

ffa10eb4 ffa17a90 11 2c

ffa10eb8 00000003 30

ffa10ebc ffa33504 34

ffa10ec0 00000003 38

ffa10ec4 ffa10f94 3c

ffa10ec8 00000000 40

ffa10ecc ffa10f9c 44

ffa10ed0 00000000 48

ffa10ed4 00000000 4c

ffa10ed8 00000000 50

ffa10edc 00000000 54

ffa10ee0 ffa0f9e8 58

ffa10ee4 00000000 5c

ffa10ee8 ffaa5008 60

ffa10eec 00000000 64

ffa10ef0 00000174 68

ffa10ef4 fbb39f32 6c STREAM!SCProcessCompletedDataRequest

 

 

Variable P will have the value of 0xffa17a90

 

ffa17a90 01900006 ffa0f918 00000030 ffa07aa0

ffa17aa0 ffa65230 ffa06e80 00000000 00000000

ffa17ab0 04020101 0c000000 00da5d6c ffa13700

ffa17ac0 00000000 00da5d6c 00000000 00db1038

ffa17ad0 00300012 00000000 ffa65020 ffa06ebc

ffa17ae0 ffa65054 804ecf53 80618549 00000000

ffa17af0 00000000 ffb92a48 00000000 00010000

ffa17b00 00000000 00000000 00000000 00000000

 

 

 

int __stdcall SCProcessCompletedDataRequest(PVOID P)

{

int v1; // eax@1

int v2; // ecx@1

PVOID v3; // esi@1

PVOID v4; // edx@2

int v5; // ebx@2

int v6; // edi@2

int v8; // [sp+8h] [bp-4h]@1

int BadPointer; // [sp+4h] [bp-8h]@2

 

v3 = P;

v2 = *((_DWORD *)P + 11); v2 = 0xffa17a90

v1 = *((_DWORD *)P + 4) - 0x244;

v8 = *((_DWORD *)P + 4) - 0x244;

if ( v2 )

{

v4 = *(PVOID *)(v2 + 0x60);

v5 = *((_DWORD *)P + 6);

v6 = *(_DWORD *)(v2 + 4);

BadPointer = *(_DWORD *)(v2 + 0x60); BadPointer becomes 0x0 !!!!

if ( v6 )

{

P = 0;

do

{

if ( *(_BYTE *)(*((_DWORD *)v3 + 3) + 37) )

{

while ( !*(_DWORD *)(v5 + 36) && !*(_DWORD *)(v5 + 32) )

v5 += *((_DWORD *)v3 + 34);

if ( *((_BYTE *)v3 + 160) )

{

v4 = P;

*(_DWORD *)(v5 + 40) = *(_DWORD *)((char *)P + *((_DWORD *)v3 + 41));

}

P = (char *)P + 4;

v5 += *((_DWORD *)v3 + 34);

}

if ( *((_DWORD *)v3 + 23) )

{

LOBYTE(v4) = *((_DWORD *)v3 + 1) != 0;

(*(int (__stdcall **)(_DWORD,int,_DWORD,int,_DWORD,PVOID))(*(_DWORD *)(*(_DWORD *)(v1 + 0xB4) + 4) + 20))(

*(_DWORD *)(v1 + 0xB4),

v6,

*((_DWORD *)v3 + 23),

*(_DWORD *)(v6 + 16) + *(_DWORD *)(v6 + 24),

*(_DWORD *)(v6 + 20),

v4);

v1 = v8;

}

v6 = *(_DWORD *)v6;

}

while ( v6 );

}

if ( *((_DWORD *)v3 + 23) )

{

(*(int (__stdcall **)(_DWORD,_DWORD,_DWORD,int,_DWORD,_DWORD))(*(_DWORD *)(*(_DWORD *)(v1 + 0xB4) + 4) + 20))(

*(_DWORD *)(v1 + 0xB4),

*((_DWORD *)v3 + 22),

*((_DWORD *)v3 + 23),

*(_DWORD *)(*((_DWORD *)v3 + 22) + 0x10) + *(_DWORD *)(*((_DWORD *)v3 + 22) + 24),

*((_DWORD *)v3 + 26),

0);

(*(int (__stdcall **)(_DWORD,_DWORD,_DWORD))(*(_DWORD *)(*(_DWORD *)(v8 + 180) + 4) + 28))(

*(_DWORD *)(v8 + 180),

*((_DWORD *)v3 + 23),

*((_DWORD *)v3 + 16));

}

if ( *(_DWORD *)(BadPointer + 0x10) ) // Here the stream.sys crashes.

ExFreePool(*(PVOID *)(BadPointer + 0x10));

}

return SCProcessCompletedRequest(v3);

}

 

Value for P:

 

 

 

 

kd> !irpfind

unable to get large pool allocation table - either wrong symbols or pool tagging is disabled

 

Searching NonPaged pool (81061000 : 81261000) for Tag: Irp?

 

Irp [ Thread ] irpStack: (Mj,Mn) DevObj [Driver] MDL Process

810d25c8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

810d29d8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

810d2cd8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

 

ffa17638 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

ffa227b0 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

ffa291a8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

ffaaa208 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

ffb85d00 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm] 0xffa25020

 

kd> !sprocess 0 1f DVDPlay.exe

Dumping Session 0

 

_MM_SESSION_SPACE fe351000

_MMSESSION fe35115c

PROCESS ffa25020 SessionId: 0 Cid: 0634 Peb: 7ffdd000 ParentCid: 0728

DirBase: 00ede000 ObjectTable: e1660ad8 HandleCount: 274.

Image: DVDPlay.exe

VadRoot 810d8478 Vads 107 Clone 0 Private 703. Modified 38. Locked 259.

DeviceMap e150f088

Token e16c68c0

ElapsedTime 00:30:02.932

UserTime 00:02:17.457

KernelTime 00:03:48.989

QuotaPoolUsage[PagedPool] 44892

QuotaPoolUsage[NonPagedPool] 19384

Working Set Sizes (now,min,max) (1839, 50, 345) (7356KB, 200KB, 1380KB)

PeakWorkingSetSize 2010

VirtualSize 52 Mb

PeakVirtualSize 52 Mb

PageFaultCount 2104

MemoryPriority BACKGROUND

BasePriority 8

CommitCharge 1130

 

THREAD ffa23020 Cid 0634.0198 Teb: 7ffdf000 Win32Thread: e1068ba8 WAIT: (WrUserRequest) UserMode Non-Alertable

810c6ff0 SynchronizationEvent

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468953 Ticks: 6 (0:00:00:00.060)

Context Switch Count 64547 LargeStack

UserTime 00:00:57.122

KernelTime 00:01:22.718

*** WARNING: Unable to verify timestamp for DVDPlay.exe

Win32 Start Address DVDPlay!WinMainCRTStartup (0x00439280)

Start Address kernel32!BaseProcessStartThunk (0x7c810867)

Stack Init fbbf1000 Current fbbf0c20 Base fbbf1000 Limit fbbec000 Call 0

Priority 12 BasePriority 8 PriorityDecrement 2 DecrementCount 16

ChildEBP RetAddr

fbbf0c38 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fbbf0c44 804dc6f2 nt!KiSwapThread+0x46 (FPO: [0,0,0])

fbbf0c6c bf802ec4 nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])

fbbf0ca8 bf801aa8 win32k!xxxSleepThread+0x192 (FPO: [Non-Fpo])

fbbf0cec bf80f106 win32k!xxxRealInternalGetMessage+0x418 (FPO: [Non-Fpo])

fbbf0d4c 804df06b win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo])

fbbf0d4c 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fbbf0d64)

0012fe78 77d4919b ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

0012fea0 004837ea USER32!NtUserGetMessage+0xc

0012fec8 00482f0f DVDPlay!CWinThread::PumpMessage+0x30 (CONV: thiscall) [thrdcore.cpp @ 821]

0012feec 00481c9a DVDPlay!CWinThread::Run+0x82 (CONV: thiscall) [thrdcore.cpp @ 487]

0012fef8 0048988e DVDPlay!CWinApp::Run+0x3a (CONV: thiscall) [appcore.cpp @ 400]

0012ff18 004595c8 DVDPlay!AfxWinMain+0xce (CONV: stdcall) [winmain.cpp @ 49]

0012ff30 004393a6 DVDPlay!WinMain+0x18 (CONV: stdcall) [appmodul.cpp @ 30]

0012ffc0 7c816d4f DVDPlay!WinMainCRTStartup+0x126 (CONV: cdecl) [crt0.c @ 198]

0012fff0 00000000 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])

 

THREAD ffa22210 Cid 0634.0164 Teb: 7ffde000 Win32Thread: e182f158 WAIT: (WrUserRequest) UserMode Non-Alertable

ffb94860 SynchronizationEvent

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 367732 Ticks: 101227 (0:00:16:53.727)

Context Switch Count 79 LargeStack

UserTime 00:00:00.110

KernelTime 00:00:00.130

*** ERROR: Symbol file could not be found. Defaulted to export symbols for QUARTZ.dll -

Win32 Start Address QUARTZ!AMGetErrorTextA (0x7486efb2)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbea6000 Current fbea5c20 Base fbea6000 Limit fbea3000 Call 0

Priority 10 BasePriority 8 PriorityDecrement 0 DecrementCount 16

Kernel stack not resident.

 

THREAD ffa1d020 Cid 0634.0140 Teb: 7ffdc000 Win32Thread: e1111368 WAIT: (UserRequest) UserMode Non-Alertable

ffa23340 SynchronizationEvent

ffa23310 SynchronizationEvent

ffa25330 NotificationEvent

ffa618c0 NotificationEvent

ffa25300 SynchronizationEvent

ffa252d0 SynchronizationEvent

ffa232a0 SynchronizationEvent

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 367732 Ticks: 101227 (0:00:16:53.727)

Context Switch Count 14 LargeStack

UserTime 00:00:00.000

KernelTime 00:00:00.000

Win32 Start Address qdvd!CAMThread::InitialThreadProc (0x5dfada2c)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbe76000 Current fbe7595c Base fbe76000 Limit fbe73000 Call 0

Priority 10 BasePriority 8 PriorityDecrement 0 DecrementCount 16

Kernel stack not resident.

 

THREAD 810916b0 Cid 0634.0118 Teb: 7ffdb000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable

81091e58 NotificationEvent

81091d78 NotificationEvent

ffa32f50 Semaphore Limit 0x7fffffff

ffa196d0 SynchronizationEvent

IRP List:

ffb05008: (0006,0190) Flags: 00000070 Mdl: 00000000

ffa82930: (0006,0190) Flags: 00000070 Mdl: 00000000

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 323293 Ticks: 145666 (0:00:24:18.757)

Context Switch Count 1

UserTime 00:00:00.000

KernelTime 00:00:00.000

Win32 Start Address ksproxy!CKsQualityF::QualityThread (0x5e04c17f)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fc0a1000 Current fc0a095c Base fc0a1000 Limit fc09e000 Call 0

Priority 10 BasePriority 10 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

 

THREAD 810e0da8 Cid 0634.0148 Teb: 7ffda000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable

ffa1d2a0 SynchronizationEvent

ffa13700 NotificationEvent

ffb811f8 NotificationEvent

ffa11758 NotificationEvent

ffa7e618 NotificationEvent

ffb63670 NotificationEvent

ffaa75e8 NotificationEvent

ffa0bef0 NotificationEvent

ffa74650 NotificationEvent

ffa120a8 NotificationEvent

ffb672e0 NotificationEvent

ffa116e0 NotificationEvent

ffb225e0 NotificationEvent

ffad9d90 NotificationEvent

ffb95420 NotificationEvent

ffa044f8 NotificationEvent

ffa748c8 NotificationEvent

ffa0dd70 NotificationEvent

ffa12218 NotificationEvent

ffa12ef0 NotificationEvent

ffa037a0 NotificationEvent

ffb27940 NotificationEvent

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468954 Ticks: 5 (0:00:00:00.050)

Context Switch Count 89361

UserTime 00:00:14.060

KernelTime 00:00:17.615

Win32 Start Address ksproxy!CKsProxy::IoThread (0x5e0344fe)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fc06d000 Current fc06c95c Base fc06d000 Limit fc06a000 Call 0

Priority 10 BasePriority 8 PriorityDecrement 2 DecrementCount 16

ChildEBP RetAddr

fc06c974 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fc06c980 804e40fd nt!KiSwapThread+0x46 (FPO: [0,0,0])

fc06c9b8 80566488 nt!KeWaitForMultipleObjects+0x284 (FPO: [Non-Fpo])

fc06cd48 804df06b nt!NtWaitForMultipleObjects+0x2a2 (FPO: [Non-Fpo])

fc06cd48 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fc06cd64)

0116feec 7c90e9ab ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

0116fef0 7c8094f2 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])

0116ff8c 5e034521 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo])

0116ffb4 7c80b50b ksproxy!CKsProxy::IoThread+0x23 (FPO: [Non-Fpo])

0116ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

 

THREAD 810e0848 Cid 0634.01b0 Teb: 7ffd9000 Win32Thread: e10edc00 WAIT: (UserRequest) UserMode Non-Alertable

ffa29640 NotificationEvent

ffa2a100 NotificationEvent

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 324932 Ticks: 144027 (0:00:24:02.343)

Context Switch Count 14 LargeStack

UserTime 00:00:00.000

KernelTime 00:00:00.020

Win32 Start Address ksproxy!CVPInterfaceHandler::InitialThreadProc (0x5e04c6ea)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fe09b000 Current fe09a95c Base fe09b000 Limit fe097000 Call 0

Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 16

Kernel stack not resident.

 

THREAD ffa2f7d8 Cid 0634.0788 Teb: 7ffd8000 Win32Thread: e184fb00 WAIT: (UserRequest) UserMode Non-Alertable

ffb6bf20 Semaphore Limit 0x5

ffa2f8c8 NotificationTimer

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468940 Ticks: 19 (0:00:00:00.190)

Context Switch Count 13241 LargeStack

UserTime 00:00:00.120

KernelTime 00:00:00.751

Win32 Start Address DVDPlay!_threadstartex (0x0043b4f0)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbe86000 Current fbe85ca0 Base fbe86000 Limit fbe82000 Call 0

Priority 12 BasePriority 8 PriorityDecrement 2 DecrementCount 16

ChildEBP RetAddr

fbe85cb8 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fbe85cc4 804dc6f2 nt!KiSwapThread+0x46 (FPO: [0,0,0])

fbe85cec 80565a9f nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])

fbe85d50 804df06b nt!NtWaitForSingleObject+0x9a (FPO: [Non-Fpo])

fbe85d50 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fbe85d64)

0167fdfc 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

0167fe00 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])

0167fe64 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])

0167fe78 00408b57 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])

0167fee0 004826a5 DVDPlay!Thread_UIUpdateMsgPump+0x37 (CONV: cdecl) [c:\data\dvd-linux\margi\dvdtogo\win95\dvdplay\dvdplay.cpp @ 396]

0167ff80 0043b563 DVDPlay!_AfxThreadEntry+0x2b5 (CONV: stdcall) [thrdcore.cpp @ 112]

0167ffb4 7c80b50b DVDPlay!_threadstartex+0x73 (CONV: stdcall) [threadex.c @ 212]

0167ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

 

THREAD ffb477c8 Cid 0634.06dc Teb: 7ffd7000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable

810c7c88 SynchronizationEvent

ffaa78c8 SynchronizationEvent

811c0870 SynchronizationEvent

ffb17f30 NotificationEvent

IRP List:

ffaaece0: (0006,0190) Flags: 00000070 Mdl: ffa2f5a8

810d29d8: (0006,0190) Flags: 00000070 Mdl: ffa17328

ffa291a8: (0006,0190) Flags: 00000070 Mdl: 81101b80

ffa17638: (0006,0190) Flags: 00000070 Mdl: ffa17128

810d2cd8: (0006,0190) Flags: 00000070 Mdl: ffa27cf8

ffa227b0: (0006,0190) Flags: 00000070 Mdl: ffa7df08

811018a8: (0006,0190) Flags: 00000070 Mdl: ffa16870

ffaaa208: (0006,0190) Flags: 00000070 Mdl: ffb9ba78

810d25c8: (0006,0190) Flags: 00000070 Mdl: ffb70358

ffb85d00: (0006,0190) Flags: 00000070 Mdl: ffa1b7a0

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 324787 Ticks: 144172 (0:00:24:03.796)

Context Switch Count 3

UserTime 00:00:00.000

KernelTime 00:00:00.010

Win32 Start Address ksproxy!CAsyncItemHandler::AsyncItemProc (0x5e0415d4)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbe02000 Current fbe0195c Base fbe02000 Limit fbdff000 Call 0

Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

 

THREAD ffa65020 Cid 0634.0368 Teb: 7ffd6000 Win32Thread: 00000000 READY

IRP List:

ffa02910: (0006,0190) Flags: 00000030 Mdl: ffa017e8

ffa10008: (0006,0190) Flags: 00000030 Mdl: ff9ffbd8

ffa0a008: (0006,0190) Flags: 00000030 Mdl: ffa142b8

ffa11d90: (0006,0190) Flags: 00000030 Mdl: 81074998

ffa13400: (0006,0190) Flags: 00000030 Mdl: ffa0be18

ffa035f0: (0006,0190) Flags: 00000030 Mdl: ffa0ec40

ffa03df0: (0006,0190) Flags: 00000030 Mdl: ffa04b70

ffa009e0: (0006,0190) Flags: 00000030 Mdl: ffa15008

ff9ffe70: (0006,0190) Flags: 00000030 Mdl: ffa122b8

ffa28008: (0006,0190) Flags: 00000030 Mdl: ffa030c8

ffa01008: (0006,0190) Flags: 00000030 Mdl: ffa13008

ffa053d0: (0006,0190) Flags: 00000030 Mdl: ffa0fd08

ffa12838: (0006,0190) Flags: 00000030 Mdl: ffa018e8

810db008: (0006,0190) Flags: 00000030 Mdl: ffa06200

ffa0c6e0: (0006,0190) Flags: 00000030 Mdl: ffa0c348

ffa103b8: (0006,0190) Flags: 00000030 Mdl: ffa11898

ffa0b3d8: (0006,0190) Flags: 00000030 Mdl: ffa01568

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468959 Ticks: 0

Context Switch Count 109516

UserTime 00:00:12.227

KernelTime 00:00:26.928

Win32 Start Address qdvd!COutputQueue::InitialThreadProc (0x5dfd7556)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbf06000 Current fbf05ca0 Base fbf06000 Limit fbf03000 Call 0

Priority 11 BasePriority 8 PriorityDecrement 2 DecrementCount 16

ChildEBP RetAddr

fbf05cb8 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fbf05cc4 804dc6f2 nt!KiSwapThread+0x46 (FPO: [0,0,0])

fbf05cec 80565a9f nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])

fbf05d50 804df06b nt!NtWaitForSingleObject+0x9a (FPO: [Non-Fpo])

fbf05d50 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fbf05d64)

0189fef0 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

0189fef4 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])

0189ff58 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])

0189ff6c 5dfd7291 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])

0189ffa4 5dfd756c qdvd!COutputQueue::ThreadProc+0xd5 (FPO: [Non-Fpo])

0189ffb4 7c80b50b qdvd!COutputQueue::InitialThreadProc+0x16 (FPO: [Non-Fpo])

0189ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

 

THREAD ffa16b80 Cid 0634.0674 Teb: 7ffd5000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable

ffa77840 Semaphore Limit 0x7fffffff

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468954 Ticks: 5 (0:00:00:00.050)

Context Switch Count 100844

UserTime 00:00:05.658

KernelTime 00:00:13.809

Win32 Start Address qdvd!COutputQueue::InitialThreadProc (0x5dfd7556)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fc223000 Current fc222ca0 Base fc223000 Limit fc220000 Call 0

Priority 10 BasePriority 8 PriorityDecrement 2 DecrementCount 16

ChildEBP RetAddr

fc222cb8 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fc222cc4 804dc6f2 nt!KiSwapThread+0x46 (FPO: [0,0,0])

fc222cec 80565a9f nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])

fc222d50 804df06b nt!NtWaitForSingleObject+0x9a (FPO: [Non-Fpo])

fc222d50 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fc222d64)

0199fef0 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

0199fef4 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])

0199ff58 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])

0199ff6c 5dfd7291 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])

0199ffa4 5dfd756c qdvd!COutputQueue::ThreadProc+0xd5 (FPO: [Non-Fpo])

0199ffb4 7c80b50b qdvd!COutputQueue::InitialThreadProc+0x16 (FPO: [Non-Fpo])

0199ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

 

THREAD ffa16908 Cid 0634.07e4 Teb: 7ffd4000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable

ffa192e0 Semaphore Limit 0x7fffffff

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468953 Ticks: 6 (0:00:00:00.060)

Context Switch Count 76403

UserTime 00:00:00.761

KernelTime 00:00:01.131

Win32 Start Address qdvd!COutputQueue::InitialThreadProc (0x5dfd7556)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbb79000 Current fbb78ca0 Base fbb79000 Limit fbb76000 Call 0

Priority 11 BasePriority 8 PriorityDecrement 2 DecrementCount 16

ChildEBP RetAddr

fbb78cb8 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fbb78cc4 804dc6f2 nt!KiSwapThread+0x46 (FPO: [0,0,0])

fbb78cec 80565a9f nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])

fbb78d50 804df06b nt!NtWaitForSingleObject+0x9a (FPO: [Non-Fpo])

fbb78d50 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fbb78d64)

01a9fef0 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

01a9fef4 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])

01a9ff58 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])

01a9ff6c 5dfd7291 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])

01a9ffa4 5dfd756c qdvd!COutputQueue::ThreadProc+0xd5 (FPO: [Non-Fpo])

01a9ffb4 7c80b50b qdvd!COutputQueue::InitialThreadProc+0x16 (FPO: [Non-Fpo])

01a9ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

 

THREAD ffa16548 Cid 0634.01b4 Teb: 7ffaf000 Win32Thread: e19503e0 WAIT: (UserRequest) UserMode Non-Alertable

ffad1338 Semaphore Limit 0x7fffffff

ffab14c0 SynchronizationEvent

ffab1460 SynchronizationEvent

ffa30b60 NotificationEvent

ffa7f8a8 NotificationEvent

ffa7f848 NotificationEvent

810c6318 NotificationEvent

810c62b8 NotificationEvent

ffa16df8 SynchronizationEvent

ffa16638 NotificationTimer

Not impersonating

DeviceMap e150f088

Owning Process ffa25020 Image: DVDPlay.exe

Wait Start TickCount 468953 Ticks: 6 (0:00:00:00.060)

Context Switch Count 326499 LargeStack

UserTime 00:00:47.388

KernelTime 00:01:25.763

Win32 Start Address qdvd!CAMThread::InitialThreadProc (0x5dfada2c)

Start Address kernel32!BaseThreadStartThunk (0x7c810856)

Stack Init fbad9000 Current fbad895c Base fbad9000 Limit fbad5000 Call 0

Priority 9 BasePriority 9 PriorityDecrement 0 DecrementCount 16

ChildEBP RetAddr

fbad8974 804dc6a6 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])

fbad8980 804e40fd nt!KiSwapThread+0x46 (FPO: [0,0,0])

fbad89b8 80566488 nt!KeWaitForMultipleObjects+0x284 (FPO: [Non-Fpo])

fbad8d48 804df06b nt!NtWaitForMultipleObjects+0x2a2 (FPO: [Non-Fpo])

fbad8d48 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fbad8d64)

01c4fdb4 7c90e9ab ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

01c4fdb8 7c8094f2 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])

01c4fe54 7c809c86 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo])

01c4fe70 5dfb18e0 kernel32!WaitForMultipleObjects+0x18 (FPO: [Non-Fpo])

01c4fed8 5dfd248d qdvd!CDVDDiskReader::WaitForSingleObject+0x92 (FPO: [Non-Fpo])

01c4fef4 5dfb1311 qdvd!CSequentialAllocator::GetBuffer+0x33 (FPO: [Non-Fpo])

01c4ff18 5dfb13de qdvd!CSequentialAllocator::GetBuffer+0x2e (FPO: [Non-Fpo])

01c4ff38 5dfb1ada qdvd!CDVDDiskReader::GetBuffer+0x16 (FPO: [Non-Fpo])

01c4ff64 5dfb2962 qdvd!CDVDDiskReader::ReadNewData+0x2d (FPO: [Non-Fpo])

01c4ff88 5dfbdddf qdvd!CDVDDiskReader::ProcessData+0x8b (FPO: [Non-Fpo])

01c4ffa4 5dfada41 qdvd!CDVDPump::ThreadProc+0x1fb (FPO: [Non-Fpo])

01c4ffb4 7c80b50b qdvd!CAMThread::InitialThreadProc+0x15 (FPO: [Non-Fpo])

01c4ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

 

 

 

kd> dt -r mdvdwdm!_HW_STREAM_REQUEST_BLOCK ffa10e88

+0x000 SizeOfThisPacket : 0x4c

+0x004 Command : 1

+0x008 Status : 0

+0x00c StreamObject : 0x81091348 _HW_STREAM_OBJECT

+0x000 SizeOfThisPacket : 0x44

+0x004 StreamNumber : 0

+0x008 HwStreamExtension : 0x8109149c

+0x00c ReceiveDataPacket : 0xfb99ac10 void mdvdwdm!VideoReceive+0

+0x010 ReceiveControlPacket : 0xfb99ade0 void mdvdwdm!VideoControl+0

+0x014 HwClockObject : _HW_CLOCK_OBJECT

+0x000 HwClockFunction : (null)

+0x004 ClockSupportFlags : 0

+0x008 Reserved : [2] 0

+0x024 Dma : 0 ''

+0x025 Pio : 0x1 ''

+0x028 HwDeviceExtension : 0xffa1db1c

+0x02c StreamHeaderMediaSpecific : 0

+0x030 StreamHeaderWorkspace : 0

+0x034 Allocator : 0 ''

+0x038 HwEventRoutine : (null)

+0x03c Reserved : [2] 0

+0x010 HwDeviceExtension : 0xffa1db1c

+0x014 SRBExtension : 0xffa10f30

+0x018 CommandData : _CommandData

+0x000 DataBufferArray : 0xffa07aa0 KSSTREAM_HEADER

+0x000 Size : 0x30

+0x004 TypeSpecificFlags : 0x19c20000

+0x008 PresentationTime : KSTIME

+0x018 Duration : 0

+0x020 FrameExtent : 0x800

+0x024 DataUsed : 0x800

+0x028 Data : 0x01af0800

+0x02c OptionsFlags : 0

+0x000 StreamBuffer : 0xffa07aa0 _HW_STREAM_DESCRIPTOR

+0x000 StreamHeader : _HW_STREAM_HEADER

+0x028 StreamInfo : _HW_STREAM_INFORMATION

+0x000 StreamState : -6260064

+0x000 TimeReference : 0xffa07aa0 _STREAM_TIME_REFERENCE

+0x000 CurrentOnboardClockValue : 0x19c20000`00000030

+0x008 OnboardClockFrequency : _LARGE_INTEGER 0x0

+0x010 CurrentSystemTime : _LARGE_INTEGER 0x1`00000001

+0x018 Reserved : [2] 0

+0x000 PropertyInfo : 0xffa07aa0 _STREAM_PROPERTY_DESCRIPTOR

+0x000 Property : 0x00000030 KSIDENTIFIER

+0x004 PropertySetID : 0x19c20000

+0x008 PropertyInfo : (null)

+0x00c PropertyInputSize : 0

+0x010 PropertyOutputSize : 1

+0x000 OpenFormat : 0xffa07aa0 KSDATAFORMAT

+0x000 FormatSize : 0x30

+0x004 Flags : 0x19c20000

+0x008 SampleSize : 0

+0x00c Reserved : 0

+0x010 MajorFormat : _GUID {00000001-0001-0000-0000-000000000000}

+0x020 SubFormat : _GUID {00000800-0800-0000-0008-af0100000000}

+0x030 Specifier : _GUID {00000030-0000-19c3-0000-000000000000}

+0x000 Alignment : 1856045996430065712

+0x000 ConfigInfo : 0xffa07aa0 _PORT_CONFIGURATION_INFORMATION

+0x000 SizeOfThisPacket : 0x30

+0x004 HwDeviceExtension : 0x19c20000

+0x008 ClassDeviceObject : (null)

+0x00c PhysicalDeviceObject : (null)

+0x010 SystemIoBusNumber : 1

+0x014 AdapterInterfaceType : 1

+0x018 BusInterruptLevel : 0

+0x01c BusInterruptVector : 0

+0x020 InterruptMode : 2048

+0x024 DmaChannel : 0x800

+0x028 NumberOfAccessRanges : 0x1af0800

+0x02c AccessRanges : (null)

+0x030 StreamDescriptorSize : 0x30

+0x034 Irp : 0x19c30000 _IRP

+0x038 InterruptObject : (null)

+0x03c DmaAdapterObject : (null)

+0x040 RealPhysicalDeviceObject : 0x00000001 _DEVICE_OBJECT

+0x044 Reserved : [1] 1

+0x000 MasterClockHandle : 0xffa07aa0

+0x000 DeviceState : -6260064

+0x000 IntersectInfo : 0xffa07aa0 _STREAM_DATA_INTERSECT_INFO

+0x000 StreamNumber : 0x30

+0x004 DataRange : 0x19c20000 KSDATAFORMAT

+0x008 DataFormatBuffer : (null)

+0x00c SizeOfDataFormatBuffer : 0

+0x01c NumberOfBuffers : 0x1a

+0x020 TimeoutCounter : 0xe

+0x024 TimeoutOriginal : 0xf

+0x028 NextSRB : (null)

+0x02c Irp : 0xffa17a90 _IRP

+0x000 Type : 6

+0x002 Size : 0x190

+0x004 MdlAddress : 0xffa0f918 _MDL

+0x000 Next : 0xffa10d30 _MDL

+0x004 Size : 32

+0x006 MdlFlags : 8

+0x008 Process : 0xffa25020 _EPROCESS

+0x00c MappedSystemVa : 0xfe483800

+0x010 StartVa : 0x01af0000

+0x014 ByteCount : 0x800

+0x018 ByteOffset : 0x800

+0x008 Flags : 0x30

+0x00c AssociatedIrp : __unnamed

+0x000 MasterIrp : 0xffa07aa0 _IRP

+0x000 IrpCount : -6260064

+0x000 SystemBuffer : 0xffa07aa0

+0x010 ThreadListEntry : _LIST_ENTRY [ 0xffa65230 - 0xffa06e80 ]

+0x000 Flink : 0xffa65230 _LIST_ENTRY [ 0xffa02920 - 0xffa17aa0 ]

+0x004 Blink : 0xffa06e80 _LIST_ENTRY [ 0xffa17aa0 - 0xffaa1018 ]

+0x018 IoStatus : _IO_STATUS_BLOCK

+0x000 Status : 0

+0x000 Pointer : (null)

+0x004 Information : 0

+0x020 RequestorMode : 1 ''

+0x021 PendingReturned : 0x1 ''

+0x022 StackCount : 2 ''

+0x023 CurrentLocation : 4 ''

+0x024 Cancel : 0 ''

+0x025 CancelIrql : 0 ''

+0x026 ApcEnvironment : 0 ''

+0x027 AllocationFlags : 0xc ''

+0x028 UserIosb : 0x00da5d6c _IO_STATUS_BLOCK

+0x000 Status : ??

+0x000 Pointer : ????

+0x004 Information : ??

+0x02c UserEvent : 0xffa13700 _KEVENT

+0x000 Header : _DISPATCHER_HEADER

+0x030 Overlay : __unnamed

+0x000 AsynchronousParameters : __unnamed

+0x000 AllocationSize : _LARGE_INTEGER 0xda5d6c`00000000

+0x038 CancelRoutine : (null)

+0x03c UserBuffer : 0x00db1038

+0x040 Tail : __unnamed

+0x000 Overlay : __unnamed

+0x000 Apc : _KAPC

+0x000 CompletionKey : 0x00300012

+0x030 Flags : 3

+0x034 HwInstanceExtension : 0xffa33504

+0x038 NumberOfBytesToTransfer : 3

+0x038 ActualBytesTransferred : 3

+0x03c ScatterGatherBuffer : 0xffa10f94 KSSCATTER_GATHER

+0x000 PhysicalAddress : _LARGE_INTEGER 0x1af1000`01af0800

+0x000 LowPart : 0x1af0800

+0x004 HighPart : 28250112

+0x000 u : __unnamed

+0x000 QuadPart : 121333307176585216

+0x008 Length : 0x1af1800

+0x040 NumberOfPhysicalPages : 0

+0x044 NumberOfScatterGatherElements : 0xffa10f9c

+0x048 Reserved : [1] 0

Memory read error 00da5d70

 

 

 

From the debugged/Checked system.sys

 

v4 = v1->Tail.Overlay.CurrentStackLocation;

v26 = (char *)v1->Tail.Overlay.CurrentStackLocation;

if ( !v4 )

RtlAssert("IrpStack", "D:\\nt\\private\\ntos\\dd\\wdm\\dvd\\class\\codguts.c", 1824u, (PCHAR)v4);

 

 

int __stdcall SCProcessCompletedDataRequest(char *arg1)

{

IRP *v1; // ebx@1

HW_STREAM_REQUEST_BLOCK *_arg1; // esi@1

PKSSTREAM_HEADER v3; // edi@2

struct _IRP::$::$::$::$A02EC6A2CE86544F716F4825015773AC::_IO_STACK_LOCATION *v4; // eax@4

PMDL v5; // eax@6

PMDL v6; // ebx@6

unsigned __int32 v7; // eax@18

CHAR *v8; // edx@18

int v9; // ecx@18

char *v10; // eax@23

CHAR *v11; // ecx@23

int v12; // ebx@23

PHW_STREAM_OBJECT v13; // edi@23

int v14; // eax@25

int (__stdcall *v15)(_DWORD,_DWORD,_DWORD); // ebx@25

int v16; // edi@25

char *v18; // eax@1

PVOID v19; // eax@17

int v20; // edx@18

PACCESS_STATE v21; // eax@18

PSECURITY_QUALITY_OF_SERVICE v22; // eax@18

PVOID v23; // eax@22

PIRP v24; // [sp+24h] [bp-Ch]@1

char *v25; // [sp+28h] [bp-8h]@1

char *v26; // [sp+Ch] [bp-24h]@4

PVOID v27; // [sp+2Ch] [bp-4h]@17

int v28; // [sp+18h] [bp-18h]@18

int v29; // [sp+20h] [bp-10h]@18

PACCESS_STATE v30; // [sp+14h] [bp-1Ch]@18

unsigned __int32 v31; // [sp+10h] [bp-20h]@18

unsigned __int32 v32; // [sp+1Ch] [bp-14h]@18

 

_arg1 = (HW_STREAM_REQUEST_BLOCK *)arg1;

arg1 = 0;

v1 = _arg1->Irp;

v18 = (char *)_arg1->HwDeviceExtension - 536;

v24 = _arg1->Irp;

v25 = v18;

if ( v1 )

{

v3 = _arg1->CommandData.DataBufferArray;

if ( !v3 )

RtlAssert(

"CurrentHeader",

"D:\\nt\\private\\ntos\\dd\\wdm\\dvd\\class\\codguts.c",

0x71Du,

(PCHAR)_arg1->CommandData.DataBufferArray);

v4 = v1->Tail.Overlay.CurrentStackLocation;

v26 = (char *)v1->Tail.Overlay.CurrentStackLocation;

if ( !v4 )

RtlAssert("IrpStack", "D:\\nt\\private\\ntos\\dd\\wdm\\dvd\\class\\codguts.c", 1824u, (PCHAR)v4);

v6 = v1->MdlAddress;

v5 = v6;

while ( v5 )

v5 = v5->Next;

while ( v6 )

{

if ( _arg1->StreamObject->Pio )

{

while ( !v3->OptionsFlags && !v3->Data )

v3 = (PKSSTREAM_HEADER)((char *)v3 + (unsigned int)_arg1[1].ScatterGatherBuffer);

if ( LOBYTE(_arg1[2].Status) )

{

StreamClassDebugPrint(5, "Restoring: Index:%x, Ptr:%x\n", (char)arg1);

*(_DWORD *)&v3[1].PresentationTime.Time = *(&_arg1[2].StreamObject->SizeOfThisPacket + (_DWORD)arg1);

}

StreamClassDebugPrint(5, "'SCPioComplete: Irp = %x, header = %x, Data = %x\n", (char)v24);

++arg1;

v3 = (PKSSTREAM_HEADER)((char *)v3 + (unsigned int)_arg1[1].ScatterGatherBuffer);

}

v19 = _arg1[1].HwDeviceExtension;

v27 = _arg1[1].HwDeviceExtension;

if ( v19 )

{

v9 = *((_DWORD *)v25 + 46);

v20 = *(_DWORD *)(v9 + 4);

LOBYTE(v28) = _arg1->Command != 0;

v21 = (PACCESS_STATE)v6->ByteCount;

v29 = v9;

v8 = *(CHAR **)(v20 + 20);

v30 = v21;

v22 = (PSECURITY_QUALITY_OF_SERVICE)v6->StartVa;

v31 = (unsigned __int32)v8;

v7 = (unsigned __int32)((char *)v22 + v6->ByteOffset);

v32 = v7;

if ( !v8 )

{

RtlAssert("flushAdapterBuffers != NULL", "D:\\NT\\public\\sdk\\inc\\wdm.h", 0x2A72u, v8);

v9 = v29;

v7 = v32;

}

((int (__stdcall *)(int,PMDL,PVOID,unsigned __int32,PACCESS_STATE,int))v31)(v9, v6, v27, v7, v30, v28);

}

v6 = v6->Next;

}

v23 = _arg1[1].HwDeviceExtension;

v27 = _arg1[1].HwDeviceExtension;

if ( v23 )

{

v13 = _arg1[1].StreamObject;

v31 = _arg1[1].NumberOfBuffers;

v10 = (char *)*((_DWORD *)v25 + 46);

v12 = (int)((char *)v13->ReceiveControlPacket + v13->HwClockObject.ClockSupportFlags);

arg1 = (char *)*((_DWORD *)v25 + 46);

v11 = *(CHAR **)(*((_DWORD *)v10 + 1) + 20);

v30 = *(PACCESS_STATE *)(*((_DWORD *)v10 + 1) + 20);

if ( !v11 )

{

RtlAssert("flushAdapterBuffers != NULL", "D:\\NT\\public\\sdk\\inc\\wdm.h", 0x2A72u, v11);

v10 = arg1;

}

((int (__stdcall *)(char *,PHW_STREAM_OBJECT,PVOID,int,unsigned __int32,_DWORD))v30)(v10, v13, v27, v12, v31, 0);

arg1 = (char *)_arg1->NumberOfPhysicalPages;

v31 = (unsigned __int32)_arg1[1].HwDeviceExtension;

v16 = *((_DWORD *)v25 + 46);

v14 = *(_DWORD *)(v16 + 4);

v15 = *(int (__stdcall **)(_DWORD,_DWORD,_DWORD))(v14 + 28);

if ( !v15 )

RtlAssert("freeMapRegisters != NULL", "D:\\NT\\public\\sdk\\inc\\wdm.h", 0x2A96u, *(PCHAR *)(v14 + 28));

v15(v16, v31, arg1);

}

if ( *((_DWORD *)v26 + 4) )

{

DbgBreakPoint();

ExFreePool(*((PVOID *)v26 + 4));

}

}

return SCProcessCompletedRequest((KIRQL)_arg1);

}

 

 

Tail:

union {

struct Overlay;

KAPC Apc;

PVOID CompletionKey;

}

Overlay:

struct {

union {

KDEVICE_QUEUE_ENTRY DeviceQueueEntry;

struct {

PVOID DriverContext[4];

} _unamed2

} _unamed1

PETHREAD Thread;

PCHAR AuxiliaryBuffer;

struct {

LIST_ENTRY ListEntry;

union {

struct _IO_STACK_LOCATION *CurrentStackLocation;

ULONG PacketType;

};

};

PFILE_OBJECT OriginalFileObject;

}

 

 

KAPC Apc

PVOID CompletionKey

 

KDEVICE_QUEUE

LIST_ENTRY

*Flink

DriverContext[0]

*Blink

DriverContext[1]

ULONG SortKey

DriverContext[2]

BOOLEAN Inserted

DriverContext[3]

PETHREAD Thread

PCHAR AuxiliaryBuffer

 

LIST_ENTRY ListEntry

 

struct _IO_STACK_LOCATION *CurrentStackLocation

ULONG PacketType

PFILE_OBJECT OriginalFileObject

 

 

 

StreamDispatchIoControl stack:

# ChildEBP RetAddr

00 fba0ac00 fdb57f0f STREAM!StreamDispatchIoControl (FPO: [Non-Fpo])

01 fba0ac10 fb9ecb5d ks!KsDispatchIrp+0x126 (FPO: [Non-Fpo])

02 fba0ac34 804e3d77 STREAM!StreamClassPassThroughIrp+0xf1 (FPO: [Non-Fpo])

03 fba0ac44 8056a9ab nt!IopfCallDriver+0x31 (FPO: [0,0,0])

04 fba0ac58 8057d9f7 nt!IopSynchronousServiceTail+0x60 (FPO: [Non-Fpo])

05 fba0ad00 8057fbfa nt!IopXxxControlFile+0x611 (FPO: [Non-Fpo])

06 fba0ad34 804df06b nt!NtDeviceIoControlFile+0x2a (FPO: [Non-Fpo])

07 fba0ad34 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ fba0ad64)

08 0012ef1c 7c90d8ef ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])

09 0012ef20 7c8016be ntdll!ZwDeviceIoControlFile+0xc (FPO: [10,0,0])

0a 0012ef80 5e03df26 kernel32!DeviceIoControl+0x78 (FPO: [Non-Fpo])

0b 0012efc8 5e03ea04 ksproxy!KsSynchronousDeviceControl+0x65 (FPO: [Non-Fpo])

0c 0012f020 5e041e7a ksproxy!CollectAllSets+0x45 (FPO: [Non-Fpo])

0d 0012f0c4 5e038ddf ksproxy!AggregateSets+0x42 (FPO: [Non-Fpo])

0e 0012f11c 5e0394c8 ksproxy!CKsInputPin::ProcessCompleteConnect+0x19d (FPO: [Non-Fpo])

0f 0012f134 5e0484e4 ksproxy!CKsInputPin::CompleteConnect+0x12 (FPO: [Non-Fpo])

10 0012f14c 5dfaa12d ksproxy!CBasePin::ReceiveConnection+0xc2 (FPO: [Non-Fpo])

11 0012f16c 5dfaa226 qdvd!CBasePin::AttemptConnection+0x54 (FPO: [Non-Fpo])

12 0012f190 5dfaa2f8 qdvd!CBasePin::TryMediaTypes+0x64 (FPO: [Non-Fpo])

13 0012f1bc 5dfac167 qdvd!CBasePin::AgreeMediaType+0x73 (FPO: [Non-Fpo])

14 0012f1d4 7483d8d0 qdvd!CBasePin::Connect+0x55 (FPO: [Non-Fpo])

WARNING: Stack unwind information not available. Following frames may be wrong.

15 0012f200 74841b51 QUARTZ!DllGetClassObject+0xa9d5

16 0012f220 5dfd38a2 QUARTZ!DllGetClassObject+0xec56

17 0012f240 5dfd4d6b qdvd!CDvdGraphBuilder::ConnectPins+0x36 (FPO: [Non-Fpo])

18 0012f280 5dfd5ef4 qdvd!CDvdGraphBuilder::HWDecodeDVDStream+0xa6 (FPO: [Non-Fpo])

19 0012f3cc 5dfd63a9 qdvd!CDvdGraphBuilder::DecodeDVDStream+0xf1 (FPO: [Non-Fpo])

1a 0012f520 5dfd6770 qdvd!CDvdGraphBuilder::RenderNavVideoOutPin+0x70 (FPO: [Non-Fpo])

1b 0012f540 1000772e qdvd!CDvdGraphBuilder::RenderDvdVideoVolume+0x155 (FPO: [Non-Fpo])

1c 0012fbdc 10009989 DVDShow!CSampleDVDPlay::InitBuildGraph(void)+0x20e (CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\dvdgraph.cpp @ 344]

1d 0012fc38 1000ec48 DVDShow!CSampleDVDPlay::Initialize_directshow(struct HWND__ * hwnd = 0x00020104)+0x199 (CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\dvdshow.cpp @ 141]

1e 0012fcac 1000e9f1 DVDShow!ProcessMessage(unsigned long dwMsg = 0x14, long lParam1 = 393217, long lParam2 = 131332)+0x238 (CONV: cdecl) [c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\main.cpp @ 241]

1f 0012fd10 004084ff DVDShow!DVDSendNavigatorMsg(unsigned long dwMsg = 0x14, long lParam1 = 393217, long lParam2 = 131332)+0x21 (CONV: cdecl) [c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\main.cpp @ 169]

20 0012fe4c 0040823a DVDPlay!CDVDPlayApp::InitializeDVDNavigator(void)+0x18f (CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\win95\dvdplay\dvdplay.cpp @ 209]

21 0012fef8 00489843 DVDPlay!CDVDPlayApp::InitInstance(void)+0x1da (CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\win95\dvdplay\dvdplay.cpp @ 141]

22 0012ff18 004595c8 DVDPlay!AfxWinMain(struct HINSTANCE__ * hInstance = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, char * lpCmdLine = 0x00142380 "", int nCmdShow = 1)+0x83 (CONV: stdcall) [winmain.cpp @ 39]

23 0012ff30 004393a6 DVDPlay!WinMain(struct HINSTANCE__ * hInstance = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, char * lpCmdLine = 0x00142380 "", int nCmdShow = 1)+0x18 (CONV: stdcall) [appmodul.cpp @ 30]

24 0012ffc0 7c816d4f DVDPlay!WinMainCRTStartup(void)+0x126 (CONV: cdecl) [crt0.c @ 198]

25 0012fff0 00000000 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])

 

 

 

 

 

IRP

...

0x60 Tail->Overlay->CurrentStackLocation

 

 

 

NTSTATUS 
  StreamClassRegisterMinidriver(
    IN PVOID  Argument1,
    IN PVOID  Argument2,
    IN PHW_INITIALIZATION_DATA  HwInitializationData
    );

 

Argument1 First argument of the DriverEntry routine (DriverObject)

Argument2 Second argument of the DriverEntry routine. (Registry Path)

 

 

StreamClassRegisterAdapter