Loading
Dump File [C:\Data\dvd-linux\memory dump\MEMORY.DMP]
Kernel
Complete Dump File: Full address space is available
Symbol
search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;
;C:\baan\fat_gemini_76b\bin;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable
search path is:
Windows
XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product:
WinNt, suite: TerminalServer SingleUserTS
Built
by: 2600.xpsp_sp2_rtm.040803-2158
Kernel
base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug
session time: Fri Aug 31 11:48:53.461 2007 (GMT+2)
System
Uptime: 0 days 1:18:16.351
Loading
Kernel Symbols
....................................................................................................
Loading
User Symbols
Loading
unloaded module list
......................
*******************************************************************************
*
*
* Bugcheck Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck
D1, {10, 2, 0, fbb3a018}
Probably
caused by : STREAM.SYS (
STREAM!SCProcessCompletedDataRequest+e6 )
Followup:
MachineOwner
---------
kd>
!analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL
(d1)
An
attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If
kernel debugger is available get stack backtrace.
Arguments:
Arg1:
00000010, memory referenced
Arg2:
00000002, IRQL
Arg3:
00000000, value 0 = read operation, 1 = write operation
Arg4:
fbb3a018, address which referenced memory
Debugging
Details:
------------------
READ_ADDRESS: 00000010
CURRENT_IRQL: 2
FAULTING_IP:
STREAM!SCProcessCompletedDataRequest+e6
fbb3a018
8b4010 mov eax,dword ptr
[eax+10h]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fe23ecf8 -- (.trap 0xfffffffffe23ecf8)
ErrCode
= 00000000
eax=00000000
ebx=ffa07f80 ecx=01afe000 edx=00000000 esi=ffa10e88 edi=00000000
eip=fbb3a018
esp=fe23ed6c ebp=fe23ed80 iopl=0
nv up ei pl zr na pe nc
cs=0008 ss=0010
ds=0023 es=0023 fs=0030
gs=0000 efl=00210246
STREAM!SCProcessCompletedDataRequest+0xe6:
fbb3a018 8b4010 mov eax,dword ptr [eax+10h]
ds:0023:00000010=????????
Resetting
default scope
LAST_CONTROL_TRANSFER: from fbb3a018 to 804e2158
STACK_TEXT:
fe23ecf8
fbb3a018 badb0d00 00000000 ffa65002 nt!KiTrap0E+0x233
fe23ed80
fbb39cf3 00000068 810912a0 ffa1d8d8 STREAM!SCProcessCompletedDataRequest+0xe6
fe23ed94
fbb3a2de ffa10e88 ffa1d8d8 ffa1d9b0 STREAM!SCCallBackSrb+0x43
fe23ee68
fbb3a5d0 00000000 ffa1d820 00000000 STREAM!StreamClassDpc+0xc2
fe23ee88
804dcaad ffa1d944 ffa1d8d8 2409cb70 STREAM!SCMinidriverDeviceTimerDpc+0x48
fe23efa4
804dc928 ef3e0420 0000000a ffdff000 nt!KiTimerListExpire+0x122
fe23efd0
804dc179 80559980 00000000 000727df nt!KiTimerExpiration+0xaf
fe23eff4
804dbe2d fe26eb58 00000000 00000000 nt!KiRetireDpcList+0x46
fe23eff8
fe26eb58 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
WARNING:
Frame IP not in any known module. Following frames may be wrong.
804dbe2d
00000000 00000009 bb835675 00000128 0xfe26eb58
STACK_COMMAND: kb
FOLLOWUP_IP:
STREAM!SCProcessCompletedDataRequest+e6
fbb3a018
8b4010 mov eax,dword ptr
[eax+10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: STREAM!SCProcessCompletedDataRequest+e6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME:
STREAM
IMAGE_NAME: STREAM.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 41107d3e
FAILURE_BUCKET_ID: 0xD1_STREAM!SCProcessCompletedDataRequest+e6
BUCKET_ID: 0xD1_STREAM!SCProcessCompletedDataRequest+e6
Followup:
MachineOwner
---------
fe23ed3c 00000000
fe23ed40 fe23ed50
fe23ed44
ffffffff
fe23ed48 00000030
fe23ed4c 00000000
fe23ed50 ffa10e88
fe23ed54 ffa07f80
fe23ed58 fe23ed80
fe23ed5c 00000000
fe23ed60
fbb3a018 STREAM!SCProcessCompletedDataRequest+0xe6
fe23ed64 00000008
fe23ed68 00210246
fe23ed6c ffa10e88
fe23ed70 00000000
fe23ed74 ffa1d8d8
fe23ed78 00000000
fe23ed7c ffa1d8d8
fe23ed80 fe23ed94
fe23ed84
fbb39cf3 STREAM!SCCallBackSrb+0x43
fe23ed88 00000068
fe23ed8c 810912a0
fe23ed90 ffa1d8d8 << Parameter 2 of
SCCallBackSrb
fe23ed94
fe23ee68 <<
Parameter 1 of SCCallBackSrb
fe23ed98
fbb3a2de STREAM!StreamClassDpc+0xc2
int
__stdcall SCCallBackSrb(int a1,int a2)
{
int v2; // edi@1
int v3; // edx@2
int v4; // esi@2
v2 = a1;
if ( *(_BYTE *)(a2 +
0x158) )
{
v4 = a2 + 0xD8;
LOBYTE(v3) =
KfAcquireSpinLock(a2 + 0xD8);
if ( *(_DWORD
*)(v2 + 0x8C) )
return
KfReleaseSpinLock(v4, v3);
KfReleaseSpinLock(v4,
v3);
}
return (*(int
(__stdcall **)(int))(v2 + 0x6C))(v2);
}
v2:
ffa10e88 0000004c 0 00
ffa10e8c 00000001 1 04
ffa10e90 00000000 2 08
ffa10e94 81091348 3 0c
ffa10e98 ffa1db1c 4 10
ffa10e9c ffa10f30 5 14
ffa10ea0 ffa07aa0 6 18
ffa10ea4 0000001a 7 1c
ffa10ea8 0000000e 8 20
ffa10eac 0000000f 9 24
ffa10eb0 00000000 10 28
ffa10eb4 ffa17a90 11 2c
ffa10eb8 00000003 30
ffa10ebc ffa33504 34
ffa10ec0 00000003 38
ffa10ec4 ffa10f94 3c
ffa10ec8 00000000 40
ffa10ecc ffa10f9c 44
ffa10ed0 00000000 48
ffa10ed4 00000000 4c
ffa10ed8
00000000 50
ffa10edc
00000000 54
ffa10ee0
ffa0f9e8 58
ffa10ee4
00000000 5c
ffa10ee8
ffaa5008 60
ffa10eec
00000000 64
ffa10ef0
00000174 68
ffa10ef4
fbb39f32 6c STREAM!SCProcessCompletedDataRequest
Variable
P will have the value of 0xffa17a90
ffa17a90
01900006 ffa0f918 00000030 ffa07aa0
ffa17aa0
ffa65230 ffa06e80 00000000 00000000
ffa17ab0
04020101 0c000000 00da5d6c ffa13700
ffa17ac0
00000000 00da5d6c 00000000 00db1038
ffa17ad0
00300012 00000000 ffa65020 ffa06ebc
ffa17ae0
ffa65054 804ecf53 80618549 00000000
ffa17af0 00000000 ffb92a48
00000000 00010000
ffa17b00
00000000 00000000 00000000 00000000
int
__stdcall SCProcessCompletedDataRequest(PVOID P)
{
int v1; // eax@1
int v2; // ecx@1
PVOID v3; // esi@1
PVOID v4; // edx@2
int v5; // ebx@2
int v6; // edi@2
int v8; // [sp+8h]
[bp-4h]@1
int BadPointer; //
[sp+4h] [bp-8h]@2
v3 = P;
v2 = *((_DWORD *)P + 11); ç v2 = 0xffa17a90
v1 = *((_DWORD *)P + 4) - 0x244;
v8 = *((_DWORD *)P + 4) - 0x244;
if ( v2 )
{
v4 = *(PVOID *)(v2 + 0x60);
v5 = *((_DWORD *)P + 6);
v6 = *(_DWORD *)(v2 + 4);
BadPointer = *(_DWORD *)(v2 + 0x60); ß
BadPointer becomes 0x0 !!!!
if ( v6 )
{
P = 0;
do
{
if ( *(_BYTE
*)(*((_DWORD *)v3 + 3) + 37) )
{
while ( !*(_DWORD *)(v5 + 36) && !*(_DWORD
*)(v5 + 32) )
v5 += *((_DWORD *)v3 + 34);
if ( *((_BYTE *)v3 + 160) )
{
v4 = P;
*(_DWORD *)(v5
+ 40) = *(_DWORD *)((char *)P + *((_DWORD *)v3 + 41));
}
P = (char *)P
+ 4;
v5 += *((_DWORD *)v3
+ 34);
}
if ( *((_DWORD
*)v3 + 23) )
{
LOBYTE(v4) =
*((_DWORD *)v3 + 1) != 0;
(*(int
(__stdcall **)(_DWORD,int,_DWORD,int,_DWORD,PVOID))(*(_DWORD
*)(*(_DWORD *)(v1 + 0xB4) + 4) + 20))(
*(_DWORD *)(v1 + 0xB4),
v6,
*((_DWORD *)v3 + 23),
*(_DWORD *)(v6 + 16) + *(_DWORD *)(v6 + 24),
*(_DWORD *)(v6 + 20),
v4);
v1 = v8;
}
v6 = *(_DWORD *)v6;
}
while ( v6 );
}
if ( *((_DWORD
*)v3 + 23) )
{
(*(int
(__stdcall **)(_DWORD,_DWORD,_DWORD,int,_DWORD,_DWORD))(*(_DWORD
*)(*(_DWORD *)(v1 + 0xB4) + 4) + 20))(
*(_DWORD
*)(v1 + 0xB4),
*((_DWORD *)v3 + 22),
*((_DWORD
*)v3 + 23),
*(_DWORD
*)(*((_DWORD *)v3 + 22) + 0x10) + *(_DWORD *)(*((_DWORD *)v3 + 22) + 24),
*((_DWORD
*)v3 + 26),
0);
(*(int
(__stdcall **)(_DWORD,_DWORD,_DWORD))(*(_DWORD
*)(*(_DWORD *)(v8 + 180) + 4) + 28))(
*(_DWORD
*)(v8 + 180),
*((_DWORD
*)v3 + 23),
*((_DWORD
*)v3 + 16));
}
if ( *(_DWORD
*)(BadPointer + 0x10) )
// Here the stream.sys crashes.
ExFreePool(*(PVOID
*)(BadPointer + 0x10));
}
return
SCProcessCompletedRequest(v3);
}
Value
for P:
kd> !irpfind
unable to get large pool allocation table -
either wrong symbols or pool tagging is disabled
Searching NonPaged pool (81061000 : 81261000) for Tag: Irp?
Irp [ Thread ] irpStack:
(Mj,Mn) DevObj [Driver] MDL Process
810d25c8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
810d29d8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
810d2cd8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
ffa17638 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
ffa227b0 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
ffa291a8 [ffb477c8] irpStack: ( e, 0) ffa1d820 [ \Driver\mdvdwdm]
0xffa25020
ffaaa208 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
ffb85d00 [ffb477c8] irpStack: ( e, 0) ffa1d820 [
\Driver\mdvdwdm] 0xffa25020
kd>
!sprocess 0 1f DVDPlay.exe
Dumping
Session 0
_MM_SESSION_SPACE
fe351000
_MMSESSION fe35115c
PROCESS
ffa25020 SessionId:
0 Cid: 0634 Peb: 7ffdd000 ParentCid: 0728
DirBase: 00ede000 ObjectTable: e1660ad8 HandleCount: 274.
Image: DVDPlay.exe
VadRoot 810d8478 Vads 107 Clone 0 Private
703. Modified 38. Locked 259.
DeviceMap e150f088
Token e16c68c0
ElapsedTime 00:30:02.932
UserTime 00:02:17.457
KernelTime 00:03:48.989
QuotaPoolUsage[PagedPool] 44892
QuotaPoolUsage[NonPagedPool] 19384
Working Set Sizes (now,min,max) (1839, 50, 345) (7356KB, 200KB, 1380KB)
PeakWorkingSetSize 2010
VirtualSize 52 Mb
PeakVirtualSize 52 Mb
PageFaultCount 2104
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 1130
THREAD ffa23020 Cid 0634.0198 Teb: 7ffdf000 Win32Thread: e1068ba8 WAIT:
(WrUserRequest) UserMode Non-Alertable
810c6ff0 SynchronizationEvent
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468953 Ticks: 6 (0:00:00:00.060)
Context Switch Count 64547 LargeStack
UserTime 00:00:57.122
KernelTime 00:01:22.718
***
WARNING: Unable to verify timestamp for DVDPlay.exe
Win32 Start Address DVDPlay!WinMainCRTStartup (0x00439280)
Start Address kernel32!BaseProcessStartThunk (0x7c810867)
Stack Init fbbf1000 Current fbbf0c20
Base fbbf1000 Limit fbbec000 Call 0
Priority 12 BasePriority 8
PriorityDecrement 2 DecrementCount 16
ChildEBP RetAddr
fbbf0c38 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fbbf0c44 804dc6f2 nt!KiSwapThread+0x46
(FPO: [0,0,0])
fbbf0c6c bf802ec4 nt!KeWaitForSingleObject+0x1c2
(FPO: [Non-Fpo])
fbbf0ca8 bf801aa8 win32k!xxxSleepThread+0x192 (FPO: [Non-Fpo])
fbbf0cec bf80f106 win32k!xxxRealInternalGetMessage+0x418 (FPO: [Non-Fpo])
fbbf0d4c 804df06b win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo])
fbbf0d4c 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fbbf0d64)
0012fe78 77d4919b ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
0012fea0 004837ea USER32!NtUserGetMessage+0xc
0012fec8 00482f0f DVDPlay!CWinThread::PumpMessage+0x30 (CONV: thiscall) [thrdcore.cpp
@ 821]
0012feec 00481c9a DVDPlay!CWinThread::Run+0x82 (CONV: thiscall) [thrdcore.cpp @ 487]
0012fef8 0048988e DVDPlay!CWinApp::Run+0x3a (CONV: thiscall) [appcore.cpp @ 400]
0012ff18 004595c8 DVDPlay!AfxWinMain+0xce (CONV: stdcall) [winmain.cpp @ 49]
0012ff30 004393a6 DVDPlay!WinMain+0x18 (CONV: stdcall) [appmodul.cpp @ 30]
0012ffc0 7c816d4f DVDPlay!WinMainCRTStartup+0x126 (CONV: cdecl) [crt0.c @ 198]
0012fff0 00000000 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])
THREAD ffa22210 Cid 0634.0164 Teb: 7ffde000 Win32Thread: e182f158 WAIT:
(WrUserRequest) UserMode Non-Alertable
ffb94860 SynchronizationEvent
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 367732 Ticks: 101227 (0:00:16:53.727)
Context Switch Count 79 LargeStack
UserTime 00:00:00.110
KernelTime 00:00:00.130
***
ERROR: Symbol file could not be found.
Defaulted to export symbols for QUARTZ.dll -
Win32 Start Address QUARTZ!AMGetErrorTextA (0x7486efb2)
Start Address kernel32!BaseThreadStartThunk
(0x7c810856)
Stack Init fbea6000 Current fbea5c20
Base fbea6000 Limit fbea3000 Call 0
Priority 10 BasePriority 8
PriorityDecrement 0 DecrementCount 16
Kernel stack not
resident.
THREAD ffa1d020 Cid 0634.0140 Teb: 7ffdc000 Win32Thread: e1111368 WAIT:
(UserRequest) UserMode Non-Alertable
ffa23340 SynchronizationEvent
ffa23310 SynchronizationEvent
ffa25330 NotificationEvent
ffa618c0 NotificationEvent
ffa25300 SynchronizationEvent
ffa252d0 SynchronizationEvent
ffa232a0 SynchronizationEvent
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 367732 Ticks: 101227 (0:00:16:53.727)
Context Switch Count 14 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address qdvd!CAMThread::InitialThreadProc (0x5dfada2c)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fbe76000 Current fbe7595c
Base fbe76000 Limit fbe73000 Call 0
Priority 10 BasePriority 8
PriorityDecrement 0 DecrementCount 16
Kernel stack not
resident.
THREAD 810916b0 Cid 0634.0118 Teb: 7ffdb000 Win32Thread: 00000000 WAIT:
(UserRequest) UserMode Non-Alertable
81091e58 NotificationEvent
81091d78 NotificationEvent
ffa32f50 Semaphore Limit 0x7fffffff
ffa196d0 SynchronizationEvent
IRP List:
ffb05008: (0006,0190)
Flags: 00000070 Mdl: 00000000
ffa82930: (0006,0190)
Flags: 00000070 Mdl: 00000000
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 323293 Ticks: 145666 (0:00:24:18.757)
Context Switch Count 1
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address ksproxy!CKsQualityF::QualityThread (0x5e04c17f)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fc0a1000 Current fc0a095c
Base fc0a1000 Limit fc09e000 Call 0
Priority 10 BasePriority 10
PriorityDecrement 0 DecrementCount 0
Kernel stack not
resident.
THREAD 810e0da8 Cid 0634.0148 Teb: 7ffda000 Win32Thread: 00000000 WAIT:
(UserRequest) UserMode Non-Alertable
ffa1d2a0 SynchronizationEvent
ffa13700 NotificationEvent
ffb811f8 NotificationEvent
ffa11758 NotificationEvent
ffa7e618 NotificationEvent
ffb63670 NotificationEvent
ffaa75e8 NotificationEvent
ffa0bef0 NotificationEvent
ffa74650 NotificationEvent
ffa120a8 NotificationEvent
ffb672e0 NotificationEvent
ffa116e0 NotificationEvent
ffb225e0 NotificationEvent
ffad9d90 NotificationEvent
ffb95420 NotificationEvent
ffa044f8 NotificationEvent
ffa748c8 NotificationEvent
ffa0dd70 NotificationEvent
ffa12218 NotificationEvent
ffa12ef0 NotificationEvent
ffa037a0 NotificationEvent
ffb27940 NotificationEvent
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468954 Ticks: 5 (0:00:00:00.050)
Context Switch Count 89361
UserTime 00:00:14.060
KernelTime 00:00:17.615
Win32 Start Address ksproxy!CKsProxy::IoThread (0x5e0344fe)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fc06d000 Current fc06c95c
Base fc06d000 Limit fc06a000 Call 0
Priority 10 BasePriority 8
PriorityDecrement 2 DecrementCount 16
ChildEBP RetAddr
fc06c974 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fc06c980 804e40fd nt!KiSwapThread+0x46
(FPO: [0,0,0])
fc06c9b8 80566488 nt!KeWaitForMultipleObjects+0x284
(FPO: [Non-Fpo])
fc06cd48 804df06b nt!NtWaitForMultipleObjects+0x2a2
(FPO: [Non-Fpo])
fc06cd48 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fc06cd64)
0116feec 7c90e9ab ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
0116fef0 7c8094f2 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
0116ff8c 5e034521 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo])
0116ffb4 7c80b50b ksproxy!CKsProxy::IoThread+0x23 (FPO: [Non-Fpo])
0116ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
THREAD 810e0848 Cid 0634.01b0 Teb: 7ffd9000 Win32Thread: e10edc00 WAIT:
(UserRequest) UserMode Non-Alertable
ffa29640 NotificationEvent
ffa2a100 NotificationEvent
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 324932 Ticks: 144027 (0:00:24:02.343)
Context Switch Count 14 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.020
Win32 Start Address ksproxy!CVPInterfaceHandler::InitialThreadProc (0x5e04c6ea)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fe09b000 Current fe09a95c
Base fe09b000 Limit fe097000 Call 0
Priority 8 BasePriority 8
PriorityDecrement 0 DecrementCount 16
Kernel stack not
resident.
THREAD ffa2f7d8 Cid 0634.0788 Teb: 7ffd8000 Win32Thread: e184fb00 WAIT:
(UserRequest) UserMode Non-Alertable
ffb6bf20 Semaphore Limit 0x5
ffa2f8c8 NotificationTimer
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468940 Ticks: 19 (0:00:00:00.190)
Context Switch Count 13241 LargeStack
UserTime 00:00:00.120
KernelTime 00:00:00.751
Win32 Start Address DVDPlay!_threadstartex (0x0043b4f0)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fbe86000 Current fbe85ca0
Base fbe86000 Limit fbe82000 Call 0
Priority 12 BasePriority 8
PriorityDecrement 2 DecrementCount 16
ChildEBP RetAddr
fbe85cb8 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fbe85cc4 804dc6f2 nt!KiSwapThread+0x46
(FPO: [0,0,0])
fbe85cec 80565a9f nt!KeWaitForSingleObject+0x1c2
(FPO: [Non-Fpo])
fbe85d50 804df06b nt!NtWaitForSingleObject+0x9a
(FPO: [Non-Fpo])
fbe85d50 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fbe85d64)
0167fdfc 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
0167fe00 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
0167fe64 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])
0167fe78 00408b57 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
0167fee0 004826a5 DVDPlay!Thread_UIUpdateMsgPump+0x37 (CONV: cdecl)
[c:\data\dvd-linux\margi\dvdtogo\win95\dvdplay\dvdplay.cpp @ 396]
0167ff80 0043b563 DVDPlay!_AfxThreadEntry+0x2b5 (CONV: stdcall) [thrdcore.cpp @ 112]
0167ffb4 7c80b50b DVDPlay!_threadstartex+0x73 (CONV: stdcall) [threadex.c @ 212]
0167ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
THREAD ffb477c8 Cid 0634.06dc Teb: 7ffd7000 Win32Thread: 00000000 WAIT:
(UserRequest) UserMode Non-Alertable
810c7c88 SynchronizationEvent
ffaa78c8 SynchronizationEvent
811c0870 SynchronizationEvent
ffb17f30 NotificationEvent
IRP List:
ffaaece0: (0006,0190)
Flags: 00000070 Mdl: ffa2f5a8
810d29d8: (0006,0190)
Flags: 00000070 Mdl: ffa17328
ffa291a8: (0006,0190)
Flags: 00000070 Mdl: 81101b80
ffa17638: (0006,0190)
Flags: 00000070 Mdl: ffa17128
810d2cd8: (0006,0190)
Flags: 00000070 Mdl: ffa27cf8
ffa227b0: (0006,0190)
Flags: 00000070 Mdl: ffa7df08
811018a8: (0006,0190)
Flags: 00000070 Mdl: ffa16870
ffaaa208: (0006,0190)
Flags: 00000070 Mdl: ffb9ba78
810d25c8: (0006,0190)
Flags: 00000070 Mdl: ffb70358
ffb85d00: (0006,0190)
Flags: 00000070 Mdl: ffa1b7a0
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 324787 Ticks: 144172 (0:00:24:03.796)
Context Switch Count 3
UserTime 00:00:00.000
KernelTime 00:00:00.010
Win32 Start Address ksproxy!CAsyncItemHandler::AsyncItemProc (0x5e0415d4)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fbe02000 Current fbe0195c
Base fbe02000 Limit fbdff000 Call 0
Priority 8 BasePriority 8
PriorityDecrement 0 DecrementCount 0
Kernel stack not
resident.
THREAD ffa65020 Cid 0634.0368 Teb: 7ffd6000 Win32Thread: 00000000 READY
IRP List:
ffa02910: (0006,0190)
Flags: 00000030 Mdl: ffa017e8
ffa10008: (0006,0190)
Flags: 00000030 Mdl: ff9ffbd8
ffa0a008: (0006,0190)
Flags: 00000030 Mdl: ffa142b8
ffa11d90: (0006,0190)
Flags: 00000030 Mdl: 81074998
ffa13400: (0006,0190)
Flags: 00000030 Mdl: ffa0be18
ffa035f0: (0006,0190)
Flags: 00000030 Mdl: ffa0ec40
ffa03df0: (0006,0190)
Flags: 00000030 Mdl: ffa04b70
ffa009e0: (0006,0190)
Flags: 00000030 Mdl: ffa15008
ff9ffe70: (0006,0190)
Flags: 00000030 Mdl: ffa122b8
ffa28008: (0006,0190)
Flags: 00000030 Mdl: ffa030c8
ffa01008: (0006,0190)
Flags: 00000030 Mdl: ffa13008
ffa053d0: (0006,0190)
Flags: 00000030 Mdl: ffa0fd08
ffa12838: (0006,0190)
Flags: 00000030 Mdl: ffa018e8
810db008: (0006,0190)
Flags: 00000030 Mdl: ffa06200
ffa0c6e0: (0006,0190)
Flags: 00000030 Mdl: ffa0c348
ffa103b8: (0006,0190)
Flags: 00000030 Mdl: ffa11898
ffa0b3d8: (0006,0190)
Flags: 00000030 Mdl: ffa01568
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468959 Ticks: 0
Context Switch Count 109516
UserTime 00:00:12.227
KernelTime 00:00:26.928
Win32 Start Address qdvd!COutputQueue::InitialThreadProc (0x5dfd7556)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fbf06000 Current fbf05ca0
Base fbf06000 Limit fbf03000 Call 0
Priority 11 BasePriority 8
PriorityDecrement 2 DecrementCount 16
ChildEBP RetAddr
fbf05cb8 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fbf05cc4 804dc6f2 nt!KiSwapThread+0x46
(FPO: [0,0,0])
fbf05cec 80565a9f nt!KeWaitForSingleObject+0x1c2
(FPO: [Non-Fpo])
fbf05d50 804df06b nt!NtWaitForSingleObject+0x9a
(FPO: [Non-Fpo])
fbf05d50 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fbf05d64)
0189fef0 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
0189fef4 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
0189ff58 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])
0189ff6c 5dfd7291 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
0189ffa4 5dfd756c qdvd!COutputQueue::ThreadProc+0xd5
(FPO: [Non-Fpo])
0189ffb4 7c80b50b qdvd!COutputQueue::InitialThreadProc+0x16 (FPO: [Non-Fpo])
0189ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
THREAD ffa16b80 Cid 0634.0674 Teb: 7ffd5000 Win32Thread: 00000000 WAIT:
(UserRequest) UserMode Non-Alertable
ffa77840 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468954 Ticks: 5 (0:00:00:00.050)
Context Switch Count 100844
UserTime 00:00:05.658
KernelTime 00:00:13.809
Win32 Start Address qdvd!COutputQueue::InitialThreadProc (0x5dfd7556)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fc223000 Current fc222ca0
Base fc223000 Limit fc220000 Call 0
Priority 10 BasePriority 8
PriorityDecrement 2 DecrementCount 16
ChildEBP RetAddr
fc222cb8 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fc222cc4 804dc6f2 nt!KiSwapThread+0x46
(FPO: [0,0,0])
fc222cec 80565a9f nt!KeWaitForSingleObject+0x1c2
(FPO: [Non-Fpo])
fc222d50 804df06b nt!NtWaitForSingleObject+0x9a
(FPO: [Non-Fpo])
fc222d50 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fc222d64)
0199fef0 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
0199fef4 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
0199ff58 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])
0199ff6c 5dfd7291 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
0199ffa4 5dfd756c qdvd!COutputQueue::ThreadProc+0xd5 (FPO: [Non-Fpo])
0199ffb4 7c80b50b qdvd!COutputQueue::InitialThreadProc+0x16 (FPO: [Non-Fpo])
0199ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
THREAD ffa16908 Cid 0634.07e4 Teb: 7ffd4000 Win32Thread: 00000000 WAIT:
(UserRequest) UserMode Non-Alertable
ffa192e0 Semaphore Limit 0x7fffffff
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468953 Ticks: 6 (0:00:00:00.060)
Context Switch Count 76403
UserTime 00:00:00.761
KernelTime 00:00:01.131
Win32 Start Address qdvd!COutputQueue::InitialThreadProc (0x5dfd7556)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fbb79000 Current fbb78ca0
Base fbb79000 Limit fbb76000 Call 0
Priority 11 BasePriority 8
PriorityDecrement 2 DecrementCount 16
ChildEBP RetAddr
fbb78cb8 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fbb78cc4 804dc6f2 nt!KiSwapThread+0x46
(FPO: [0,0,0])
fbb78cec 80565a9f nt!KeWaitForSingleObject+0x1c2
(FPO: [Non-Fpo])
fbb78d50 804df06b nt!NtWaitForSingleObject+0x9a
(FPO: [Non-Fpo])
fbb78d50 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fbb78d64)
01a9fef0 7c90e9c0 ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
01a9fef4 7c8025db ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
01a9ff58 7c802542 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])
01a9ff6c 5dfd7291 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
01a9ffa4 5dfd756c qdvd!COutputQueue::ThreadProc+0xd5 (FPO: [Non-Fpo])
01a9ffb4 7c80b50b qdvd!COutputQueue::InitialThreadProc+0x16 (FPO: [Non-Fpo])
01a9ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
THREAD ffa16548 Cid 0634.01b4 Teb: 7ffaf000 Win32Thread: e19503e0 WAIT:
(UserRequest) UserMode Non-Alertable
ffad1338 Semaphore Limit 0x7fffffff
ffab14c0 SynchronizationEvent
ffab1460 SynchronizationEvent
ffa30b60 NotificationEvent
ffa7f8a8 NotificationEvent
ffa7f848 NotificationEvent
810c6318 NotificationEvent
810c62b8 NotificationEvent
ffa16df8 SynchronizationEvent
ffa16638 NotificationTimer
Not impersonating
DeviceMap e150f088
Owning Process ffa25020 Image: DVDPlay.exe
Wait Start TickCount 468953 Ticks: 6 (0:00:00:00.060)
Context Switch Count 326499 LargeStack
UserTime 00:00:47.388
KernelTime 00:01:25.763
Win32 Start Address qdvd!CAMThread::InitialThreadProc (0x5dfada2c)
Start Address kernel32!BaseThreadStartThunk (0x7c810856)
Stack Init fbad9000 Current fbad895c
Base fbad9000 Limit fbad5000 Call 0
Priority 9 BasePriority 9
PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr
fbad8974 804dc6a6 nt!KiSwapContext+0x2e
(FPO: [Uses EBP] [0,0,4])
fbad8980 804e40fd nt!KiSwapThread+0x46
(FPO: [0,0,0])
fbad89b8 80566488 nt!KeWaitForMultipleObjects+0x284
(FPO: [Non-Fpo])
fbad8d48 804df06b nt!NtWaitForMultipleObjects+0x2a2
(FPO: [Non-Fpo])
fbad8d48 7c90ebab nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ fbad8d64)
01c4fdb4 7c90e9ab ntdll!KiIntSystemCall+0x6 (FPO: [0,0,0])
01c4fdb8 7c8094f2 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
01c4fe54 7c809c86 kernel32!WaitForMultipleObjectsEx+0x12c (FPO: [Non-Fpo])
01c4fe70 5dfb18e0 kernel32!WaitForMultipleObjects+0x18 (FPO: [Non-Fpo])
01c4fed8 5dfd248d qdvd!CDVDDiskReader::WaitForSingleObject+0x92 (FPO: [Non-Fpo])
01c4fef4 5dfb1311 qdvd!CSequentialAllocator::GetBuffer+0x33 (FPO: [Non-Fpo])
01c4ff18 5dfb13de qdvd!CSequentialAllocator::GetBuffer+0x2e (FPO: [Non-Fpo])
01c4ff38 5dfb1ada qdvd!CDVDDiskReader::GetBuffer+0x16 (FPO: [Non-Fpo])
01c4ff64 5dfb2962 qdvd!CDVDDiskReader::ReadNewData+0x2d (FPO: [Non-Fpo])
01c4ff88 5dfbdddf qdvd!CDVDDiskReader::ProcessData+0x8b (FPO: [Non-Fpo])
01c4ffa4 5dfada41 qdvd!CDVDPump::ThreadProc+0x1fb (FPO: [Non-Fpo])
01c4ffb4 7c80b50b qdvd!CAMThread::InitialThreadProc+0x15 (FPO: [Non-Fpo])
01c4ffec 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
kd>
dt -r mdvdwdm!_HW_STREAM_REQUEST_BLOCK ffa10e88
+0x000 SizeOfThisPacket :
0x4c
+0x004 Command : 1
+0x008 Status : 0
+0x00c StreamObject : 0x81091348 _HW_STREAM_OBJECT
+0x000 SizeOfThisPacket
: 0x44
+0x004 StreamNumber : 0
+0x008 HwStreamExtension
: 0x8109149c
+0x00c ReceiveDataPacket
: 0xfb99ac10 void mdvdwdm!VideoReceive+0
+0x010 ReceiveControlPacket
: 0xfb99ade0 void mdvdwdm!VideoControl+0
+0x014 HwClockObject : _HW_CLOCK_OBJECT
+0x000 HwClockFunction : (null)
+0x004 ClockSupportFlags
: 0
+0x008 Reserved : [2] 0
+0x024 Dma : 0 ''
+0x025 Pio : 0x1 ''
+0x028 HwDeviceExtension
: 0xffa1db1c
+0x02c StreamHeaderMediaSpecific
: 0
+0x030 StreamHeaderWorkspace
: 0
+0x034 Allocator : 0 ''
+0x038 HwEventRoutine : (null)
+0x03c Reserved : [2] 0
+0x010 HwDeviceExtension :
0xffa1db1c
+0x014 SRBExtension : 0xffa10f30
+0x018 CommandData : _CommandData
+0x000 DataBufferArray : 0xffa07aa0 KSSTREAM_HEADER
+0x000 Size : 0x30
+0x004 TypeSpecificFlags
: 0x19c20000
+0x008 PresentationTime
: KSTIME
+0x018 Duration : 0
+0x020 FrameExtent : 0x800
+0x024 DataUsed : 0x800
+0x028 Data : 0x01af0800
+0x02c OptionsFlags : 0
+0x000 StreamBuffer : 0xffa07aa0 _HW_STREAM_DESCRIPTOR
+0x000 StreamHeader : _HW_STREAM_HEADER
+0x028 StreamInfo : _HW_STREAM_INFORMATION
+0x000 StreamState : -6260064
+0x000 TimeReference : 0xffa07aa0 _STREAM_TIME_REFERENCE
+0x000 CurrentOnboardClockValue
: 0x19c20000`00000030
+0x008 OnboardClockFrequency
: _LARGE_INTEGER 0x0
+0x010 CurrentSystemTime
: _LARGE_INTEGER 0x1`00000001
+0x018 Reserved : [2] 0
+0x000 PropertyInfo : 0xffa07aa0 _STREAM_PROPERTY_DESCRIPTOR
+0x000 Property : 0x00000030 KSIDENTIFIER
+0x004 PropertySetID : 0x19c20000
+0x008 PropertyInfo : (null)
+0x00c PropertyInputSize
: 0
+0x010 PropertyOutputSize
: 1
+0x000 OpenFormat : 0xffa07aa0 KSDATAFORMAT
+0x000 FormatSize : 0x30
+0x004 Flags : 0x19c20000
+0x008 SampleSize : 0
+0x00c Reserved : 0
+0x010 MajorFormat : _GUID {00000001-0001-0000-0000-000000000000}
+0x020 SubFormat : _GUID
{00000800-0800-0000-0008-af0100000000}
+0x030 Specifier :
_GUID {00000030-0000-19c3-0000-000000000000}
+0x000 Alignment : 1856045996430065712
+0x000 ConfigInfo : 0xffa07aa0
_PORT_CONFIGURATION_INFORMATION
+0x000 SizeOfThisPacket
: 0x30
+0x004 HwDeviceExtension
: 0x19c20000
+0x008 ClassDeviceObject
: (null)
+0x00c PhysicalDeviceObject
: (null)
+0x010 SystemIoBusNumber :
1
+0x014 AdapterInterfaceType
: 1
+0x018 BusInterruptLevel
: 0
+0x01c BusInterruptVector
: 0
+0x020 InterruptMode : 2048
+0x024 DmaChannel : 0x800
+0x028 NumberOfAccessRanges
: 0x1af0800
+0x02c AccessRanges : (null)
+0x030 StreamDescriptorSize
: 0x30
+0x034 Irp : 0x19c30000 _IRP
+0x038 InterruptObject : (null)
+0x03c DmaAdapterObject
: (null)
+0x040 RealPhysicalDeviceObject
: 0x00000001 _DEVICE_OBJECT
+0x044 Reserved : [1] 1
+0x000 MasterClockHandle
: 0xffa07aa0
+0x000 DeviceState : -6260064
+0x000 IntersectInfo : 0xffa07aa0 _STREAM_DATA_INTERSECT_INFO
+0x000 StreamNumber : 0x30
+0x004 DataRange : 0x19c20000 KSDATAFORMAT
+0x008 DataFormatBuffer
: (null)
+0x00c SizeOfDataFormatBuffer
: 0
+0x01c NumberOfBuffers : 0x1a
+0x020 TimeoutCounter : 0xe
+0x024 TimeoutOriginal : 0xf
+0x028 NextSRB : (null)
+0x02c Irp : 0xffa17a90 _IRP
+0x000 Type : 6
+0x002 Size : 0x190
+0x004 MdlAddress : 0xffa0f918 _MDL
+0x000 Next : 0xffa10d30 _MDL
+0x004 Size : 32
+0x006 MdlFlags : 8
+0x008 Process : 0xffa25020 _EPROCESS
+0x00c MappedSystemVa : 0xfe483800
+0x010 StartVa : 0x01af0000
+0x014 ByteCount : 0x800
+0x018 ByteOffset : 0x800
+0x008 Flags : 0x30
+0x00c AssociatedIrp : __unnamed
+0x000 MasterIrp : 0xffa07aa0 _IRP
+0x000 IrpCount : -6260064
+0x000 SystemBuffer : 0xffa07aa0
+0x010 ThreadListEntry : _LIST_ENTRY [ 0xffa65230 -
0xffa06e80 ]
+0x000 Flink : 0xffa65230 _LIST_ENTRY [ 0xffa02920 - 0xffa17aa0 ]
+0x004 Blink : 0xffa06e80 _LIST_ENTRY [ 0xffa17aa0 - 0xffaa1018 ]
+0x018 IoStatus : _IO_STATUS_BLOCK
+0x000 Status : 0
+0x000 Pointer : (null)
+0x004 Information : 0
+0x020 RequestorMode : 1 ''
+0x021 PendingReturned : 0x1 ''
+0x022 StackCount : 2 ''
+0x023 CurrentLocation : 4 ''
+0x024 Cancel : 0 ''
+0x025 CancelIrql : 0 ''
+0x026 ApcEnvironment : 0 ''
+0x027 AllocationFlags : 0xc ''
+0x028 UserIosb : 0x00da5d6c _IO_STATUS_BLOCK
+0x000 Status : ??
+0x000 Pointer : ????
+0x004 Information : ??
+0x02c UserEvent : 0xffa13700 _KEVENT
+0x000 Header : _DISPATCHER_HEADER
+0x030 Overlay : __unnamed
+0x000 AsynchronousParameters
: __unnamed
+0x000 AllocationSize : _LARGE_INTEGER 0xda5d6c`00000000
+0x038 CancelRoutine : (null)
+0x03c UserBuffer : 0x00db1038
+0x040 Tail : __unnamed
+0x000 Overlay : __unnamed
+0x000 Apc : _KAPC
+0x000 CompletionKey : 0x00300012
+0x030 Flags : 3
+0x034 HwInstanceExtension
: 0xffa33504
+0x038 NumberOfBytesToTransfer
: 3
+0x038 ActualBytesTransferred
: 3
+0x03c ScatterGatherBuffer
: 0xffa10f94 KSSCATTER_GATHER
+0x000 PhysicalAddress : _LARGE_INTEGER 0x1af1000`01af0800
+0x000 LowPart : 0x1af0800
+0x004 HighPart : 28250112
+0x000 u : __unnamed
+0x000 QuadPart : 121333307176585216
+0x008 Length : 0x1af1800
+0x040 NumberOfPhysicalPages
: 0
+0x044 NumberOfScatterGatherElements
: 0xffa10f9c
+0x048 Reserved : [1] 0
Memory
read error 00da5d70
From
the debugged/Checked system.sys
v4 =
v1->Tail.Overlay.CurrentStackLocation;
v26 = (char *)v1->Tail.Overlay.CurrentStackLocation;
if ( !v4 )
RtlAssert("IrpStack",
"D:\\nt\\private\\ntos\\dd\\wdm\\dvd\\class\\codguts.c", 1824u,
(PCHAR)v4);
int
__stdcall SCProcessCompletedDataRequest(char *arg1)
{
IRP *v1; // ebx@1
HW_STREAM_REQUEST_BLOCK *_arg1; // esi@1
PKSSTREAM_HEADER v3; // edi@2
struct _IRP::$::$::$::$A02EC6A2CE86544F716F4825015773AC::_IO_STACK_LOCATION
*v4; // eax@4
PMDL v5; // eax@6
PMDL v6; // ebx@6
unsigned __int32 v7;
// eax@18
CHAR *v8; // edx@18
int v9; // ecx@18
char *v10; // eax@23
CHAR *v11; // ecx@23
int v12; // ebx@23
PHW_STREAM_OBJECT v13; // edi@23
int v14; // eax@25
int (__stdcall *v15)(_DWORD,_DWORD,_DWORD); // ebx@25
int v16; // edi@25
char *v18; // eax@1
PVOID v19; // eax@17
int v20; // edx@18
PACCESS_STATE v21; // eax@18
PSECURITY_QUALITY_OF_SERVICE v22; // eax@18
PVOID v23; // eax@22
PIRP v24; // [sp+24h] [bp-Ch]@1
char *v25; //
[sp+28h] [bp-8h]@1
char *v26; //
[sp+Ch] [bp-24h]@4
PVOID v27; // [sp+2Ch] [bp-4h]@17
int v28; // [sp+18h]
[bp-18h]@18
int v29; // [sp+20h]
[bp-10h]@18
PACCESS_STATE v30; // [sp+14h] [bp-1Ch]@18
unsigned __int32
v31; // [sp+10h] [bp-20h]@18
unsigned __int32
v32; // [sp+1Ch] [bp-14h]@18
_arg1 = (HW_STREAM_REQUEST_BLOCK *)arg1;
arg1 = 0;
v1 = _arg1->Irp;
v18 = (char *)_arg1->HwDeviceExtension
- 536;
v24 = _arg1->Irp;
v25 = v18;
if ( v1 )
{
v3 = _arg1->CommandData.DataBufferArray;
if ( !v3 )
RtlAssert(
"CurrentHeader",
"D:\\nt\\private\\ntos\\dd\\wdm\\dvd\\class\\codguts.c",
0x71Du,
(PCHAR)_arg1->CommandData.DataBufferArray);
v4 =
v1->Tail.Overlay.CurrentStackLocation;
v26 = (char *)v1->Tail.Overlay.CurrentStackLocation;
if ( !v4 )
RtlAssert("IrpStack",
"D:\\nt\\private\\ntos\\dd\\wdm\\dvd\\class\\codguts.c", 1824u,
(PCHAR)v4);
v6 = v1->MdlAddress;
v5 = v6;
while ( v5 )
v5 = v5->Next;
while ( v6 )
{
if (
_arg1->StreamObject->Pio )
{
while (
!v3->OptionsFlags && !v3->Data )
v3 = (PKSSTREAM_HEADER)((char *)v3 + (unsigned int)_arg1[1].ScatterGatherBuffer);
if (
LOBYTE(_arg1[2].Status) )
{
StreamClassDebugPrint(5,
"Restoring: Index:%x, Ptr:%x\n", (char)arg1);
*(_DWORD *)&v3[1].PresentationTime.Time
= *(&_arg1[2].StreamObject->SizeOfThisPacket + (_DWORD)arg1);
}
StreamClassDebugPrint(5,
"'SCPioComplete: Irp = %x, header = %x, Data = %x\n", (char)v24);
++arg1;
v3 = (PKSSTREAM_HEADER)((char *)v3 + (unsigned int)_arg1[1].ScatterGatherBuffer);
}
v19 = _arg1[1].HwDeviceExtension;
v27 = _arg1[1].HwDeviceExtension;
if ( v19 )
{
v9 = *((_DWORD *)v25 + 46);
v20 = *(_DWORD *)(v9 + 4);
LOBYTE(v28) = _arg1->Command !=
0;
v21 = (PACCESS_STATE)v6->ByteCount;
v29 = v9;
v8 = *(CHAR **)(v20
+ 20);
v30 = v21;
v22 = (PSECURITY_QUALITY_OF_SERVICE)v6->StartVa;
v31 = (unsigned __int32)v8;
v7 = (unsigned __int32)((char *)v22 + v6->ByteOffset);
v32 = v7;
if ( !v8 )
{
RtlAssert("flushAdapterBuffers !=
NULL", "D:\\NT\\public\\sdk\\inc\\wdm.h", 0x2A72u, v8);
v9 = v29;
v7 = v32;
}
((int (__stdcall *)(int,PMDL,PVOID,unsigned
__int32,PACCESS_STATE,int))v31)(v9, v6, v27, v7, v30, v28);
}
v6 = v6->Next;
}
v23 = _arg1[1].HwDeviceExtension;
v27 = _arg1[1].HwDeviceExtension;
if ( v23 )
{
v13 = _arg1[1].StreamObject;
v31 = _arg1[1].NumberOfBuffers;
v10 = (char *)*((_DWORD *)v25 + 46);
v12
= (int)((char *)v13->ReceiveControlPacket +
v13->HwClockObject.ClockSupportFlags);
arg1 = (char *)*((_DWORD *)v25 + 46);
v11 = *(CHAR **)(*((_DWORD
*)v10 + 1) + 20);
v30 = *(PACCESS_STATE *)(*((_DWORD
*)v10 + 1) + 20);
if ( !v11 )
{
RtlAssert("flushAdapterBuffers
!= NULL", "D:\\NT\\public\\sdk\\inc\\wdm.h", 0x2A72u, v11);
v10 = arg1;
}
((int (__stdcall *)(char
*,PHW_STREAM_OBJECT,PVOID,int,unsigned __int32,_DWORD))v30)(v10, v13, v27, v12,
v31, 0);
arg1 = (char *)_arg1->NumberOfPhysicalPages;
v31 = (unsigned __int32)_arg1[1].HwDeviceExtension;
v16 = *((_DWORD *)v25 + 46);
v14 = *(_DWORD *)(v16 + 4);
v15 = *(int (__stdcall **)(_DWORD,_DWORD,_DWORD))(v14 + 28);
if ( !v15 )
RtlAssert("freeMapRegisters
!= NULL", "D:\\NT\\public\\sdk\\inc\\wdm.h", 0x2A96u, *(PCHAR
*)(v14 + 28));
v15(v16, v31,
arg1);
}
if ( *((_DWORD
*)v26 + 4) )
{
DbgBreakPoint();
ExFreePool(*((PVOID
*)v26 + 4));
}
}
return
SCProcessCompletedRequest((KIRQL)_arg1);
}
Tail:
union {
struct
Overlay;
KAPC Apc;
PVOID CompletionKey;
}
Overlay:
struct {
union {
KDEVICE_QUEUE_ENTRY
DeviceQueueEntry;
struct
{
PVOID DriverContext[4];
} _unamed2
} _unamed1
PETHREAD Thread;
PCHAR AuxiliaryBuffer;
struct {
LIST_ENTRY ListEntry;
union
{
struct
_IO_STACK_LOCATION *CurrentStackLocation;
ULONG PacketType;
};
};
PFILE_OBJECT OriginalFileObject;
}
|
KAPC
Apc |
PVOID
CompletionKey |
|
KDEVICE_QUEUE |
LIST_ENTRY |
*Flink |
DriverContext[0] |
||
|
*Blink |
DriverContext[1] |
|||||||
|
ULONG
SortKey |
DriverContext[2] |
|||||||
|
BOOLEAN
Inserted |
DriverContext[3] |
|||||||
|
PETHREAD
Thread |
||||||||
|
PCHAR
AuxiliaryBuffer |
||||||||
|
|
LIST_ENTRY
ListEntry |
|||||||
|
|
struct
_IO_STACK_LOCATION *CurrentStackLocation |
ULONG
PacketType |
||||||
|
PFILE_OBJECT
OriginalFileObject |
||||||||
StreamDispatchIoControl
stack:
#
ChildEBP RetAddr
00
fba0ac00 fdb57f0f STREAM!StreamDispatchIoControl (FPO:
[Non-Fpo])
01
fba0ac10 fb9ecb5d ks!KsDispatchIrp+0x126 (FPO: [Non-Fpo])
02
fba0ac34 804e3d77 STREAM!StreamClassPassThroughIrp+0xf1
(FPO: [Non-Fpo])
03
fba0ac44 8056a9ab nt!IopfCallDriver+0x31 (FPO:
[0,0,0])
04
fba0ac58 8057d9f7 nt!IopSynchronousServiceTail+0x60
(FPO: [Non-Fpo])
05
fba0ad00 8057fbfa nt!IopXxxControlFile+0x611 (FPO:
[Non-Fpo])
06
fba0ad34 804df06b nt!NtDeviceIoControlFile+0x2a (FPO:
[Non-Fpo])
07
fba0ad34 7c90ebab nt!KiFastCallEntry+0xf8 (FPO: [0,0]
TrapFrame @ fba0ad64)
08
0012ef1c 7c90d8ef ntdll!KiIntSystemCall+0x6 (FPO:
[0,0,0])
09
0012ef20 7c8016be ntdll!ZwDeviceIoControlFile+0xc
(FPO: [10,0,0])
0a
0012ef80 5e03df26 kernel32!DeviceIoControl+0x78 (FPO:
[Non-Fpo])
0b
0012efc8 5e03ea04 ksproxy!KsSynchronousDeviceControl+0x65
(FPO: [Non-Fpo])
0c
0012f020 5e041e7a ksproxy!CollectAllSets+0x45 (FPO:
[Non-Fpo])
0d
0012f0c4 5e038ddf ksproxy!AggregateSets+0x42 (FPO:
[Non-Fpo])
0e
0012f11c 5e0394c8 ksproxy!CKsInputPin::ProcessCompleteConnect+0x19d
(FPO: [Non-Fpo])
0f
0012f134 5e0484e4 ksproxy!CKsInputPin::CompleteConnect+0x12
(FPO: [Non-Fpo])
10
0012f14c 5dfaa12d ksproxy!CBasePin::ReceiveConnection+0xc2
(FPO: [Non-Fpo])
11
0012f16c 5dfaa226 qdvd!CBasePin::AttemptConnection+0x54
(FPO: [Non-Fpo])
12
0012f190 5dfaa2f8 qdvd!CBasePin::TryMediaTypes+0x64
(FPO: [Non-Fpo])
13
0012f1bc 5dfac167 qdvd!CBasePin::AgreeMediaType+0x73
(FPO: [Non-Fpo])
14
0012f1d4 7483d8d0 qdvd!CBasePin::Connect+0x55 (FPO:
[Non-Fpo])
WARNING:
Stack unwind information not available. Following
frames may be wrong.
15
0012f200 74841b51 QUARTZ!DllGetClassObject+0xa9d5
16
0012f220 5dfd38a2 QUARTZ!DllGetClassObject+0xec56
17
0012f240 5dfd4d6b qdvd!CDvdGraphBuilder::ConnectPins+0x36
(FPO: [Non-Fpo])
18
0012f280 5dfd5ef4 qdvd!CDvdGraphBuilder::HWDecodeDVDStream+0xa6
(FPO: [Non-Fpo])
19
0012f3cc 5dfd63a9 qdvd!CDvdGraphBuilder::DecodeDVDStream+0xf1
(FPO: [Non-Fpo])
1a
0012f520 5dfd6770 qdvd!CDvdGraphBuilder::RenderNavVideoOutPin+0x70
(FPO: [Non-Fpo])
1b
0012f540 1000772e qdvd!CDvdGraphBuilder::RenderDvdVideoVolume+0x155
(FPO: [Non-Fpo])
1c
0012fbdc 10009989 DVDShow!CSampleDVDPlay::InitBuildGraph(void)+0x20e
(CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\dvdgraph.cpp @ 344]
1d
0012fc38 1000ec48 DVDShow!CSampleDVDPlay::Initialize_directshow(struct
HWND__ * hwnd = 0x00020104)+0x199 (CONV: thiscall)
[c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\dvdshow.cpp @ 141]
1e
0012fcac 1000e9f1 DVDShow!ProcessMessage(unsigned long
dwMsg = 0x14, long lParam1 = 393217, long lParam2 = 131332)+0x238 (CONV: cdecl)
[c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\main.cpp @ 241]
1f
0012fd10 004084ff DVDShow!DVDSendNavigatorMsg(unsigned
long dwMsg = 0x14, long lParam1 = 393217, long lParam2 = 131332)+0x21 (CONV:
cdecl) [c:\data\dvd-linux\margi\dvdtogo\wdm\dshow\main.cpp @ 169]
20
0012fe4c 0040823a DVDPlay!CDVDPlayApp::InitializeDVDNavigator(void)+0x18f
(CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\win95\dvdplay\dvdplay.cpp @
209]
21
0012fef8 00489843 DVDPlay!CDVDPlayApp::InitInstance(void)+0x1da
(CONV: thiscall) [c:\data\dvd-linux\margi\dvdtogo\win95\dvdplay\dvdplay.cpp @
141]
22
0012ff18 004595c8 DVDPlay!AfxWinMain(struct HINSTANCE__
* hInstance = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, char
* lpCmdLine = 0x00142380 "", int nCmdShow = 1)+0x83 (CONV: stdcall)
[winmain.cpp @ 39]
23
0012ff30 004393a6 DVDPlay!WinMain(struct HINSTANCE__ *
hInstance = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, char *
lpCmdLine = 0x00142380 "", int nCmdShow = 1)+0x18 (CONV: stdcall)
[appmodul.cpp @ 30]
24
0012ffc0 7c816d4f DVDPlay!WinMainCRTStartup(void)+0x126
(CONV: cdecl) [crt0.c @ 198]
25
0012fff0 00000000 kernel32!BaseProcessStart+0x23 (FPO:
[Non-Fpo])
|
IRP |
|
... |
|
0x60
Tail->Overlay->CurrentStackLocation |
|
|
NTSTATUS
StreamClassRegisterMinidriver(
IN PVOID Argument1,
IN PVOID Argument2,
IN PHW_INITIALIZATION_DATA HwInitializationData
);
Argument1
First argument of the DriverEntry routine (DriverObject)
Argument2 Second argument of the DriverEntry routine. (Registry Path)
StreamClassRegisterAdapter