win10 1903 vs2019 调用RtlInitUnicodeString时导致的蓝屏

问题描述(蓝屏条件):
在CreateDevice前添加#pragma code_seg("INIT"),
以RtlInitUnicodeString(&devName, L"\\Device\\MyDDKDevice")形式初始化devName,
将其保存在设备扩展里,给Unload调用,一旦访问devName就会导致蓝屏,
蓝屏代码Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
以RtlInitUnicodeString(&devName, g_wsDevName)形式初始化devName,则不会蓝屏

在CreateDevice前添加#pragma code_seg("PAGE")或#pragma code_seg()或不添加该行代码
RtlInitUnicodeString第二个参数形式无要求,都正常

注:这是在win10 1903 vs2019下测试的,该测试代码来自《Windows驱动开发技术详解》,
以前win10 1803 vs2017的时候也测试过,但不会导致蓝屏。

PCWSTR g_wsDevName = L"\\Device\\MyDDKDevice";
PCWSTR g_wsDevSymbolicName = L"\\??\\HelloDDK";
//#pragma code_seg("INIT")        //1. WRONG
//#pragma code_seg("PAGE")         //2. OK
#pragma code_seg()               //3. OK
NTSTATUS CreateDevice(
    IN PDRIVER_OBJECT    pDriverObject)
{
    DbgPrint("Enter %s\n", __FUNCTION__);
    NTSTATUS status = 0;
    PDEVICE_OBJECT pDevObj = NULL;
    PDEVICE_EXTENSION pDevExt = NULL;
    UNICODE_STRING devName;
    //RtlInitUnicodeString(&devName, g_wsDevName);            //这种形式在什么代码段都可以
    RtlInitUnicodeString(&devName, L"\\Device\\MyDDKDevice"); //这种形式不能用在code_seg("INIT")
    __try {
        status = IoCreateDevice(pDriverObject,
            sizeof(DEVICE_EXTENSION),
            &devName,
            FILE_DEVICE_UNKNOWN,
            0, TRUE,
            &pDevObj);
        if (status != STATUS_SUCCESS) __leave;
        pDevObj->Flags |= DO_BUFFERED_IO;
        pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
        pDevExt->pDevice = pDevObj;
        pDevExt->ustrDeviceName = devName;
        //创建符号链接
        UNICODE_STRING symLinkName;
        //RtlInitUnicodeString(&symLinkName, g_wsDevSymbolicName);
        RtlInitUnicodeString(&symLinkName, L"\\??\\HelloDDK");
        pDevExt->ustrSymLinkName = symLinkName;
        status = IoCreateSymbolicLink(&symLinkName, &devName);
        if (!NT_SUCCESS(status))
        {
            DbgPrint("Failed to call IoCreateSymbolicLink\n");
            IoDeleteDevice(pDevObj);
            __leave;
        }
    }
    __finally {
    }
    DbgPrint("Leave %s\n", __FUNCTION__);
    return status;
}

 

posted @ 2019-09-18 12:10  黑马网仔  阅读(634)  评论(0编辑  收藏  举报