BOSD BAD_POOL_CALLER (c2) 发生在KeSetEvent(&transferObject->Done, IO_NO_INCREMENT, FALSE);代码处。Arg1的值是7,意思是Attempt to free pool which was already freed
查看调用Stack_TEXT 发现
f7966b50 8054c583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f7966ba0 b8e1596f 8652d700 00000000 85a3c438 nt!ExFreePoolWithTag+0x2a3
f7966bc4 f77106ea 00000000 85a3c438 85e88660 dhUSBBase!ADP_BulkStreamComplete+0x1bf [f:\010_driver\adaptbase.cpp @ 909]
WARNING: Stack unwind information not available. Following frames may be wrong.
f7966bec f77106ea 00000000 00000000 85e88660 bhound5+0x16ea
f7966c14 804f26da 00000000 00000000 85b1c008 bhound5+0x16ea
f7966c44 f6d8d0d5 80547b4c 860c9db0 86ef9028 nt!IopfCompleteRequest+0xa2
f7966cac f6d8d43d 8652d700 c0007000 80547b4c USBPORT!USBPORT_CompleteTransfer+0x373
f7966ce8 f6d8a7c3 86ef90ec 80547b4c 860c9db0 USBPORT!USBPORT_FlushCancelList+0x287
f7966d10 f6d8cb7c 86ef9028 80547b4c 860c9db0 USBPORT!USBPORT_DmaEndpointWorker+0x1b9
f7966d38 f6d905ea 86ef9028 00000002 86ef9028 USBPORT!USBPORT_CoreEndpointWorker+0x6d2
f7966d7c f6d891b0 86ef9028 00000000 86d5ada0 USBPORT!USBPORT_Worker+0x212
f7966dac 805d0fbe 86ef9028 00000000 00000000 USBPORT!USBPORT_WorkerThread+0x12a
f7966ddc 8054716e f6d89086 86ef9028 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
[f:\010_driver\adaptbase.cpp @ 909] 处的代码为 KeSetEvent(&transferObject->Done, IO_NO_INCREMENT, FALSE);
给人的感觉是KeSetEvent内部会释放Buffer。 求KeSetEvent的源代码。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)