最近买了一本windows驱动开发相关书籍，看了看，模仿着写了一个attach到kbdclass上的设备，现在按键是调到了我驱动中设置的分发函数，但是在 IoCallDriver调用下层驱动的过程中崩溃了，奔溃时调用栈如下
Child-SP          RetAddr           Call Site
fffff803`bf2cfc88 fffff803`bd9f50ba nt!DbgBreakPointWithStatus
fffff803`bf2cfc90 fffff803`bd9f49cb nt!KiBugCheckDebugBreak+0x12
fffff803`bf2cfcf0 fffff803`bd960aa4 nt!KeBugCheck2+0x8ab
fffff803`bf2d0400 fffff803`bd96c4e9 nt!KeBugCheckEx+0x104
fffff803`bf2d0440 fffff803`bd96ad3a nt!KiBugCheckDispatch+0x69
fffff803`bf2d0580 fffff800`80f4ddab nt!KiPageFault+0x23a
fffff803`bf2d0718 fffff800`80f4fe26 kbdclass+0x2dab
fffff803`bf2d0720 fffff800`80f356e2 kbdclass+0x4e26
fffff803`bf2d07c0 fffff803`bd8dacd0 i8042prt+0x96e2
fffff803`bf2d0890 fffff803`bd8d9f87 nt!KiExecuteAllDpcs+0x1b0
fffff803`bf2d09e0 fffff803`bd9644ea nt!KiRetireDpcList+0xd7
fffff803`bf2d0c60 00000000`00000000 nt!KiIdleLoop+0x5a
向这种状况应该如何追溯崩溃的原因呢，望各大神指教
另外一点我发现如果我在源码上断点，崩溃后会call stack上会有我的写的分发函数，而我不打断点，直接让他崩溃，则call stack没有列出我写的函数，这事怎么回事

=======================================================
程序的源码如下
#include <ntddk.h>
#define KBDDRV_NAME L"\\Driver\\Kbdclass"
DRIVER_INITIALIZE DriverEntry;
extern POBJECT_TYPE* IoDriverObjectType;
NTSTATUS ObReferenceObjectByName(PUNICODE_STRING Name, ULONG attributes, PACCESS_STATE param3,ACCESS_MASK p4, POBJECT_TYPE objtype, MODE mode, PVOID,PVOID* Pobj);
//过滤设备是属于本驱动对象的，而attach产生的设备对象是属于附加对象所属驱动对象的
NTSTATUS dispachFunc(IN PDEVICE_OBJECT dev,IN PIRP irp)
{
       
        PIO_STACK_LOCATION irpsp = IoGetCurrentIrpStackLocation(irp);
        if (irpsp->MajorFunction == IRP_MJ_POWER)
        {
                KdPrint(("POW\r\n"));
                PoStartNextPowerIrp(irp);
                IoSkipCurrentIrpStackLocation(irp);
                return PoCallDriver(dev->DeviceExtension, irp);
        }
        IoSkipCurrentIrpStackLocation(irp);
        PDEVICE_OBJECT lowerdev = dev->DeviceExtension;
        return IoCallDriver(lowerdev, irp);
}
_Use_decl_annotations_
NTSTATUS DriverEntry(
_In_ struct _DRIVER_OBJECT *DriverObject,
_In_ PUNICODE_STRING       RegistryPath
)
{
        USHORT i = 0;
        for (; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
        {
                DriverObject->MajorFunction[i] = dispachFunc;
        }
        NTSTATUS status;
        UNICODE_STRING KbdDriverName = { 0 };
        RtlInitUnicodeString(&KbdDriverName, KBDDRV_NAME);
        PDRIVER_OBJECT kbd_DrvObj;
        status = ObReferenceObjectByName(&KbdDriverName, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode,NULL, &kbd_DrvObj);
        if (!NT_SUCCESS(status))
        {
                KdPrint(("Find kbdclass Faile\n"));
        }
        else
        {
                ObDereferenceObject(DriverObject);
        }
        PDEVICE_OBJECT pObject = kbd_DrvObj->DeviceObject;
        int d = 0;
        while (pObject != NULL)
        {
                PDEVICE_OBJECT atachObj;       
                PDEVICE_OBJECT filterObj;
               
                status = IoCreateDevice(DriverObject, sizeof(PDEVICE_OBJECT), NULL, pObject->Type, 0, FALSE, &filterObj);//创建的对象，通过最后参数返回对象地址
                if (!NT_SUCCESS(status))
                {
                        KdPrint(("Create Filter Dev Faile\n"));
                        return STATUS_FAILED_DRIVER_ENTRY;
                }

                atachObj = IoAttachDeviceToDeviceStack(filterObj, pObject);
                if (atachObj!=NULL)
                {
                (PDEVICE_OBJECT)(filterObj->DeviceExtension )= atachObj;
                KdPrint(("bind sucess\n\r"));
                d++;
                }
                else
                {
                        KdPrint(("bind fail\n\r"));
                }
                pObject = pObject->NextDevice;

        }
        KdPrint(("bind sucess=%d\n\r",d));
        //IoCreateDevice(DriverObject,0,NULL,);
        return STATUS_SUCCESS;
}

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！