自己做的显示系统进程的程序，在虚拟机中运行没一点问题，在母机中就蓝屏，用windbg分析：

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, 879bf628, 879bfa18, 1a7e0008}

Probably caused by : ShowProcess.sys ( ShowProcess!SPIoControlFunc+4a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 879bf628, The pool entry we were looking for within the page.
Arg3: 879bfa18, The next pool entry.
Arg4: 1a7e0008, (reserved)

Debugging Details:
------------------

BUGCHECK_STR:  0x19_20

POOL_ADDRESS:  879bf628

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  rptest.exe

IRP_ADDRESS:  87d53158

LAST_CONTROL_TRANSFER:  from 8054b583 to 804fac37

STACK_TEXT:  
b5766a58 8054b583 00000019 00000020 879bf628 nt!KeBugCheckEx+0x1b
b5766aa8 804f5940 879bf630 00000000 87d53198 nt!ExFreePoolWithTag+0x2a3
b5766b00 804ffbb5 87d53198 b5766b4c b5766b40 nt!IopCompleteRequest+0xf4
b5766b50 806e5ef2 00000000 00000000 b5766b68 nt!KiDeliverApc+0xb3
b5766b50 806e5ae4 00000000 00000000 b5766b68 hal!HalpApcInterrupt+0xc6
b5766bd8 804fd1eb 87d53198 87d53158 00000000 hal!KeReleaseQueuedSpinLock+0x3c
b5766bf8 804f2518 87d53198 87da2538 00000000 nt!KeInsertQueueApc+0x6d
b5766c2c bac1c0dc 87bd86d0 87da9540 87d53158 nt!IopfCompleteRequest+0x1d8
b5766c40 804efeb1 87c27bb0 87d53158 806e5410 ShowProcess!SPIoControlFunc+0x4a [c:\myfʵÑéÊÒ\Èí¼þ±àд\showprocess\driver\showprocess.c @ 158]
b5766c50 8057f680 87d531c8 87da2538 87d53158 nt!IopfCallDriver+0x31
b5766c64 805804e3 87c27bb0 87d53158 87da2538 nt!IopSynchronousServiceTail+0x60
b5766d00 80579038 00000044 00000000 00000000 nt!IopXxxControlFile+0x5c5
b5766d34 8054160c 00000044 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
b5766d34 7c92eb94 00000044 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012ff2c 00000000 00000000 00000000 00000000 0x7c92eb94

STACK_COMMAND:  kb

FOLLOWUP_IP:
ShowProcess!SPIoControlFunc+4a [c:\myfʵÑéÊÒ\Èí¼þ±àд\showprocess\driver\showprocess.c @ 158]
bac1c0dc 5f              pop     edi

FAULTING_SOURCE_CODE:  
   154:                 break;
   155:         }
   156:         }
   157:          Irp->IoStatus.Status = status;
>  158:     IoCompleteRequest(Irp, IO_NO_INCREMENT);
   159:     return status;
   160: }
   161:

SYMBOL_STACK_INDEX:  8

SYMBOL_NAME:  ShowProcess!SPIoControlFunc+4a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ShowProcess

IMAGE_NAME:  ShowProcess.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a978ce5

FAILURE_BUCKET_ID:  0x19_20_ShowProcess!SPIoControlFunc+4a

BUCKET_ID:  0x19_20_ShowProcess!SPIoControlFunc+4a

Followup: MachineOwner
---------

不知道为什么IoCompleteRequest函数会出现问题，，还请各位大侠赐教

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法