ovpn-dco-win
ovpn-dco-win copied to clipboard
Memory leak caused KMDF verifier bug check on uninstall
I once managed to trigger a bug check on uninstall.
# Child-SP RetAddr Call Site
00 ffffc182`daf9e258 fffff801`4a8142fa nt!KeBugCheckEx
01 ffffc182`daf9e260 fffff801`4a7ce51f nt!PspSystemThreadStartup$filt$0+0x44
02 ffffc182`daf9e2a0 fffff801`4a8039bf nt!_C_specific_handler+0x9f
03 ffffc182`daf9e310 fffff801`4a677a77 nt!RtlpExecuteHandlerForException+0xf
04 ffffc182`daf9e340 fffff801`4a676676 nt!RtlDispatchException+0x297
05 ffffc182`daf9ea60 fffff801`4a80d46c nt!KiDispatchException+0x186
06 ffffc182`daf9f120 fffff801`4a8064d0 nt!KiExceptionDispatch+0x12c
07 ffffc182`daf9f300 fffff801`4a802851 nt!KiBreakpointTrap+0x310
08 ffffc182`daf9f498 fffff801`4c9fdd5c nt!DbgBreakPoint+0x1
09 (Inline Function) --------`-------- Wdf01000!Mx::MxDbgBreakPoint+0xc [minkernel\wdf\framework\shared\inc\primitives\km\MxGeneralKm.h @ 156]
0a ffffc182`daf9f4a0 fffff801`4ca28493 Wdf01000!FxVerifierDbgBreakPoint+0x50 [minkernel\wdf\framework\shared\inc\private\common\fxverifier.h @ 103]
0b ffffc182`daf9f4e0 fffff801`4ca264f2 Wdf01000!FxPoolDump+0x17b [minkernel\wdf\framework\shared\object\wdfpool.cpp @ 545]
0c (Inline Function) --------`-------- Wdf01000!FxPoolDestroy+0x42 [minkernel\wdf\framework\shared\object\wdfpool.cpp @ 648]
0d (Inline Function) --------`-------- Wdf01000!FxPoolPackageDestroy+0x46 [minkernel\wdf\framework\shared\object\wdfpool.cpp @ 707]
0e ffffc182`daf9f580 fffff801`4ca236e7 Wdf01000!FxDestroy+0xa6 [minkernel\wdf\framework\shared\object\globals.cpp @ 1167]
*** WARNING: Unable to verify timestamp for ovpn-dco.sys
0f ffffc182`daf9f5c0 fffff801`5a099682 Wdf01000!FxDriver::Unload+0xe7 [minkernel\wdf\framework\shared\core\fxdriver.cpp @ 202]
10 ffffc182`daf9f610 ffff8d05`402ece30 ovpn_dco+0x9682
11 ffffc182`daf9f618 ffffc182`daf9f7a0 0xffff8d05`402ece30
12 ffffc182`daf9f620 00000000`c0000001 0xffffc182`daf9f7a0
13 ffffc182`daf9f628 ffffe70b`2ea45880 0xc0000001
14 ffffc182`daf9f630 00000000`00000000 0xffffe70b`2ea45880
It seems that WDF detected a leak (from wdfpool.cpp):
if (leak) {
FxVerifierDbgBreakPoint(FxDriverGlobals);
return STATUS_MORE_ENTRIES;
}
Normally this doesn't cause a bug check, but since I have KMDF verifier on, here we are.
I was unable to reproduce it anymore.