Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

你好,proxyDbgkMapViewOfSection会造成BSOD REFERENCE_BY_POINTER (18) #7

Open
IuSai opened this issue Aug 27, 2024 · 0 comments
Open

你好,proxyDbgkMapViewOfSection会造成BSOD REFERENCE_BY_POINTER (18) #7

IuSai opened this issue Aug 27, 2024 · 0 comments

Comments

@IuSai
Copy link

IuSai commented Aug 27, 2024

REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffffe805c4987768, Object whose reference count is being lowered
Arg3: 0000000000000010, Reserved
Arg4: ffffd70a8fd85e0f, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This BugCheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.

Debugging Details:

*** WARNING: Check Image - Checksum mismatch - Dump: 0x17a63e, File: 0x17a8d2 - C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\BTHport.sys\39B871E617f000\BTHport.sys

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 2703

Key  : Analysis.Elapsed.mSec
Value: 13035

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 2

Key  : Analysis.IO.Write.Mb
Value: 1

Key  : Analysis.Init.CPU.mSec
Value: 3562

Key  : Analysis.Init.Elapsed.mSec
Value: 35802

Key  : Analysis.Memory.CommitPeak.Mb
Value: 92

Key  : Bugcheck.Code.LegacyAPI
Value: 0x18

Key  : Failure.Bucket
Value: 0x18_HyperDbg!DbgkpSectionToFileHandle

Key  : Failure.Hash
Value: {3e629b86-d4e0-f3a7-19a3-213ce08633e9}

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Version
Value: 10.0.19041.1

BUGCHECK_CODE: 18

BUGCHECK_P1: 0

BUGCHECK_P2: ffffe805c4987768

BUGCHECK_P3: 10

BUGCHECK_P4: ffffd70a8fd85e0f

FILE_IN_CAB: 082724-3828-01.dmp

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: MapleStory.exe

STACK_TEXT:
ffffe805c4987658 fffff8057fa7b872 : 0000000000000018 0000000000000000 ffffe805c4987768 0000000000000010 : nt!KeBugCheckEx
ffffe805c4987660 fffff8057f87fcb6 : ffffe805c4987768 00007ffbb0b70000 0000000000800000 ffff800248997a10 : nt!ObReferenceObjectExWithTag+0x15adb2
ffffe805c49876a0 fffff80597b12c39 : 000000000031d000 00007ffbb0b70000 ffffd70a91c02920 0000000000000000 : nt!ObFastReplaceObject+0x86
ffffe805c49876e0 fffff80597b13c2f : ffffd70a93bdb080 ffffe805c4987960 ffffe805c4987b00 fffff8057fc686ab : HyperDbg!DbgkpSectionToFileHandle+0x19 [D:\GitHubProject\vt-debugger-pro\HyperHideDrv\dbgk1to2.c @ 510]
ffffe805c4987760 fffff8057fc67442 : 0000000000000000 ffffe805c4987b00 000000006ee0f030 0000000000000000 : HyperDbg!proxyDbgkMapViewOfSection+0x9f [D:\GitHubProject\vt-debugger-pro\HyperHideDrv\dbgk1to2.c @ 1102]
ffffe805c49878d0 fffff8057f9ef375 : ffffd70a93bdb080 0000000027b1dc78 0000000000000000 0000000000000000 : nt!NtMapViewOfSection+0x212
ffffe805c4987a10 00007ffbb948b294 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
0000000027b1dc58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffbb948b294

FAULTING_SOURCE_LINE: D:\GitHubProject\vt-debugger-pro\HyperHideDrv\dbgk1to2.c

FAULTING_SOURCE_FILE: D:\GitHubProject\vt-debugger-pro\HyperHideDrv\dbgk1to2.c

FAULTING_SOURCE_LINE_NUMBER: 510

FAULTING_SOURCE_CODE:
506: HANDLE Handle;
507: PAGED_CODE();
508:
509: Status = MmGetFileNameForSection(Section, &FileName);

510: if (!NT_SUCCESS(Status) || !FileName)
511: {
512: DbgPrint("DbgkpSectionToFileHandle failed \n");
513: return NULL;
514: }
515:

SYMBOL_NAME: HyperDbg!DbgkpSectionToFileHandle+19

MODULE_NAME: HyperDbg

IMAGE_NAME: HyperDbg.sys

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 19

FAILURE_BUCKET_ID: 0x18_HyperDbg!DbgkpSectionToFileHandle

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {3e629b86-d4e0-f3a7-19a3-213ce08633e9}

Followup: MachineOwner
@github-staff github-staff deleted a comment from IuSai Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@IuSai and others