driver - WorkItem (IoQueueWorkItem) 给 BSOD 错误“PAGE_FAULT_IN_NONPAGED_AREA”

Question

我正在使用 Windows 7 64 位。WorkItem（IoQueueWorkItem）给蓝屏错误“PAGE_FAULT_IN_NONPAGED_AREA”我也在释放分配的内存......不知道出了什么问题:(

这是我的驱动程序代码：

#ifdef ALLOC_PRAGMA
#pragma alloc_text (INIT, DriverEntry)
#pragma alloc_text (PAGE, DriverCreateClose)
#pragma alloc_text (PAGE, DriverUnload)
#endif

NTSTATUS
DriverEntry(
    _In_ PDRIVER_OBJECT  DriverObject,
    _In_ PUNICODE_STRING RegistryPath
    )

{
    PDEVICE_OBJECT      deviceObject;
    UNICODE_STRING      ntDeviceName;
    NTSTATUS            status;
    UNICODE_STRING      symbolicLinkName;

    UNREFERENCED_PARAMETER(RegistryPath);

    DbgPrint("*** .SYS:  ==>DriverEntry\n");

    //
    // Create the device object
    //
    RtlInitUnicodeString(&ntDeviceName, NTDEVICE_NAME_STRING);

    status = IoCreateDevice(DriverObject,               // DriverObject
                            sizeof(DEVICE_EXTENSION),   // DeviceExtensionSize
                            &ntDeviceName,              // DeviceName
                            FILE_DEVICE_UNKNOWN,        // DeviceType
                            FILE_DEVICE_SECURE_OPEN,    // DeviceCharacteristics
                            FALSE,                      // Not Exclusive
                            &deviceObject               // DeviceObject
                           );

    if (!NT_SUCCESS(status)) {
        DbgPrint("*** .SYS: IoCreateDevice returned 0x%x\n", status);
        return(status);
    }

    //
    // Set up dispatch entry points for the driver.
    //
    DriverObject->MajorFunction[IRP_MJ_CREATE]          = DriverCreateClose;
    DriverObject->MajorFunction[IRP_MJ_CLOSE]           = DriverCreateClose;
    DriverObject->MajorFunction[IRP_MJ_CLEANUP]         = DriverCleanup;
    DriverObject->DriverUnload                          = DriverUnload;


    //Test WorkItem
    test_WorkItem();

    //
    // Create a symbolic link for userapp to interact with the driver.
    //
    RtlInitUnicodeString(&symbolicLinkName, SYMBOLIC_NAME_STRING);
    status = IoCreateSymbolicLink(&symbolicLinkName, &ntDeviceName);

    if (!NT_SUCCESS(status)) {
        IoDeleteDevice(deviceObject);
        DbgPrint("*** .SYS: IoCreateSymbolicLink returned 0x%x\n", status);
        return(status);
    }

    DbgPrint("*** .SYS: DriverEntry<==\n");
    return status;
}

这是我的测试代码：

typedef struct _WorkItemStruct {
     PIO_WORKITEM pio;
     VOID (*callback)(PDEVICE_OBJECT DeviceObject, PVOID Context);
} WorkItemStruct;

void WorkItemCallback(PDEVICE_OBJECT DeviceObject, WorkItemStruct *work)
{
    PAGED_CODE();
    DbgPrint("Hello World!\n");

    IoFreeWorkItem( work->pio );
    ExFreePool( work );
}

void test_WorkItem()
{
    WorkItemStruct *work;
    work = (WorkItemStruct *) ExAllocatePool(NonPagedPool, sizeof(WorkItemStruct));

    if( work != NULL )
    {
        work->pio = IoAllocateWorkItem(pDeviceObject);
        IoQueueWorkItem( work->pio, (PIO_WORKITEM_ROUTINE)WorkItemCallback, DelayedWorkQueue, work);
    }
}

此代码使我的笔记本电脑崩溃......我不知道我错在哪里......我也在释放内存。如果我评论它，没有 IoQueueWorkItem 就可以了。

////////////////编辑1 解决了！这是因为这里的 DeviceObject，work->pio = IoAllocateWorkItem(pDeviceObject);这pDeviceObject不是我的驱动程序实例......因此它失败了！