IRQL_NOT_LESS_OR_EQUAL - On Driver Load

Dump
```text
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffad07ee159310, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 00000000000000f5, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80211e288a3, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 3593

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 31542

    Key  : Analysis.Init.CPU.mSec
    Value: 4733

    Key  : Analysis.Init.Elapsed.mSec
    Value: 392841

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 90

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1


BUGCHECK_CODE:  a

BUGCHECK_P1: ffffad07ee159310

BUGCHECK_P2: ff

BUGCHECK_P3: f5

BUGCHECK_P4: fffff80211e288a3

WRITE_ADDRESS:  ffffad07ee159310 Paged pool

PROCESS_NAME:  dllhost.exe

TRAP_FRAME:  fffff687be19a1d0 -- (.trap 0xfffff687be19a1d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffad07ee159310 rbx=0000000000000000 rcx=ffffad07edb2a180
rdx=ffffad07ee159310 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80211e288a3 rsp=fffff687be19a360 rbp=ffffad07edb2a180
 r8=ffffad07ee14f001  r9=000000000000000f r10=fffff8021df569f0
r11=fffff8021df5d430 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di ng nz na po nc
nt!ExLockHandleTableEntry+0x13:
fffff802`11e288a3 4c8b03          mov     r8,qword ptr [rbx] ds:00000000`00000000=????????????????
Resetting default scope

STACK_TEXT:  
fffff687`be1998d8 fffff802`121202f2     : fffff687`be199a40 fffff802`11f89010 00000000`00000000 00000000`00000000 : nt!DbgBreakPointWithStatus
fffff687`be1998e0 fffff802`1211f8d6     : 00000000`00000003 fffff687`be199a40 fffff802`1201d040 00000000`0000000a : nt!KiBugCheckDebugBreak+0x12
fffff687`be199940 fffff802`12005da7     : ffffc40f`00000000 00000000`00000000 ffffad07`ee159310 00000000`ffff0000 : nt!KeBugCheck2+0x946
fffff687`be19a050 fffff802`12019d29     : 00000000`0000000a ffffad07`ee159310 00000000`000000ff 00000000`000000f5 : nt!KeBugCheckEx+0x107
fffff687`be19a090 fffff802`120158e3     : ffffc40f`e5f429a8 fffff802`11e11682 00000000`02dc8cce ffffc40f`e5f42870 : nt!KiBugCheckDispatch+0x69
fffff687`be19a1d0 fffff802`11e288a3     : 00000000`00000000 ffffc40f`e60da350 00000000`00000000 ffffc40f`e61e81c0 : nt!KiPageFault+0x463
fffff687`be19a360 fffff802`1221b74d     : 00000000`000004c4 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExLockHandleTableEntry+0x13
fffff687`be19a390 fffff802`1df56a81     : fffff802`1221b600 00000000`00000000 fffff687`be19a500 00000000`00000000 : nt!NtClose+0xcd
fffff687`be19a400 fffff802`1df56a26     : 00000000`000004c4 00000000`00000000 00000000`00000000 00000000`00000000 : hyperbone!hkNtClose2+0x51 [\HyperBone\src\Test\Tests.c @ 24] 
fffff687`be19a440 fffff802`120194f5     : 00000000`000004c4 ffffc40f`e6562de0 fffff687`be19a500 00000000`000001a0 : hyperbone!hkNtClose+0x36 [\HyperBone\src\Test\Tests.c @ 16] 
fffff687`be19a480 00007ffb`f9e2d244     : 00007ffb`f7fa7042 00000000`00000001 00000000`00000000 000002b5`5379c148 : nt!KiSystemServiceCopyEnd+0x25
000000e7`8e9ff898 00007ffb`f7fa7042     : 00000000`00000001 00000000`00000000 000002b5`5379c148 00007ffb`f9da2a66 : ntdll!NtClose+0x14
000000e7`8e9ff8a0 00007ffb`f7fa6fa4     : 00000000`00000001 000002b5`537893c0 00000000`00000000 000002b5`53817e50 : RPCRT4!LRPC_CASSOCIATION::~LRPC_CASSOCIATION+0x7a
000000e7`8e9ff900 00007ffb`f8000a37     : 000002b5`53817e50 00007ffb`f9da1d15 00000000`00000000 00000000`00000000 : RPCRT4!LRPC_CASSOCIATION::`vector deleting destructor'+0x14
000000e7`8e9ff930 00007ffb`f7fee72a     : 00000000`7ffe0386 00007ffb`f7fac95a 00000000`00000000 00000000`00000000 : RPCRT4!LRPC_CASSOCIATION::RemoveAssociationDictionaryReference+0x47
000000e7`8e9ff960 00007ffb`f7fac71e     : 000002b5`00000000 00000000`00000000 000000e7`8e9ffb98 000002b5`5379c148 : RPCRT4!LRPC_CASSOCIATION::LrpcDeleteLingeringAssociations+0xe6
000000e7`8e9ff9a0 00007ffb`f9e01719     : 000002b5`5379c080 00000000`7ffe0386 000000e7`8e9ffb98 000002b5`5379c148 : RPCRT4!PerformGarbageCollection+0x9e
000000e7`8e9ff9d0 00007ffb`f9de31aa     : 000002b5`53770c68 000002b5`537a6e40 00000000`00000000 000002b5`53770b68 : ntdll!TppTimerpExecuteCallback+0xa9
000000e7`8e9ffa20 00007ffb`f82f7614     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x68a
000000e7`8e9ffd20 00007ffb`f9de26a1     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000e7`8e9ffd50 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


FAULTING_SOURCE_LINE:  \HyperBone\src\Test\Tests.c

FAULTING_SOURCE_FILE:  \HyperBone\src\Test\Tests.c

FAULTING_SOURCE_LINE_NUMBER:  24

FAULTING_SOURCE_CODE:  
    20:     PPAGE_HOOK_ENTRY pEntry = PHGetHookEntry( g_NtClose );
    21:     if (pEntry)
    22:     {
    23:         calls2++;
>   24:         return ((pfnNtClose)pEntry->OriginalData)(handle);
    25:     }
    26: 
    27:     return STATUS_SUCCESS;
    28: }
    29: 


SYMBOL_NAME:  hyperbone!hkNtClose2+51

MODULE_NAME: hyperbone

IMAGE_NAME:  hyperbone.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  51

FAILURE_BUCKET_ID:  AV_hyperbone!hkNtClose2

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {f83e6197-6d52-d484-1a80-79bbcf799e95}

Followup:     MachineOwner
---------



```
Has anyone ever encountered this situation?

Thank you for your help.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

IRQL_NOT_LESS_OR_EQUAL - On Driver Load #36

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

IRQL_NOT_LESS_OR_EQUAL - On Driver Load #36

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions