we are currently using mch with no issues for about 6 months, but one of our testers has encoutered a very rare BSOD.
I have no symbols, but I was able to decrypt some of the callstack:
Code: Select all
STACK_TEXT:
fffff880`029ec9f8 fffff800`028d5c69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`029eca00 fffff800`028d48e0 : 00000000`00000000 00000000`00000000 00000000`00000007 fffff8a0`02b36680 : nt!KiBugCheckDispatch+0x69
fffff880`029ecb40 fffff800`028dfcec : fffff8a0`01e9f530 fffff800`02a0b2dd fffffa80`09ea3600 00000000`00000801 : nt!KiPageFault+0x260
fffff880`029eccd0 fffff880`035a64b5 : fffff880`029ecd00 fffff800`00000000 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x17c
fffff880`029ecd70 fffff880`035a7f60 : fffff880`035ab1e0 000007ff`fffd6000 fffff8a0`01e9f540 ffffffff`80000980 : STGuardLoader+0x74b5 << EnterCriticalSection
fffff880`029ecdb0 fffff880`035a870e : ffffffff`00000000 fffff880`029ece48 00000000`00000010 00000000`00000086 : STGuardLoader+0x8f60 << EnumDllList
fffff880`029ece00 fffff880`035a8915 : ffffffff`80000984 00000000`00000001 fffffa80`09dc95a0 fffff880`029ecf01 : STGuardLoader+0x970e << InjectIntoProcess
fffff880`029ece90 fffff880`035a99be : 00000000`00000f38 fffffa80`00000000 fffffa80`09ea3600 fffffa80`09f00168 : STGuardLoader+0x9915
fffff880`029eced0 fffff800`02b9f9ee : 00000000`000004e4 00000000`00000f38 fffffa80`0b8ddf01 fffffa80`09dc95a0 : STGuardLoader+0xa9be
fffff880`029ecf00 fffff800`02b81213 : fffffa80`09ea3630 fffffa80`09dc95a0 fffff880`029ed1b0 fffff880`029ed0ec : nt!PspInsertThread+0x72e
fffff880`029ed080 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateUserProcess+0x732
I suggest you to move InitDllList up, so InitDllList is called before PsSetCreateProcessNotifyRoutine and PsSetLoadImageNotifyRoutine.
Thx,
PP