错用RtlFreeUnicodeString引发BAD_POOL_CALL蓝屏

extern "C" NTSTATUS __stdcall DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath){//........................................//创建调试记录文件OBJECT_ATTRIBUTES Obj_ = {0};RtlInitUnicodeString(&UseData.Unicode, L"//??//Z://Log.txt");InitializeObjectAttributes(&Obj_, &UseData.Unicode, OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE, NULL, NULL);UseData.Status = NtCreateFile(&UseData.hFile, FILE_READ_DATA|FILE_WRITE_DATA, &Obj_, &UseData.Isb, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_SUPERSEDE, FILE_NON_DIRECTORY_FILE, NULL, NULL);RtlFreeUnicodeString(&UseData.Unicode); //......................................}

 

 

上面摘取的驱动代码怎么看都不觉得有问题(对咱菜鸟来说滴), 编译驱动也是成功的.但加载之后就蓝屏BAD_POOL_CALL,调试了好久才定位到RtlFreeUnicodeString这个函数上(第一是偷懒不想装调试工具,估计也没啥用...,第二就是很难想到会是在User Mode里正常调用的RtlFreeUnicodeString出错,郁闷...)。

 

 

查看DDK的文档http://www.osronline.com/ddkx/kmarch/k109_0koi.htm 才发现还有这么一句:Pointer to the Unicode string buffer previously allocated by RtlAnsiStringToUnicodeString or RtlUpcaseUnicodeString.

 

可见,RtlFreeUnicodeString只能处理经由RtlAnsiStringToUnicodeString和RtlUpcaseUnicodeString的内存,而我并未使用它们~~~~~~~~~~

 

 

唉.....还好有虚拟机............................................ 下次注意!