I am developing a disk volume encryption driver "xxxx_aes" for MS Windows, which is implemented as a WDM filter driver. It was installed on the system as "LowerFilters = xxxx_aes fvevol rdyboost" for the "Storage volume" class {71A27CDD-812A-11D0-BEC7-08002BE2092F}.
HKLM \ CurrentControlSet \ System \ Services \ xxxx_aes entry contains: Start = 0; Type = 1; Label = 7; Group = "Pnp Filters". Normal device stack:
kd> !devstack \Device\HarddiskVolume2
fffffa8015bf43c0 \Driver\volsnap fffffa8015bf4510
fffffa8015bf0660 \Driver\rdyboost fffffa8015bf07b0
fffffa8015e3d260 \Driver\fvevol fffffa8015e3d3b0
fffffa8015ee9030 \Driver\xxxx_aes fffffa8015ee9180
fffffa8015be8480 \Driver\volmgr fffffa8015be85d0 HarddiskVolume2
It works under XP x32, even Win8 x32 / x64 and Win10 x64. It does not work on some PC with Win7 x64, for example. after installing another driver (maybe CryptoPro, but not a fact). System crash when starting BSOD with error:
BugCheck 7B, {fffff880009ae7e8, ffffffffc0000034, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!PnpBootDeviceWait+136 )
Followup: MachineOwner
Parameter1 in parentheses is the address UNICODE_STRING with the name of an unavailable boot device:
kd> dS fffff880009ae7e8
fffff8a0`00370010 "\ArcName\multi(0)disk(0)rdisk(0)"
fffff8a0`00370050 "partition(2)"
"c: \" \Device\HarddiskVolume2, xxxx_aes.
- "nt", .
"bu nt! PnpInitializeBootStartDriver" ( ) WinDbg,
(, (WCHAR **) (@rcx + 8)):
RAW, Wdf01000, msiadrv, vdrvroot, pci, partmgr, volmgr, volmgrx,
pciide, vmihc, mountmgr, vmbus, vsock, atapi, amdxata, FltMgr,
SymDS, FileInfo, SymEFA, CLFSSci, NTFS, KSecDD, CNGehci, pcw,
Fs_Rec, NDIS, KSecPkg, Tcpip, StorFlt,
xxxx_aes,
rdyboost, fvevol, volsnap, spldr, Mup, hwpolicy, disk.
BSOD disk.sys. DriverEntry , PnP AddDevice.
, .
? .
PS. Linux live-CD "swiss-knife", "fred" FUSE- (/) . , .