When I load and unload my driver compiled with TrueCoverage every other time TrueCoverage driver (x9.sys) will crash. What is a problem?


There is a bug in TrueCoverage Driver x9.sys, which results that the internal structure (most recently monitored driver) is updated incorrectly when the monitored driver unloaded. This bug can result in a random memory access when the same driver is loaded again.

If you look at the stack the time of the crash (reported as a Page Fault in SoftIce) you will see something similar to the following:


F5C33D24  80062B44  X9!.text 0CBD

F5C33D50  F49FECC8  X9!.text 0764

F5C33E90  8022C144  DriverEntry 0036

This random memory access (x9!.text 0CBD) usually results in a protection fault. Workaround is to load some other (instrumented with TrueCoverage) driver between unloading and loading the monitored driver.

