总是偶然出现的蓝屏,能力有限,无法判断该如何处理,来求教各位前辈高手!
CurIRQL = KeGetCurrentIrql();Crach Dump的指示似乎总是这一句的问题,但是这句如何导致空地址访问的呢?
而且IROL又是一个CLOCK2_LEVEL的代码。
IRQL_NOT_LESS_OR_EQUAL (a)An attempt was made to access a pageable (or completely invalid) address at aninterrupt request level (IRQL) that is too high. This is usuallycaused by drivers using improper addresses.If a kernel debugger is available get the stack backtrace.Arguments:Arg1: 00000000, memory referencedArg2: 0000001c, IRQLArg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)Arg4: 804f9913, address which referenced memory
Debugging Details:------------------
READ_ADDRESS: 00000000
CURRENT_IRQL: 1c
FAULTING_IP: nt!KeStartThread+11804f9913 8b10 mov edx,dword ptr [eax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
MISALIGNED_IP: nt!KeStartThread+11804f9913 8b10 mov edx,dword ptr [eax]
LAST_CONTROL_TRANSFER: from 804f9a20 to 804f9913
STACK_TEXT: b434864c 804f9a20 89240020 8952bc90 8952bc00 nt!KeStartThread+0x11b434866c b3faf38d 8952bc00 894f4920 b4348690 nt!RtlAppendUnicodeToString+0x2fb43486b0 b3faeb20 89082568 88fdb000 00040000 Freezer!GetAllProcessBeEP+0xfd [e:\working\withlenovo\withlenovo\freezerdrv\freezer.cpp @ 534]b43486ec 804f0095 890824b0 8b5a8f68 806e5428 Freezer!FzIOCtrlDispatch+0x180 [e:\working\withlenovo\withlenovo\freezerdrv\freezer.cpp @ 204]b4348720 8057f70a 8b5a8fd8 8917a3b8 8b5a8f68 nt!CcAcquireByteRangeForWrite+0x726b4348734 8058056d 890824b0 8b5a8f68 8917a3b8 nt!NtImpersonateThread+0xdab43487d0 805790c2 00000f58 00000000 00000000 nt!NtQueryObject+0x107b4348804 8054186c 00000f58 00000000 00000000 nt!NtCreateMutant+0x89b4348834 7c90eb94 badb0d00 0012f0d8 00000000 nt!RtlIpv6StringToAddressA+0x17fWARNING: Frame IP not in any known module. Following frames may be wrong.b4348844 00000000 00000000 00000000 b4348938 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP: Freezer!GetAllProcessBeEP+fd [e:\working\withlenovo\withlenovo\freezerdrv\freezer.cpp @ 534]b3faf38d ?? ???
FAULTING_SOURCE_CODE: 530: // EnableLog(FALSE); 531: KeAttachProcess(pNode->eProcess); 532: 533: KIRQL CurIRQL;> 534: CurIRQL = KeGetCurrentIrql(); 535: DbgPrint ("Current IRQL is %d\r\n", CurIRQL); 536: if (PASSIVE_LEVEL == CurIRQL) 537: { 538: pstrProcPath = GetImagePathFromEP(pNode->eProcess); 539: if((pstrProcPath != NULL)
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Freezer!GetAllProcessBeEP+fd
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner---------
从RtlAppendUnicodeToString来看,似乎KeGetCurrentIrql已经执行完了,正在处理DbgPrint里面的字符串。 在MSDN里面有一段话
DbgPrint and DbgPrintEx can be called at IRQL<=DIRQL. However, Unicode format codes can be used only at IRQL PASSIVE_LEVEL. Also, because the debugger uses interprocess interrupts (IPIs) to communicate with other processors, calling DbgPrint at IRQL>DIRQL can cause deadlocks.
我猜也许是这个原因。