Re: 是引用错误的内存地址了吗?

WinDbg

是引用错误的内存地址了吗?

听风的声音 2009-02-01, 15:29 下午
哪位帮忙确认下是不是驱动的问题,谢谢

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000000

CURRENT_IRQL: 0

FAULTING_IP:
+0
00000000 ?? ???

PROCESS_NAME: Ȭ׃

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0xD1

TRAP_FRAME: 8039dd80 -- (.trap 0xffffffff8039dd80)
ErrCode = 00000010
eax=00000000 ebx=8e9e5100 ecx=8e9e517c edx=00000000 esi=01c608e3 edi=69f685c0
eip=00000000 esp=8039ddf4 ebp=8039de08 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
00000000 ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from 00000000 to 818a2d84

FAILED_INSTRUCTION_ADDRESS:
+0
00000000 ?? ???

STACK_TEXT:
8039dd80 00000000 badb0d00 00000000 00000530 nt!KiTrap0E+0x2ac
WARNING: Frame IP not in any known module. Following frames may be wrong.
8039ddf0 8e9e02ff 8039de34 8039def0 8e9e5101 0x0
8039de08 818fed00 8e9e51a8 00000000 01f685c0 luafv!ScavengerTimerRoutine+0x13f
8039df28 818fe936 8039df70 8039df02 8039df78 nt!KiTimerListExpire+0x367
8039df88 818fe510 81976c00 00000000 00008e14 nt!KiTimerExpiration+0x2a0
8039dff4 818fc9f5 8a933980 00000000 00000000 nt!KiRetireDpcList+0x147
8039dff8 8a933980 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x45
818fc9f5 00000000 0000001b 00c7850f bb830000 0x8a933980


STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -db !luafv
2 errors : !luafv (8e9e02cd-8e9e02fd)
8e9e02c0 8e 00 75 14 6a 01 68 c8 51 9e 8e c6 05 *51 51 9e ..u.j.h.Q....QQ.
...
8e9e02f0 34 20 9e 8e b9 7c 51 9e 8e ff 15 30 20 *18 8e 5f 4 ...|Q....0 .._

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: STRIDE

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE

BUCKET_ID: MEMORY_CORRUPTION_STRIDE

Followup: memory_corruption
---------

kd> .trap 0xffffffff8039dd80
ErrCode = 00000010
eax=00000000 ebx=8e9e5100 ecx=8e9e517c edx=00000000 esi=01c608e3 edi=69f685c0
eip=00000000 esp=8039ddf4 ebp=8039de08 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
00000000 ?? ???
kd> r
Last set context:
eax=00000000 ebx=8e9e5100 ecx=8e9e517c edx=00000000 esi=01c608e3 edi=69f685c0
eip=00000000 esp=8039ddf4 ebp=8039de08 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
00000000 ?? ???

Re: 是引用错误的内存地址了吗?

格蠹老雷 2009-02-01, 17:20 下午
是这个名叫luafv的模块的问题,在它的ScavengerTimerRoutine函数的入口附近(机器码表示的距离是0x13f)调用一个函数指针时这个函数指针为空。
luafv!ScavengerTimerRoutine+0x13f

Re: 是引用错误的内存地址了吗?

听风的声音 2009-02-02, 11:23 上午
谢谢Raymond,
之前我也查过,luafv是windows vista的一个文件服务驱动,我想知道的是,怎样才能找到是谁传递了一个错误的指针给luafv?
非常感谢!

Powered by Community Server Powered by CnForums.Net