bugcheck 分析一例，是否和360保险箱冲突导致BSOD？

欢迎光临高端调试登录 | 注册 | FAQ

搜索论坛

	内核调试

	ACPI调试 Linux内核调试 Windows内核调试
	调试方法学

	调试战役调试原理新工具观察
	操作系统

	Linux Windows Vista Windows
	驱动开发

	Linux驱动 WDF WDM
	总线

	PCI Express PCI/PCI-X USB 无线通信协议
	中央处理器

	64位CPU ARM IA-32
	CPU Info Center
	计算机机系统

	ACPI标准系统认证 Desktop 服务器
	嵌入式系统

	Embedded Linux 嵌入式开发工具 VxWorks WinCE 嵌入式Windows
	特别链接

	格蠹调试套件(GDK)
	格蠹学院
	小朱书店
	老雷的微博
	《软件调试》
	《格蠹汇编》
	《软件调试(第二版)》


沪ICP备11027180号-1

Windows内核调试

帖子发起人: peowner 发起时间: 2009-05-05 10:20 上午 回复: 2

搜索论坛

帖子排序:

2009-05-05, 10:20 上午

peowner 离线，最后访问时间: 2009/2/23 12:24:29 peowner

发帖数前150位
注册: 2008-08-13
发贴: 6

Cool [H] bugcheck 分析一例，是否和360保险箱冲突导致BSOD？

只是为了完成将unicode转化成ansiString的操作，导致bsod，是否和360保险箱冲突？

BugCheck 8E, {c0000005, 805da388, ef4f1a3c, 0}

*** ERROR: Module load completed but symbols could not be loaded for safeboxkrnl.sys
PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for details
Probably caused by : memory_corruption

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805da388, The address that the exception occurred at
Arg3: ef4f1a3c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
nt!RtlUnicodeToMultiByteSize+1e
805da388 0fb70a movzx ecx,word ptr [edx]

TRAP_FRAME: ef4f1a3c -- (.trap 0xffffffffef4f1a3c)
ErrCode = 00000000
eax=00000022 ebx=00000000 ecx=00000044 edx=0077005c esi=00000000 edi=ef4f1f2c
eip=805da388 esp=ef4f1ab0 ebp=ef4f1ab8 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!RtlUnicodeToMultiByteSize+0x1e:
805da388 0fb70a movzx ecx,word ptr [edx] ds:0023:0077005c=????
Resetting default scope

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0x8E

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from 804ff827 to 804faf43

STACK_TEXT:
ef4f1604 804ff827 0000008e c0000005 805da388 nt!KeBugCheckEx+0x1b
ef4f19cc 80543095 ef4f19e8 00000000 ef4f1a3c nt!KiDispatchException+0x3b1
ef4f1a34 80543046 ef4f1ab8 805da388 badb0d00 nt!CommonDispatchException+0x4d
ef4f1a80 bf8f86ce ef4f2414 00000030 ef4f1f2c nt!Kei386EoiHelper+0x18a
ef4f1ab8 805e2b10 ef4f1ad4 0077005c 00000044 win32k!fnHkINLPMOUSEHOOKSTRUCTEX+0xd6
ef4f1acc 805e33aa ef4f1f2c 833e5d80 81ba8ab8 nt!RtlxUnicodeStringToAnsiSize+0x18
ef4f1ae4 f7947fd1 ef4f1f20 ef4f1f2c 00000001 nt!RtlUnicodeStringToAnsiString+0x1e
ef4f2334 804f019f 817ad530 833e5d70 833e5d70 FileGuard!SfCreate+0x1d1 [d:\wwg\webguard\sys\webguard.c @ 1620]
ef4f2344 805841fa 84363688 81b64754 ef4f24dc nt!IopfCallDriver+0x31
ef4f2424 805c047c 843636a0 00000000 81b646b0 nt!IopParseDevice+0xa12
ef4f249c 805bca08 00000000 ef4f24dc 00000040 nt!ObpLookupObjectName+0x53c
ef4f24f0 80577033 00000000 00000000 b646b001 nt!ObOpenObjectByName+0xea
ef4f256c 805779aa 03c2ca60 c0100080 03c2ca00 nt!IopCreateFile+0x407
ef4f25c8 8057a0b4 03c2ca60 c0100080 03c2ca00 nt!IoCreateFile+0x8e
ef4f2608 f2691476 03c2ca60 c0100080 03c2ca00 nt!NtCreateFile+0x30
WARNING: Stack unwind information not available. Following frames may be wrong.
ef4f26b0 8054262c 03c2ca60 c0100080 03c2ca00 safeboxkrnl+0xa476
ef4f26b0 7c92e514 03c2ca60 c0100080 03c2ca00 nt!KiFastCallEntry+0xfc
03c2ca58 00000000 00000000 00000000 00000000 0x7c92e514

STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
80505490-80505497 8 bytes - nt!KiServiceTable+30
[ 76 5b 5d 80 26 5b 5d 80:80 41 17 84 58 f6 1a 84 ]
805054a4-805054a7 4 bytes - nt!KiServiceTable+44 (+0x14)
[ ca 9a 5a 80:a0 20 17 84 ]
805054dc-805054df 4 bytes - nt!KiServiceTable+7c (+0x38)
[ e0 55 5a 80:58 32 1b 84 ]
8050550c-8050550f 4 bytes - nt!KiServiceTable+ac (+0x30)
[ ac 7d 61 80:e8 80 15 84 ]
80505534-80505537 4 bytes - nt!KiServiceTable+d4 (+0x28)
[ 10 20 5d 80:c8 a7 10 84 ]
80505564-80505567 4 bytes - nt!KiServiceTable+104 (+0x30)
[ 40 4e 62 80:50 03 a5 f2 ]
805055ac-805055af 4 bytes - nt!KiServiceTable+14c (+0x48)
[ aa 3f 5b 80:58 86 d9 83 ]
805055c4-805055c7 4 bytes - nt!KiServiceTable+164 (+0x18)
[ 8c 9a 5f 80:20 8a 15 84 ]
805055cc-805055cf 4 bytes - nt!KiServiceTable+16c (+0x08)
[ fa 87 5d 80:f8 3e 17 84 ]
80505610-80505613 4 bytes - nt!KiServiceTable+1b0 (+0x44)
[ 32 30 5b 80:58 6a 11 84 ]
80505628-8050562b 4 bytes - nt!KiServiceTable+1c8 (+0x18)
[ 5c f7 60 80:f8 85 15 84 ]
8050564c-8050564f 4 bytes - nt!KiServiceTable+1ec (+0x24)
[ 5e e7 5e 80:e8 90 2d 84 ]
80505664-80505667 4 bytes - nt!KiServiceTable+204 (+0x18)
[ 7c e7 5e 80:f0 4d 15 84 ]
80505724-80505727 4 bytes - nt!KiServiceTable+2c4 (+0xc0)
[ 18 2a 62 80:50 fd 0d 84 ]
80505798-8050579b 4 bytes - nt!KiServiceTable+338 (+0x74)
[ b2 59 5d 80:28 61 14 84 ]
805057b4-805057b7 4 bytes - nt!KiServiceTable+354 (+0x1c)
[ 32 27 5d 80:00 9d 14 84 ]
805057f0-805057f7 8 bytes - nt!KiServiceTable+390 (+0x3c)
[ 82 ee 5c 80 06 d1 5c 80:d0 52 14 84 e8 56 14 84 ]
8050583c-8050583f 4 bytes - nt!KiServiceTable+3dc (+0x4c)
[ 66 2d 62 80:80 05 a5 f2 ]
80505854-8050585b 8 bytes - nt!KiServiceTable+3f4 (+0x18)
[ 7a 5a 5d 80 ec 58 5d 80:00 85 21 84 f8 c3 25 84 ]
80505864-8050586b 8 bytes - nt!KiServiceTable+404 (+0x10)
[ da 39 5d 80 d4 3b 5d 80:a0 68 14 84 c0 fd 13 84 ]
8050588c-8050588f 4 bytes - nt!KiServiceTable+42c (+0x28)
[ 40 3e 5b 80:78 ee 0b 84 ]
805058b4-805058b7 4 bytes - nt!KiServiceTable+454 (+0x28)
[ c0 53 5b 80:d0 98 2a 84 ]
80532ecc-80532ed1 6 bytes - nt!DebugPrint (+0x2d618)
[ 8b ff 55 8b ec ff:ff 25 8c a5 a1 ef ]
80542615-80542619 5 bytes - nt!KiFastCallEntry+e5 (+0xf749)
[ 2b e1 c1 e9 02:e9 b2 53 15 72 ]
8054261e-80542621 4 bytes - nt!KiFastCallEntry+ee (+0x09)
[ 34 31 56 80:f4 4c 6a f2 ]
805455c6-805455c9 4 bytes - nt!KiTrap0E+10e (+0x2fa8)
[ 28 26 54 80:0d 7a 69 f2 ]
805a2cde-805a2ce4 7 bytes - nt!KeUserModeCallback
[ 6a 30 68 08 aa 4d 80:e9 f5 94 0e 72 90 90 ]
130 errors : !nt (80505490-805a2ce4)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE

BUCKET_ID: MEMORY_CORRUPTION_LARGE

Followup: memory_corruption
---------

IP 地址: 已记录   报告

2009-05-05, 13:22 下午

WANGyu 离线，最后访问时间: 2012/9/10 3:34:00 王宇

发帖数前10位

注册: 2007-05-08
发贴: 306

Re: bugcheck 分析一例，是否和360保险箱冲突导致BSOD？

显然没有关系。

eax=00000022 ebx=00000000 ecx=00000044 edx=0077005c esi=00000000 edi=ef4f1f2c
eip=805da388 esp=ef4f1ab0 ebp=ef4f1ab8 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!RtlUnicodeToMultiByteSize+0x1e:
805da388 0fb70a movzx ecx,word ptr [edx] ds:0023:0077005c=????

edx 里面已经是你的 UnicodeString 值了，楼主传入的 _UNICODE_STRING 结构有问题。

IP 地址: 已记录   报告

2009-05-05, 14:42 下午

MJ0011 离线，最后访问时间: 2009/12/24 22:33:41 MJ0011

发帖数前10位
注册: 2008-04-24
发贴: 112

Re: bugcheck 分析一例，是否和360保险箱冲突导致BSOD？

你转个string,关我鸟事！

IP 地址: 已记录   报告

高端调试 » 软件调试 » Windows内核调试 » bugcheck 分析一例，是否和360保险箱冲突导致BSOD？