 |
|
|
|
|
|
|
|
Windows内核调试
帖子发起人: 唉横琴抽 发起时间: 2010-02-04 10:10 上午 回复: 4
  
|
|
帖子排序:
|
|
|
|
 2010-02-04, 10:10 上午
|
唉横琴抽
注册: 2010-02-03
发 贴: 2
|
写了一个驱动安装过后,有时会蓝屏而且不定时,不知道应该去找这个错误dump文件如下,大侠帮帮忙
|
|
|
|
|
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Mini020410-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*e:\symbs*http://msdl.microsoft.com/download/symbols;C:\123\objfre_wnet_x86\i386
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.090805-1438
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Thu Feb 4 08:31:26.357 2010 (GMT+8)
System Uptime: 0 days 0:03:33.968
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
.......................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 80875483, b7d80c04, 0}
Probably caused by : ntkrpamp.exe ( nt!IofCallDriver+45 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80875483, The address that the exception occurred at
Arg3: b7d80c04, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
FAULTING_IP:
nt!RtlInitUnicodeString+1b
80875483 f266af repne scas word ptr es:[edi]
TRAP_FRAME: b7d80c04 -- (.trap 0xffffffffb7d80c04)
ErrCode = 00000000
eax=00000000 ebx=88f76008 ecx=ffffffd2 edx=b7d80cb4 esi=04724f48 edi=04725000
eip=80875483 esp=b7d80c78 ebp=b7d80cc8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!RtlInitUnicodeString+0x1b:
80875483 f266af repne scas word ptr es:[edi]
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
PROCESS_NAME: RTX.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8081df85 to 80875483
STACK_TEXT:
b7d80cc8 8081df85 00001000 00000000 891477b8 nt!RtlInitUnicodeString+0x1b
b7d80cf8 808f5437 b7d80d64 0012d520 808ef906 nt!IofCallDriver+0x45
b7d80d0c 808ef963 8920fd20 88f76008 89341510 nt!IopSynchronousServiceTail+0x10b
b7d80d30 808897bc 000007fc 00000000 00000000 nt!NtQueryDirectoryFile+0x5d
b7d80d30 7c9585ec 000007fc 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d568 00000000 00000000 00000000 00000000 0x7c9585ec
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IofCallDriver+45
8081df85 5e pop esi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!IofCallDriver+45
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a799091
FAILURE_BUCKET_ID: 0x8E_nt!IofCallDriver+45
BUCKET_ID: 0x8E_nt!IofCallDriver+45
Followup: MachineOwner
---------
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-02-04, 10:12 上午
|
唉横琴抽
注册: 2010-02-03
发 贴: 2
|
Re: 写了一个驱动安装过后,有时会蓝屏而且不定时,不知道应该去找这个错误dump文件如下,大侠帮帮忙
|
|
|
|
|
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-02-04, 21:20 下午
|
MJ0011
注册: 2008-04-24
发 贴: 112
|
Re: 写了一个驱动安装过后,有时会蓝屏而且不定时,不知道应该去找这个错误dump文件如下,大侠帮帮忙
|
|
|
|
|
|
没检查NtQueryDirectoryFile的参数就直接做RtlInitunicodeString..基础啊。。太多没基础的小孩出来些驱动了
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-02-05, 13:26 下午
|
sPhinX
注册: 2008-06-28
发 贴: 50
|
Re: 写了一个驱动安装过后,有时会蓝屏而且不定时,不知道应该去找这个错误dump文件如下,大侠帮帮忙
|
|
|
|
|
|
个人插个嘴,看顶楼的ID就觉得太年轻了,呵呵,现在的小孩啊......
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-02-21, 08:26 上午
|
unknow
注册: 2010-02-21
发 贴: 1
|
Re: 写了一个驱动安装过后,有时会蓝屏而且不定时,不知道应该去找这个错误dump文件如下,大侠帮帮忙
|
|
|
|
|
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
高端调试 » 软件调试 » Windows内核调试 » Re: 写了一个驱动安装过后,有时会蓝屏而且不定时,不知道应该去找这个错误dump文件如下,大侠帮帮忙
|
|
|
|
|
|