 |
|
|
|
|
|
|
|
Windows内核调试
帖子发起人: 明眸的心 发起时间: 2010-02-25 12:45 下午 回复: 2
  
|
|
帖子排序:
|
|
|
|
 2010-02-25, 12:45 下午
|
明眸的心
注册: 2009-01-05
发 贴: 7
|
|
|
请问下各位,我替换了CommonDispatchException函数里的 call KiDispatchException使之CALL我自己的HxKiDispatchException()函数,但是系统出现蓝屏如下,堆栈好奇怪,还有Current IRQL 是ff.是什么原因?
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8055d5f3, address which referenced memory
Debugging Details:
------------------
Page 11b3a not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details
WRITE_ADDRESS: 00000000
CURRENT_IRQL: ff
FAULTING_IP:
nt!KiProcessorBlock+53
8055d5f3 0000 add byte ptr [eax],al
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0xA
PROCESS_NAME: OllyICE.exe
TRAP_FRAME: aa05c2cc -- (.trap 0xffffffffaa05c2cc)
ErrCode = 00000002
eax=00000000 ebx=aa05c76c ecx=aa05c7ac edx=aa05c758 esi=aa05c8a0 edi=00000014
eip=8055d5f3 esp=aa05c340 ebp=aa05c73c iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010082
nt!KiProcessorBlock+0x53:
8055d5f3 0000 add byte ptr [eax],al ds:0023:00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from 8055d5f3 to 80545700
STACK_TEXT:
aa05c2cc 8055d5f3 badb0d00 aa05c758 e2b1dcec nt!KiTrap0E+0x238
aa05c73c 805430a5 aa05c758 00000000 aa05c7ac nt!KiProcessorBlock+0x53
aa05c7a4 805437fe aa05c834 80532ea1 badb0d00 nt!CommonDispatchException+0x4d
aa05c7a4 80532ea2 aa05c834 80532ea1 badb0d00 nt!KiTrap03+0xae
aa05c834 80532eec 00000001 aa05c8a0 00000014 nt!DebugService+0x1c
aa05c850 aa13e951 aa05c888 ffffffff 00000000 nt!DebugPrint+0x1c
WARNING: Stack unwind information not available. Following frames may be wrong.
aa05c868 8052c6fb aa05c888 ffffffff 00000000 Dbgv+0x951
aa05cabc 8052c890 8052c870 ffffffff 00000000 nt!vDbgPrintExWithPrefix+0x101
aa05cad8 a9565783 a956f708 aa05cc20 89075308 nt!DbgPrint+0x1a
aa05cb38 a95655c4 88f29028 89075308 88e380e0 hxdbgkrnl!AddServices+0x13 [e:\ÎòμÄ3ìDò\ÄúoËμ÷êÔÆ÷\hxdbgkrnl\hxdbgkrnl.c @ 494]
aa05cc40 804f019f 88e7fc50 88e380e0 806e7410 hxdbgkrnl!HxCtrl+0x264 [e:\ÎòμÄ3ìDò\ÄúoËμ÷êÔÆ÷\hxdbgkrnl\hxdbgkrnl.c @ 378]
aa05cc50 80580982 88e38150 88f29028 88e380e0 nt!IopfCallDriver+0x31
aa05cc64 805817f7 88e7fc50 88e380e0 88f29028 nt!IopSynchronousServiceTail+0x70
aa05cd00 8057a274 000000f4 00000000 00000000 nt!IopXxxControlFile+0x5c5
aa05cd34 8054263c 000000f4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
aa05cd34 7c92e514 000000f4 00000000 00000000 nt!KiFastCallEntry+0xfc
0012dc50 00000000 00000000 00000000 00000000 0x7c92e514
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-02-25, 17:30 下午
|
Coding
注册: 2008-05-31
发 贴: 103
|
|
|
|
8055d5f3 0000 add byte ptr [eax],al ds:0023:00000000=??
就这条语句出错了,eax的值为0
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-02-25, 20:20 下午
|
明眸的心
注册: 2009-01-05
发 贴: 7
|
|
|
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
高端调试 » 软件调试 » Windows内核调试 » Re: 奇怪的蓝屏问题
|
|
|
|
|
|