|
|
|
|
|
|
|
Windows内核调试
帖子发起人: superchao 发起时间: 2010-05-06 20:20 下午 回复: 3
|
帖子排序:
|
|
|
|
2010-05-06, 20:20 下午
|
superchao
注册: 2010-03-29
发 贴: 18
|
请大家帮我分析这个 DUMP。先谢谢了!
|
|
|
|
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from f8a9b6ce to f8a9b70f
STACK_COMMAND: kb
FOLLOWUP_IP:
HelloDDK!MyZwSetSystemInformation+f [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f8a9b70f 52 push edx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: HelloDDK!MyZwSetSystemInformation+f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: HelloDDK
IMAGE_NAME: HelloDDK.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4be274b0
FAILURE_BUCKET_ID: 0x7f_8_HelloDDK!MyZwSetSystemInformation+f
BUCKET_ID: 0x7f_8_HelloDDK!MyZwSetSystemInformation+f
Followup: MachineOwner
---------
0: kd> kv
ChildEBP RetAddr Args to Child
f88b700c f8a9b6ce 0059fecc 00000022 f88b7064 HelloDDK!MyZwSetSystemInformation+0xf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b703c f8a9b6ee 0059fecc 00000022 f88b7064 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b704c f8a9b716 0059fecc 00000022 f88b70bc HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b7064 f8a9b6ce 0059fecc 00000022 f88b70bc HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b7094 f8a9b6ee 0059fecc 00000022 f88b70bc HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b70a4 f8a9b716 0059fecc 00000022 f88b7114 HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b70bc f8a9b6ce 0059fecc 00000022 f88b7114 HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b70ec f8a9b6ee 0059fecc 00000022 f88b7114 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b70fc f8a9b716 0059fecc 00000022 f88b716c HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b7114 f8a9b6ce 0059fecc 00000022 f88b716c HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b7144 f8a9b6ee 0059fecc 00000022 f88b716c HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b7154 f8a9b716 0059fecc 00000022 f88b71c4 HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b716c f8a9b6ce 0059fecc 00000022 f88b71c4 HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b719c f8a9b6ee 0059fecc 00000022 f88b71c4 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b71ac f8a9b716 0059fecc 00000022 f88b721c HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b71c4 f8a9b6ce 0059fecc 00000022 f88b721c HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b71f4 f8a9b6ee 0059fecc 00000022 f88b721c HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b7204 f8a9b716 0059fecc 00000022 f88b7274 HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b721c f8a9b6ce 0059fecc 00000022 f88b7274 HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b724c f8a9b6ee 0059fecc 00000022 f88b7274 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
0: kd> r
eax=f88b7064 ebx=f8a9b6a0 ecx=00000022 edx=0059fecc esi=0059feb0 edi=f88b9d64
eip=f8a9b70f esp=f88b7000 ebp=f88b700c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283
HelloDDK!MyZwSetSystemInformation+0xf:
f8a9b70f 52 push edx
各位前辈好,小弟初识驱动开发。从上的堆栈来看是一死循环。永远不会返回给系统。我的问题:是这种情况为什么会产生 double fault?
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
2010-05-07, 16:39 下午
|
Coding
注册: 2008-05-31
发 贴: 103
|
|
|
应该是死循环导致内核栈溢出了。
Windbg help中有解释
This overflow occurs when a guard page is hit, and the kernel tries to push a trap frame. Because there is no stack left, a stack overflow results, causing the double fault.
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
2010-05-07, 23:09 下午
|
superchao
注册: 2010-03-29
发 贴: 18
|
|
|
谢谢,那什么是“guard page”啊? 内存分配也有这个概念,对这个概念总是含糊
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
2010-06-28, 10:06 上午
|
stabber
注册: 2010-01-11
发 贴: 5
|
|
|
HelloDDK!MyZwSetSystemInformation+f [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
这里已经告诉你崩溃的位置了。
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
高端调试 » 软件调试 » Windows内核调试 » 请大家帮我分析这个 DUMP。先谢谢了!
|
|
|
|
|
|