Re: 请大家帮我分析这个 DUMP。先谢谢了！

欢迎光临高端调试登录 | 注册 | FAQ

搜索论坛

	内核调试

	ACPI调试 Linux内核调试 Windows内核调试
	调试方法学

	调试战役调试原理新工具观察
	操作系统

	Linux Windows Vista Windows
	驱动开发

	Linux驱动 WDF WDM
	总线

	PCI Express PCI/PCI-X USB 无线通信协议
	中央处理器

	64位CPU ARM IA-32
	CPU Info Center
	计算机机系统

	ACPI标准系统认证 Desktop 服务器
	嵌入式系统

	Embedded Linux 嵌入式开发工具 VxWorks WinCE 嵌入式Windows
	特别链接

	格蠹调试套件(GDK)
	格蠹学院
	小朱书店
	老雷的微博
	《软件调试》
	《格蠹汇编》
	《软件调试(第二版)》


沪ICP备11027180号-1

Windows内核调试

帖子发起人: superchao 发起时间: 2010-05-06 20:20 下午 回复: 3

搜索论坛

帖子排序:

2010-05-06, 20:20 下午

qxsl2000 离线，最后访问时间: 2010/3/29 13:01:06 superchao

发帖数前75位
注册: 2010-03-29
发贴: 18

Zip it! [:#] 请大家帮我分析这个 DUMP。先谢谢了！

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: csrss.exe

LAST_CONTROL_TRANSFER: from f8a9b6ce to f8a9b70f

STACK_COMMAND: kb

FOLLOWUP_IP:
HelloDDK!MyZwSetSystemInformation+f [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f8a9b70f 52 push edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: HelloDDK!MyZwSetSystemInformation+f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: HelloDDK

IMAGE_NAME: HelloDDK.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4be274b0

FAILURE_BUCKET_ID: 0x7f_8_HelloDDK!MyZwSetSystemInformation+f

BUCKET_ID: 0x7f_8_HelloDDK!MyZwSetSystemInformation+f

Followup: MachineOwner
---------

0: kd> kv
ChildEBP RetAddr Args to Child
f88b700c f8a9b6ce 0059fecc 00000022 f88b7064 HelloDDK!MyZwSetSystemInformation+0xf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b703c f8a9b6ee 0059fecc 00000022 f88b7064 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b704c f8a9b716 0059fecc 00000022 f88b70bc HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b7064 f8a9b6ce 0059fecc 00000022 f88b70bc HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b7094 f8a9b6ee 0059fecc 00000022 f88b70bc HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b70a4 f8a9b716 0059fecc 00000022 f88b7114 HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b70bc f8a9b6ce 0059fecc 00000022 f88b7114 HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b70ec f8a9b6ee 0059fecc 00000022 f88b7114 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b70fc f8a9b716 0059fecc 00000022 f88b716c HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b7114 f8a9b6ce 0059fecc 00000022 f88b716c HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b7144 f8a9b6ee 0059fecc 00000022 f88b716c HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b7154 f8a9b716 0059fecc 00000022 f88b71c4 HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b716c f8a9b6ce 0059fecc 00000022 f88b71c4 HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b719c f8a9b6ee 0059fecc 00000022 f88b71c4 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b71ac f8a9b716 0059fecc 00000022 f88b721c HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b71c4 f8a9b6ce 0059fecc 00000022 f88b721c HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b71f4 f8a9b6ee 0059fecc 00000022 f88b721c HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]
f88b7204 f8a9b716 0059fecc 00000022 f88b7274 HelloDDK!MyZwLoadDriver+0xe (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 289]
f88b721c f8a9b6ce 0059fecc 00000022 f88b7274 HelloDDK!MyZwSetSystemInformation+0x16 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
f88b724c f8a9b6ee 0059fecc 00000022 f88b7274 HelloDDK!MyZwCreateProcessEx+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 282]

0: kd> r
eax=f88b7064 ebx=f8a9b6a0 ecx=00000022 edx=0059fecc esi=0059feb0 edi=f88b9d64
eip=f8a9b70f esp=f88b7000 ebp=f88b700c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283
HelloDDK!MyZwSetSystemInformation+0xf:
f8a9b70f 52 push edx

各位前辈好，小弟初识驱动开发。从上的堆栈来看是一死循环。永远不会返回给系统。我的问题：是这种情况为什么会产生 double fault?

IP 地址: 已记录   报告

2010-05-07, 16:39 下午

Coding 离线，最后访问时间: 2010/2/20 12:12:52 Coding

发帖数前10位
注册: 2008-05-31
发贴: 103

Re: 请大家帮我分析这个 DUMP。先谢谢了！

应该是死循环导致内核栈溢出了。
Windbg help中有解释
This overflow occurs when a guard page is hit, and the kernel tries to push a trap frame. Because there is no stack left, a stack overflow results, causing the double fault.

IP 地址: 已记录   报告

2010-05-07, 23:09 下午

qxsl2000 离线，最后访问时间: 2010/3/29 13:01:06 superchao

发帖数前75位
注册: 2010-03-29
发贴: 18

Re: 请大家帮我分析这个 DUMP。先谢谢了！

谢谢，那什么是“guard page”啊？内存分配也有这个概念，对这个概念总是含糊

IP 地址: 已记录   报告

2010-06-28, 10:06 上午

stabber 离线，最后访问时间: 2010/6/29 5:04:06 stabber

发帖数前200位
注册: 2010-01-11
发贴: 5

Re: 请大家帮我分析这个 DUMP。先谢谢了！

HelloDDK!MyZwSetSystemInformation+f [d:\windows driver\windows drivers examples\chapter10\dpctimer_test\nt_driver\getfunc.cpp @ 302]
这里已经告诉你崩溃的位置了。

IP 地址: 已记录   报告

高端调试 » 软件调试 » Windows内核调试 » Re: 请大家帮我分析这个 DUMP。先谢谢了！