win7下驱动导致APC_INDEX_MISMATCH蓝屏错误
Windows内核调试
win7下驱动导致APC_INDEX_MISMATCH蓝屏错误
kuaixue1023
2010-06-21, 22:44 下午
我的win7下的透明加解密驱动运行后,若将鼠标焦点放在开资源管理器(包含ppt,excel文件)上,过大概10多分钟就会出现这个BSOD,
具体信息如下(此时观察到ppt,excel反复打开关闭操作)
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->KernelApcDisable field. A negative value indicates that a driver
has disabled APC calls without re-enabling them. A positive value indicates
that the reverse is true. This check is made on exit from a system call.
Arguments:
Arg1: 83e895c4, address of system function (system call)
Arg2: 00000000, Thread->ApcStateIndex << 8 | Previous ApcStateIndex
Arg3: 0000ffff, Thread->KernelApcDisable
Arg4: 00000000, Previous KernelApcDisable
Debugging Details:
------------------
FAULTING_IP:
nt!NtOpenFile+0
83e895c4 8bff mov edi,edi
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 83cebe71 to 83c7a394
STACK_TEXT:
90aaf8fc 83cebe71 00000003 947c11d7 00000065 nt!RtlpBreakWithStatusInstruction
90aaf94c 83cec96d 00000003 0af046d0 00000000 nt!KiBugCheckDebugBreak+0x1c
90aafd14 83c527b3 00000001 83e895c4 00000000 nt!KeBugCheck2+0x68b
90aafd14 775264f4 00000001 83e895c4 00000000 nt!KiServiceExit2+0x17a
037df7f4 7752512c 720b23ea 0af046d0 00020080 ntdll!KiFastSystemCallRet
037df7f8 720b23ea 0af046d0 00020080 037df820 ntdll!ZwOpenFile+0xc
037df840 720b2655 037df874 00000000 00020080 ntmarta!I_MartaFileNtOpenFile+0x4d
037df880 720b26d8 03b0fba0 00020080 037df8bc ntmarta!MartaOpenFileNamedObject+0x70
037df8c0 716e39fd 03b0fba0 00000001 00000005 ntmarta!AccRewriteGetNamedRights+0x42
037df8fc 716e4148 03b0fba0 037df924 00000000 ntshrui!CFolderAclEngine::_GetAcl+0x30
037df92c 716e40d1 06e00184 037df94c 716e33c4 ntshrui!CFolderAclEngine::_IsItemPrivate+0x63
037df944 716e4b4c 00000000 06e00184 037df988 ntshrui!CSmbShareEngine::GetItemSharingStatus+0x1b
037df96c 716e4a9d 06e00184 06ebaf40 0021ab60 ntshrui!CSharingOverlayPrivate::_GetSharingStatus+0x85
037df98c 763a05cb 001fa9c0 06e00184 00000020 ntshrui!CSharingOverlayPrivate::IsMemberOf+0x3c
037df9bc 764c13ce 037dfa10 00000020 00000064 SHELL32!CFSIconOverlayManager::_GetFileOverlayInfo+0x11a
037df9d8 763a04d1 001f4370 037dfa10 00000020 SHELL32!CFSIconOverlayManager::GetFileOverlayInfo+0x1b
037dfc1c 763a03db 0706bf40 037dfc68 00000001 SHELL32!CFSFolder::_GetOverlayInfo+0x10f
037dfc30 763a0176 06e02048 0706bf40 037dfc68 SHELL32!CFSFolder::GetOverlayIndex+0x28
037dfc78 763c9185 0af00a50 01000000 80000000 SHELL32!CIconOverlayTask::InternalResumeRT+0xfa
037dfc98 7640618e 0af00a64 7fffffff 0701d298 SHELL32!CRunnableTask::Run+0xce
037dfcb4 764060f9 037dfcf0 00000000 06ff7798 SHELL32!CShellTask::TT_Run+0x167
037dfcfc 763faa98 037dfd14 761db6cf 0701d298 SHELL32!CShellTaskThread::ThreadProc+0xa3
037dfd04 761db6cf 0701d298 002a8a38 037dfd88 SHELL32!CShellTaskThread::s_ThreadProc+0x1b
037dfd14 7750b5e9 06ff7798 7427e864 00200ed0 SHLWAPI!ExecuteWorkItemThreadProc+0xe
037dfd88 7750e8d1 06ff7798 002a8a38 7427eb04 ntdll!RtlpTpWorkCallback+0x11d
037dfee8 76011174 00200ec8 037dff34 7753b3f5 ntdll!TppWorkerThread+0x572
037dfef4 7753b3f5 00200ec8 7427ead8 00000000 kernel32!BaseThreadInitThunk+0xe
037dff34 7753b3c8 7750d63e 00200ec8 00000000 ntdll!__RtlUserThreadStart+0x70
037dff4c 00000000 7750d63e 00200ec8 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!NtOpenFile+0
83e895c4 8bff mov edi,edi
SYMBOL_NAME: nt!NtOpenFile+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc007
FAILURE_BUCKET_ID: 0x1_nt!NtOpenFile+0
BUCKET_ID: 0x1_nt!NtOpenFile+0
Followup: MachineOwner
---------
很奇怪问题竟然不在我的驱动中报的错,希望高手给与指点