 |
|
|
|
|
|
|
|
Windows内核调试
帖子发起人: stabber 发起时间: 2010-06-28 09:49 上午 回复: 6
  
|
|
帖子排序:
|
|
|
|
 2010-06-28, 09:49 上午
|
stabber
注册: 2010-01-11
发 贴: 5
|
|
|
这是windbg的dump信息:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NO_MORE_IRP_STACK_LOCATIONS (35)
A higher level driver has attempted to call a lower level driver through
the IoCallDriver() interface, but there are no more stack locations in the
packet, hence, the lower level driver would not be able to access its
parameters, as there are no parameters for it. This is a disasterous
situation, since the higher level driver "thinks" it has filled in the
parameters for the lower level driver (something it MUST do before it calls
it), but since there is no stack location for the latter driver, the former
has written off of the end of the packet. This means that some other memory
has probably been trashed at this point.
Arguments:
Arg1: 842e5bf8, Address of the IRP
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: SbFw
FAULTING_MODULE: 81e42000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4bd851a2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x35
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81e86992 to 81f0fb8d
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
856909f8 81e86992 00000035 842e5bf8 00000000 nt+0xcdb8d
85690a1c 8d384e62 9359c860 842e5bf8 85690a50 nt+0x44992
85690a2c 8d385205 8f209890 842e5bf8 8d385010 SbFw+0x9e62
85690a50 8d385a80 8f209890 00000000 8f21a898 SbFw+0xa205
85690a68 8d385bd5 8f21a898 8f209890 842e5bf8 SbFw+0xaa80
85690a88 8d37dd42 8f21a898 842e5bf8 85690ab0 SbFw+0xabd5
85690a98 81e869c6 8f21a898 842e5bf8 842e5ca8 SbFw+0x2d42
85690ab0 8d3d20ae 9359c860 8d3d6380 85690ae4 nt+0x449c6
85690ac0 8d3d2525 8f21a898 842e5bf8 8d3d2450 sbtis+0x90ae
85690ae4 8d3d324b 8f21a898 842e5bf8 8f225898 sbtis+0x9525
85690b00 8d3d3686 8f225898 8f21a898 842e5c8c sbtis+0xa24b
85690b24 8d3cca3c 8f225898 842e5bf8 842e5ca8 sbtis+0xa686
85690b40 81e869c6 8f225898 842e5bf8 842e5ccc sbtis+0x3a3c
85690b58 817ed87f 855ed008 855ee728 84543528 nt+0x449c6
85690b6c 817ef8c5 85690b84 9d4cea88 84543528 waclient+0x187f
85690bb4 817edb76 8e3e0708 817f807c 817f50b6 waclient+0x38c5
85690bd8 817ee721 8e3e0708 9d4cea88 00690c28 waclient+0x1b76
85690c2c 81e869c6 00000000 9d4cea88 936e15e8 waclient+0x2721
85690c44 82088761 8604d578 936e15e8 936e1658 nt+0x449c6
85690c64 82088f06 937aebe8 8604d578 00000000 nt+0x246761
85690d00 82089fd0 937aebe8 936e15e8 00000000 nt+0x246f06
85690d34 81e8cc7a 0000057c 00000000 00000000 nt+0x247fd0
85690d64 76e25e74 badb0d00 03fefddc 00000000 nt+0x4ac7a
85690d68 badb0d00 03fefddc 00000000 00000000 0x76e25e74
85690d6c 03fefddc 00000000 00000000 00000000 0xbadb0d00
85690d70 00000000 00000000 00000000 00000000 0x3fefddc
STACK_COMMAND: kb
FOLLOWUP_IP:
SbFw+9e62
8d384e62 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: SbFw+9e62
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: SbFw.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
从dump的显示,好像是SbFw.sys导致的问题, 其中的waclient是我的sys。
谢谢
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-06-28, 12:33 下午
|
格蠹老雷
注册: 2005-12-19
发 贴: 1,303
|
|
|
|
缺少符号文件,建议先解决符号问题,然后进一步分析栈回溯,可以使用.symfix c:\symbols命令来设置使用符号服务器
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-06-29, 10:36 上午
|
stabber
注册: 2010-01-11
发 贴: 5
|
|
|
|
你好,我已经设置好符号服务器了。
waclient.sys是我的程序,它的符号已经放到c:\symbol下了。
而SbFw.sys 和sbtis.sys是别人的程序,我没有它们的符号。
请问这样能确定是谁的原因导致了BOSD吗?
如果不能,我该怎么做?谢谢
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-06-29, 13:30 下午
|
王宇
注册: 2007-05-08
发 贴: 306
|
|
|
|
Symbols 显然没有设置... 或者楼主传 dump 到网盘吧。
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-06-29, 13:56 下午
|
stabber
注册: 2010-01-11
发 贴: 5
|
|
|
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-06-29, 15:17 下午
|
sPhinX
注册: 2008-06-28
发 贴: 50
|
![Wink [;)]](/emoticons/emotion-5.gif)
Re: 哪位大侠帮我分析一下崩溃的原因?谢谢!
|
|
|
|
|
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2010-06-29, 21:39 下午
|
admin
注册: 2005-08-18
发 贴: 52
|
|
|
|
刚刚开启了注册会员添加附件的许可,可以在帖子中添加附件,为了提高传送速度和减少空间占用,麻烦大家先压缩一下再上传,另外可能在空间不足时先删除附件
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
高端调试 » 软件调试 » Windows内核调试 » Re: 哪位大侠帮我分析一下崩溃的原因?谢谢!
|
|
|
|
|
|