搜索论坛 帖子排序:  Oldest to newest Newest to oldest

2014-05-07, 15:46 下午 cqyczj 注册: 2013-09-25 发 贴: 11 求助!张老师驱动卸载蓝屏 上次堆栈溢出解决后,又出现一问题，就是卸载时要蓝屏。通过dump，文件如下。我调试也发现这个蓝屏不是在DriverLoad卸载例程里,看dump文件也没看出在哪里有问题。现在请老师指点一下 ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck CE, {8cf712d0, 8, 8cf712d0, 0} Probably caused by : SafeSystem.sys ( SafeSystem+1a2d0 ) Followup: MachineOwner --------- eax=8394017c ebx=00000000 ecx=00000000 edx=00000000 esi=83932d20 edi=00000000 eip=8388e8e3 esp=8e0abc28 ebp=8e0abca8 iopl=0         nv up ei pl nz na po nc cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202 nt!MmAccessFault+0x106: 8388e8e3 cc              int     3 kd> !analyze -v ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * ******************************************************************************* DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce) A driver unloaded without cancelling timers, DPCs, worker threads, etc. The broken driver's name is displayed on the screen. Arguments: Arg1: 8cf712d0, memory referenced Arg2: 00000008, value 0 = read operation, 1 = write operation Arg3: 8cf712d0, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000000, Mm internal code. Debugging Details: ------------------ WRITE_ADDRESS:  8cf712d0  FAULTING_IP:  SafeSystem+1a2d0 8cf712d0 ??              ??? DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT BUGCHECK_STR:  0xCE PROCESS_NAME:  services.exe CURRENT_IRQL:  0 ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre TRAP_FRAME:  8e0abcc0 -- (.trap 0xffffffff8e0abcc0) ErrCode = 00000010 eax=0000014f ebx=0000014f ecx=00000000 edx=016df404 esi=016df404 edi=839719c0 eip=8cf712d0 esp=8e0abd34 ebp=8e0abd34 iopl=0         nv up ei pl nz na po cy cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010203 <Unloaded_SafeSystem.sys>+0x1a2d0: 8cf712d0 ??              ??? Resetting default scope IP_MODULE_UNLOADED:  SafeSystem+1a2d0 8cf712d0 ??              ??? LAST_CONTROL_TRANSFER:  from 8384f5f8 to 8388e8e3 STACK_TEXT:   8e0abca8 8384f5f8 00000008 8cf712d0 00000000 nt!MmAccessFault+0x106 8e0abca8 8cf712d0 00000008 8cf712d0 00000000 nt!KiTrap0E+0xdc WARNING: Frame IP not in any known module. Following frames may be wrong. 8e0abd30 016df418 773964f4 badb0d00 016df404 <Unloaded_SafeSystem.sys>+0x1a2d0 8e0abd34 773964f4 badb0d00 016df404 00000000 0x16df418 8e0abd38 badb0d00 016df404 00000000 00000000 0x773964f4 8e0abd3c 016df404 00000000 00000000 00000000 0xbadb0d00 8e0abd40 00000000 00000000 00000000 00000000 0x16df404 STACK_COMMAND:  kb FOLLOWUP_IP:  SafeSystem+1a2d0 8cf712d0 ??              ??? SYMBOL_STACK_INDEX:  2 SYMBOL_NAME:  SafeSystem+1a2d0 FOLLOWUP_NAME:  MachineOwner MODULE_NAME: SafeSystem IMAGE_NAME:  SafeSystem.sys DEBUG_FLR_IMAGE_TIMESTAMP:  0 FAILURE_BUCKET_ID:  0xCE_SafeSystem+1a2d0 BUCKET_ID:  0xCE_SafeSystem+1a2d0 ANALYSIS_SOURCE:  KM FAILURE_ID_HASH_STRING:  km:0xce_safesystem+1a2d0 FAILURE_ID_HASH:  {e5697f25-4388-c653-f4a0-a211407900dd} Followup: MachineOwner --------- kd> k ChildEBP RetAddr   8e0abca8 8384f5f8 nt!MmAccessFault+0x106 8e0abca8 8cf712d0 nt!KiTrap0E+0xdc WARNING: Frame IP not in any known module. Following frames may be wrong. 8e0abd30 016df418 <Unloaded_SafeSystem.sys>+0x1a2d0 8e0abd34 773964f4 0x16df418 8e0abd38 badb0d00 0x773964f4 8e0abd3c 016df404 0xbadb0d00 8e0abd40 00000000 0x16df404 IP 地址: 已记录   报告

2014-05-07, 17:54 下午 格蠹老雷 注册: 2005-12-19 发 贴: 1,303 Re: 求助!张老师驱动卸载蓝屏 A driver unloaded without cancelling timers, DPCs, worker threads, etc. 这样的问题启用driver verifier百发百中，Google细节或者《软件调试》第19章 IP 地址: 已记录   报告

2014-05-08, 10:02 上午 cqyczj 注册: 2013-09-25 发 贴: 11 Re: 求助!张老师驱动卸载蓝屏 张老师,一下就是用驱动验证过后的显示，希望您多给给点拨 Init Kernel Function Info Success 驱动成功被卸载 *** Fatal System Error: 0x000000c4                        (0x00000062,0x8CEC7624,0x8CE17D00,0x00000011) Break instruction exception - code 80000003 (first chance) Connected to Windows 7 7600 x86 compatible target at (Thu May  8 09:45:31.558 2014 (UTC + 8:00)), ptr64 FALSE Loading Kernel Symbols ....................................... Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ........................ ................................................................ ........................... Loading User Symbols ................................. Loading unloaded module list ........ ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C4, {62, 8cec7624, 8ce17d00, 11} Probably caused by : memory_corruption Followup: memory_corruption --------- nt!RtlpBreakWithStatusInstruction: 838ad394 cc              int     3 kd> !analyze -v ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * ******************************************************************************* DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught.  This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 00000062, A driver has forgotten to free its pool allocations prior to unloading. Arg2: 8cec7624, name of the driver having the issue. Arg3: 8ce17d00, verifier internal structure with driver information. Arg4: 00000011, total # of (paged+nonpaged) allocations that weren't freed. Type !verifier 3 drivername.sys for info on the allocations that were leaked that caused the bugcheck. Debugging Details: ------------------ BUGCHECK_STR:  0xc4_62 DEBUG_FLR_IMAGE_TIMESTAMP:  0 FAULTING_MODULE: a4f02000 SafeSystem VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY ffffffff8ce17d00 Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found. DEFAULT_BUCKET_ID:  CODE_CORRUPTION PROCESS_NAME:  services.exe CURRENT_IRQL:  2 ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre LAST_CONTROL_TRANSFER:  from 8391ee71 to 838ad394 STACK_TEXT:   8c2e748c 8391ee71 00000003 b7e33378 00000065 nt!RtlpBreakWithStatusInstruction 8c2e74dc 8391f96d 00000003 8ce17d00 00000011 nt!KiBugCheckDebugBreak+0x1c 8c2e78a0 8391ed10 000000c4 00000062 8cec7624 nt!KeBugCheck2+0x68b 8c2e78c0 83b76f03 000000c4 00000062 8cec7624 nt!KeBugCheckEx+0x1e 8c2e78e0 83b7b5eb 8cec7624 8ce17d00 a4f02000 nt!VerifierBugCheckIfAppropriate+0x30 8c2e78f0 8384ee8a 8cec75c8 83981ec8 83981ec8 nt!VfPoolCheckForLeaks+0x33 8c2e792c 839d369f 8cec75c8 a4f02000 40000000 nt!VfTargetDriversRemove+0x66 8c2e7940 839d3338 8398a7e0 8ce97d48 00000000 nt!VfDriverUnloadImage+0x5e 8c2e7978 839d458d 8cec75c8 ffffffff 00000000 nt!MiUnloadSystemImage+0x1c6 8c2e799c 83afd517 8cec75c8 861ff650 8ce2fb70 nt!MmUnloadSystemImage+0x36 8c2e79b4 83a636f4 8ce2fb88 8ce2fb88 8ce2fb70 nt!IopDeleteDriver+0x38 8c2e79cc 838aaf60 00000000 8c2e7ce8 8ce2fb88 nt!ObpRemoveObjectRoutine+0x59 8c2e79e0 838aaed0 8ce2fb88 83afdbe5 b7e33c98 nt!ObfDereferenceObjectWithTag+0x88 8c2e79e8 83afdbe5 b7e33c98 8c2e7b54 8c2e7bd0 nt!ObfDereferenceObject+0xd 8c2e7b3c 83afd836 00000000 8c2e7b54 8388542a nt!IopUnloadDriver+0x3a0 8c2e7b48 8388542a 8c2e7ce8 8c2e7d1c 83884741 nt!NtUnloadDriver+0xf 8c2e7b48 83884741 8c2e7ce8 8c2e7d1c 83884741 nt!KiFastCallEntry+0x12a 8c2e7bc4 83afd935 8c2e7ce8 b7e33ab8 0089f0f4 nt!ZwUnloadDriver+0x11 8c2e7d1c 83afd836 00000000 8c2e7d34 b804342a nt!IopUnloadDriver+0xf0 8c2e7d28 b804342a 0089f0f4 0089f0fc 777364f4 nt!NtUnloadDriver+0xf WARNING: Frame IP not in any known module. Following frames may be wrong. 8c2e7d34 777364f3 badb0d00 0089f0e4 00000000 0xb804342a 8c2e7d38 badb0d00 0089f0e4 00000000 00000000 ntdll!KiFastSystemCall+0x3 8c2e7d3c 0089f0e4 00000000 00000000 00000000 0xbadb0d00 8c2e7d40 00000000 00000000 00000000 00000000 0x89f0e4 STACK_COMMAND:  kb CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt     83885300- [ b9 23 00 00 00:e9 fb df 7b 34 ] [ 8b ff 55 8b ec:e9 fb df 7b 34 ] [ 8b ff 55 8b ec:e9 fb df 7b 34 ] [ 6a 4c 68 b8 ce 89 83:e9 23 2a 47 21 90 90 ] 22 errors : !nt (83885300-83a9185e) MODULE_NAME: memory_corruption IMAGE_NAME:  memory_corruption FOLLOWUP_NAME:  memory_corruption MEMORY_CORRUPTOR:  LARGE FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE BUCKET_ID:  MEMORY_CORRUPTION_LARGE ANALYSIS_SOURCE:  KM FAILURE_ID_HASH_STRING:  km:memory_corruption_large FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c} Followup: memory_corruption --------- IP 地址: 已记录   报告

2014-05-08, 10:14 上午 cqyczj 注册: 2013-09-25 发 贴: 11 Re: 求助!张老师驱动卸载蓝屏 kd> db 0x8CEC7624 8cec7624  53 00 61 00 66 00 65 00-53 00 79 00 73 00 74 00  S.a.f.e.S.y.s.t. 8cec7634  65 00 6d 00 2e 00 73 00-79 00 73 00 00 00 fc 8e  e.m...s.y.s..... 8cec7644  00 40 3f 90 11 00 12 04-4d 6d 43 61 e0 bb 40 b3  .@?.....MmCa..@. 8cec7654  e4 bb ec 8c 64 5c 12 8f-00 00 00 00 04 00 00 00  ....d\.......... 8cec7664  00 00 00 00 00 00 00 00-80 00 00 00 00 00 00 00  ................ 8cec7674  d7 0b f1 8c 00 00 00 00-00 00 00 00 00 00 00 00  ................ 8cec7684  00 00 00 00 00 00 00 00-00 00 00 00 01 00 00 00  ................ 8cec7694  00 00 00 00 98 76 ec 8c-98 76 ec 8c 50 76 ec 8c  .....v...v..Pv.. kd> !verifier 3 SafeSystem.sys Verify Flags Level 0x00000fbf   STANDARD FLAGS:     [X] (0x00000000) Automatic Checks     [X] (0x00000001) Special pool     [X] (0x00000002) Force IRQL checking     [X] (0x00000008) Pool tracking     [X] (0x00000010) I/O verification     [X] (0x00000020) Deadlock detection     [X] (0x00000080) DMA checking     [X] (0x00000100) Security checks     [X] (0x00000800) Miscellaneous checks   ADDITIONAL FLAGS:     [X] (0x00000004) Randomized low resources simulation     [X] (0x00000200) Force pending I/O requests     [X] (0x00000400) IRP logging     [X] Indicates flag is enabled Summary of All Verifier Statistics   RaiseIrqls           0x515a8   AcquireSpinLocks     0x5de01b   Synch Executions     0x94e2   Trims                0x1fc   Pool Allocations Attempted             0x435ca8   Pool Allocations Succeeded             0x435ca8   Pool Allocations Succeeded SpecialPool 0x435ca8   Pool Allocations With NO TAG           0x5   Pool Allocations Failed                0x0   Current paged pool allocations         0x5d76 for 009A7BE0 bytes   Peak paged pool allocations            0x5d80 for 00D8EBBC bytes   Current nonpaged pool allocations      0x4dc1 for 0122588C bytes   Peak nonpaged pool allocations         0x4ddd for 0122AF90 bytes Driver Verification List ------------------------   MODULE: 0x8cf00bc0 SafeSystem.sys (Loaded)     Pool Allocation Statistics: ( NonPagedPool / PagedPool )       Current Pool Allocations: ( 0x0000000b / 0x00000006 )       Current Pool Bytes:       ( 0x00af6118 / 0x00000074 )       Peak Pool Allocations:    ( 0x0000000b / 0x00000007 )       Peak Pool Bytes:          ( 0x00af6118 / 0x003c6000 )       Contiguous Memory Bytes:       0x00000000       Peak Contiguous Memory Bytes:  0x00000000     Pool Allocations:       Address     Length      Tag   Caller           ----------  ----------  ----  ----------       0xb8600000  0x00411000  vDvP  0xa4f1c4aa  SafeSystem!ReLoadNtos       0xb7446fc0  0x00000040  vDvP  0xa4f1c22f  SafeSystem!InitSafeOperationModule       0xb75949b8  0x00000644  vDvP  0xa4f1c1d8  SafeSystem!InitSafeOperationModule       0xb5850fc0  0x00000040  vDvP  0xa4f1c147  SafeSystem!InitSafeOperationModule       0xb75be9b8  0x00000644  vDvP  0xa4f1c08d  SafeSystem!InitSafeOperationModule       0xb7730ff0  0x00000010  VStr  0xa4f144c4  SafeSystem!GetKernelModuleBase       0xb77d6fe8  0x00000014  VStr  0xa4f144c4  SafeSystem!GetKernelModuleBase       0xb77f0fe8  0x00000014  VStr  0xa4f144c4  SafeSystem!GetKernelModuleBase       0xb77e0fe8  0x00000018  VStr  0xa4f144c4  SafeSystem!GetKernelModuleBase       0xb776aff0  0x00000010  VStr  0xa4f144c4  SafeSystem!GetKernelModuleBase       0xb8000000  0x00411000  vDvP  0xa4f14bde  SafeSystem!ImageFile       0x8f69a000  0x00012000  vDvP  0xa4f15796  SafeSystem!InitKernelThreadData       0xb762afe8  0x00000014  VStr  0xa4f144c4  SafeSystem!GetKernelModuleBase       0xb7800000  0x002a1000  vDvP  0xa4f1c41a  SafeSystem!ReLoadNtos       0xb74fedf8  0x00000208  vDvP  0xa4f147e3  SafeSystem!GetSystemKernelModuleInfo       0xb754cdf8  0x00000208  vDvP  0xa4f14faa  SafeSystem!KernelOpenFile       0x8f67a000  0x00020000  vDvP  0xa4f1c36b  SafeSystem!ReLoadNtos     Contiguous allocations are not displayed with public symbols. IP 地址: 已记录   报告

2014-05-08, 23:14 下午 格蠹老雷 注册: 2005-12-19 发 贴: 1,303 Re: 求助!张老师驱动卸载蓝屏 看起来这个驱动的问题不是一个两个。上面显示的都是内核池泄漏，还没有触及到第一次提到的STOP CE。不建议在这样的公开论坛上过多粘贴实际产品的信息，可以发邮件联系我 IP 地址: 已记录   报告

2014-05-09, 09:02 上午 cqyczj 注册: 2013-09-25 发 贴: 11 Re: 求助!张老师驱动卸载蓝屏 谢谢老师的提醒,也谢谢老师热心 IP 地址: 已记录   报告

高端调试 » 软件调试 » Windows内核调试 » Re: 求助!张老师驱动卸载蓝屏

请选择 论坛首页 |- 论坛搜索 |- 热门主题 |- 未回复的主题 用户选项 |- 登录 |- 注册 |- 找回密码 软件调试 |- Windows内核调试 |- C/C++本地代码调试 |- .Net程序调试 |- 脚本程序调试 |- Java程序调试 |- Linux内核调试 |- 《程序员》杂志调试专栏 |- WinDbg |- GDB |- 远程调试 |- 调试ACPI和BIOS |- 特殊的调试任务 |- 转储分析 |- GDK7 内核探秘 |- Windows内核 |- Linux内核 系统架构 |- CPU架构 |- PCI/PCI Express架构 程序人生 |- 软件物语 |- 社区活动 |- 名人逸事 联盟论坛 |- 欢迎使用CnForums 没有银弹 |- BUG也精彩 |- 豆腐工程 |- 软件圈里十大怪 Windows Vista |- 用调试利剑剖析VISTA内幕 |- 老专家如何破解新问题 |- 我的电脑谁说了算？ |- 资源 Office开发 |- Visio 驱动程序开发 |- Windows驱动开发 |- Linux驱动开发 |- Windows CE驱动开发 用户态开发 |- Windows本地代码（native）高级开发 |- Web应用开发 |- WinFX和.Net |- Office开发 本站建设 |- 高端调试团队 |- 版面布局 |- 活动建议 |- 网站维护 64位计算 |- 64-bit Windows |- 64-bit CPU 图书 |- 《软件调试》的示例程序 |- 《软件调试》的工具 |- 《软件调试》书友 |- 《软件调试》答疑 |- 《软件调试》勘误和意见 |- 《格蠹汇编》 |- 《软件调试》第二版卷1 |- 《软件调试》第二版卷2 云计算 |- IaaS |- 云存储 |- 大数据 |- PaaS和SaaS GPU |- CUDA |- OpenCL |- HSA |- 游戏开发与调试