调整esp后 单步执行t 系统崩溃了

Windows内核调试

调整esp后 单步执行t 系统崩溃了

---

qstesiro 2014-08-07, 12:02 下午
我使用内核调试器断下系统（ctrl+c）后执行 r esp=esp-4 操作后再执行t，系统崩溃了，以下操作过程：
kd> kv
ChildEBP RetAddr Args to Child
8054abcc 8054209d 00000001 fff0bd02 000000d1 nt!RtlpBreakWithStatusInstruction (FPO: [1,0,0])
8054abcc 806d99ba 00000001 fff0bd02 000000d1 nt!KeUpdateSystemTime+0x165 (FPO: [0,2] TrapFrame @ 8054abe0)
8054ac50 80542af0 00000000 0000000e 00000000 hal!HalProcessorIdle+0x2 (FPO: [0,0,0])
8054ac54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x10 (FPO: [0,0,0])
kd> r esp=esp-4
kd> t
nt!RtlpBreakWithStatusInstruction+0x1:
80528bdd c20400 ret 4
kd> t

*** Fatal System Error: 0x00000030
(0x8054ABCC,0x8054ABD0,0x8054AB5C,0x00000000)


A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

The debuggee is ready to run
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3

虽然有提示信息，但是并不完全明白是什么意思，
SET_OF_INVALID_CONTEXT (30)
Attempt to set the stack pointer in the trap frame to a lower value than
the current stack pointer value. This would cause the kernel run with a
stack pointer pointing to stack which is no longer valid.

请高人指教，谢谢了