Re: 请教一个加密狗驱动导致的蓝屏问题

Windows内核调试

请教一个加密狗驱动导致的蓝屏问题

peowner 2008-08-19, 10:32 上午

机器经常是每天都出现蓝屏,分析了一下转存文件,看的不是太明白,哪位给看看。

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c0000005, ba608bfe, ba17fba0, 0}

*** ERROR: Module load completed but symbols could not be loaded for SENTINEL.SYS
Probably caused by : SENTINEL.SYS ( SENTINEL+10bfe )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba608bfe, The address that the exception occurred at
Arg3: ba17fba0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
SENTINEL+10bfe
ba608bfe 668b745010      mov     si,word ptr [eax+edx*2+10h]

TRAP_FRAME:  ba17fba0 -- (.trap ffffffffba17fba0)
ErrCode = 00000000
eax=00000000 ebx=ba8bd424 ecx=ba8bd3f4 edx=00000001 esi=00000000 edi=ba8bd428
eip=ba608bfe esp=ba17fc14 ebp=00000000 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
SENTINEL+0x10bfe:
ba608bfe 668b745010      mov     si,word ptr [eax+edx*2+10h] ds:0023:00000012=????
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  dllhost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8085b4b3 to 8087b6be

STACK_TEXT: 
ba17f76c 8085b4b3 0000008e c0000005 ba608bfe nt!KeBugCheckEx+0x1b
ba17fb30 808357a4 ba17fb4c 00000000 ba17fba0 nt!KiDispatchException+0x3a2
ba17fb98 80835758 00000000 ba608bfe badb0d00 nt!CommonDispatchException+0x4a
ba17fc14 ba606b49 ba8bd3f4 00000001 ba8bd3f4 nt!Kei386EoiHelper+0x186
WARNING: Stack unwind information not available. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 SENTINEL+0xeb49


STACK_COMMAND:  kb

FOLLOWUP_IP:
SENTINEL+10bfe
ba608bfe 668b745010      mov     si,word ptr [eax+edx*2+10h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  SENTINEL+10bfe

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SENTINEL

IMAGE_NAME:  SENTINEL.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4586ceff

FAILURE_BUCKET_ID:  0x8E_SENTINEL+10bfe

BUCKET_ID:  0x8E_SENTINEL+10bfe

Followup: MachineOwner
---------

 

Re: 请教一个加密狗驱动导致的蓝屏问题

格蠹老雷 2008-08-19, 13:01 下午
很明显是个空指针的问题。出问题的是下面的指令:
mov si,word ptr [eax+edx*2+10h]
翻译成高级语言,它就是p->Field[X]这个样子,而目前EAX=0,也就是p=0.
目前的栈回溯因为没有调试符号,没有提供很有效的信息。
如果想继续探索根源,那么建议使用内核调试方法做live kernel debugging。

Re: 请教一个加密狗驱动导致的蓝屏问题

peowner 2008-08-19, 13:55 下午
非常感谢,正在研读《软件调试》一书,纯属个人爱好!

Powered by Community Server Powered by CnForums.Net