Windows内核调试http://advdbg.org/forums/27/ShowForum.aspxzh-CNCommunityServer 1.1 (Build: 2.0.2.21480)windbg总是把寄存器当作4字节。volatility得到的dmphttp://advdbg.org/forums/7160/ShowPost.aspxThu, 11 Jun 2020 02:04:43 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7160sculida2<div>对于虚拟机场景。虚机是windows7(7601.24499),host机是linux。我想调试虚机。现有一种在host上dump出虚机内存的方法。</div><div>随后我使用<a href="https://github.com/volatilityfoundation/volatility">volatility2.6.1</a>将dump转为windbg的dump。</div><div>python2 vol.py --profile=Win7SP1x64_24000 --plugins=raw2dmp -f 1.virshdmp raw2dmp --output-image=1.dmp</div><div>然后用windbg打开1.dmp,一开始windbg提示</div><div><pre><span>16.0: kd:x86&gt; !wow64exts.sw Switched to Host mode</span></pre></div><div>遂得到</div><div><pre><span>16.0: kd&gt;</span></pre></div><div>随便载入一个线程,例如.thread explorer的0号线程。奇怪的是,用r查看寄存器,都是有的,k也能得到栈回溯。但是dp rsp的时候,似乎windbg,总是把寄存器当作16位数字而非64位,因此无法看到栈区数据。</div><div><br></div><div>也试过.effmach amd64, .effmach x86。没效果。不知道怎么办了。请教一下大家。多谢了!<br></div><div><pre><span>16.0: kd&gt; r Last set context: rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80004ca815a rsp=fffff88002824ec0 rbp=fffffa800681f820 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl nz na pe nc cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000<br></span><span>16.0: kd&gt; k *** Stack trace for last set context - .thread/.cxr resets it # Child-SP RetAddr Call Site </span><span>00</span><span> fffff880`02824ec0 fffff800`04c43c82 nt!KiSwapContext+0x7a </span><span>01</span><span> fffff880`02825000 fffff800`04c51802 nt!KiCommitThreadWait+0x1d2 </span><span>02</span><span> fffff880`02825090 fffff800`04f15575 nt!KeWaitForMultipleObjects+0x272 </span><span>03</span><span> fffff880`02825350 fffff800`04f1af9d nt!ObpWaitForMultipleObjects+0x295 </span><span>04</span><span> fffff880`02825820 fffff800`04cb3d53 nt!NtWaitForMultipleObjects+0xe5 </span><span>05</span><span> fffff880`02825a70 00000000`77319e3a nt!KiSystemServiceCopyEnd+0x13 </span><span>06</span><span> 00000000`001497b8 00000000`00000000 0x77319e3a<br></span><br><span><span>16.0: kd&gt; dp rsp 0000:4ec0 ????????`???????? ????????`???????? 0000:4ed0 ????????`???????? ????????`???????? 0000:4ee0 ????????`???????? ????????`????????</span><br></span><span></span></pre></div>Windows 10源代码泄露风波http://advdbg.org/forums/7072/ShowPost.aspxMon, 26 Jun 2017 04:51:23 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7072格蠹老雷3<div>老雷解读Windows 10源代码泄露事件:</div><div>Windows 10源代码泄露风波(<a href="https://mp.weixin.qq.com/s?__biz=MzA3NTk5MDIzNw==&amp;mid=2647665300&amp;idx=1&amp;sn=ae0a809d608bce6103b492ec28690eae&amp;chksm=874c9f26b03b1630aecc971f75e9b1b670159321bf6d23bbfb0eab68ccd8f8479529d692753f#rd">上</a>)</div><div><span>高网的朋友们,久违了</span></div><div><br></div>调试windows中断遇到问题http://advdbg.org/forums/7061/ShowPost.aspxWed, 10 May 2017 13:20:54 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7061zhaohui21<div>在windbg下对KiTrap05下断</div>r3 下发生0xc0000005 异常的时候,为什么没有命中断点<div><br></div>调试驱动的问题http://advdbg.org/forums/7025/ShowPost.aspxSat, 24 Dec 2016 17:06:29 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7025yusu2最近工作上需要调试有问题的usb驱动, 可是本人并没有写过驱动程序. 一时不知道该如何下手, 该去哪里下断点,除了driverentry. 还请大家赐教.庐山论剑http://advdbg.org/forums/7010/ShowPost.aspxThu, 24 Nov 2016 02:00:53 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7010格蠹老雷0<p><span class="Apple-tab-span"> </span><span>时光荏苒,又一年即将过去,忙碌了一年,大家一定有很多感慨吧?</span></p><p><span class="Apple-tab-span"> </span><span>这是个快速发展的时代,无论是个人还是软件都需要与时俱进。</span><span>Windows 10是微软第三代 NT团队的力挽狂澜之作,大刀阔斧地改造革新,旨在 Reinvent Windows!新的发布模式,引入 LINUX 环境子系统,兼容 LINUX 应用,基于 VT 技术的安全内核和用户态隔离模式(IUM),新的 UWP 策略,统一的内核,统一的开发接口,统一的开发工具…… 不管Windows 10在商业上是否能取得大的成功,Windows 10中的很多创新和技术绝对是值得思考和学习的。Windows不再 SEXY,但其实力仍在。Windows平台的软件工程师在变少,但身价却不断升高…… 在 2016 年的最后一个月,到庐山与《软件调试》的作者张银奎(格蠹老雷)一起在调试器下看 Windows 10,重温 Windows NT 的经典设计,探索 Windows 10 中那些鲜为外人所知的新特</span><span>征。</span></p><p><span class="Apple-tab-span"> </span>以Windows 10为话题,我们谈论的不仅限于Windows,<span>谈软件,谈理想,老雷期待与你在庐山秉烛夜谈。</span></p><div><div id="x_divtagdefaultwrapper"><div id="x_divtagdefaultwrapper"><div id="x_divtagdefaultwrapper"><div id="x_divtagdefaultwrapper"><div id="x_divtagdefaultwrapper"><div id="x_divtagdefaultwrapper"><p><span class="Apple-tab-span"> </span>详情请见&nbsp;<a href="http://001001.org/w10.pdf" target="_blank" class="x_OWAAutoLink" id="LPlnk822898">http://001001.org/w10.pdf</a>&nbsp;</p></div></div></div></div></div></div></div>加载驱动时蓝屏,dump信息如下,但是蓝屏时是栈里没有我的驱动,求各位老师帮忙看一下。http://advdbg.org/forums/7005/ShowPost.aspxSat, 12 Nov 2016 09:44:51 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7005风继续吹2<div>0: kd&gt; !analyze -v</div><div>*******************************************************************************</div><div>* &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; *</div><div>* &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Bugcheck Analysis &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;*</div><div>* &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; *</div><div>*******************************************************************************</div><div><br></div><div>DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)</div><div>An attempt was made to access a pageable (or completely invalid) address at an</div><div>interrupt request level (IRQL) that is too high. &nbsp;This is usually</div><div>caused by drivers using improper addresses.</div><div>If kernel debugger is available get stack backtrace.</div><div>Arguments:</div><div>Arg1: fffff8015046dee0, memory referenced</div><div>Arg2: 0000000000000002, IRQL</div><div>Arg3: 0000000000000008, value 0 = read operation, 1 = write operation</div><div>Arg4: fffff8015046dee0, address which referenced memory</div><div><br></div><div>Debugging Details:</div><div>------------------</div><div><br></div><div><br></div><div>DUMP_CLASS: 1</div><div><br></div><div>DUMP_QUALIFIER: 0</div><div><br></div><div>BUILD_VERSION_STRING: &nbsp;14393.0.amd64fre.rs1_release.160715-1616</div><div><br></div><div>DUMP_TYPE: &nbsp;0</div><div><br></div><div>BUGCHECK_P1: fffff8015046dee0</div><div><br></div><div>BUGCHECK_P2: 2</div><div><br></div><div>BUGCHECK_P3: 8</div><div><br></div><div>BUGCHECK_P4: fffff8015046dee0</div><div><br></div><div>READ_ADDRESS: &nbsp;fffff8015046dee0&nbsp;</div><div><br></div><div>CURRENT_IRQL: &nbsp;2</div><div><br></div><div>FAULTING_IP:&nbsp;</div><div>dump_NDIS!NdisReleaseRWLock+0</div><div>fffff801`5046dee0 0fb64201 &nbsp; &nbsp; &nbsp; &nbsp;movzx &nbsp; eax,byte ptr [rdx+1]</div><div><br></div><div>IP_IN_PAGED_CODE:&nbsp;</div><div>dump_NDIS!NdisReleaseRWLock+0</div><div>fffff801`5046dee0 0fb64201 &nbsp; &nbsp; &nbsp; &nbsp;movzx &nbsp; eax,byte ptr [rdx+1]</div><div><br></div><div>CPU_COUNT: 4</div><div><br></div><div>CPU_MHZ: cdc</div><div><br></div><div>CPU_VENDOR: &nbsp;GenuineIntel</div><div><br></div><div>CPU_FAMILY: 6</div><div><br></div><div>CPU_MODEL: 3c</div><div><br></div><div>CPU_STEPPING: 3</div><div><br></div><div>DEFAULT_BUCKET_ID: &nbsp;WIN8_DRIVER_FAULT</div><div><br></div><div>BUGCHECK_STR: &nbsp;AV</div><div><br></div><div>PROCESS_NAME: &nbsp;System</div><div><br></div><div>ANALYSIS_SESSION_HOST: &nbsp;DESKTOP-11K141K</div><div><br></div><div>ANALYSIS_SESSION_TIME: &nbsp;11-12-2016 16:02:16.0745</div><div><br></div><div>ANALYSIS_VERSION: 10.0.14321.1024 amd64fre</div><div><br></div><div>TRAP_FRAME: &nbsp;ffff8a80f0173480 -- (.trap 0xffff8a80f0173480)</div><div>NOTE: The trap frame does not contain all registers.</div><div>Some register values may be zeroed or incorrect.</div><div>rax=0000000000000000 rbx=0000000000000000 rcx=ffffd8808c342d00</div><div>rdx=ffff8a80f0173658 rsi=0000000000000000 rdi=0000000000000000</div><div>rip=fffff8015046dee0 rsp=ffff8a80f0173618 rbp=0000000000000003</div><div>&nbsp;r8=ffffd8808c342d00 &nbsp;r9=0000000000000000 r10=0000000000000000</div><div>r11=ffffd8808a4aa8b8 r12=0000000000000000 r13=0000000000000000</div><div>r14=0000000000000000 r15=0000000000000000</div><div>iopl=0 &nbsp; &nbsp; &nbsp; &nbsp; nv up ei ng nz na pe nc</div><div>dump_NDIS!NdisReleaseRWLock:</div><div>fffff801`5046dee0 0fb64201 &nbsp; &nbsp; &nbsp; &nbsp;movzx &nbsp; eax,byte ptr [rdx+1] ds:ffff8a80`f0173659=04</div><div>Resetting default scope</div><div><br></div><div>LAST_CONTROL_TRANSFER: &nbsp;from fffff8009ba5c96a to fffff8009b9d8a60</div><div><br></div><div>FAILED_INSTRUCTION_ADDRESS:&nbsp;</div><div>dump_NDIS!NdisReleaseRWLock+0</div><div>fffff801`5046dee0 0fb64201 &nbsp; &nbsp; &nbsp; &nbsp;movzx &nbsp; eax,byte ptr [rdx+1]</div><div><br></div><div>STACK_TEXT: &nbsp;</div><div>ffff8a80`f0172b88 fffff800`9ba5c96a : fffff801`5046dee0 00000000`0000000a ffff8a80`f0172cf0 fffff800`9b91fc88 : nt!DbgBreakPointWithStatus</div><div>ffff8a80`f0172b90 fffff800`9ba5c359 : 00000000`00000003 ffff8a80`f0172cf0 fffff800`9b9e0340 00000000`000000d1 : nt!KiBugCheckDebugBreak+0x12</div><div>ffff8a80`f0172bf0 fffff800`9b9d3094 : ffff88fc`00a82320 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheck2+0x8a5</div><div>ffff8a80`f0173300 fffff800`9b9de129 : 00000000`0000000a fffff801`5046dee0 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx+0x104</div><div>ffff8a80`f0173340 fffff800`9b9dc707 : 00000000`00000000 ffffd880`8c342d00 ffff8a80`f0173658 00000000`00000000 : nt!KiBugCheckDispatch+0x69</div><div>ffff8a80`f0173480 fffff801`5046dee0 : fffff801`4fa020ca 00000000`00000000 00000000`00000003 ffff8a80`f0173870 : nt!KiPageFault+0x247</div><div>ffff8a80`f0173618 fffff801`4fa020ca : 00000000`00000000 00000000`00000003 ffff8a80`f0173870 00000000`00000000 : dump_NDIS!NdisReleaseRWLock</div><div>ffff8a80`f0173620 fffff801`4fa22ee9 : 00000000`00000000 00000000`00000400 ffffa40d`0c3be9c0 ffffd880`8c3420b0 : dump_NETIO!KfdSetVisibleFilterState+0x46</div><div>ffff8a80`f0173650 fffff801`4fa6a77c : 00000000`00000000 ffff8a80`f0173870 00000000`00000090 ffff8a80`f01736d0 : dump_NETIO!KfdApplyBoottimePolicy+0x35</div><div>ffff8a80`f0173690 fffff800`9bd11069 : ffffa40d`0c54bf10 ffffa40d`0c54beb0 ffffd880`8c3420b0 ffff8a80`f01737a9 : dump_NETIO!KfdApplyBoottimePolicyCallback+0x4c</div><div>ffff8a80`f01736c0 fffff800`9bd10e06 : 00000000`00000000 ffff8a80`f01737a9 ffff8a80`f0173870 fffff800`9b9d6150 : nt!RtlpCallQueryRegistryRoutine+0x121</div><div>ffff8a80`f0173720 fffff800`9bd0f7fe : 00000000`00000000 00000000`00000007 00000000`00000005 00000000`00000000 : nt!RtlpQueryRegistryValues+0x356</div><div>ffff8a80`f0173800 fffff801`4fa6a70e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlQueryRegistryValuesEx+0xe</div><div>ffff8a80`f0173840 fffff801`4fa6a67b : 00000000`00000000 00000000`00000007 fffff801`4fa61b20 00000000`00000005 : dump_NETIO!KfdReadAndApplyBoottimePolicy+0x4e</div><div>ffff8a80`f01738f0 fffff801`4fa6a45e : fffff801`00000001 00000000`00000002 ffffffff`80000198 fffff801`4fa74080 : dump_NETIO!KfdProcessBoottimePolicy+0x57</div><div>ffff8a80`f0173920 fffff801`4fa6a40e : 00000000`00000000 fffff801`4fa740b0 ffffd880`8b1f40d0 00000000`00000001 : dump_NETIO!KfdStartModuleEx+0x3e</div><div>ffff8a80`f0173950 fffff801`4fa6a3ba : fffff801`4fa740c8 fffff801`50567014 00000000`00000010 00000000`00010282 : dump_NETIO!KfdStartModule+0x1e</div><div>ffff8a80`f0173980 fffff801`4fa75079 : 00000000`00000000 ffff8a80`f0173a30 ffffd880`8bcbb9c0 ffff8a80`f0173a30 : dump_NETIO!RtlInvokeStartRoutines+0x3a</div><div>ffff8a80`f01739c0 fffff800`9bdb2389 : 00000000`00000014 fffff800`9bb8e060 ffffd880`8bcbb9c0 ffffa40d`00000003 : dump_NETIO!DllInitialize+0x79</div><div>ffff8a80`f01739f0 fffff800`9bdb21e5 : ffffd880`8bcbb9c0 00000000`00000000 00000000`00000000 fffff800`00000000 : nt!MmCallDllInitialize+0x15d</div><div>ffff8a80`f0173a60 fffff800`9bcc1c4a : 00000000`00000002 ffff8a80`f0173c70 fffff800`9bb8e060 ffff8a80`f0174410 : nt!MiLoadImportDll+0x55</div><div>ffff8a80`f0173ab0 fffff800`9bd25092 : fffff801`50460000 ffff8a80`f0173c40 ffff8a80`f0173c70 ffff8a80`f0174410 : nt!MiResolveImageReferences+0x1f2</div><div>ffff8a80`f0173bc0 fffff800`9bdb21c6 : ffff8a80`f0173e20 ffff8a80`f0174410 00000000`00000002 fffff800`00000000 : nt!MmLoadSystemImage+0x2da</div><div>ffff8a80`f0173d60 fffff800`9bcc1c4a : 00000000`00000002 ffff8a80`f0173f70 fffff800`9bb8e060 ffff8a80`f0174410 : nt!MiLoadImportDll+0x36</div><div>ffff8a80`f0173db0 fffff800`9bd25092 : fffff801`4ee10000 ffff8a80`f0173f40 ffff8a80`f0173f70 ffff8a80`f0174410 : nt!MiResolveImageReferences+0x1f2</div><div>ffff8a80`f0173ec0 fffff800`9bdb21c6 : ffff8a80`f0174120 ffff8a80`f0174410 00000000`00000002 fffff800`00000000 : nt!MmLoadSystemImage+0x2da</div><div>ffff8a80`f0174060 fffff800`9bcc1c4a : 00000000`00000002 ffff8a80`f0174270 fffff800`9bb8e060 ffff8a80`f0174410 : nt!MiLoadImportDll+0x36</div><div>ffff8a80`f01740b0 fffff800`9bd25092 : fffff801`4ede0000 ffff8a80`f0174240 ffff8a80`f0174270 ffff8a80`f0174410 : nt!MiResolveImageReferences+0x1f2</div><div>ffff8a80`f01741c0 fffff801`4eda0eda : ffff8a80`f01743e8 ffff8a80`f0174410 00000000`00000000 ffffd880`00000002 : nt!MmLoadSystemImage+0x2da</div><div>ffff8a80`f0174360 fffff801`4eda07d1 : ffffffff`80000204 fffff801`4ed9c2a0 00000000`00000008 ffff8a80`f0174730 : crashdmp!CrashdmpLoadDumpStack+0x2ba</div><div>ffff8a80`f01745d0 fffff800`9bddaef8 : ffffffff`80000150 ffffd880`8c2df090 ffffa40d`0c408fc8 ffffffff`80000204 : crashdmp!CrashdmpInitialize+0x4a1</div><div>ffff8a80`f0174700 fffff800`9c035f56 : ffff8a80`f01749d0 fffff800`9bad4ed5 ffff8a80`00000003 ffff8a80`f01747c9 : nt!IopInitializeCrashDump+0x74</div><div>ffff8a80`f0174750 fffff800`9bd11194 : ffffa40d`0c408f98 ffffa40d`0c408f60 ffff8a80`f01749f0 ffff8a80`f0174909 : nt!IopInitCrashDumpRegCallback+0xfe</div>黑盒测试用例设计中划分等价法详解http://advdbg.org/forums/7007/ShowPost.aspxMon, 14 Nov 2016 06:57:26 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:7007削个椰子皮0 96 Normal 0 10 磅 0 2 false false false EN-US ZH-CN X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:普通表格; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Calibri; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-font-kerning:1.0pt;} <p class="MsoNormal" align="left"><span><font size="3">黑盒测试用例设计中划分等价法详解</font><span><o:p></o:p></span></span></p> <p class="MsoNormal" align="left"><span>&nbsp;</span></p> <p class="MsoNormal" align="left"><span>之前,有发过一篇介绍关于黑盒测试的用例设计的一些常见方法。不过在用例设计上确实还是要靠经验,有些人就问我,例如一些方案的具体方法和设计原则,今天就以划分等价来说明一下。<span><o:p></o:p></span></span></p> <p class="MsoNormal" align="left"><span>&nbsp;</span></p> <p class="MsoNormal" align="left"><span>还是先简单说说划分等价类:是指某个输入域的子集合。在该子集合中,各个输入数据对于揭露程序中的错误都是等效的,并合理地假定:测试某等价类的代表值就等于对这一类其它值的测试<span>.</span>因此<span>,</span>可以把全部输入数据合理划分为若干等价类<span>,</span>在每一个等价类中取一个数据作为测试的输入条件<span>,</span>就可以用少量代表性的测试数据<span>.</span>取得较好的测试结果<span>.</span>等价类划分可有两种不同的情况<span>:</span>有效等价类和无效等价类<span>.<br> <br> </span>有效等价类<span>:</span>是指对于程序的规格说明来说是合理的<span>,</span>有意义的输入数据构成的集合<span>.</span>利用有效等价类可检验程序是否实现了规格说明中所规定的功能和性能<span>.<br> <br> </span>无效等价类与有效等价类的定义恰巧相反<span>.<br> <br> </span>设计测试用例时<span>,</span>要同时考虑这两种等价类<span>.</span>因为<span>,</span>软件不仅要能接收合理的数据<span>,</span>也要能经受意外的考验<span>.</span>这样的测试才能确保软件具有更高的可靠性<span>. <br> <br> </span>划分等价类的方法<span>:</span>下面给出六条确定等价类的原则<span>.<br> <br> </span>①在输入条件规定了取值范围或值的个数的情况下<span>,</span>则可以确立一个有效等价类和两个无效等价类<span>.<br> <br> </span>②在输入条件规定了输入值的集合或者规定了“必须如何”的条件的情况下<span>,</span>可确立一个有效等价类和一个无效等价类<span>.<br> <br> </span>③在输入条件是一个布尔量的情况下<span>,</span>可确定一个有效等价类和一个无效等价类<span>.<br> <br> </span>④在规定了输入数据的一组值,并且程序要对每一个输入值分别处理的情况下<span>,</span>可确立<span>n</span>个有效等价类和一个无效等价类<span>.<br> <br> </span>⑤在规定了输入数据必须遵守的规则的情况下<span>,</span>可确立一个有效等价类和若干个无效等价类。<span><br> <br> </span>⑥在确知已划分的等价类中各元素在程序处理中的方式不同的情况下<span>,</span>则应再将该等价类进一步的划分为更小的等价类<span>.<br> <br> 3</span>)设计测试用例<span>:</span>在确立了等价类后<span>,</span>可建立等价类表<span>,</span>列出所有划分出的等价类<span>:<br> <br> </span>输入条件 有效等价类 无效等价类<span><br> <br> </span>然后从划分出的等价类中按以下三个原则设计测试用例<span>:<br> <br> </span>①为每一个等价类规定一个唯一的编号<span>.<br> <br> </span>②设计一个新的测试用例<span>,</span>使其尽可能多地覆盖尚未被覆盖地有效等价类<span>,</span>重复这一步<span>.</span>直到所有的有效等价类都被覆盖为止<span>.<br> <br> </span>③设计一个新的测试用例<span>,</span>使其仅覆盖一个尚未被覆盖的无效等价类<span>,</span>重复这一步<span>.</span>直到所有的无效等价类都被覆盖为止<span>.<br> <br> </span>以上,虽说只是理论上的一些方法原则,但实际进行测试多也是根据这个理论进行,不管是 <span><a href="https://testbird.com/">app<span>测试</span></a></span>还是软件测试,万遍不离其宗,相信对一些新手还是有帮助的。<span><o:p></o:p></span></span></p> <p class="MsoNormal"><span>&nbsp;</span></p> <p class="MsoNormal"><span><a href="TestBird%20-%20%25E6%2589%258B%25E6%25B8%25B8%25E5%2592%258CApp%25E8%2587%25AA%25E5%258A%25A8%25E5%258C%2596%25E6%25B5%258B%25E8%25AF%2595%25E5%25B9%25B3%25E5%258F%25B0">TestBird</a> - </span><span>手游和</span><span>App</span><span>自动化测试平台</span><span><o:p></o:p></span></p> 求助!关于全局变量http://advdbg.org/forums/6999/ShowPost.aspxSat, 08 Oct 2016 10:50:23 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6999lll1<div>IRQL_NOT_LESS_OR_EQUAL (a)</div><div>An attempt was made to access a pageable (or completely invalid) address at an</div><div>interrupt request level (IRQL) that is too high. &nbsp;This is usually</div><div>caused by drivers using improper addresses.</div><div>If a kernel debugger is available get the stack backtrace.</div><div>Arguments:</div><div>Arg1: 00000000, memory referenced</div><div>Arg2: 0000001c, IRQL</div><div>Arg3: 00000001, bitfield :</div><div><span class="Apple-tab-span"> </span>bit 0 : value 0 = read operation, 1 = write operation</div><div><span class="Apple-tab-span"> </span>bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)</div><div>Arg4: 804e2b68, address which referenced memory</div><div><br></div><div><br></div><div><div>DDITIONAL_DEBUG_TEXT: &nbsp;</div><div>You can run '.symfix; .reload' to try to fix the symbol path and load symbols.</div><div><br></div><div>FAULTING_MODULE: 804d8000 nt</div><div><br></div><div>DEBUG_FLR_IMAGE_TIMESTAMP: &nbsp;5735654c</div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000">WRITE_ADDRESS: &nbsp;00000000&nbsp;</font></div><div><br></div><div>CURRENT_IRQL: &nbsp;1c</div><div><br></div><div>FAULTING_IP:&nbsp;</div><div>nt!KeWaitForMultipleObjects+1e5</div><div>804e2b68 8939 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;mov &nbsp; &nbsp; dword ptr [ecx],edi</div></div><div><br></div><div><br></div><div><div>STACK_TEXT: &nbsp;</div><div>WARNING: Stack unwind information not available. Following frames may be wrong.</div><div>a86c6a04 804e2b68 badb0d00 00000000 e14ea298 nt!Kei386EoiHelper+0x27e9</div><div>a86c6a98 8070396b 00000000 00000000 00000000 nt!KeWaitForMultipleObjects+0x1e5</div><div>a86c6ab8 a8c2c004 <font color="#ff0000">00000000</font> e10eeda0 898e6500 hal!ExAcquireFastMutex+0x2b</div><div>a86c6ad0 a8c247a0 000000d0 89860278 00000000 mydriver!FwTcp::ClearPolicy+0x14 [d:\code\mydriver\src\FwTcp.cpp @ 2988]</div><div>a86c6b10 a8c2398f 8986c428 00120164 00000000 mydriver!NetFireWall::ProcessRequest+0x600 [d:\code\mydriver\src\NetFireWall.cpp @ 1712]</div><div>a86c6b5c a8c2363c 8986c428 00000000 00000000 mydriver!NetFireWall::HandleIRP+0x10f [d:\code\mydriver\src\NetFireWall.cpp @ 714]</div><div>a86c6b78 804e2343 89a1d628 8986c428 80703410 mydriver!NetFireWall::DeviceDispatch+0x7c [d:\code\mydriver\src\NetFireWall.cpp @ 602]</div><div>a86c6b9c 80583af3 89a1d628 8986c428 89a65028 nt!IofCallDriver+0x32</div><div>a86c6c38 80589d00 0000014c 00000000 00000000 nt!RtlAnsiCharToUnicodeChar+0x4fc</div><div>a86c6cb0 805885d4 891380a0 000206b4 8913fbb0 nt!NtDeviceIoControlFile+0x2a</div><div>a86c6d34 804de9ab 0000014c 00000000 00000000 nt!RtlUnicodeStringToAnsiString+0xc5b</div><div>a86c6d64 7c92e514 badb0d00 0012fe74 00000000 nt!KiDeliverApc+0xbaa</div><div>a86c6d68 badb0d00 0012fe74 00000000 00000000 0x7c92e514</div><div>a86c6d6c 0012fe74 00000000 00000000 00000000 0xbadb0d00</div><div>a86c6d70 00000000 00000000 00000000 00000000 0x12fe74</div></div><div><br></div><div><br></div><div><div>0: kd&gt; x /v mydriver!g_FastMutex</div><div>prv global a8c37404 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;20 mydriver!g_FastMutex = struct _FAST_MUTEX</div></div><div><br></div><div><div>0: kd&gt; version</div><div>Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible</div><div>Product: WinNt, suite: TerminalServer SingleUserTS</div><div>Built by: 2600.xpsp_sp3_qfe.130704-0421</div><div>Machine Name:</div><div>Kernel base = 0x804d8000 PsLoadedModuleList = 0x805644c0</div><div>Debug session time: Sat Oct &nbsp;8 12:04:37.484 2016 (UTC + 8:00)</div><div>System Uptime: 0 days 0:02:24.156</div></div><div><br></div><div><br></div><div><b>以下为FwTcp.cpp 2988行的相关代码:</b></div><div><br></div><div>FAST_MUTEX g_FastMutex <font color="#008000">// 在文件最上面声明的</font></div><div><br></div><div><div>BOOL FwTcp::ClearPolicy()</div><div>{</div><div>&nbsp; &nbsp; ExAcquireFastMutex(&amp;g_FastMutex);</div><div><br></div><div>&nbsp; &nbsp; if (!IsListEmpty(g_pPolicyList)) <font color="#008000">&nbsp; //这里是2988行</font></div><div>&nbsp; &nbsp; {</div><div>&nbsp; &nbsp; &nbsp; &nbsp; PLIST_ENTRY pNode = g_pPolicyList-&gt;Blink;</div><div><br></div><div>&nbsp; &nbsp; &nbsp; &nbsp; while(!IsListEmpty(g_pPolicyList))</div><div>&nbsp; &nbsp; &nbsp; &nbsp; {</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PLIST_ENTRY pNodeNext = pNode-&gt;Blink;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RemoveEntryList(pNode);</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PPolicy pData = (PPolicy)CONTAINING_RECORD(pNode, Policy, entry);</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (NULL != pData)</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ExFreePool(pData);</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pData = NULL;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</div><div><br></div><div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pNode = pNodeNext;</div><div>&nbsp; &nbsp; &nbsp; &nbsp; }</div><div>&nbsp; &nbsp; }</div><div>&nbsp; &nbsp;&nbsp;</div><div>&nbsp; &nbsp; ExReleaseFastMutex(&amp;g_FastMutex);</div><div><br></div><div>&nbsp; &nbsp; return TRUE;</div><div>}</div></div><div><br></div><div>这个函数是在IRP_MJ_DEVICE_CONTROL中调用的。</div><div><br></div><div>我的疑问:</div><div><span class="Apple-tab-span"> </span>这个错误是 写0地址错误。看<span>hal!ExAcquireFastMutex+0x2b的参数为000000000,为什么会为0呢?我是用的全局变量。实际上看符号地址是</span><span>a8c37404,也不是NULL啊。</span></div><div><span><br></span></div><div><span>我是新手,请大神指教!可能上面分析的都不对,别笑话我。</span></div><div><font color="#ff0000" size="5"><br></font></div><div><font color="#ff0000" size="5"><br></font></div><div><font color="#ff0000" size="5">///////////////////////////////////</font></div><div><font color="#ff0000" size="5">g_pPolicyList是真正的错误地方。我一直以为报的错误行数的上一行才是真正的错误地址,所以一直找g_FastMutex了。g_pPolicyList因为一个比较不容易走到的逻辑会变成NULL,所以此处访问异常。</font></div><div><font color="#ff0000" size="5"><br></font></div><div><font color="#ff0000" size="5">帖子留在这里吧。大神们见笑了。</font></div>关于如何在2012R2上用网络内核调试winload的问题……http://advdbg.org/forums/6959/ShowPost.aspxSat, 20 Aug 2016 02:00:14 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6959Memory_code2如题……因为WIN8.1不是支持网络内核调试了嘛,然后2012R2约等于WIN8.1,我在ESXI上建了一个虚拟机,然后装上2012R2之后,开启了网络内核调试,成功连上了windbg,但是由于开发的是磁盘过滤驱动……想要使用kdfiles替换驱动的话,就必须打开bootdebug选项,我打开之后,还是没有办法断到WINLOAD中,也没办法替换驱动,谷歌了一下,有人说只有uefi引导的<span>bootmgr才支持net调试,我又装了一个UEFI的……但是还是没有断下来……有木有有这方面的研究?因为用串口实在太慢了……而且bootdebug开启的时候,没办法用virtualkd……速度太慢了……&nbsp;</span>在看雪上遇到一个win7 x64下的奇葩蓝屏问题,特地来此论坛向内核大神们求助。http://advdbg.org/forums/6951/ShowPost.aspxTue, 19 Jul 2016 12:29:51 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6951风继续吹1链接为:http://bbs.pediy.com/showthread.php?p=1437630#post1437630 &nbsp;(不是我本人在看雪论坛上发的,因此不便复制过来)<div><br></div><div>我胡乱猜测跟CPU指令的乱序执行有关,不敢妄下结论,还望各位老师解答疑惑。</div>WaitForSingleObject导致BSOD?http://advdbg.org/forums/1862/ShowPost.aspxWed, 04 Feb 2009 06:21:41 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:1862jlflyfox25<P><FONT style="BACKGROUND-COLOR: #efefef">我有一个机器突然bsod了,我全部内存转储了,用windbg打开,发现应用层调用WaitForSingleObject导致内核出错</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols<BR>Executable search path is: <BR>Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free x86 compatible<BR>Product: Server, suite: Enterprise TerminalServer SingleUserTS<BR>Built by: 3790.srv03_sp1_rtm.050324-1447<BR>Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8<BR>Debug session time: Wed Feb&nbsp; 4 09:11:55.328 2009 (GMT+8)<BR>System Uptime: 0 days 0:17:40.906<BR>Loading Kernel Symbols<BR>.................................................................................................<BR>Loading User Symbols<BR>PEB is paged out (Peb.Ldr = 7ffd900c).&nbsp; Type ".hh dbgerr001" for details<BR>Loading unloaded module list<BR>..................<BR>*******************************************************************************<BR>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *<BR>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Bugcheck Analysis&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *<BR>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *<BR>*******************************************************************************</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">Use !analyze -v to get detailed debugging information.</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">BugCheck 1A, {3452, 1099221, c088376c, 0}</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">Probably caused by : memory_corruption ( nt!MiDeleteAddressesInWorkingSet+155 )</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">Followup: MachineOwner<BR>---------</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">1: kd&gt; !analyze -v<BR>*******************************************************************************<BR>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *<BR>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Bugcheck Analysis&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *<BR>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *<BR>*******************************************************************************</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">MEMORY_MANAGEMENT (1a)<BR>&nbsp;&nbsp;&nbsp; # Any other values for parameter 1 must be individually examined.<BR>Arguments:<BR>Arg1: 00003452, The subtype of the bugcheck.<BR>Arg2: 01099221<BR>Arg3: c088376c<BR>Arg4: 00000000</FONT></P> <P><FONT style="BACKGROUND-COLOR: #efefef">Debugging Details:<BR>------------------</FONT></P><FONT style="BACKGROUND-COLOR: #efefef"> <P><BR>BUGCHECK_STR:&nbsp; 0x1a_3452</P> <P>DEFAULT_BUCKET_ID:&nbsp; DRIVER_FAULT</P> <P>PROCESS_NAME:&nbsp; notify.exe</P> <P>CURRENT_IRQL:&nbsp; 0</P> <P>LAST_CONTROL_TRANSFER:&nbsp; from 8084c103 to 80827451</P> <P>STACK_TEXT:&nbsp; <BR>b6210a8c 8084c103 0000001a 00003452 01099221 nt!KeBugCheckEx+0x1b<BR>b6210c48 8084c24d 88f0ad88 88f0ad88 00000000 nt!MiDeleteAddressesInWorkingSet+0x155<BR>b6210c68 8094b539 88f0afb0 88f977a8 00000001 nt!MmCleanProcessAddressSpace+0x111<BR>b6210cf0 8094b5b7 00000001 b6210d4c 8082d8b8 nt!PspExitThread+0x5f1<BR>b6210cfc 8082d8b8 88f977a8 b6210d48 b6210d3c nt!PsExitSpecialApc+0x1d<BR>b6210d4c 80888cd4 00000001 00000000 b6210d64 nt!KiDeliverApc+0x1ae<BR>b6210d4c 7c95ed54 00000001 00000000 b6210d64 nt!KiServiceExit+0x56<BR>WARNING: Frame IP not in any known module. Following frames may be wrong.<BR>014ef81c 7c952124 7c82baa8 00000ef4 00000000 0x7c95ed54<BR>014ef890 7c82ba12 00000ef4 000493e0 00000000 0x7c952124<BR>014ef8a4 0065dbb4 00000ef4 000493e0 ffffffff 0x7c82ba12<BR>014ef97c 0065e43b 000493e0 00000000 00ec5168 0x65dbb4<BR>014ef9b0 0065e37f 000493e0 00000000 00ec5168 0x65e43b<BR>014ef9e8 0065e1fa 00ec54f0 000493e0 00ec54e8 0x65e37f<BR>014efa08 0065810e 00ec54f0 000493e0 00000000 0x65e1fa<BR>014efa3c 0050373a 000493e0 00000000 00ec5168 0x65810e<BR>014eff2c 809a05fe 7ffdd000 00ec54a0 00000000 0x50373a<BR>014eff5c 0065a6af 00000000 00ec5168 00ec5168 nt!DbgkCreateThread+0x3ac<BR>014effa0 80a5762d 014effdc 006b8ca8 007370e8 0x65a6af<BR>014effa0 00000000 014effdc 006b8ca8 007370e8 hal!HalpApcInterrupt+0xcd</P> <P><BR>STACK_COMMAND:&nbsp; kb</P> <P>FOLLOWUP_IP: <BR>nt!MiDeleteAddressesInWorkingSet+155<BR>8084c103 cc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; int&nbsp;&nbsp;&nbsp;&nbsp; 3</P> <P>SYMBOL_STACK_INDEX:&nbsp; 1</P> <P>SYMBOL_NAME:&nbsp; nt!MiDeleteAddressesInWorkingSet+155</P> <P>FOLLOWUP_NAME:&nbsp; MachineOwner</P> <P>MODULE_NAME: nt</P> <P>DEBUG_FLR_IMAGE_TIMESTAMP:&nbsp; 42435b14</P> <P>IMAGE_NAME:&nbsp; memory_corruption</P> <P>FAILURE_BUCKET_ID:&nbsp; 0x1a_3452_nt!MiDeleteAddressesInWorkingSet+155</P> <P>BUCKET_ID:&nbsp; 0x1a_3452_nt!MiDeleteAddressesInWorkingSet+155</P> <P>Followup: MachineOwner<BR>---------<BR>1: kd&gt; kv<BR>ChildEBP RetAddr&nbsp; Args to Child&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR>b6210a8c 8084c103 0000001a 00003452 01099221 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])<BR>b6210c48 8084c24d 88f0ad88 88f0ad88 00000000 nt!MiDeleteAddressesInWorkingSet+0x155 (FPO: [Non-Fpo])<BR>b6210c68 8094b539 88f0afb0 88f977a8 00000001 nt!MmCleanProcessAddressSpace+0x111 (FPO: [Non-Fpo])<BR>b6210cf0 8094b5b7 00000001 b6210d4c 8082d8b8 nt!PspExitThread+0x5f1 (FPO: [Non-Fpo])<BR>b6210cfc 8082d8b8 88f977a8 b6210d48 b6210d3c nt!PsExitSpecialApc+0x1d (FPO: [Non-Fpo])<BR>b6210d4c 80888cd4 00000001 00000000 b6210d64 nt!KiDeliverApc+0x1ae (FPO: [Non-Fpo])<BR>b6210d4c 7c95ed54 00000001 00000000 b6210d64 nt!KiServiceExit+0x56 (FPO: [0,0] TrapFrame @ b6210d64)<BR>WARNING: Frame IP not in any known module. Following frames may be wrong.<BR>014ef81c 7c952124 7c82baa8 00000ef4 00000000 0x7c95ed54<BR>014ef890 7c82ba12 00000ef4 000493e0 00000000 0x7c952124<BR>014ef8a4 0065dbb4 00000ef4 000493e0 ffffffff 0x7c82ba12<BR>014ef97c 0065e43b 000493e0 00000000 00ec5168 0x65dbb4<BR>014ef9b0 0065e37f 000493e0 00000000 00ec5168 0x65e43b<BR>014ef9e8 0065e1fa 00ec54f0 000493e0 00ec54e8 0x65e37f<BR>014efa08 0065810e 00ec54f0 000493e0 00000000 0x65e1fa<BR>014efa3c 0050373a 000493e0 00000000 00ec5168 0x65810e<BR>014eff2c 809a05fe 7ffdd000 00ec54a0 00000000 0x50373a<BR>014eff5c 0065a6af 00000000 00ec5168 00ec5168 nt!DbgkCreateThread+0x3ac (FPO: [Non-Fpo])<BR>014effa0 80a5762d 014effdc 006b8ca8 007370e8 0x65a6af<BR>014effa0 00000000 014effdc 006b8ca8 007370e8 hal!HalpApcInterrupt+0xcd (FPO: [0,2] TrapFrame @ ffffffff)<BR>1: kd&gt; .trap b6210d64<BR>ErrCode = 00000000<BR>eax=000000c0 ebx=00ec5168 ecx=00000000 edx=00000000 esi=00000ef4 edi=00000000<BR>eip=7c95ed54 esp=014ef820 ebp=014ef890 iopl=0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; nv up ei ng nz ac pe cy<BR>cs=001b&nbsp; ss=0023&nbsp; ds=0023&nbsp; es=0023&nbsp; fs=003b&nbsp; gs=0000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; efl=00000297<BR>001b:7c95ed54 ??&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ???<BR>1: kd&gt; u 0x65a6af<BR>0065a6af ??&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ???<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ^ Memory access error in 'u 0x65a6af'<BR>1: kd&gt; d 0x65a6af<BR>0065a6af&nbsp; ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??&nbsp; ????????????????</P> <P>1: kd&gt; .process<BR>Implicit process is now 88f0ad88<BR>1: kd&gt; !process 88f0ad88<BR>PROCESS 88f0ad88&nbsp; SessionId: 0&nbsp; Cid: 0d1c&nbsp;&nbsp;&nbsp; Peb: 7ffd9000&nbsp; ParentCid: 0e58<BR>&nbsp;&nbsp;&nbsp; DirBase: 7bb576c0&nbsp; ObjectTable: 00000000&nbsp; HandleCount:&nbsp;&nbsp; 0.<BR>&nbsp;&nbsp;&nbsp; Image: notify.exe<BR>&nbsp;&nbsp;&nbsp; VadRoot 88f2ba28 Vads 56 Clone 0 Private 30. Modified 589. Locked 0.<BR>&nbsp;&nbsp;&nbsp; DeviceMap e11cc388<BR>&nbsp;&nbsp;&nbsp; Token&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; e1f6c030<BR>&nbsp;&nbsp;&nbsp; ElapsedTime&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00:02:35.296<BR>&nbsp;&nbsp;&nbsp; UserTime&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00:00:00.000<BR>&nbsp;&nbsp;&nbsp; KernelTime&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00:00:00.046<BR>&nbsp;&nbsp;&nbsp; QuotaPoolUsage[PagedPool]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 37256<BR>&nbsp;&nbsp;&nbsp; QuotaPoolUsage[NonPagedPool]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2240<BR>&nbsp;&nbsp;&nbsp; Working Set Sizes (now,min,max)&nbsp; (136, 50, 345) (544KB, 200KB, 1380KB)<BR>&nbsp;&nbsp;&nbsp; PeakWorkingSetSize&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1794<BR>&nbsp;&nbsp;&nbsp; VirtualSize&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 25 Mb<BR>&nbsp;&nbsp;&nbsp; PeakVirtualSize&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 28 Mb<BR>&nbsp;&nbsp;&nbsp; PageFaultCount&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1820<BR>&nbsp;&nbsp;&nbsp; MemoryPriority&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BACKGROUND<BR>&nbsp;&nbsp;&nbsp; BasePriority&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8<BR>&nbsp;&nbsp;&nbsp; CommitCharge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 311</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; THREAD 89d72300&nbsp; Cid 0d1c.0e50&nbsp; Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Not impersonating<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DeviceMap&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; e11cc388<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Owning Process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 88f0ad88&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Image:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; notify.exe<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Wait Start TickCount&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 67898&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Ticks: 0<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Context Switch Count&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 20&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; UserTime&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00:00:00.000<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; KernelTime&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00:00:00.000<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Win32 Start Address 0x006b62f2<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Start Address 0x7c82b5bb<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Stack Init b6211000 Current b62107dc Base b6211000 Limit b620e000 Call 0<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Priority 10 BasePriority 8 PriorityDecrement 0<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ChildEBP RetAddr&nbsp; <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210a8c 8084c103 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210c48 8084c24d nt!MiDeleteAddressesInWorkingSet+0x155 (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210c68 8094b539 nt!MmCleanProcessAddressSpace+0x111 (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210cf0 8094b5b7 nt!PspExitThread+0x5f1 (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210cfc 8082d8b8 nt!PsExitSpecialApc+0x1d (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210d4c 80888cd4 nt!KiDeliverApc+0x1ae (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b6210d4c 7c95ed54 nt!KiServiceExit+0x56 (FPO: [0,0] TrapFrame @ b6210d64)<BR>WARNING: Frame IP not in any known module. Following frames may be wrong.<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014ef81c 7c952124 0x7c95ed54<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014ef890 7c82ba12 0x7c952124<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014ef8a4 0065dbb4 0x7c82ba12<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014ef97c 0065e43b 0x65dbb4<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014ef9b0 0065e37f 0x65e43b<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014ef9e8 0065e1fa 0x65e37f<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014efa08 0065810e 0x65e1fa<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014efa3c 0050373a 0x65810e<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014eff2c 809a05fe 0x50373a<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014eff5c 0065a6af nt!DbgkCreateThread+0x3ac (FPO: [Non-Fpo])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014effa0 80a5762d 0x65a6af<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 014effa0 00000000 hal!HalpApcInterrupt+0xcd (FPO: [0,2] TrapFrame @ ffffffff)</P> <P>&nbsp;</P> <P>我ida打开notify.exe,发现0x65dbb4前正好是在执行WaitForSingleObject,然后就调用kernel32.dll和ntdll.dll里面了,<BR>这里有个小小疑惑,不过不影响大局,就是notify.exe没有pdb文件好理解,但为什么kernel32.dll和ntdll.dll里面为什么不能导出符号?</P> <P>真正疑惑的是在内核执行怎么就出问题了,是peb被paged out了么?<BR>光看PEB is paged out 和d 0x65a6af这些线索似乎可以这样认为,但系统到底出什么问题啦?我该怎么理解内核执行WaitForSingleObject就走到了KiServiceExit?<BR></FONT></P>关于Umdh跟踪内存泄漏的奇怪问题,大神们帮帮忙,如果张老师有时间的话请进,谢谢谢谢!http://advdbg.org/forums/6947/ShowPost.aspxTue, 05 Jul 2016 13:28:43 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6947hyqhero1<div>我用gflags把ust堆栈回溯打开了,同时把符号路径也都设置对了。</div><div>但是最后出来的结果也大部分是这样的,一次涨了4个G,看上去不太对。</div><div>我的系统环境是WIN8 64位操作系统,不知道有没有关系,希望各位有经验的指点一下,谢谢。</div><div><br></div><div>+ 4294967254 ( 4294967254 - &nbsp; &nbsp; &nbsp;0) &nbsp; &nbsp; &nbsp;1 allocs<span class="Apple-tab-span"> </span>BackTrace16C9AA08</div><div>+ &nbsp; &nbsp; &nbsp; 1 ( &nbsp; &nbsp; &nbsp;1 - &nbsp; &nbsp; &nbsp;0)<span class="Apple-tab-span"> </span>BackTrace16C9AA08<span class="Apple-tab-span"> </span>allocations</div><div><br></div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 58A9C71B</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 80002300</div><div><span class="Apple-tab-span"> </span>SecureDoc!EFS_GetProtectionPolicy+00042793</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 740066</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 610077</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 650072</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 4D005C</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : 630069</div><div><span class="Apple-tab-span"> </span>SecureDoc!EFS_GetProtectionPolicy+000427B2</div><div><span class="Apple-tab-span"> </span>SecureDoc!EFS_GetProtectionPolicy+000427B3</div><div><span class="Apple-tab-span"> </span>&lt;no module&gt;!???+00000000 : &nbsp;740066&nbsp;</div><div><span class="Apple-tab-span"> </span>&nbsp;&lt;no module&gt;!???+00000000 : 44005C&nbsp;</div><div><span class="Apple-tab-span"> </span>&nbsp;&lt;no module&gt;!???+00000000 : 720069&nbsp;</div><div><span class="Apple-tab-span"> </span>&nbsp;&lt;no module&gt;!???+00000000 : 630065&nbsp;</div><div><br></div>&nbsp;<br><div><br></div>各位大神,如何知道内核函数名http://advdbg.org/forums/6943/ShowPost.aspxSat, 04 Jun 2016 00:48:46 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6943神之调2各位大神,比如我想知道 &nbsp;CreateWindowA &nbsp;这个函数在内核中调用了哪些函数,怎么做呢?求教。<div><br></div><div>描述一下,就是当我们最开始都不知道它底层会调用什么的时候,有什么办法来知道它底层调用了哪些函数呢?</div><div><br></div><div>总不能一步一步的调试吧,然后再看CALL STACK 吧,我感觉应该有 个 下断点的方法,就是 根据调用 函数 的数量深度来下断点,不知道有没有这样的功能呢?如果没有,那有没有其它办法呢?</div>请教各位大神关于完成端口的问题http://advdbg.org/forums/6945/ShowPost.aspxWed, 29 Jun 2016 06:18:28 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6945哈哈哈0<P>一般情况使用完成端口肯定会用到线程池,一般线程个数为cpu数*2</P> <P><FONT>我的问题是这些线程有没有可能同时返回一个句柄的事件</FONT></P> <P><FONT>比如一个socket我投递了10个WSARecv,那么会同时有两个或更多线程同时返回WSARecv事件吗?</FONT></P> <P>上网查了一些资料,关于多线程如何返回事件的讲解较少,<A href="http://blog.csdn.net/fion45/article/details/12554339">http://blog.csdn.net/fion45/article/details/12554339</A>这篇文章最后说完成端口内部是线程安全的,同时一个句柄的消息只会被一个线程处理,真是这样吗,是否有微软官方白皮书资料确认这个问题</P>用Windbg调试win10 X64的bootmgfw.efi出现Unable to get program counterhttp://advdbg.org/forums/6913/ShowPost.aspxFri, 18 Mar 2016 05:24:38 GMTe4f42b2c-e28e-435b-8fbe-636f8fa9f0b8:6913风继续吹1用Windbg调试win10 X64的bootmgfw.efi出现问题,执行命令r和命令g均出现问题,但是栈回溯没有问题,windbg信息输出如下:<div><div>Response &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Time (ms) &nbsp; &nbsp; Location</div><div>Deferred &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SRV*D:\WinDbgSymbolFilePath*http://msdl.microsoft.com/download/symbols</div><div>Symbol search path is: SRV*D:\WinDbgSymbolFilePath*http://msdl.microsoft.com/download/symbols</div><div>Executable search path is:&nbsp;</div><div>ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 997.</div><div>CS descriptor lookup failed</div><div>Windows Boot Debugger Kernel Version 10240 UP Free x64</div><div>Machine Name:</div><div>Primary image base = 0x00000000`10000000 Loaded module list = 0x00000000`10135e90</div><div>System Uptime: not available</div><div>Unable to get program counter</div><div>WaitForEvent failed</div><div>Unable to get program counter</div><div>0018:4bd5 0000 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;add &nbsp; &nbsp; byte ptr [bx+si],al</div><div>kd&gt; r</div><div>Unable to get program counter</div><div>rax=0000000000000003 rbx=000000000ffd9850 rcx=000000000ffd9850</div><div>rdx=000000000ffd9800 rsi=0000000000103d90 rdi=0000000000000001</div><div>rip=00000000100f4bd5 rsp=000000000ffd97d8 rbp=000000000ffd98f0</div><div>&nbsp;r8=0000000000000003 &nbsp;r9=000000000ffd9840 r10=0000000000000000</div><div>r11=0000000000000000 r12=0000000000000001 r13=0000000000000000</div><div>r14=0000000000114d01 r15=000000001013ac60</div><div>iopl=0 &nbsp; &nbsp; &nbsp; &nbsp; nv up ei pl nz na po nc</div><div>cs=0018 &nbsp;ss=0008 &nbsp;ds=0030 &nbsp;es=0030 &nbsp;fs=0030 &nbsp;gs=0030 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; efl=00000206</div><div>0018:4bd5 0000 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;add &nbsp; &nbsp; byte ptr [bx+si],al ds:0030:0003=80</div><div>&nbsp; &nbsp; ^ Unable to get program counter 'r'</div><div>kd&gt; k</div><div>&nbsp;# Child-SP &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RetAddr &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Call Site</div><div>00 00000000`0ffd97d8 00000000`100d7e47 bootmgfw!DebugService2+0x5</div><div>01 00000000`0ffd97e0 00000000`100a7bc3 bootmgfw!DbgLoadImageSymbols+0x67</div><div>02 00000000`0ffd9830 00000000`100a8106 bootmgfw!BlBdStart+0x1a7</div><div>03 00000000`0ffd9870 00000000`10051541 bootmgfw!BlBdInitialize+0x2b2</div><div>04 00000000`0ffd9920 00000000`10014bac bootmgfw!BlInitializeLibrary+0x41</div><div>05 00000000`0ffd9950 00000000`100147ae bootmgfw!BmMain+0x24c</div><div>06 00000000`0ffd9aa0 00000000`0ffdc9b4 bootmgfw!EfiEntry+0x1e</div><div>07 00000000`0ffd9ad0 00000000`00000000 0xffdc9b4</div><div>kd&gt; g</div><div>&nbsp; &nbsp; ^ Unable to get program counter 'g'</div></div><div><br></div><div><br></div><div>Windbg的版本是10.0.10586.567,VMware Workstation的版本是12.1.0,跪求高手解答。</div>