|
阅读:1190回复:2
高手帮忙看看!蓝屏信息
学习ndis时,用ndissend发送数据包,少量发送还行,如果连续大量发就会出错。
下面时dump信息,真的不明白和ntoskrnl有什么关系。只是修改了passthru.sys呀 Microsoft (R) Windows Debugger Version 6.8.0004.0 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\PLGUNDAM\CODE\DumpFile\Mini121007-03.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: F:\Symbols;E:\PLGUNDAM\CODE\Driver\NDIS\SendPacket\SysV0.2\objchk_wxp_x86\i386 Executable search path is: E:\PLGUNDAM\CODE\Driver\NDIS\SendPacket\SysV0.2\objchk_wxp_x86\i386 Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055bb20 Debug session time: Tue Dec 11 17:35:00.509 2007 (GMT+8) System Uptime: 0 days 0:08:34.059 Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe Loading Kernel Symbols ................................................................................................... Loading User Symbols Loading unloaded module list ............. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 1, 7c80168a} *** WARNING: Unable to verify timestamp for mssmbios.sys ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: mssmbios!_SMBIOS_DATA_OBJECT *** *** *** ************************************************************************* Probably caused by : ntoskrnl.exe ( nt!KiTrap0E+233 ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000000, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 7c80168a, address which referenced memory Debugging Details: ------------------ ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: mssmbios!_SMBIOS_DATA_OBJECT *** *** *** ************************************************************************* WRITE_ADDRESS: 00000000 CURRENT_IRQL: 2 FAULTING_IP: +7c80168a 7c80168a 8908 mov dword ptr [eax],ecx CUSTOMER_CRASH_COUNT: 3 DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from 7c80168a to 804e3158 STACK_TEXT: f8bb7d64 7c80168a badb0d00 ffffffff f8bb7d98 nt!KiTrap0E+0x233 WARNING: Frame IP not in any known module. Following frames may be wrong. 0006fe18 00000000 00000000 00000000 00000000 0x7c80168a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiTrap0E+233 804e3158 ?? ??? SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!KiTrap0E+233 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 41108004 FAILURE_BUCKET_ID: 0xD1_W_nt!KiTrap0E+233 BUCKET_ID: 0xD1_W_nt!KiTrap0E+233 Followup: MachineOwner --------- kd> lmvm nt start end module name 804d8000 806ec600 nt M (pdb symbols) F:\Symbols\exe\ntoskrnl.pdb Loaded symbol image file: ntoskrnl.exe Image path: \WINDOWS\system32\ntoskrnl.exe Image name: ntoskrnl.exe Timestamp: Wed Aug 04 14:19:48 2004 (41108004) CheckSum: 00220D8C ImageSize: 00214600 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0 |
|
|
沙发#
发布于:2007-12-17 11:00
The stack tracing information is incorrect when the debugger entered KeBugCheck or KeBugCheckEx. You should set a breakpoint at these functions and re-execute your test. Once the breakpoint is catched, step into the assembly language and execute some instructions to create stack frame, you can get the full stack tracing information.
|
|
|
板凳#
发布于:2007-12-17 11:39
指针错误
|
|