|
阅读:2102回复:16
郁闷:系统蓝屏啊
我在passthru上改了一个驱动,因为半路出家,也不会调试,现在运行一段时间后就会蓝屏
STOP:0x0000000A(0x706D6F63,2,0,0x80463973) IRQL_NOT_LESS_OR_EQUAL adress 80463973 base at 80400000 Datestamp 41773335-ntoskrnl..dll 有没有哪位有经验的,介绍一下怎么解决 |
|
|
沙发#
发布于:2007-07-19 14:34
呼呼呼。。肯定又是访问空指针。。或者在高出指定IRQL上访问。。。哈哈
 |
|
|
|
板凳#
发布于:2007-07-25 15:25
我也怀疑是,可是不知道怎么调试阿
而且这个不一定出现的,有时候好几天都没有问题,而且不可重现 还有他报的错误文件不是我的passthru.sys,而是ntoskrnl.dll 还有大虾指点一下解决办法 |
|
|
地板#
发布于:2007-07-25 15:34
学习使用windgb.转储文件,用windbg来打开dump文件,可以把!analyze -v的结果贴上来,帮你分析分析.
|
|
|
地下室#
发布于:2007-07-25 15:56
这种错误我估计每个驱动开发人员都碰到过,只能检查代码慢慢调试。
|
|
|
5楼#
发布于:2007-07-30 11:16
谢谢各位了,上次试着调试过dump文件,可是搞不懂,也没有存储,
下次再出来就贴上来,麻烦斑竹给看看 |
|
|
6楼#
发布于:2007-07-30 13:39
你用一个虚拟机加windgb调试你的驱动撒。。。这个方法比较管用的。。可以象调试c程序一样调试。。
|
|
|
7楼#
发布于:2007-07-30 15:21
看dump文件快,虚拟机调慢
|
|
|
8楼#
发布于:2007-08-01 14:58
可以用softice调试吧
|
|
|
9楼#
发布于:2007-08-03 17:34
还没解决?
|
|
|
|
10楼#
发布于:2007-08-06 09:43
谢谢各位关心,前两天自己试着去学习softice等工具,实在太笨而且半路出家作程序,汇编等都不懂,搞了半天搞不懂个所以来,只能在来麻烦大家了,下边是windbg的输出,麻烦大家给看看。
是2000server系统,用2000DDk改的passthru,不知道这些够不够 Microsoft (R) Windows Debugger Version 6.2.0013.1 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\WINNT\MEMORY.DMP] Kernel Dump File: Full address space is available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible Product: Server Kernel base = 0x80400000 PsLoadedModuleList = 0x80485b00 Debug session time: Mon Aug 06 09:00:41 2007 System Uptime: 0 days 0:16:37.000 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Loading Kernel Symbols .................................................Missing image name, possible corrupt data. .Unable to add module at 00000000 Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - HRESULT 0x80004005 Loading unloaded module list ......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {61722e2f, 2, 1, 80464d6c} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. Probably caused by : Unknown_Image ( nt!wctomb+683 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 61722e2f, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 80464d6c, address which referenced memory Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. WRITE_ADDRESS: unable to get nt!MmPoolCodeEnd unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSpecialPoolStart unable to get nt!MmPagedPoolStart unable to get nt!MmNonPagedPoolExpansionStart unable to get nt!MmPoolCodeStart 61722e2f CURRENT_IRQL: 2 FAULTING_IP: nt!wctomb+683 80464d6c 8908 mov [eax],ecx DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 00000000 to 8046b12c STACK_TEXT: 80475350 00000000 00000000 00000000 80475730 nt!Kei386EoiHelper+0x275c FOLLOWUP_IP: nt!wctomb+683 80464d6c 8908 mov [eax],ecx FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: nt!wctomb+683 IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 STACK_COMMAND: kb BUCKET_ID: WRONG_SYMBOLS MODULE_NAME: Unknown_Module Followup: MachineOwner --------- |
|
|
11楼#
发布于:2007-08-06 11:45
符号不对,看看windbg的说明,如何设置符号
|
|
|
12楼#
发布于:2007-08-06 14:33
看看你的代码里面
哪里调用了 wctomb 设置好符号表 再把源文件路径设置好 这样你分析的时候就会知道具体是哪段代码出错了 |
|
|
13楼#
发布于:2007-08-06 15:19
 |
|
|
|
14楼#
发布于:2007-08-09 16:28
我的代码里没有wctomb这个函数,搜了一下好像是vc系统的msvcr71.dll里有,应该没有问题吧。
现在加了符号路径(下载安装了系统的符号文件,指定了对应路径和passthru的pdb文件的路径,不知道对不对),结果如下,大家再帮着看一下。 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck parens is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 00000008, EXCEPTION_DOUBLE_FAULT Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_8 TRAP_FRAME: 00000000 -- (.trap 0) DEFAULT_BUCKET_ID: DRIVER_FAULT LAST_CONTROL_TRANSFER: from 00000000 to 8046a10f STACK_TEXT: 00000000 00000000 00000000 00000000 00000000 nt!KeUpdateSystemTime+0x27 FOLLOWUP_IP: nt!KeUpdateSystemTime+27 8046a10f ebef jmp nt!KeUpdateSystemTime+0x18 (8046a100) FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: nt!KeUpdateSystemTime+27 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 427b58bb STACK_COMMAND: .trap 0 ; kb BUCKET_ID: 0x7f_8_nt!KeUpdateSystemTime+27 Followup: MachineOwner --------- |
|
|
15楼#
发布于:2007-08-09 17:20
这是另一次出错的输出,另外想到一个问题,我在passthru里直接定义了一个200字节的数组,没有用AllocateMemory,不知道会不会是这个原因
Microsoft (R) Windows Debugger Version 6.2.0013.1 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\WINNT\MEMORY.DMP] Kernel Dump File: Full address space is available Symbol search path is: E:\WINNT\Symbols;E:\share Executable search path is: ************************************************************************** THIS DUMP FILE IS PARTIALLY CORRUPT. KdDebuggerDataBlock is not present or unreadable. ************************************************************************** Unable to read PsLoadedModuleList KdDebuggerDataBlock not available! KdDebuggerData.KernBase < SystemRangeStart Windows 2000 Kernel Version 2195 MP (2 procs) Free x86 compatible Kernel base = 0x00000000 PsLoadedModuleList = 0x80485b00 Debug session time: Thu Aug 09 16:51:36 2007 System Uptime: not available Unable to read PsLoadedModuleList KdDebuggerDataBlock not available! KdDebuggerData.KernBase < SystemRangeStart Loading Kernel Symbols Unable to read PsLoadedModuleList GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 CS descriptor lookup failed GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {2e777777, 2, 1, 80464d6c} ***** Debugger could not find nt in module list, module list might be corrupt. ***** Followup with Debugger team GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 Probably caused by : Unknown_Image Followup: MachineOwner --------- GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 ?: kd> !analyze -v GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 2e777777, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 80464d6c, address which referenced memory Debugging Details: ------------------ ***** Debugger could not find nt in module list, module list might be corrupt. ***** Followup with Debugger team GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 WRITE_ADDRESS: unable to get nt!MmPoolCodeEnd unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSpecialPoolStart unable to get nt!MmPagedPoolStart unable to get nt!MmNonPagedPoolExpansionStart unable to get nt!MmPoolCodeStart 2e777777 CURRENT_IRQL: 2 FAULTING_IP: +ffffffff80464d6c GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 80464d6c ?? ??? DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA STACK_TEXT: FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 STACK_COMMAND: kb BUCKET_ID: CORRUPT_MODULELIST Followup: MachineOwner --------- |
|
|
16楼#
发布于:2007-08-10 15:33
那位大虾在,帮忙看一下windbg的输出,分析一下
|
|