|
阅读:1716回复:2
付详细dump信息 希望老牛们帮帮忙~~~
我是在接收函数里获取到数据包内容后将内容返回给应用层 采用共享内存+事件的方法
现在的问题是当我取到数据包内容要给应用层发事件通知应用层读取共享内存内容时蓝屏 windbg不知道什么原因也用不了了,配置按步骤一步步配置还是不行  关键代码没什么东西: if(!KeReadStateEvent(gpEvent)) ///////////////////////////一到这里就蓝屏了 { memset(SystemVirtualAddress, 0, PacketLen); memcpy(SystemVirtualAddress, (char*)&pPacket,PacketLen); //复制内容到共享内存都没问题 KeSetEvent(gpEvent, 0 , FALSE); } dump内容是 Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible Product: Server, suite: Enterprise TerminalServer SingleUserTS Built by: 3790.srv03_sp2_rtm.070216-1710 Machine Name: Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8 Debug session time: Mon Apr 12 18:13:13.765 2010 (GMT+8) System Uptime: 0 days 0:02:15.453 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Loading Kernel Symbols ............................................................... ................................. Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {4, d0000002, 0, 8082f26c} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. *** ERROR: Module load completed but symbols could not be loaded for RSFW.sys *** ERROR: Symbol file could not be found. Defaulted to export symbols for NDIS.sys - ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* *** ERROR: Module load completed but symbols could not be loaded for RTL8139.SYS *** ERROR: Module load completed but symbols could not be loaded for update.sys ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Probably caused by : RSFW.sys ( RSFW+20cd ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000004, memory referenced Arg2: d0000002, IRQL Arg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 8082f26c, address which referenced memory Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: RSFW FAULTING_MODULE: 80800000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 4bcececa READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 00000004 CURRENT_IRQL: 0 FAULTING_IP: nt!KeReadStateQueue+8 8082f26c 8b4004 mov eax,dword ptr [eax+4] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 8082f26c to 80836de5 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 808a33cc 8082f26c badb0d00 00000043 808b7602 nt!Kei386EoiHelper+0x2903 808a3440 b9ee30cd 00000000 808a3458 b9ee309b nt!KeReadStateQueue+0x8 808a344c b9ee309b 89032830 808a3464 b9ee306b RSFW+0x20cd 808a3458 b9ee306b 89032830 808a34fc b9ee4f93 RSFW+0x209b 808a3464 b9ee4f93 89032830 899fe110 ba5a9a40 RSFW+0x206b 808a34fc f7284293 88b1aa18 897bd008 89175188 RSFW+0x3f93 808a3534 f7787493 899fe110 897bd008 89175188 NDIS!EthFilterDprIndicateReceive+0xea 808a3564 f7787802 897bd008 0000ffff 897bd008 RTL8139+0x493 808a3574 f7787889 897bd008 897bd060 8995b130 RTL8139+0x802 808a358c f727b787 007bd008 ffdffa40 897bd074 RTL8139+0x889 808a35a8 8083d99a 897bd074 897bd060 00000000 NDIS!NdisMSetTimer+0x1924 808a3600 80839b2f 00000000 0000000e 00000000 nt!KeInsertQueueDpc+0x12c 808a6b40 00000000 808a6b48 808a6b48 808a6b50 nt!KiDispatchInterrupt+0x333 STACK_COMMAND: kb FOLLOWUP_IP: RSFW+20cd b9ee30cd 85c0 test eax,eax SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: RSFW+20cd FOLLOWUP_NAME: MachineOwner IMAGE_NAME: RSFW.sys BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- 0: kd> lmvm RSFW start end module name b9ee1000 b9eeb000 RSFW (no symbols) Loaded symbol image file: RSFW.sys Image path: \SystemRoot\system32\DRIVERS\RSFW.sys Image name: RSFW.sys Timestamp: Wed Apr 21 18:09:14 2010 (4BCECECA) CheckSum: 00014140 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 0: kd> lmvm nt start end module name 80800000 80a7a000 nt (export symbols) ntkrnlmp.exe Loaded symbol image file: ntkrnlmp.exe Image path: ntkrnlmp.exe Image name: ntkrnlmp.exe Timestamp: Sat Feb 17 14:29:03 2007 (45D6A0AF) CheckSum: 00260F84 ImageSize: 0027A000 File version: 5.2.3790.3959 Product version: 5.2.3790.3959 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0804.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft(R) Windows(R) Operating System InternalName: ntkrnlmp.exe OriginalFilename: ntkrnlmp.exe ProductVersion: 5.2.3790.3959 FileVersion: 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) FileDescription: NT Kernel & System LegalCopyright: (C) Microsoft Corporation. All rights reserved. 0: kd> lmvm RSFW start end module name b9ee1000 b9eeb000 RSFW (no symbols) Loaded symbol image file: RSFW.sys Image path: \SystemRoot\system32\DRIVERS\RSFW.sys Image name: RSFW.sys Timestamp: Wed Apr 21 18:09:14 2010 (4BCECECA) CheckSum: 00014140 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000004, memory referenced Arg2: d0000002, IRQL Arg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 8082f26c, address which referenced memory Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: RSFW FAULTING_MODULE: 80800000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 4bcececa READ_ADDRESS: 00000004 CURRENT_IRQL: 0 FAULTING_IP: nt!KeReadStateQueue+8 8082f26c 8b4004 mov eax,dword ptr [eax+4] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 8082f26c to 80836de5 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 808a33cc 8082f26c badb0d00 00000043 808b7602 nt!Kei386EoiHelper+0x2903 808a3440 b9ee30cd 00000000 808a3458 b9ee309b nt!KeReadStateQueue+0x8 808a344c b9ee309b 89032830 808a3464 b9ee306b RSFW+0x20cd 808a3458 b9ee306b 89032830 808a34fc b9ee4f93 RSFW+0x209b 808a3464 b9ee4f93 89032830 899fe110 ba5a9a40 RSFW+0x206b 808a34fc f7284293 88b1aa18 897bd008 89175188 RSFW+0x3f93 808a3534 f7787493 899fe110 897bd008 89175188 NDIS!EthFilterDprIndicateReceive+0xea 808a3564 f7787802 897bd008 0000ffff 897bd008 RTL8139+0x493 808a3574 f7787889 897bd008 897bd060 8995b130 RTL8139+0x802 808a358c f727b787 007bd008 ffdffa40 897bd074 RTL8139+0x889 808a35a8 8083d99a 897bd074 897bd060 00000000 NDIS!NdisMSetTimer+0x1924 808a3600 80839b2f 00000000 0000000e 00000000 nt!KeInsertQueueDpc+0x12c 808a6b40 00000000 808a6b48 808a6b48 808a6b50 nt!KiDispatchInterrupt+0x333 STACK_COMMAND: kb FOLLOWUP_IP: RSFW+20cd b9ee30cd 85c0 test eax,eax SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: RSFW+20cd FOLLOWUP_NAME: MachineOwner IMAGE_NAME: RSFW.sys BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- 0: kd> lmvm RSFW start end module name b9ee1000 b9eeb000 RSFW (no symbols) Loaded symbol image file: RSFW.sys Image path: \SystemRoot\system32\DRIVERS\RSFW.sys Image name: RSFW.sys Timestamp: Wed Apr 21 18:09:14 2010 (4BCECECA) CheckSum: 00014140 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 |
|
|
沙发#
发布于:2010-04-12 20:12
设置正确的符号路径会看到挂在哪,这个没用。初步看是你的内存访问有问题。有符号后,直接就可以看到变量情况。分分钟就可以搞定的事。
|
|
|
|
板凳#
发布于:2010-04-14 12:57
谢谢管理员 已解决了 确实是内存访问的问题
|
|