|
阅读:2166回复:16
蓝屏死机怎么办?如何卸载文件驱动程序?
急切向各位老大请教:
我昨天先用sfilter里的标有卸载的.cmd文件,它没对services下的sfilter的注册表项删除;而后我在注册表的services下的sfilter上,右键删除。这么卸载sfilter可能有问题吧?应该如何卸载sfilter呢? 后来我重新编译sfilter,安装,重新启动。造成了蓝屏死机。 蓝屏死机后,多次使用多种安全模式启动不成功。 蓝屏内容: STOP:0X7F(0X08,0X00,0X00,0X00) UNEXPECTED_KERNEL_MODE_TRAP 查阅jerry的windos 2000设备驱动程序设计指南(原书第二版)附录B p346:内核不能捕获的陷阱,由intel CPU 产生。 参数:1~4:保留。 请老大指点:由intel CPU 产生的具体含义是什么?jerry说的参数:1~4:保留是什么意思? 死机原因是手动删除注册表造成,还是硬件的CPU原因造成? 我应该怎样处理?CPU坏了?难道要重新装系统吗? 谢谢! |
|
|
|
沙发#
发布于:2005-04-28 11:10
错误是Double Fault错误.另外sfilter是什么东西啊?
|
|
|
板凳#
发布于:2005-04-28 11:17
谢谢!
sfilter是ifskit(install file kit)里src下的一个原码例子 |
|
|
|
地板#
发布于:2005-04-28 11:33
你要能把CPU搞坏,算你狠!
大约要修复系统了. 既然是filter,光删除services下的项是不行的,要把filter的相关信息都删除 |
|
|
|
地下室#
发布于:2005-04-28 11:36
Double Fault,一般来说,都是stack溢出引起的
你想个法子,把你的sys文件给喀了,再进系统 |
|
|
5楼#
发布于:2005-04-28 11:50
如果你是FASTFAT的可以用98启动盘删除,或者另外装个OS来删除,建议你用XPIFS里 的SFILTER在XP下调试,可以动态加载和卸载,用2K下的话你会很郁闷的,嘿嘿......
|
|
|
|
6楼#
发布于:2005-04-28 11:52
你要能把CPU搞坏,算你狠! 谢谢老大maqian ! 我只编译安装了sfilter,可没有编译安装filespy啊! 您说修复系统,怎么修复啊? [编辑 - 4/28/05 by lgh41] |
|
|
|
7楼#
发布于:2005-04-28 11:59
[quote]你要能把CPU搞坏,算你狠! 谢谢老大! 我只编译安装了sfilter,可没有编译安装filespy啊! 您说修复系统,怎么修复啊? [/quote] 你问楼上的几位老大啊,看他们的贴子得益非浅,这几位很专业的. |
|
|
|
8楼#
发布于:2005-04-28 12:06
Double Fault,一般来说,都是stack溢出引起的 谢谢大老! 您能具体指点怎么喀?所有的安全模式都无法启动系统啊?通过BIOS吗?怎么做啊!大侠给想想办法呀!不能一蓝屏,就重新格c ,再重装系统吧!也许是搞驱动就得这样吗? |
|
|
|
9楼#
发布于:2005-04-28 12:14
如果你是FASTFAT的可以用98启动盘删除,或者另外装个OS来删除,建议你用XPIFS里 的SFILTER在XP下调试,可以动态加载和卸载,用2K下的话你会很郁闷的,嘿嘿...... 谢谢大老! 我正是装的2000 专业版,您是否建议这次不要装2000了,而装xp?您能把动态加载和卸载解释一下吗,我是新手,请多帮助!谢谢! |
|
|
|
10楼#
发布于:2005-04-28 12:19
如果是fat32,就找个98盘引导,喀了你的sys文件
安装完系统,做个ghost,有问题就ghost回来,呵呵 |
|
|
11楼#
发布于:2005-04-28 14:34
arthurtu :您好!
我装的是2000专业版,采用的是NTFS,有办法补救吗? 谢谢1 |
|
|
|
12楼#
发布于:2005-04-28 15:12
给你贴个全的,其实在WinDbg的帮助中全有
Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED The SYSTEM_THREAD_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000007E. This indicates that a system thread generated an exception which the error handler did not catch. Parameters The following parameters are displayed on the blue screen. Parameter Description 1 The exception code that was not handled 2 The address at which the exception occurred 3 The address of the exception record 4 The address of the context record Cause This is a very common bug check. To interpret it, you must identify which exception was generated. Common exception codes include: 0x80000002: STATUS_DATATYPE_MISALIGNMENT An unaligned data reference was encountered. 0x80000003: STATUS_BREAKPOINT A breakpoint or ASSERT was encountered when no kernel debugger was attached to the system. 0xC0000005: STATUS_ACCESS_VIOLATION A memory access violation occurred. For a complete list of exception codes, see the ntstatus.h file located in the inc directory of the Windows DDK. Resolving the Problem If you are not equipped to debug this problem, you should use some basic troubleshooting techniques. Make sure you have enough disk space. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you plan to debug this problem, you may find it difficult to obtain a stack trace. Parameter 2 (the exception address) should pinpoint the driver or function that caused this problem. If exception code 0x80000003 occurs, this indicates that a hard-coded breakpoint or assertion was hit, but the system was started with the /NODEBUG switch. This problem should rarely occur. If it occurs repeatedly, make sure a kernel debugger is connected and the system is started with the /DEBUG switch. If exception code 0x80000002 occurs, the trap frame will supply additional information. If the specific cause of the exception is unknown, the following should be considered: Hardware incompatibility. First, make sure that any new hardware installed is listed on the Microsoft Windows Hardware Compatibility List (HCL). Faulty device driver or system service. In addition, a faulty device driver or system service might be responsible for this error. Hardware issues, such as BIOS incompatibilities, memory conflicts, and IRQ conflicts can also generate this error. If a driver is listed by name within the bug check message, disable or remove that driver. Disable or remove any drivers or services that were recently added. If the error occurs during the startup sequence and the system partition is formatted with NTFS file system, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you need to start the computer by using the Recovery Console to access the file. If the problem is associated with Win32k.sys, the source of the error might be a third-party remote control program. If such software is installed, the service can be removed by starting the system using the Recovery Console and deleting the offending system service file. Check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing bug check 0x1E. Disabling memory caching of the BIOS might also resolve the error. You should also run hardware diagnostics, especially the memory scanner, supplied by the system manufacturer. For details on these procedures, see the owner\'s manual for your computer. The error that generates this message can occur after the first restart during Windows Setup, or after Setup is finished. A possible cause of the error is lack of disk space for installation and system BIOS incompatibilities. For problems during Windows installation that are associated with lack of disk space, reduce the number of files on the target hard disk. Check for and delete any unneeded temporary files, Internet cache files, application backup files, and .chk files containing saved file fragments from disk scans. You can also use another hard disk with more free space for the installation. BIOS problems can be resolved by upgrading the system BIOS version. 其实用Windbg加载你的Crash Image,然后打个!analyze -v 剩下的就是自己看输出结果 |
|
|
|
13楼#
发布于:2005-04-28 16:44
同志啊,人家是0x7F,不是0x7E错误 :D
0x7F一般都是因为stack溢出,就是说,一般是某个局部变量太大了 不知道拿紧急修复控制台能不能(好像是怎么叫的吧?) |
|
|
14楼#
发布于:2005-04-29 00:13
有个叫做ERD commander的启动光盘,可以直接在光盘上启动系统,访问文件和注册表,用它可以删除/修改那个driver和注册信息。
|
|
|
15楼#
发布于:2005-04-29 09:05
同志啊,人家是0x7F,不是0x7E错误 :D 不好意思,老眼昏花了,谢谢arthurtu老大提醒,BS一下自己,偶自己偶尔也犯这样的错误,搞得自己都认为见鬼了,最后突然发现...看错了 但 其实在WinDbg的帮助中全有 其实用Windbg加载你的Crash Image,然后打个!analyze -v 剩下的就是自己看输出结果 方法是不会变的 arthurtu老大说的进入紧急修复控制台,将Repair目录下的东西覆盖现有的system32\\Config下的东西,就可以恢复了 弥补过失 Bug Check 0x7F: UNEXPECTED_KERNEL_MODE_TRAP The UNEXPECTED_KERNEL_MODE_TRAP bug check has a value of 0x0000007F. This indicates that a trap was generated by the Intel CPU and the kernel failed to catch this trap. This could be either a bound trap (a trap the kernel is not permitted to catch) or a double fault (a fault that occurred while processing an earlier fault, which always results in a system crash). Parameters The first parameter displayed on the blue screen specifies the trap number. Here are some of the most common trap codes: 0x00000000, or Divide by Zero Error, is caused when a DIV instruction is executed and the divisor is zero. Memory corruption, other hardware problems, or software failures can cause this error. 0x00000004, or Overflow, occurs when the processor executes a call to an interrupt handler when the overflow (OF) flag is set. 0x00000005, or Bounds Check Fault, is generated when the processor, while executing a BOUND instruction, finds the operand exceeds the specified limits. A BOUND instruction is used to ensure that a signed array index is within a certain range. 0x00000006, or Invalid Opcode, is generated when the processor attempts to execute an invalid instruction. This is generally caused when the instruction pointer has become corrupted and is pointing to the wrong location. The most common cause of this is hardware memory corruption. 0x00000008, or Double Fault, is when an exception occurs while trying to call the handler for a prior exception. Normally, the two exceptions can be handled serially. However, there are several exceptions that cannot be handled serially, and in this situation the processor signals a double fault. There are two common causes of a double fault: A kernel stack overflow. This occurs when a guard page is hit, and then the kernel tries to push a trap frame. Since there is no stack left, a stack overflow results, causing the double fault. If you suspect this has occurred, use !thread to determine the stack limits, and then use kb (Display Stack Backtrace) with a large parameter (for example, kb 100) to display the full stack. A hardware problem. The less-common trap codes include: 0x00000001 ― A system-debugger call 0x00000003 ― A debugger breakpoint 0x00000007 ― A hardware coprocessor instruction with no coprocessor present 0x0000000A ― A corrupted Task State Segment 0x0000000B ― An access to a memory segment that was not present 0x0000000C ― An access to memory beyond the limits of a stack 0x0000000D ― An exception not covered by some other exception; a protection fault that pertains to access violations for applications For other trap numbers, consult an Intel architecture manual. Cause Bug check 0x7F usually occurs after the installation of faulty or mismatched hardware (especially memory) or in the event that installed hardware fails. A double fault can occur when the kernel stack overflows. This can happen if multiple drivers are attached to the same stack. For example, two file system filter drivers can be attached to the same stack and then the file system can recurse back in, overflowing the stack. Resolving the Problem Debugging: Always begin with the !analyze extension. If this is not sufficient, use the kv (Display Stack Backtrace) debugger command. If kv shows a taskGate, then use the .tss (Display Task State Segment) command on the part before the colon. If kv shows a trap frame, then use the .trap (Display Trap Frame) command to format the frame. Otherwise, use the .trap (Display Trap Frame) command on the appropriate frame. (On x86 platforms, this frame is associated with the procedure NT!KiTrap.) After this, use kv again to display the new stack. Troubleshooting: If hardware was recently added to the system, remove it to see if the error recurs. If existing hardware has failed, remove or replace the faulty component. Run hardware diagnostics supplied by the system manufacturer, to determine which hardware component has failed. The memory scanner is especially important; faulty or mismatched memory can cause this bug check. For details on these procedures, see the owner\'s manual for your computer. Check that all adapter cards in the computer are properly seated. Use an ink eraser or an electrical contact treatment, available at electronics supply stores, to ensure adapter card contacts are clean. If the error appears on a newly installed system, check the availability of updates for the BIOS, the SCSI controller or network cards. Updates of this kind are typically available on the Web site or BBS of the hardware manufacturer. Confirm that all hard disks, hard disk controllers, and SCSI adapters are listed on the Microsoft Windows Hardware Compatibility List (HCL). If the error occurred after the installation of a new or updated device driver, the driver should be removed or replaced. If, under this circumstance, the error occurs during the startup sequence and the system partition is formatted with NTFS, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you need to start the computer using the Recovery Console in order to access the file. Also try restarting your computer, and press F8 at the character-based menu that displays the operating system choices. At the resulting Windows Advanced Options menu, choose the Last Known Good Configuration option. This option is most effective when only one driver or service is added at a time. Overclocking (setting the CPU to run at speeds above the rated specification) can cause this error. If this has been done to the computer experiencing the error, return the CPU to the default clock speed setting. Check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing the error. Disabling memory caching of the BIOS might also resolve it. If you encountered this error while upgrading to a new version of Windows, it might be caused by a device driver, a system service, a virus scanner, or a backup tool that is incompatible with the new version. If possible, remove all third-party device drivers and system services and disable any virus scanners prior to upgrading. Contact the software manufacturer to obtain updates of these tools. Also make sure that you have installed the latest Windows Service Pack. Finally, if all the above steps fail to resolve the error, take the system motherboard to a repair facility for diagnostic testing. A crack, a scratched trace, or a defective component on the motherboard can also cause this error. |
|
|
|
16楼#
发布于:2005-04-29 10:16
各位老大:
我从来没这么高兴过! 在这个驱动开发网有这么多的大侠,那么认真,负责,孜孜不倦地帮助后来者!我衷心地祝福你们幸福,健康,万事如意!好运一定属于你们!wula! |
|
|