DbgPrint也会异常？

弄了好几天了，每次异常的地方都不一样。最近一次的分析如下，大家指点下：
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffff00, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80538a9c, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4b453a11

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 ffffff00

FAULTING_IP:
nt!wctomb+a01
80538a9c 8a18            mov     bl,byte ptr [eax]

MM_INTERNAL_CODE:  0

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

BUGCHECK_STR:  0x50

LAST_CONTROL_TRANSFER:  from 804f93fa to 80527da8

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f75c5060 804f93fa 00000003 00000000 c07ffff8 nt!DbgBreakPointWithStatus+0x4
f75c5440 804f9925 00000050 ffffff00 00000000 nt!KeRegisterBugCheckReasonCallback+0x77c
f75c5460 8051cf07 00000050 ffffff00 00000000 nt!KeBugCheckEx+0x1b
f75c54c0 805406ec 00000000 ffffff00 00000000 nt!MmTrimAllSystemPagableMemory+0x67db
f75c54ec 8065fa8e f75c5954 00000000 f75c5900 nt!Kei386EoiHelper+0x2674
f75c57ac 80536431 f75c57c8 ffffff00 f75c5a68 nt!RtlCompressBuffer+0x15c4a
f75c57e8 80527e43 f75c5824 00000200 ffffff00 nt!vsnprintf+0x2f
f75c5a40 80528048 80528028 ffffffff 00000000 nt!vDbgPrintExWithPrefix+0x91
f75c5a5c f77d0ce1 ffffff00 00000000 00000000 nt!DbgPrint+0x1a
f75c5a74 f77d01fd f77d26d0 f75c5eb4 f75c5a90 REGSYS701!UpdateStore+0x11 [e:\home\xuzhen\vc7\procmon\driver\procmona.c @ 1316]
f75c5ed0 8053d808 f75c5fec 02000000 f75c5f70 REGSYS701!HookRegOpenKey+0x10d [e:\home\xuzhen\vc7\procmon\driver\procmona.c @ 602]
f75c5ee4 804febd1 badb0d00 f75c5f5c 00000024 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f75c5f94 80606e63 02000000 f75c5fec 00000000 nt!ZwOpenKey+0x11
f75c60f4 80607307 80607294 7c99c038 00000001 nt!NtSetEvent+0x20d7
f75c6138 8053d808 7c99c038 0006dcd8 7c92eb94 nt!NtSetEvent+0x257b
f75c6154 805452fe 00000045 00000000 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f75c61c4 8062cdf6 e1ad0050 0120027f 05d80000 nt!ExAllocatePoolWithTag+0x27e
f75c61dc 80635dce 0000000f 00001f80 0000004d nt!LsaDeregisterLogonProcess+0x1e4f0
f75c624c 80544dfd 00000000 e1acf650 00000000 nt!LsaDeregisterLogonProcess+0x274c8
f75c6278 805b6341 00000001 00000006 f75c62ac nt!ExFreePoolWithTag+0x417
f75c6288 805b639f e1acf650 a079654b 82db4880 nt!NtWaitForSingleObject+0x963
f75c62ac 805b056b e1acf650 00000000 00000000 nt!NtWaitForSingleObject+0x9c1
f75c62c4 80522e47 e1acf668 00000000 00000598 nt!NtFreeVirtualMemory+0x8691
f75c62e8 804f83c3 82d09348 804f83cb 00000000 nt!ObfDereferenceObject+0x5f
f75c6314 805b1629 f75c632c f75c6368 f75c63e4 nt!KeUnstackDetachProcess+0xf7
f75c6348 805b1731 00000598 00000000 00000000 nt!ObReferenceObjectByName+0x723
f75c635c 8053d808 80000598 f75c6534 804fe479 nt!NtClose+0x1d
f75c6368 804fe479 badb0d00 f75c63e0 00000006 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f75c6534 80607307 80607294 806066cd f75c6584 nt!ZwClose+0x11
f75c6578 804febd1 f75c65e0 82df0000 805452fe nt!NtSetEvent+0x257b
00000000 00000000 00000000 00000000 00000000 nt!ZwOpenKey+0x11


STACK_COMMAND:  kb

FOLLOWUP_IP:
REGSYS701!UpdateStore+11 [e:\home\xuzhen\vc7\procmon\driver\procmona.c @ 1316]
f77d0ce1 83c404          add     esp,4

FAULTING_SOURCE_CODE:  
  1312:     va_list         arg_ptr;
  1313:     static CHAR     text[MAXPATHLEN*2];
  1314:
  1315: #define A (&format)
> 1316:     DbgPrint(( (char *)format, A[1], A[2], A[3], A[4], A[5], A[6] ));
  1317:     DbgPrint(( "\n" ));
  1318: #undef A
  1319:
  1320:     //
  1321:     // only do this if a GUI is active


SYMBOL_STACK_INDEX:  9

SYMBOL_NAME:  REGSYS701!UpdateStore+11

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: REGSYS701

IMAGE_NAME:  REGSYS701.SYS

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------