我驱动和瑞星嵌入式杀毒的冲突

楼主^#

更多发布于：2009-02-20 10:30

各位兄弟好，我有一个驱动，在没安装瑞星嵌入式杀毒之前，很正常，一旦安装了这个瑞星嵌入式杀毒就出现UNEXPECTED_KERNEL_MODE_TRAP (7f)蓝屏。这个瑞星嵌入式杀毒只有瑞星完全安装的时候才会安装的，典型安装是不安装的，也不知道是怎么回事，下面是我用windbg的调试信息，各位兄弟能不能给一点意见，应该怎么去查这种问题，怎么调试这种问题？谢谢了！

*** Fatal System Error: 0x0000007f
   (0x00000008,0xF7886D70,0x00000000,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................................................
Loading User Symbols
WARNING: Process directory table base 3EA80060 doesn't match CR3 00708000
.............
Loading unloaded module list
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, f7886d70, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
Probably caused by : ntkrpamp.exe ( nt!KeRegisterBugCheckReasonCallback+77c )

Followup: MachineOwner
---------

nt!DbgBreakPointWithStatus+0x4:
8052c5ec cc int 3
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
   use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
   use .trap on that value
Else
   .trap on the appropriate frame will show where the trap was taken
   (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: f7886d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************

MODULE_NAME: nt

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 48a3fbd9

BUGCHECK_STR: 0x7f_8

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

LAST_CONTROL_TRANSFER: from 804fa9f4 to 8052c5ec

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f7889d5c 804fa9f4 00000003 00000000 00000000 nt!DbgBreakPointWithStatus+0x4
f788a13c 80544561 0000007f 00000008 f7886d70 nt!KeRegisterBugCheckReasonCallback+0x77c
00000000 00000000 00000000 00000000 00000000 nt!Kei386EoiHelper+0x16a5

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KeRegisterBugCheckReasonCallback+77c
804fa9f4 e85f830000 call nt!ZwYieldExecution+0xa64 (80502d58)

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KeRegisterBugCheckReasonCallback+77c

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrpamp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

喜欢0

znsoft

管理员

注册日期2001-03-23
最后登录2023-10-25
粉丝300
关注6
积分910分
威望14796点
贡献值7点
好评度2410点
原创分5分
专家分100分

加关注写私信

沙发^#

发布于：2009-02-20 11:29

也许你不用解决了,瑞星没准快go..玩笑..

瑞星是直接挂的ntfs/fastfat驱动上

http://www.zndev.com 免费源码交换网 ----------------------------- 软件创造价值，驱动提供力量! 淡泊以明志，宁静以致远。 ---------------------------------- 勤用搜索，多查资料，先搜再问。

回复喜欢

solar-2008

驱动牛犊

注册日期2008-08-31
最后登录2010-05-21
粉丝0
关注0
积分43分
威望305点
贡献值0点
好评度0点
原创分0分
专家分0分

加关注写私信

板凳^#

发布于：2009-02-22 12:30

呵呵，谢谢znsoft大侠，我吧符号表换成xp sp3的，上次sp3的符号表没有下载完，用的是sp2的。再调试调试，只是这种问题不知道怎么调试定位问题，到底是什么地方和瑞星冲突了。

引用第1楼znsoft于2009-02-20 11:29发表的 :
也许你不用解决了,瑞星没准快go..玩笑..

瑞星是直接挂的ntfs/fastfat驱动上

回复喜欢

AllenZh

驱动老牛

注册日期2001-08-19
最后登录2015-11-27
粉丝19
关注10
积分1316分
威望2387点
贡献值7点
好评度321点
原创分0分
专家分0分

加关注写私信

地板^#

发布于：2009-03-02 18:00

有些致命的错误调试器也是没有办法处理的,有时只能凭经验了.

1,承接Windows下驱动/应用开发 2,本人原创虚拟鼠标/键盘,触摸屏,虚拟显卡,Mirror驱动,XP无盘的SCSI虚拟磁盘驱动等 3,windows下有尝技术服务(包括BUG调试,员工培训等) 欢迎深圳和海外企业联系.msn:mfczmh@sina.com

回复喜欢

cyliu

论坛版主

注册日期2003-06-13
最后登录2014-04-11
粉丝5
关注0
积分1238分
威望2531点
贡献值0点
好评度577点
原创分14分
专家分10分

加关注写私信

地下室^#

发布于：2009-03-05 22:33

Process directory table base 3EA80060 doesn't match CR3 00708000

cr3变化了?????????

走走看看开源好 Solaris vs Linux

回复喜欢

lyingsoft 驱动牛犊注册日期2007-01-20 最后登录2013-02-01 粉丝0 关注0 积分17分威望182点贡献值0点好评度10点原创分0分专家分0分加关注写私信	5楼^# 发布于：2009-03-12 00:22 以前也遇到过驱动与杀毒软件冲突的问题，可以跟踪一下在哪出错了，这时如果代码本身没有问题，则有可能通过增加一些垃圾代码解决，纯粹经验之谈：）
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

我驱动和瑞星嵌入式杀毒的冲突

最新喜欢：