|
阅读:1861回复:1
请教下面DBG的内容是什么意思
kd> !analyze -v
******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 666d12ce, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 80532d52, address which referenced memory Debugging Details: READ_ADDRESS: 666d12ce CURRENT_IRQL: 2 FAULTING_IP: nt!ExpRemovePoolTracker+6a 80532d52 8b0430 mov eax,[eax+esi] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 80544d6b to 80532d52 TRAP_FRAME: f9dc752c -- (.trap fffffffff9dc752c) ErrCode = 00000000 eax=3839df9c ebx=00000002 ecx=2e383631 edx=02021121 esi=2e333332 edi=2e323931 eip=80532d52 esp=f9dc75a0 ebp=f9dc75b0 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206 nt!ExpRemovePoolTracker+0x6a: 80532d52 8b0430 mov eax,[eax+esi] ds:0023:666d12ce=???????? Resetting default scope STACK_TEXT: f9dc75b0 80544d6b 206b6444 00000010 00000000 nt!ExpRemovePoolTracker+0x6a f9dc75f8 f80ac3e1 818edd98 00000000 815d0710 nt!ExFreePoolWithTag+0x385 f9dc7638 f80adea7 00000000 00000000 00000000 NetHookDrv!IpToString+0xdc [d:\ipfw\nethookdrv.c @ 178] f9dc7684 f80adcf2 815d06e8 815d06fc 00000014 NetHookDrv!FilterPacket+0xd6 [d:\ipfw\nethookdrv.c @ 1197] f9dc76d0 f81bfa8d f9dc7740 00000002 f9dc7714 NetHookDrv!cbFilterFunction+0x1a5 [d:\ipfw\nethookdrv.c @ 1120] f9dc7744 f81bf836 817c8798 818b7b18 816fe80e tcpip!DeliverToUserEx+0x7e7 f9dc77fc f81be922 818b7b18 816fe822 0000001a tcpip!IPRcvPacket+0x6cb f9dc783c f81be84d 00000000 819c3698 816fe800 tcpip!ARPRcvIndicationNew+0x149 f9dc7878 f9707f45 8189caf0 00000000 f95abb40 tcpip!ARPRcvPacket+0x68 f9dc78cc f95a601d 0079b428 817c1de0 00000028 NDIS!ethFilterDprIndicateReceivePacket+0x307 f9dc78e0 f95a61b4 81882ad0 817c1de0 00000028 psched!PsFlushReceiveQueue+0x15 f9dc7904 f95a62db 817e1148 819d21e8 81882ad0 psched!PsEnqueueReceivePacket+0xda f9dc7934 f9707c9f 817e1140 019d21e8 819a200c psched!ClReceivePacket+0x113 f9dc7988 f9c6eda4 00799c78 f9dc79a8 00000064 NDIS!ethFilterDprIndicateReceivePacket+0x1c2 WARNING: Stack unwind information not available. Following frames may be wrong. f9dc7fb8 f96fdf09 000000dc 817ac008 817ac26c vmxnet+0x2da4 f9dc7fd0 80541d5d 819a32cc 819a32b8 00000000 NDIS!ndisMDpcX+0x21 f9dc7ff4 80541a2a f7ad2d44 00000000 00000000 nt!KiRetireDpcList+0x46 f9dc7ff8 f7ad2d44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a 80541a2a 00000000 00000009 bb835675 00000128 0xf7ad2d44 FOLLOWUP_IP: NetHookDrv!IpToString+dc [d:\ipfw\nethookdrv.c @ 178] f80ac3e1 8b45f4 mov eax,[ebp-0xc] SYMBOL_STACK_INDEX: 2 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: NetHookDrv!IpToString+dc MODULE_NAME: NetHookDrv IMAGE_NAME: NetHookDrv.sys DEBUG_FLR_IMAGE_TIMESTAMP: 494f874a STACK_COMMAND: .trap fffffffff9dc752c ; kb FAILURE_BUCKET_ID: 0xA_NetHookDrv!IpToString+dc BUCKET_ID: 0xA_NetHookDrv!IpToString+dc Followup: MachineOwner |
|
|
沙发#
发布于:2008-12-28 21:18
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 666d12ce, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 80532d52, address which referenced memory windbg已经清楚地告诉你了:在高IRQL时(IRQL值不小于2即dispatch_level)试图访问分页内存(或完全无效) 后面是参数:要访问的地址:666d12ce,当前IRQL:2 Arg3: 00000000即在read操作时发生的。。。 仔细看看WINDBG的输出还有多看WDK/DDK的文档 |
|