|
阅读:1483回复:0
在装诺顿的机器上,驱动卸载时蓝屏,请大家帮分析下DUMP文件驱动卸载时蓝屏,在装诺顿的机器上,请大家帮分析下DUMP文件: KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 805d777a, The address that the exception occurred at Arg3: f87b164c, Trap Frame Arg4: 00000000 Debugging Details: ------------------ PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffd500c). Type ".hh dbgerr001" for details EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" FAULTING_IP: nt!RtlCompareUnicodeString+124 805d777a 668b0a mov cx,word ptr [edx] TRAP_FRAME: f87b164c -- (.trap 0xfffffffff87b164c) ErrCode = 00000000 eax=e207a642 ebx=ffb4ec44 ecx=00000000 edx=00000000 esi=e207a5da edi=ffb4ebe8 eip=805d777a esp=f87b16c0 ebp=f87b16d8 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 nt!RtlCompareUnicodeString+0x124: 805d777a 668b0a mov cx,word ptr [edx] ds:0023:00000000=???? Resetting default scope DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: SCARDSV.EXE LAST_CONTROL_TRANSFER: from 804fd973 to 804f9925 STACK_TEXT: f87b16d8 f8497c13 0000005c 81191910 00000000 nt!RtlCompareUnicodeString+0x124 WARNING: Stack unwind information not available. Following frames may be wrong. f87b16f4 f848fd7e fc9fdd38 e207a59c 0025944b EtKernel+0x8c13 f87b1920 fa957fa1 ffb4ec44 f87b1944 00000000 EtKernel+0xd7e f87b1988 fa95a3ea 00b4ebe8 00000000 ffb4ebe8 fltMgr!FltpPerformPostCallbacks+0x1c5 f87b199c fa95a817 ffb4ebe8 ff96d008 f87b19dc fltMgr!FltpProcessIoCompletion+0x10 f87b19ac fa95aec5 811ea0a0 ff96d008 ffb4ebe8 fltMgr!FltpPassThroughCompletion+0x89 f87b19dc fa967153 f87b19fc 00000000 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x269 f87b1a18 804eedf9 811ea0a0 ff96d1bc ff96d1fc fltMgr!FltpCreate+0x1e3 f87b1a28 f82eb533 ff96d018 ffa81a20 812044c0 nt!IopfCallDriver+0x31 f87b1a50 f82eb685 00812d88 ff96d008 f87b1b50 FSpy+0x1533 f87b1a60 804eedf9 ff812cd0 ff96d008 ff96d008 FSpy+0x1685 f87b1a70 805783bc 812d68b8 ffb7573c f87b1c18 nt!IopfCallDriver+0x31 f87b1b50 805b465e 812d68d0 00000000 ffb75698 nt!IopParseDevice+0xa58 f87b1bd8 805b0b3f 00000000 f87b1c18 00000040 nt!ObpLookupObjectName+0x56a f87b1c2c 8056b133 00000000 00000000 19240d01 nt!ObOpenObjectByName+0xeb f87b1ca8 8056baaa 00148524 80100000 00d8f598 nt!IopCreateFile+0x407 f87b1d04 8056f291 00148524 80100000 00d8f598 nt!IoCreateFile+0x8e f87b1d44 8053d808 00148524 80100000 00d8f598 nt!NtOpenFile+0x27 f87b1d44 7c92eb94 00148524 80100000 00d8f598 nt!KiFastCallEntry+0xf8 00d8f5dc 00000000 00000000 00000000 00000000 0x7c92eb94 STACK_COMMAND: .trap 0xfffffffff87b164c ; kb FOLLOWUP_IP: EtKernel+8c13 f8497c13 85c0 test eax,eax SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: EtKernel+8c13 FOLLOWUP_NAME: MachineOwner MODULE_NAME: EtKernel IMAGE_NAME: EtKernel.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a7bd417 FAILURE_BUCKET_ID: 0x8E_EtKernel+8c13 BUCKET_ID: 0x8E_EtKernel+8c13 Followup: MachineOwner --------- |
|
