|
阅读:3004回复:8
与诺顿srtsp.sys这个驱动冲突,请帮忙看看.
诺顿srtsp.sys这个驱动,加载后,保存蓝屏什么原因,DUMP信息如下:
kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: bad0b148, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: 805b054f, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000000, (reserved) Debugging Details: ------------------ READ_ADDRESS: bad0b148 FAULTING_IP: nt!ObpRemoveObjectRoutine+cb 805b054f 833800 cmp dword ptr [eax],0 MM_INTERNAL_CODE: 0 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: System TRAP_FRAME: faf62bdc -- (.trap 0xfffffffffaf62bdc) ErrCode = 00000000 eax=bad0b148 ebx=00000000 ecx=00000000 edx=8119e180 esi=8119e190 edi=00000000 eip=805b054f esp=faf62c50 ebp=faf62c60 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 nt!ObpRemoveObjectRoutine+0xcb: 805b054f 833800 cmp dword ptr [eax],0 ds:0023:bad0b148=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 8051cf07 to 804f9925 STACK_TEXT: faf62b64 8051cf07 00000050 bad0b148 00000000 nt!KeBugCheckEx+0x1b faf62bc4 805406ec 00000000 bad0b148 00000000 nt!MmAccessFault+0x8e7 faf62bc4 805b054f 00000000 bad0b148 00000000 nt!KiTrap0E+0xcc faf62c60 80522e47 8119e1a8 00000000 fefb8290 nt!ObpRemoveObjectRoutine+0xcb faf62c84 804e2080 804e1fe4 80550318 8130f8c8 nt!ObfDereferenceObject+0x5f faf62c88 804e1fe4 80550318 8130f8c8 00000000 nt!CcPerformReadAhead+0x2fa faf62d2c 804e718b 8130a218 8055b1c0 8130e5d8 nt!CcPerformReadAhead+0x25e faf62d74 80534dd0 8130a218 00000000 8130e5d8 nt!CcWorkerThread+0x147 faf62dac 805c5a28 8130a218 00000000 00000000 nt!ExpWorkerThread+0x100 faf62ddc 80541fa2 80534cd0 00000000 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!ObpRemoveObjectRoutine+cb 805b054f 833800 cmp dword ptr [eax],0 SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ObpRemoveObjectRoutine+cb FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlpa.exe DEBUG_FLR_IMAGE_TIMESTAMP: 41107b0c FAILURE_BUCKET_ID: 0x50_BADMEMREF_nt!ObpRemoveObjectRoutine+cb BUCKET_ID: 0x50_BADMEMREF_nt!ObpRemoveObjectRoutine+cb Followup: MachineOwner |
|
|
沙发#
发布于:2009-08-28 16:03
貌似不是什么冲突!这个是 cc的系统线程在derefference 你的fileobject的时候 系统会对这个fileobject的相对应的 routine 去除的时候 死掉的
|
|
|
板凳#
发布于:2009-08-28 17:12
主要看你是否对FileObject的内容做过什么修改?建议看一下[eax]具体是Fileobject的什么内容.
|
|
|
地板#
发布于:2009-08-30 10:36
多谢楼上二位的回答,问题还没解决,关键是为什么只有LOAD了诺顿的SRTSP这个驱动才会蓝.如何进行调试找到问题所在呢.
|
|
|
地下室#
发布于:2009-08-31 18:36
自己顶一下,问题还没解决.郁闷中......
|
|
|
5楼#
发布于:2009-08-31 19:51
再补充下,如果诺顿的SRTSP驱动不加载就不会有问题。还有就是蓝屏只有在密文保存时才会出现,同时打开个明文,保存不会蓝屏。再次感谢楼上二位兄弟。还有就是我没有对FILEOBJECT做修改。
|
|
|
6楼#
发布于:2009-08-31 22:43
Enable Driver Verifier. You may catch your bugs earlier.
|
|
|
7楼#
发布于:2009-09-02 20:08
verifier也试过了,蓝屏的信息还是一样的。
|
|
|
8楼#
发布于:2009-10-29 11:28
你可以把清缓存的代码去掉,看看还会不会有这个问题。
|
|
|