|
阅读:2127回复:2
代码蓝屏,不知道原因,请前辈们指点。
小弟最近一直都在研究sfilter的源码,为了更加的快速掌握文件过滤驱动的开发方法,所以从零开始一点一点模仿sfilter,现在已经完成了卷的绑定,并且指定了默认的分发函数(什么都不做),但是没有指定FASTIO,然后用DriverMonitor运行编译的驱动程序就蓝屏了。有以下问题:
1. 是不是一定要指定FASTIO函数,因为我看楚狂人的书上说如果不指定的话,会默认调用普通的分发函数。 2. 代码在绑定文件系统的时候都运行的很正确,只是绑定卷以后出现问题,我一直怀疑是分发函数有问题,但是我分发函数就是默认的处理。 3. 对于IRP_MJ_FILE_SYSTEM_CONTROL我并没有处理,只是最简单设置了普通分发函数: // 设置分发函数接口 for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++) { DriverObject->MajorFunction = FSPassThrough; } 4. 还有就是我指定了卸载函数,但是在DriverMonitor中停止运行驱动,再运行时会提示下面错误:ERROR (2): The ImagePath specified in the driver's service database entry is incorrect, or the file is missing.(关于这个问题之前znsoft前辈有回复过,但是我不是很明白,znsoft前辈的回复如下:“sys文件路径不对,驱动加载时,特别是boot之类启动的驱动,文件路径必须是设备路径或相对路径,如:system32\drivers\xxx.sys或 ??c:\\windows\xxxxxxxxx”),关于路径,我在注册表下有看到类似“c:\\windows\xxxxxxxxx”这样的字段,但是我发现驱动卸载的时候这个字段似乎也没有被删除过,这个地方很不明白。 求教各位大牛指点,灰常的感谢(代码见附件里)。 |
|
|
|
沙发#
发布于:2012-05-24 16:06
你的dump文件是怎么说的啊
|
|
|
板凳#
发布于:2012-05-25 15:13
回 gddcxysqw 的帖子
gddcxysqw:你的dump文件是怎么说的啊 (2012-05-24 16:06) Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\Minidump\Mini052512-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symcache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2003 Kernel Version 3790 UP Free x86 compatible Product: Server, suite: TerminalServer SingleUserTS Built by: 3790.srv03_rtm.030324-2048 Machine Name: Kernel base = 0x804e0000 PsLoadedModuleList = 0x8056ac08 Debug session time: Fri May 25 15:01:22.343 2012 (GMT+8) System Uptime: 0 days 1:04:21.109 Loading Kernel Symbols ............................................................... ............................................. Loading User Symbols Loading unloaded module list .. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000008E, {c0000005, 8057a3b8, f6a45c24, 0} Probably caused by : ntoskrnl.exe ( nt!NtWriteFile+30b ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 8057a3b8, The address that the exception occurred at Arg3: f6a45c24, Trap Frame Arg4: 00000000 Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" FAULTING_IP: nt!NtWriteFile+30b 8057a3b8 ff530c call dword ptr [ebx+0Ch] TRAP_FRAME: f6a45c24 -- (.trap 0xfffffffff6a45c24) ErrCode = 00000000 eax=82293140 ebx=00000000 ecx=f6a45cd4 edx=82293184 esi=00000000 edi=00000001 eip=8057a3b8 esp=f6a45c98 ebp=f6a45d38 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 nt!NtWriteFile+0x30b: 8057a3b8 ff530c call dword ptr [ebx+0Ch] ds:0023:0000000c=00000000 Resetting default scope CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x8E CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 804e9a8c to 8057a3b8 STACK_TEXT: f6a45d38 804e9a8c 00000304 00000000 00000000 nt!NtWriteFile+0x30b f6a45d38 7ffe0304 00000304 00000000 00000000 nt!KiSystemService+0xcb 006ef77c 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4 STACK_COMMAND: kb FOLLOWUP_IP: nt!NtWriteFile+30b 8057a3b8 ff530c call dword ptr [ebx+0Ch] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!NtWriteFile+30b FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 3e800a79 FAILURE_BUCKET_ID: 0x8E_nt!NtWriteFile+30b BUCKET_ID: 0x8E_nt!NtWriteFile+30b Followup: MachineOwner --------- 用dbgview看是这些,不是很明白 |
|
