|
阅读:1424回复:3
我写的磁盘上层过滤驱动,怎么总是有下面bugcheck谁能帮忙看看。
下面是dump信息
Microsoft (R) Windows Debugger Version 6.4.0007.2 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Documents and Settings\effstudio\桌面\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: C:\WINDOWS\Symbols Executable search path is: *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe - Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp2_rtm.040803-2158 Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055bb20 Debug session time: Fri Mar 30 11:15:46.109 2007 (GMT+8) System Uptime: 0 days 0:33:58.875 *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe - Loading Kernel Symbols .............................................................................................................. Loading unloaded module list ............. Loading User Symbols PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 35, {81927270, 0, 0, 0} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NO_MORE_IRP_STACK_LOCATIONS (35) A higher level driver has attempted to call a lower level driver through the IoCallDriver() interface, but there are no more stack locations in the packet, hence, the lower level driver would not be able to access its parameters, as there are no parameters for it. This is a disasterous situation, since the higher level driver "thinks" it has filled in the parameters for the lower level driver (something it MUST do before it calls it), but since there is no stack location for the latter driver, the former has written off of the end of the packet. This means that some other memory has probably been trashed at this point. Arguments: Arg1: 81927270, Address of the IRP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* MODULE_NAME: nt FAULTING_MODULE: 804d8000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 41108004 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x35 LAST_CONTROL_TRANSFER: from 8051d3f7 to 805349ae STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. f9b7ac08 8051d3f7 00000035 81927270 00000000 nt!KeBugCheckEx+0x1b f9b7ac34 804e4d77 817ebb98 81927270 806ef2d0 nt!PoSetSystemState+0x3e3c f9b7ac58 8057e9f7 817ebb98 81927270 819bf028 nt!IofCallDriver+0x32 f9b7ad00 80580bfa 0000006c 00000000 00000000 nt!RtlUnicodeStringToAnsiString+0x2a7 f9b7ad34 804e006b 0000006c 00000000 00000000 nt!NtDeviceIoControlFile+0x2a f9b7ad64 7c92eb94 badb0d00 0012f608 00d4d0c8 nt!ZwYieldExecution+0xb96 0012f660 00000000 00000000 00000000 00000000 0x7c92eb94 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_NAME: MachineOwner BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- |
|
|
沙发#
发布于:2007-04-08 11:18
你是如何attach到目标设备的,还有你是如何处理irp的
|
|
|
板凳#
发布于:2007-04-08 17:42
就是按wdm书上写的过滤驱动啊
PDEVICE_OBJECT fdo = IoAttachDeviceToDeviceStack( fido, pdo ); pdx->NextStackDevice = fdo; fido->Flags |= fdo->Flags & (DO_DIRECT_IO | DO_BUFFERED_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH); //fido->Flags |= fdo->Flags & // ( DO_DIRECT_IO | DO_BUFFERED_IO | DO_POWER_PAGABLE ); fido->DeviceType = fdo->DeviceType; fido->Characteristics = fdo->Characteristics; fido->Flags |= DO_POWER_PAGABLE; fido->Flags &= ~DO_DEVICE_INITIALIZING; |
|
|
地板#
发布于:2007-04-09 09:10
那就是irp的处理有问题了,多消耗了一个io stack
|
|