阅读:1103回复:0
Sfilter测U盘加解密
我以tooflat的sfilter程序为基础对U盘进行加解密,用WinDbg调试的时候不知道为什么总是在操作U盘中的文件一段时间后,出现以下的Bug,好像是堆栈溢出了,另外系统有时还会在CcFluchCache处崩溃,不知道是不是代码重入的问题,如果是那应该怎么控制啊。每次都是在对U盘操作一段时间后出现的错误
错误信息: Unknown bugcheck code (0) Unknown bugcheck description Arguments: Arg1: 00000000 Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. FAULTING_MODULE: 804d8000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 41107ec2 FAULTING_IP: CLASSPNP!ClassCompleteRequest+18d fab6bdec ff5114 call dword ptr [ecx+0x14] EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff) ExceptionAddress: fab6bdec (CLASSPNP!ClassCompleteRequest+0x0000018d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 0000001f Attempt to read from address 0000001f ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 0000001f BUGCHECK_STR: ACCESS_VIOLATION DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from 804eedf9 to fab6bdec STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. f8e6a960 804eedf9 80f93188 80fef5f0 81133ca0 CLASSPNP!ClassCompleteRequest+0x18d f8e6a9b4 fab7fd83 80f93188 00000000 f8e6a9d4 nt!IoBuildPartialMdl+0xed f8e6abdc fab81418 810d3d10 00000000 ffb72b10 Sfilter!DelRemovedDeviceAndDevExt+0x63 [d:\ÐéÄâ»ú¹²ÏíÎļþ¼Ð\sfilter(Òƶ¯´æ´¢½éÖÊÐÅÏ¢·Àй¶ϵͳ)\diskoperate.c @ 770] f8e6ac34 804eedf9 811338f8 80fde008 806d12d0 Sfilter!SfDeviceIoControl+0x2c8 [d:\ÐéÄâ»ú¹²ÏíÎļþ¼Ð\sfilter(Òƶ¯´æ´¢½éÖÊÐÅÏ¢·Àй¶ϵͳ)\sfilter.c @ 2296] f8e6ac58 805759c9 811338f8 80fde008 ffb6d5e0 nt!IoBuildPartialMdl+0xed f8e6ad00 8056e326 00000760 00000000 00000000 nt!NtWriteFile+0x3929 f8e6ad34 8053d808 00000760 00000000 00000000 nt!NtDeviceIoControlFile+0x2a f8e6addc 80541fa2 fa87ab85 80f7d878 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14 f8e6ade0 fa87ab85 80f7d878 00000000 0000027f nt!KiDispatchInterrupt+0x5a2 f8e6ade4 80f7d878 00000000 0000027f 00860000 NDIS!NdisFreeToBlockPool+0x15e1 fa87ab85 08458bec 3bf63356 840f57c6 00006fb1 0x80f7d878 fa87ab89 3bf63356 840f57c6 00006fb1 54bff08b 0x8458bec fa87ab8d 840f57c6 00006fb1 54bff08b a5fa87a4 0x3bf63356 fa87ab91 00000000 54bff08b a5fa87a4 ffa5a5a5 0x840f57c6 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: CLASSPNP!ClassCompleteRequest+18d fab6bdec ff5114 call dword ptr [ecx+0x14] FAULTING_SOURCE_CODE: SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: CLASSPNP!ClassCompleteRequest+18d MODULE_NAME: CLASSPNP IMAGE_NAME: CLASSPNP.SYS BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- |
|
|