首页>驱动开发>文件系统(过滤)驱动程序开发>Sfilter测U盘加解密
回复
« 返回列表
shenhui
shenhui
驱动小牛
驱动小牛
  • 注册日期2006-05-11
  • 最后登录2023-02-10
  • 粉丝14
  • 关注11
  • 积分142分
  • 威望1314点
  • 贡献值1点
  • 好评度146点
  • 原创分0分
  • 专家分1分
写私信
  • 社区居民
阅读:1103回复:0

Sfilter测U盘加解密

楼主#
更多 发布于:2007-05-31 16:57
我以tooflat的sfilter程序为基础对U盘进行加解密,用WinDbg调试的时候不知道为什么总是在操作U盘中的文件一段时间后,出现以下的Bug,好像是堆栈溢出了,另外系统有时还会在CcFluchCache处崩溃,不知道是不是代码重入的问题,如果是那应该怎么控制啊。每次都是在对U盘操作一段时间后出现的错误

错误信息:
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  41107ec2

FAULTING_IP:
CLASSPNP!ClassCompleteRequest+18d
fab6bdec ff5114           call    dword ptr [ecx+0x14]

EXCEPTION_RECORD:  ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: fab6bdec (CLASSPNP!ClassCompleteRequest+0x0000018d)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 0000001f
Attempt to read from address 0000001f

ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 0000001f

BUGCHECK_STR:  ACCESS_VIOLATION

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 804eedf9 to fab6bdec

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f8e6a960 804eedf9 80f93188 80fef5f0 81133ca0 CLASSPNP!ClassCompleteRequest+0x18d
f8e6a9b4 fab7fd83 80f93188 00000000 f8e6a9d4 nt!IoBuildPartialMdl+0xed
f8e6abdc fab81418 810d3d10 00000000 ffb72b10 Sfilter!DelRemovedDeviceAndDevExt+0x63 [d:\ÐéÄâ»ú¹²ÏíÎļþ¼Ð\sfilter(Òƶ¯´æ´¢½éÖÊÐÅÏ¢·Àй¶ϵͳ)\diskoperate.c @ 770]
f8e6ac34 804eedf9 811338f8 80fde008 806d12d0 Sfilter!SfDeviceIoControl+0x2c8 [d:\ÐéÄâ»ú¹²ÏíÎļþ¼Ð\sfilter(Òƶ¯´æ´¢½éÖÊÐÅÏ¢·Àй¶ϵͳ)\sfilter.c @ 2296]
f8e6ac58 805759c9 811338f8 80fde008 ffb6d5e0 nt!IoBuildPartialMdl+0xed
f8e6ad00 8056e326 00000760 00000000 00000000 nt!NtWriteFile+0x3929
f8e6ad34 8053d808 00000760 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
f8e6addc 80541fa2 fa87ab85 80f7d878 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f8e6ade0 fa87ab85 80f7d878 00000000 0000027f nt!KiDispatchInterrupt+0x5a2
f8e6ade4 80f7d878 00000000 0000027f 00860000 NDIS!NdisFreeToBlockPool+0x15e1
fa87ab85 08458bec 3bf63356 840f57c6 00006fb1 0x80f7d878
fa87ab89 3bf63356 840f57c6 00006fb1 54bff08b 0x8458bec
fa87ab8d 840f57c6 00006fb1 54bff08b a5fa87a4 0x3bf63356
fa87ab91 00000000 54bff08b a5fa87a4 ffa5a5a5 0x840f57c6


STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP:
CLASSPNP!ClassCompleteRequest+18d
fab6bdec ff5114           call    dword ptr [ecx+0x14]

FAULTING_SOURCE_CODE:  


SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  CLASSPNP!ClassCompleteRequest+18d

MODULE_NAME:  CLASSPNP

IMAGE_NAME:  CLASSPNP.SYS

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------
喜欢0
作一名真实,诚实,优秀的科技工作者!
回复
游客

关于phpwind联系我们问题反馈程序建议

Powered by phpwind v9.0.2 ©2003-2015 phpwind.com 京ICP备05006834号

返回顶部