阅读:2013回复:2
大虾帮忙看看windbg的输出,分析分析
我在2000 DDK里修改passthru完成的程序,基本上没问题,但不稳定,有时候会蓝屏(无规律),
STOP:0x0000000A(0x706D6F63,2,0,0x80463973) IRQL_NOT_LESS_OR_EQUAL adress 80463973 base at 80400000 Datestamp 41773335-ntoskrnl..dll 下边是我听大家的建议用windbg !analyze -v分析蓝屏的输出,大虾帮忙看一下 另外想到一个问题,我在passthru里直接定义了一个200字节的数组,直接付值得,没有用AllocateMemory,不知道会不会是这个原因 Microsoft (R) Windows Debugger Version 6.2.0013.1 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\WINNT\MEMORY.DMP] Kernel Dump File: Full address space is available Symbol search path is: E:\WINNT\Symbols;E:\share Executable search path is: ************************************************************************** THIS DUMP FILE IS PARTIALLY CORRUPT. KdDebuggerDataBlock is not present or unreadable. ************************************************************************** Unable to read PsLoadedModuleList KdDebuggerDataBlock not available! KdDebuggerData.KernBase < SystemRangeStart Windows 2000 Kernel Version 2195 MP (2 procs) Free x86 compatible Kernel base = 0x00000000 PsLoadedModuleList = 0x80485b00 Debug session time: Thu Aug 09 16:51:36 2007 System Uptime: not available Unable to read PsLoadedModuleList KdDebuggerDataBlock not available! KdDebuggerData.KernBase < SystemRangeStart Loading Kernel Symbols Unable to read PsLoadedModuleList GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 CS descriptor lookup failed GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {2e777777, 2, 1, 80464d6c} ***** Debugger could not find nt in module list, module list might be corrupt. ***** Followup with Debugger team GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 Probably caused by : Unknown_Image Followup: MachineOwner --------- GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 ?: kd> !analyze -v GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 2e777777, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 80464d6c, address which referenced memory Debugging Details: ------------------ ***** Debugger could not find nt in module list, module list might be corrupt. ***** Followup with Debugger team GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 WRITE_ADDRESS: unable to get nt!MmPoolCodeEnd unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSpecialPoolStart unable to get nt!MmPagedPoolStart unable to get nt!MmNonPagedPoolExpansionStart unable to get nt!MmPoolCodeStart 2e777777 CURRENT_IRQL: 2 FAULTING_IP: +ffffffff80464d6c GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 GetContextState failed, 0x80004005 80464d6c ?? ??? DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA STACK_TEXT: FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 STACK_COMMAND: kb BUCKET_ID: CORRUPT_MODULELIST Followup: MachineOwner --------- |
|
沙发#
发布于:2007-08-10 15:45
这是另一个蓝屏的windbg信息,主要就是这两个错误。(一个0A ,一个7F)
1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck parens is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 00000008, EXCEPTION_DOUBLE_FAULT Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_8 TRAP_FRAME: 00000000 -- (.trap 0) DEFAULT_BUCKET_ID: DRIVER_FAULT LAST_CONTROL_TRANSFER: from 00000000 to 8046a10f STACK_TEXT: 00000000 00000000 00000000 00000000 00000000 nt!KeUpdateSystemTime+0x27 FOLLOWUP_IP: nt!KeUpdateSystemTime+27 8046a10f ebef jmp nt!KeUpdateSystemTime+0x18 (8046a100) FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: nt!KeUpdateSystemTime+27 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 427b58bb STACK_COMMAND: .trap 0 ; kb BUCKET_ID: 0x7f_8_nt!KeUpdateSystemTime+27 Followup: MachineOwner --------- |
|
板凳#
发布于:2007-08-10 16:16
EXCEPTION_DOUBLE_FAULT 往往是内核栈溢出引起的,
[我在passthru里直接定义了一个200字节的数组,直接付值得,没有用AllocateMemory,不知道会不会是这个原因] 改成NtAllocateMemory试试 |
|