阅读:1631回复:4
急!!!请教一个关于IRQL级别的问题
我在passthru中写了以下的比对URL的函数,可能里边用的有些函数级别不对,经常就会蓝屏,下边是代码和windbg分析的dump文件信息,请大家看看,指正以下问题处在什么地方
BOOLEAN URLAim(CHAR URLBuffer[256], PUCHAR pHttpURL) { CHAR HostChar[256] = {0}; UINT URLLength = 0; UINT HostLength = 0; //查找URL长度 while(pHttpURL[URLLength] != 0x20) { URLLength++; } while(URLBuffer[HostLength] != 0x2f && HostLength<strlen(URLBuffer)) { HostLength++; } RtlZeroMemory(HostChar,256); URLLength = (URLLength < 256)?URLLength:256; memcpy(HostChar,pHttpURL,URLLength); if((strlen(URLBuffer) - HostLength) == 1) { if(URLLength != 1) { return FALSE; } } if(!memcmp((URLBuffer + HostLength),pHttpURL,strlen(URLBuffer) - HostLength)) { RtlZeroMemory(HostChar,256); memcpy(HostChar,URLBuffer,HostLength); if(strstr((pHttpURL + URLLength),HostChar)) { return TRUE; } } else if(strstr(HostChar,(URLBuffer + HostLength + 1))) { RtlZeroMemory(HostChar,256); HostChar[0] = 0x48; HostChar[1] = 0x6f; HostChar[2] = 0x73; HostChar[3] = 0x74; HostChar[4] = 0x3a; HostChar[5] = 0x20; memcpy(HostChar+6,URLBuffer,HostLength); if(strstr((pHttpURL + URLLength),HostChar)) { return TRUE; } } return FALSE; } ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// windbg分析dump文件和disassembly前后3屏的信息 Use !analyze -v to get detailed debugging information. BugCheck D1, {26, 2, 1, eb4a2210} *** WARNING: Unable to verify timestamp for Unknown_Module_eb4a0000 *** ERROR: Module load completed but symbols could not be loaded for Unknown_Module_eb4a0000 Probably caused by : Unknown_Image ( Unknown_Module_eb4a0000+2210 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000026, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: eb4a2210, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: 00000026 CURRENT_IRQL: 2 FAULTING_IP: Unknown_Module_eb4a0000+2210 eb4a2210 0000 add [eax],al DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from 00000000 to 8046b12c STACK_TEXT: 80475b80 00000000 00000000 00000000 00000000 nt!RtlFillMemory+0x2c FOLLOWUP_IP: Unknown_Module_eb4a0000+2210 eb4a2210 0000 add [eax],al FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: Unknown_Module_eb4a0000+2210 MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 STACK_COMMAND: kb BUCKET_ID: 0xD1_W_Unknown_Module_eb4a0000+2210 Followup: MachineOwner --------- 8046b0aa 742c jz nt!RtlCompareMemoryUlong+0x8 (8046b0d8) 8046b0ac 3d01000080 cmp eax,0x80000001 8046b0b1 7425 jz nt!RtlCompareMemoryUlong+0x8 (8046b0d8) 8046b0b3 3dfd0000c0 cmp eax,0xc00000fd 8046b0b8 741e jz nt!RtlCompareMemoryUlong+0x8 (8046b0d8) 8046b0ba 3d060000d0 cmp eax,0xd0000006 8046b0bf 7448 jz nt!RtlFillMemory+0x9 (8046b109) 8046b0c1 8bd1 mov edx,ecx 8046b0c3 8bde mov ebx,esi 8046b0c5 8bf7 mov esi,edi 8046b0c7 b903000000 mov ecx,0x3 8046b0cc 8bf8 mov edi,eax 8046b0ce b8060000c0 mov eax,0xc0000006 8046b0d3 e800ddffff call nt!KiTrap0D+0x24c (80468dd8) 8046b0d8 8bde mov ebx,esi 8046b0da 8bd1 mov edx,ecx 8046b0dc 8bf7 mov esi,edi 8046b0de e9e9dcffff jmp nt!KiTrap0D+0x240 (80468dcc) 8046b0e3 b9e4714680 mov ecx,0x804671e4 8046b0e8 894d68 mov [ebp+0x68],ecx 8046b0eb 8be5 mov esp,ebp 8046b0ed f705b0c7478001000000 test dword ptr [nt!KdpSearchPageHitOffsets+0x18d0 (8047c7b0)],0x1 8046b0f7 0f84d3d8ffff je nt!KiTrap0C+0x50 (804689d0) 8046b0fd e896fefbff call nt!KeBugCheckEx+0x326 (8042af98) 8046b102 8be5 mov esp,ebp 8046b104 e9c7d8ffff jmp nt!KiTrap0C+0x50 (804689d0) 8046b109 ff153c064080 call dword ptr [nt!_imp__KeFlushWriteBuffer (8040063c)] 8046b10f f0ff05400c4780 lock inc dword ptr [nt!P0BootThread+0x640 (80470c40)] 8046b116 8b4d64 mov ecx,[ebp+0x64] 8046b119 83e102 and ecx,0x2 8046b11c d1e9 shr ecx,1 8046b11e 8b7568 mov esi,[ebp+0x68] 8046b121 56 push esi 8046b122 51 push ecx 8046b123 50 push eax 8046b124 57 push edi 8046b125 6a0a push 0xa 8046b127 e8c010fcff call nt!KeWaitForSingleObject+0x6e (8042c1ec) 8046b0e8 894d68 mov [ebp+0x68],ecx 8046b0eb 8be5 mov esp,ebp 8046b0ed f705b0c7478001000000 test dword ptr [nt!KdpSearchPageHitOffsets+0x18d0 (8047c7b0)],0x1 8046b0f7 0f84d3d8ffff je nt!KiTrap0C+0x50 (804689d0) 8046b0fd e896fefbff call nt!KeBugCheckEx+0x326 (8042af98) 8046b102 8be5 mov esp,ebp 8046b104 e9c7d8ffff jmp nt!KiTrap0C+0x50 (804689d0) 8046b109 ff153c064080 call dword ptr [nt!_imp__KeFlushWriteBuffer (8040063c)] 8046b10f f0ff05400c4780 lock inc dword ptr [nt!P0BootThread+0x640 (80470c40)] 8046b116 8b4d64 mov ecx,[ebp+0x64] 8046b119 83e102 and ecx,0x2 8046b11c d1e9 shr ecx,1 8046b11e 8b7568 mov esi,[ebp+0x68] 8046b121 56 push esi 8046b122 51 push ecx 8046b123 50 push eax 8046b124 57 push edi 8046b125 6a0a push 0xa 8046b127 e8c010fcff call nt!KeWaitForSingleObject+0x6e (8042c1ec) 8046b12c f7457000000200 test dword ptr [ebp+0x70],0x20000 ss:0010:80475bf0=00010246 8046b133 740d jz nt!RtlFillMemoryUlonglong+0x2 (8046b142) 8046b135 833d4882478000 cmp dword ptr [nt!ExpSmallPagedPoolLookasideLists+0x248 (80478248)],0x0 8046b13c 0f857cfeffff jne nt!KiComputeTimerTableIndex+0x4a (8046afbe) 8046b142 833d344f488000 cmp dword ptr [nt!MmPagingFile+0x34 (80484f34)],0x0 8046b149 0f856ffeffff jne nt!KiComputeTimerTableIndex+0x4a (8046afbe) 8046b14f 833dc055488000 cmp dword ptr [nt!PopSIdle+0x20 (804855c0)],0x0 8046b156 0f8562feffff jne nt!KiComputeTimerTableIndex+0x4a (8046afbe) 8046b15c b8ff000000 mov eax,0xff 8046b161 ebac jmp nt!RtlFillMemory+0xf (8046b10f) 8046b163 64a154000000 mov eax,fs:[00000054] 8046b169 64c7055400000000000000 mov dword ptr fs:[00000054],0x0 8046b174 894568 mov [ebp+0x68],eax 8046b177 8be5 mov esp,ebp 8046b179 e952d8ffff jmp nt!KiTrap0C+0x50 (804689d0) 8046b17e 8bff mov edi,edi 8046b180 f7457000000200 test dword ptr [ebp+0x70],0x20000 8046b187 750d jnz nt!RtlZeroMemory+0x6 (8046b196) 8046b189 f7456c01000000 test dword ptr [ebp+0x6c],0x1 8046b0e8 894d68 mov [ebp+0x68],ecx 8046b0eb 8be5 mov esp,ebp 8046b0ed f705b0c7478001000000 test dword ptr [nt!KdpSearchPageHitOffsets+0x18d0 (8047c7b0)],0x1 8046b0f7 0f84d3d8ffff je nt!KiTrap0C+0x50 (804689d0) 8046b0fd e896fefbff call nt!KeBugCheckEx+0x326 (8042af98) 8046b102 8be5 mov esp,ebp 8046b104 e9c7d8ffff jmp nt!KiTrap0C+0x50 (804689d0) 8046b109 ff153c064080 call dword ptr [nt!_imp__KeFlushWriteBuffer (8040063c)] 8046b10f f0ff05400c4780 lock inc dword ptr [nt!P0BootThread+0x640 (80470c40)] 8046b116 8b4d64 mov ecx,[ebp+0x64] 8046b119 83e102 and ecx,0x2 8046b11c d1e9 shr ecx,1 8046b11e 8b7568 mov esi,[ebp+0x68] 8046b121 56 push esi 8046b122 51 push ecx 8046b123 50 push eax 8046b124 57 push edi 8046b125 6a0a push 0xa 8046b127 e8c010fcff call nt!KeWaitForSingleObject+0x6e (8042c1ec) 8046b12c f7457000000200 test dword ptr [ebp+0x70],0x20000 ss:0010:80475bf0=00010246 8046b133 740d jz nt!RtlFillMemoryUlonglong+0x2 (8046b142) 8046b135 833d4882478000 cmp dword ptr [nt!ExpSmallPagedPoolLookasideLists+0x248 (80478248)],0x0 8046b13c 0f857cfeffff jne nt!KiComputeTimerTableIndex+0x4a (8046afbe) 8046b142 833d344f488000 cmp dword ptr [nt!MmPagingFile+0x34 (80484f34)],0x0 8046b149 0f856ffeffff jne nt!KiComputeTimerTableIndex+0x4a (8046afbe) 8046b14f 833dc055488000 cmp dword ptr [nt!PopSIdle+0x20 (804855c0)],0x0 8046b156 0f8562feffff jne nt!KiComputeTimerTableIndex+0x4a (8046afbe) 8046b15c b8ff000000 mov eax,0xff 8046b161 ebac jmp nt!RtlFillMemory+0xf (8046b10f) 8046b163 64a154000000 mov eax,fs:[00000054] 8046b169 64c7055400000000000000 mov dword ptr fs:[00000054],0x0 8046b174 894568 mov [ebp+0x68],eax 8046b177 8be5 mov esp,ebp 8046b179 e952d8ffff jmp nt!KiTrap0C+0x50 (804689d0) 8046b17e 8bff mov edi,edi 8046b180 f7457000000200 test dword ptr [ebp+0x70],0x20000 8046b187 750d jnz nt!RtlZeroMemory+0x6 (8046b196) 8046b189 f7456c01000000 test dword ptr [ebp+0x6c],0x1 |
|
沙发#
发布于:2007-08-23 15:28
越界操作或者操作空指针。。
|
|
|
板凳#
发布于:2007-08-23 15:29
你的写法很有问题
|
|
|
地板#
发布于:2007-08-26 10:00
楼上能不能讲详细点,应该怎么改,我也没有过经验,只是看了一些例子,这样写的,望不吝指教
|
|
地下室#
发布于:2007-08-26 10:26
自己在windbg 的符号路径中加上自己程序的符号路径,然后dump ,就能看见在那里了
|
|