|
阅读:2948回复:4
TDI filter 與 Symantec AntiVirus 10.0.0.359 不相容
小弟安裝Symantec AntiVirus 10.0.0.359,與自己寫的MYTDI.sys
windows 2003 在跑一段時間後,會當機,也不是BSOD畫面, 而就像沒有反應的狀況, 重開後分析dump,得到下面資料, 似乎是SYMTDI.sys出錯, 但賽門鐵克是大廠....所以我只能說是我的驅動導致他錯誤.... System處理時發生10000050的錯誤 所以想請教此錯誤可能發生在什麼處理流程時....謝謝各位大牛..... Microsoft (R) Windows Debugger Version 6.6.0007.5 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\Minidump\Mini021508-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\DebugSymbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible Product: Server, suite: Enterprise TerminalServer SingleUserTS Built by: 3790.srv03_sp2_gdr.070304-2240 Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8 Debug session time: Fri Feb 15 09:32:03.656 2008 (GMT+8) System Uptime: 0 days 0:09:42.234 Loading Kernel Symbols ........................................................................................................................................ Loading User Symbols Loading unloaded module list ........... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000050, {cccccccc, 0, b9c9ead4, 0} Unable to load image SYMTDI.SYS, Win32 error 2 *** WARNING: Unable to verify timestamp for SYMTDI.SYS *** ERROR: Module load completed but symbols could not be loaded for SYMTDI.SYS Could not read faulting driver name Unable to load image MYTDI.sys, Win32 error 2 *** WARNING: Unable to verify timestamp for MYTDI.sys *** ERROR: Module load completed but symbols could not be loaded for MYTDI.sys Probably caused by : SYMTDI.SYS ( SYMTDI+2834b ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: cccccccc, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: b9c9ead4, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: cccccccc FAULTING_IP: tcpip!TCPQueryInformation+de b9c9ead4 8b01 mov eax,dword ptr [ecx] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x50 PROCESS_NAME: System CURRENT_IRQL: 1 LAST_CONTROL_TRANSFER: from b9c9ec5d to b9c9ead4 STACK_TEXT: f78e6be0 b9c9ec5d 89ae9520 89ae95b4 89ae95d8 tcpip!TCPQueryInformation+0xde f78e6bfc 80840153 89942f18 89ae9520 89ae95fc tcpip!TCPDispatchInternalDeviceControl+0x18f f78e6c10 b9c3e34b 869d12a9 89922cf8 89ae95b4 nt!IofCallDriver+0x45 WARNING: Stack unwind information not available. Following frames may be wrong. f78e6c2c b9c3e067 89bb2d00 00000000 00000000 SYMTDI+0x2834b f78e6c44 b9c3df24 89bb2d00 f78e6c6c c000009a SYMTDI+0x28067 f78e6c6c b9c3fce7 89ae3f10 89ae9520 89ae3f10 SYMTDI+0x27f24 f78e6c80 80840153 89ae3f10 89ae9520 89ce4d08 SYMTDI+0x29ce7 f78e6c94 b864d697 869d12a9 89ce4d08 89f883f0 nt!IofCallDriver+0x45 f78e6cc8 b864cfd2 8627df18 89ae9520 00000001 MYTDI+0xa697 f78e6d2c 80840153 8627df18 89ae9520 808b711c MYTDI+0x9fd2 f78e6d40 b8645b74 89f883f0 862dff48 89ae95d8 nt!IofCallDriver+0x45 f78e6d6c b8645bde 8627df18 8773ae68 89c04048 MYTDI+0x2b74 f78e6d80 8082db08 89c04048 00000000 89f883f0 MYTDI+0x2bde f78e6dac 80920833 89c04048 00000000 00000000 nt!ExpWorkerThread+0xeb f78e6ddc 8083fe9f 8082da4b 00000001 00000000 nt!PspSystemThreadStartup+0x2e 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: SYMTDI+2834b b9c3e34b ?? ??? SYMBOL_STACK_INDEX: 3 FOLLOWUP_NAME: MachineOwner MODULE_NAME: SYMTDI IMAGE_NAME: SYMTDI.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4252d4ac SYMBOL_NAME: SYMTDI+2834b FAILURE_BUCKET_ID: 0x50_SYMTDI+2834b BUCKET_ID: 0x50_SYMTDI+2834b Followup: MachineOwner --------- 0: kd> lmvm SYMTDI start end module name b9c16000 b9c55ce0 SYMTDI T (no symbols) Loaded symbol image file: SYMTDI.SYS Image path: SYMTDI.SYS Image name: SYMTDI.SYS Timestamp: Wed Apr 06 02:10:52 2005 (4252D4AC) CheckSum: 0004F0EF ImageSize: 0003FCE0 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0 |
|
|
沙发#
发布于:2008-02-18 18:00
Re:TDI filter 與 Symantec AntiVirus 10.0.0.359
自頂....因為驅動要求的是穩定...與相容性... 所以這個問題對我說很重大....因為這樣就不能用了.... 分層的TDI filter處理流程, 是否是那邊還要注意.... 如果還需要什麼資訊的大牛..就請指點一下小弟..XD = =就我理解...處理錯在TcpQueryInformation這行....invalid system memory was referenced...... windbg輸出錯誤訊息是SYMTDI.sys造成的, 可是未安裝MyTDI之前都工作的好好的, 因此...只能說自己的程式那邊似乎有錯誤....渴望各位大牛的意見...謝謝 |
|
|
板凳#
发布于:2008-03-28 14:45
Re:Re:TDI filter 與 Symantec AntiVirus 10.0.0.359
引用第1楼download于2008-02-18 18:00发表的 Re:TDI filter 與 Symantec AntiVirus 10.0.0.359 :  是TDI filter的问题。 |
|
|
|
地板#
发布于:2008-06-26 14:59
我也遇到同样的问题,有人知道答案吗,请告诉我,谢谢!
EMail:mchwzhw.student@sina.com |
|
|
地下室#
发布于:2008-07-01 17:34
我找到原因了
是我在Create分发函数中查询地址时没有判断Irp的返回状态造成的 |
|