阅读:1685回复:3
请教一个 IRQL_NOT_LESS_OR_EQUAL (a) 的问题
同事安装我的驱动后出现IRQL_NOT_LESS_OR_EQUAL (a)的bugcheck,因为这个bugcheck偶尔才出现(有时几天都没事,但问题确实存在),我自己测试则难于重现问题,所以只好用Windbg分析其dump文件,分析如下:
IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000004, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 804ec7b6, address which referenced memory Debugging Details: MODULE_NAME: nt FAULTING_MODULE: 804d8000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 45e54711 READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 00000004 CURRENT_IRQL: 2 FAULTING_IP: nt+147b6 804ec7b6 8b7004 mov esi,dword ptr [eax+4] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WRONG_SYMBOLS BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 804ed078 to 804ec7b6 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. f8985ce8 804ed078 00000000 00000000 00000001 nt+0x147b6 f8985d2c 804e5f1d 823b8288 80562640 823b8340 nt+0x15078 f8985d74 804e526b 823b8288 00000000 823b8340 nt+0xdf1d f8985dac 8057e0f1 823b8288 00000000 00000000 nt+0xd26b f8985ddc 804f927a 804e5196 00000000 00000000 nt+0xa60f1 00000000 00000000 00000000 00000000 00000000 nt+0x2127a STACK_COMMAND: kb FOLLOWUP_IP: nt+147b6 804ec7b6 8b7004 mov esi,dword ptr [eax+4] SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner IMAGE_NAME: ntoskrnl.exe SYMBOL_NAME: nt+147b6 BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner 问题有2: 1、如何分析dump文件,定位自己代码引起此类问题。 2、除了在dispatch level 以上的IRQL访问分页内存外,还有什么情况会引起IRQL_NOT_LESS_OR_EQUAL (a) 的bugcheck。 bow |
|
沙发#
发布于:2008-02-20 16:22
还有可能访问非法内存
|
|
板凳#
发布于:2008-02-21 00:10
我估计也是访问分页内存引起的,但是如何定位自己从dump文件中找出问题代码?注意到引起蓝屏的模块是Ntoskrnl.exe,而非我的驱动,但是肯定是我的驱动引起的……
|
|
地板#
发布于:2008-02-21 09:10
先把调试符号的问题解决,看是ntoskrnl.exe的哪个函数导致的
|
|