请教一个 IRQL_NOT_LESS_OR_EQUAL (a) 的问题

同事安装我的驱动后出现IRQL_NOT_LESS_OR_EQUAL (a)的bugcheck，因为这个bugcheck偶尔才出现（有时几天都没事，但问题确实存在），我自己测试则难于重现问题，所以只好用Windbg分析其dump文件，分析如下：

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804ec7b6, address which referenced memory

Debugging Details:
MODULE_NAME: nt

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  45e54711

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 00000004

CURRENT_IRQL:  2

FAULTING_IP:
nt+147b6
804ec7b6 8b7004          mov     esi,dword ptr [eax+4]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

BUGCHECK_STR:  0xA

LAST_CONTROL_TRANSFER:  from 804ed078 to 804ec7b6

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f8985ce8 804ed078 00000000 00000000 00000001 nt+0x147b6
f8985d2c 804e5f1d 823b8288 80562640 823b8340 nt+0x15078
f8985d74 804e526b 823b8288 00000000 823b8340 nt+0xdf1d
f8985dac 8057e0f1 823b8288 00000000 00000000 nt+0xd26b
f8985ddc 804f927a 804e5196 00000000 00000000 nt+0xa60f1
00000000 00000000 00000000 00000000 00000000 nt+0x2127a


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt+147b6
804ec7b6 8b7004          mov     esi,dword ptr [eax+4]

SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntoskrnl.exe

SYMBOL_NAME:  nt+147b6

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner

问题有2：
1、如何分析dump文件，定位自己代码引起此类问题。
2、除了在dispatch level 以上的IRQL访问分页内存外，还有什么情况会引起IRQL_NOT_LESS_OR_EQUAL (a) 的bugcheck。

bow

还有可能访问非法内存

我估计也是访问分页内存引起的，但是如何定位自己从dump文件中找出问题代码？注意到引起蓝屏的模块是Ntoskrnl.exe，而非我的驱动，但是肯定是我的驱动引起的……

先把调试符号的问题解决，看是ntoskrnl.exe的哪个函数导致的