我遇到的问题真是奇怪，帮我分析一下dump

在DriverEntry开头设置了一个断点，在虚拟机上启动驱动，还没有进入DriverEntry开头的断点，虚拟机down了，以下是dump内容，大家帮我看看是什么原因：


*** Fatal System Error: 0x000000d4
                       (0xF7BEBEF0,0x00000002,0x00000000,0x804E73A9)

Driver at fault: MiniCryptor.sys.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows XP 2600 x86 compatible target at (Wed Apr  1 16:12:30.046 2009 (GMT+8)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
.............................................
Loading User Symbols

Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D4, {f7bebef0, 2, 0, 804e73a9}

Probably caused by : ntoskrnl.exe ( nt!ExpScanGeneralLookasideList+1b )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
804e4592 cc              int     3
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD (d4)
A driver unloaded without cancelling lookaside lists, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
An attempt was made to access the driver at raised IRQL after it unloaded.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f7bebef0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804e73a9, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  f7bebef0

CURRENT_IRQL:  2

FAULTING_IP:
nt!ExpScanGeneralLookasideList+1b
804e73a9 8b56e0          mov     edx,dword ptr [esi-20h]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD4

PROCESS_NAME:  System

TRAP_FRAME:  f7ca5ca8 -- (.trap 0xfffffffff7ca5ca8)
ErrCode = 00000000
eax=00000000 ebx=00000004 ecx=00000100 edx=00000000 esi=f7bebf10 edi=00000000
eip=804e73a9 esp=f7ca5d1c ebp=f7ca5d2c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!ExpScanGeneralLookasideList+0x1b:
804e73a9 8b56e0          mov     edx,dword ptr [esi-20h] ds:0023:f7bebef0=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 80533747 to 804e4592

STACK_TEXT:  
f7ca585c 80533747 00000003 f7ca5bb8 00000000 nt!RtlpBreakWithStatusInstruction
f7ca58a8 8053421e 00000003 f7bebef0 804e73a9 nt!KiBugCheckDebugBreak+0x19
f7ca5c88 804e287f 0000000a f7bebef0 00000002 nt!KeBugCheck2+0x574
f7ca5c88 804e73a9 0000000a f7bebef0 00000002 nt!KiTrap0E+0x233
f7ca5d2c 804e73f7 805636f0 805636e8 804e65fc nt!ExpScanGeneralLookasideList+0x1b
f7ca5d38 804e65fc 00000000 863b0da8 00000000 nt!ExAdjustLookasideDepth+0x32
f7ca5dac 8057beff 00000000 00000000 00000000 nt!KeBalanceSetManager+0x88
f7ca5ddc 804f98ea 804e657a 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!ExpScanGeneralLookasideList+1b
804e73a9 8b56e0          mov     edx,dword ptr [esi-20h]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+1b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  48025eab

FAILURE_BUCKET_ID:  0xD4_nt!ExpScanGeneralLookasideList+1b

BUCKET_ID:  0xD4_nt!ExpScanGeneralLookasideList+1b

Followup: MachineOwner
---------

Is this the re-load of your driver? Usually this is because a look aside list was not deleted when a driver was un-loaded.

可能你是对的。我load了驱动以后，没有unload，修改了程序后，把新的驱动安装了，然后又load了一遍，就出现了这个错误。

问题是，我把虚拟机（驱动运行在虚拟机上）重新启动也不能解决问题。依然出现这个问题，而且还没运行DriverEntry(我在驱动入口设置了断点)就出现上述错误了。

怎么才能解决这个问题？我现在的办法是重新安装了虚拟机。

Check your driver's boot start value in registry. Change it to 3 for loading driver on-demand.

谢谢你的答复。

现在我设置的Start的值就是3，需要运行fltmc load filter来启动驱动。

但是每次运行这个命令后，系统都是蓝屏，甚至没有运行到DriverEntry。