|
阅读:2110回复:2
求救:Filemon导致系统蓝屏,dump文件分析
Filemon的程序修该了下,再没有装ESET NOD32杀毒软件的时候,一切正常。可装了NOD32以后,一运行就蓝屏。一下时对Minidump文件的Windebug解析。但我看过了也仅仅是知道可能跟KeWaitForSingleObject有关,但又不清楚具体时怎么了。哪位大侠能给解答下,或者看下这下面有没有进一步的信息,给偶以指导,感激不尽。
minidump文件Windebug解析的信息如下: IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000000, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 804fad36, address which referenced memory Debugging Details: ------------------ OVERLAPPED_MODULE: Address regions for 'dump_atapi' and 'kmixer.sys' overlap WRITE_ADDRESS: 00000000 CURRENT_IRQL: 2 FAULTING_IP: nt!KeWaitForSingleObject+186 804fad36 8939 mov dword ptr [ecx],edi CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System LAST_CONTROL_TRANSFER: from f7eaf758 to 804fad36 STACK_TEXT: f9df3b3c f7eaf758 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x186 f9df3b58 f7eaf4ec 0e34d4af f9df3c68 f7eb8558 FILEM!FilemonGetOldestLog+0x28 [f:\filemonwrdctoapp\filemon.c @ 921] f9df3c00 f7eb6f1d f7eb85c0 814db880 e11876d8 FILEM!MatchWithPattern+0x2c [f:\filemonwrdctoapp\filemon.c @ 672] f9df3c7c 805777ff 814db880 813bf000 00000000 FILEM!IsDirectory+0x4d [f:\filemonwrdctoapp\filemon.c @ 6402] f9df3d4c 8057790f 80000788 00000001 00000000 nt!IopLoadDriver+0x66d f9df3d74 80535c12 80000788 00000000 817bbda8 nt!IopLoadUnloadDriver+0x45 f9df3dac 805c71ec f7e4ac48 00000000 00000000 nt!ExpWorkerThread+0x100 f9df3ddc 80542de2 80535b12 00000001 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: FILEM!FilemonGetOldestLog+28 [f:\filemonwrdctoapp\filemon.c @ 921] f7eaf758 ?? ??? FAULTING_SOURCE_CODE: 917: //ptr?a?á?o¨????¨°?¨??2?ê?prev???¨°?¨?¨¢D|ì?|ì1¨oy|ì¨2?t??LOG_BUF 918: // 919: while( ptr->Next ) { 920: > 921: ptr = (prev = ptr)->Next; 922: } 923: 924: // 925: // Remove the buffer from the list 926: // SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: FILEM!FilemonGetOldestLog+28 FOLLOWUP_NAME: MachineOwner MODULE_NAME: FILEM IMAGE_NAME: FILEM.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a66cd45 FAILURE_BUCKET_ID: 0xA_FILEM!FilemonGetOldestLog+28 BUCKET_ID: 0xA_FILEM!FilemonGetOldestLog+28 Followup: MachineOwner --------- |
|
|
沙发#
发布于:2009-07-23 21:25
I think the problem is in this statement
while( ptr->Next ) where the ptr is a NULL pointer. |
|
|
板凳#
发布于:2009-07-27 09:14
回 1楼(michaelgz) 的帖子
谢谢回复,这个倒还真是个问题呢,谢谢先。 |
|