|
阅读:5091回复:14
还是diskperf的问题,一启动就蓝屏
操作系统: win xp
ddk版本:windows_server_2003_sp1_ddk 我编译了里面的diskperf,并用inf安装,重启的时候就是蓝屏.请帮忙看下,谢谢了. 另:我另外一台win7机器,用的win7 ddk,一样有蓝屏这个问题, 可是我搜索论坛,就没发现有人说系统启动的时候蓝屏呀 用windbg调试,输出如下: *** Fatal System Error: 0x0000007b (0xF8901528,0xC0000034,0x00000000,0x00000000) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows XP 2600 x86 compatible target at (Tue Sep 14 15:58:31.975 2010 (GMT+8)), ptr64 FALSE *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlpa.exe - Loading Kernel Symbols .............................. Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7B, {f8901528, c0000034, 0, 0} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : ntkrnlpa.exe ( nt!KeRegisterBugCheckReasonCallback+77c ) Followup: MachineOwner --------- nt!DbgBreakPointWithStatus+0x4: 80528c0c cc int 3 |
|
|
沙发#
发布于:2010-09-14 17:29
谢谢关注
我就是用原版的inf安装的,注册表也看了下,没什么异常,下面是!analyze -v输出 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* INACCESSIBLE_BOOT_DEVICE (7b) During the initialization of the I/O system, it is possible that the driver for the boot device failed to initialize the device that the system is attempting to boot from, or it is possible for the file system that is supposed to read that device to either fail its initialization or to simply not recognize the data on the boot device as a file system structure that it recognizes. In the former case, the argument (#1) is the address of a Unicode string data structure that is the ARC name of the device from which the boot was being attempted. In the latter case, the argument (#1) is the address of the device object that could not be mounted. If this is the initial setup of the system, then this error can occur if the system was installed on an unsupported disk or SCSI controller. Note that some controllers are supported only by drivers which are in the Windows Driver Library (WDL) which requires the user to do a custom install. See the Windows Driver Library for more information. This error can also be caused by the installation of a new SCSI adapter or disk controller or repartitioning the disk with the system partition. If this is the case, on x86 systems the boot.ini file must be edited or on ARC systems setup must be run. See the "Advanced Server System Administrator's User Guide" for information on changing boot.ini. If the argument is a pointer to an ARC name string, then the format of the first two (and in this case only) longwords will be: USHORT Length; USHORT MaximumLength; PWSTR Buffer; That is, the first longword will contain something like 00800020 where 20 is the actual length of the Unicode string, and the next longword will contain the address of buffer. This address will be in system space, so the high order bit will be set. If the argument is a pointer to a device object, then the format of the first word will be: USHORT Type; That is, the first word will contain a 0003, where the Type code will ALWAYS be 0003. Note that this makes it immediately obvious whether the argument is a pointer to an ARC name string or a device object, since a Unicode string can never have an odd number of bytes, and a device object will always have a Type code of 3. Arguments: Arg1: f89c5528, Pointer to the device object or Unicode string of ARC name Arg2: c0000034 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: nt FAULTING_MODULE: 804d8000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 4bd6e0e9 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x7B LAST_CONTROL_TRANSFER: from 804f979a to 80528c0c STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. f89c50dc 804f979a 00000003 00000000 80087000 nt!DbgBreakPointWithStatus+0x4 f89c54bc 804f9cc5 0000007b f89c5528 c0000034 nt!KeRegisterBugCheckReasonCallback+0x77c f89c54dc 80687fe9 0000007b f89c5528 c0000034 nt!KeBugCheckEx+0x1b f89c5644 8068c10a 80087000 00000000 80087000 nt!NlsOemLeadByteInfo+0x14d49 f89c5694 80688e48 80087000 f89c56b0 00043000 nt!IoReportHalResourceUsage+0x1cc2 f89c583c 806872dd 80087000 00000000 82db95b8 nt!NlsOemLeadByteInfo+0x15ba8 f89c5dac 805c71e0 80087000 00000000 00000000 nt!NlsOemLeadByteInfo+0x1403d f89c5ddc 80542e12 80686928 80087000 00000000 nt!PsRemoveCreateThreadNotifyRoutine+0x21e 00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x5a2 STACK_COMMAND: kb FOLLOWUP_IP: nt!KeRegisterBugCheckReasonCallback+77c 804f979a e8f1710000 call nt!ZwYieldExecution+0x630 (80500990) SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!KeRegisterBugCheckReasonCallback+77c FOLLOWUP_NAME: MachineOwner IMAGE_NAME: ntkrnlpa.exe BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- |
|
|
板凳#
发布于:2010-09-15 10:07
哪位大牛帮行给看看吧,谢谢了.
|
|
|
地板#
发布于:2010-09-15 21:12
经过一点点的屏蔽,找到了表面原因:
DriverObject->MajorFunction[IRP_MJ_POWER] = DiskPerfDispatchPower; 把这行屏蔽了就行了,但是关机的时候总蓝屏 上面那行应该是处理关机消息的吧,是不是因为屏蔽这个处理导致关机蓝屏? 另外: 驱动已经加载起来了,但是看不到debug信息输出呀,这个是为什么? 还需要用addfilter吗?用过的帮忙告诉下,谢谢了 .出错部分我可以慢慢调,起码先看到效果. |
|
|
地下室#
发布于:2010-09-15 22:31
输出的问题解决了,现在需要取两个值:
currentIrpStack->Parameters.ReadWriteConfig.Offset,currentIrpStack->Parameters.ReadWriteConfig.Length 但是结构里面,currentIrpStack->Parameters是 <unnamed-tag>,继续研究 |
|
|
5楼#
发布于:2010-09-16 14:01
做了如下输出,结果根本对不上偏移和长度.......................
if(partitionCounters != NULL&&IRP_MJ_WRITE == currentIrpStack->MajorFunction) { DebugPrint(( 1001,L"Device %ws Offset=%I64u Length= %I32u diskoffset= %I64u VolumeIndex= %I32u", deviceExtension->PhysicalDeviceNameBuffer, currentIrpStack->Parameters.Write.ByteOffset, currentIrpStack->Parameters.Write.Length, currentIrpStack->Parameters.Write.ByteOffset.QuadPart, Irp->IoStatus.Pointer )); |
|
|
6楼#
发布于:2010-09-17 11:34
ULONGLONG aaa1=currentIrpStack->Parameters.Write.ByteOffset.QuadPart;
ULONG aaa2=currentIrpStack->Parameters.Write.Length; 这两个值怎么一直是变大啊,这里是不是读写偏移和长度? |
|
|
7楼#
发布于:2011-03-09 15:54
回 13楼(yvqvan) 的帖子
多谢,可能是这个原因,我用2003的编译看看。 |
|