|
阅读:2062回复:4
请教一个驱动很疑惑的蓝屏问题
在没有开启verifier程序的时候,驱动会不随机性地蓝屏,有时在FltStartFiltering或FltRegisterFilter地方蓝掉,
错误是DRIVER_CORRUPTED_EXPOOL, 但是如果开了verifier,则跑的好好的。 初步怀疑跟内存分配ExAllocatePoolWithTag有关,具体这个函数使用要注意哪些问题?? 堆栈信息如下: /------------------------------------------------------------------------------------------------------------------------------- DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: 4646464a, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 80546573, address which referenced memory Debugging Details: ------------------ BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExAllocatePoolWithTag+673 80546573 897104 mov dword ptr [ecx+4],esi DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: System TRAP_FRAME: f8afd438 -- (.trap 0xfffffffff8afd438) ErrCode = 00000002 eax=8207c008 ebx=8055c640 ecx=46464646 edx=00000041 esi=8055c888 edi=000001ff eip=80546573 esp=f8afd4ac ebp=f8afd500 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 nt!ExAllocatePoolWithTag+0x673: 80546573 897104 mov dword ptr [ecx+4],esi ds:0023:4646464a=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 804f8bad to 80528bec STACK_TEXT: f8afcfec 804f8bad 00000003 f8afd348 00000000 nt!RtlpBreakWithStatusInstruction f8afd038 804f979a 00000003 4646464a 80546573 nt!KiBugCheckDebugBreak+0x19 f8afd418 80541693 0000000a 4646464a 00000002 nt!KeBugCheck2+0x574 f8afd418 80546573 0000000a 4646464a 00000002 nt!KiTrap0E+0x233 f8afd500 804f1492 00000004 00000001 20206f49 nt!ExAllocatePoolWithTag+0x673 f8afd544 804f4006 006d0030 81d2a980 f8afd5ac nt!IoBuildDeviceIoControlRequest+0x170 f8afd7b8 b232f104 820217e8 81cc1c00 4a9d7961 nt!IoVolumeDeviceToDosName+0x13a f8afda50 f84ac8ff f8afda6c 00000001 00000003 fste!SetupInstance+0x1d4 f8afda84 f84ace86 81f12bc0 00000001 80545f00 fltMgr!FltpDoInstanceSetupNotification+0x4b f8afdae4 f84ad211 81b7f008 8207fc30 00000001 fltMgr!FltpInitInstance+0x272 f8afdb54 f84ad31c 81b7f008 8207fc30 00000001 fltMgr!FltpCreateInstanceFromName+0x295 f8afdbbc f84b41ed 81b7f008 8207fc30 00000001 fltMgr!FltpEnumerateRegistryInstances+0xf4 f8afdc08 f84b327f 81b7f008 81e94b10 e17d5d9a fltMgr!FltpDoVolumeNotificationForNewFilter+0xad f8afdc3c b232f5a6 81b7f008 4a9d7f4d 81e94b10 fltMgr!FltStartFiltering+0x35 f8afdc7c 805777ff 81e94b10 81e09000 00000000 fste!DriverEntry+0x116 f8afdd4c 8057790f 8000049c 00000001 00000000 nt!IopLoadDriver+0x66d f8afdd74 80535c12 8000049c 00000000 821b73c8 nt!IopLoadUnloadDriver+0x45 f8afddac 805c71ec b2b02cf4 00000000 00000000 nt!ExpWorkerThread+0x100 f8afdddc 80542de2 80535b12 00000001 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 |
|
|
沙发#
发布于:2011-10-07 09:07
ExAllocatePoolWithTag的时候 申请了分页内存 应该使用非分页内存 ExAllocatePoolWithTag第一个参数改为NonPagedPool
|
|
|
板凳#
发布于:2011-10-09 12:33
你应该检查下,你申请内存的地方IRQL。
DISPATCH以上,不能用分页内存。 |
|
|
地板#
发布于:2011-10-09 12:38
主要是要保证,你申请的内存类型,要和你在使用这块内存的函数所在IRQL,要匹配
|
|
禁止发言
|
地下室#
发布于:2011-10-18 11:45
用户被禁言,该主题自动屏蔽! |
