|
[原创]正式进入安防这一行了,开心
海康,大华? |
|
[原创]这两天对某P双机调试的学习及成果
楼主,我还有个问题想问下,我现在碰到一个问题,就是把IoAllocateMdl函数用你的那个方法HOOK掉之后,现在每次打开游戏,最后都会有ee900ffc 8054151c 00000000 00000158 00000000 nt!MmAccessFault+0x2 ee900ffc 805415ca 00000000 00000158 00000000 nt!KiTrap0E+0xcc 这个错误,但是具体的原因找不到,具体的错误信息能帮我看下吗? ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 00000008, EXCEPTION_DOUBLE_FAULT Arg2: 80042000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_8 TSS: 00000028 -- (.tss 0x28) eax=00000000 ebx=ee901088 ecx=00000000 edx=00000000 esi=00000000 edi=00000158 eip=8051d36a esp=ee901000 ebp=ee901014 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246 nt!MmAccessFault+0x2: 8051d36a 55 push ebp Resetting default scope DEFAULT_BUCKET_ID: DRIVER_FAULT TRAP_FRAME: ee901170 -- (.trap 0xffffffffee901170) ErrCode = 00000000 eax=d0000006 ebx=ee901258 ecx=00000000 edx=00000000 esi=00000000 edi=00000158 eip=805415ca esp=ee9011e4 ebp=ee9011e4 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 nt!KiTrap0E+0x17a: 805415ca 83be5801000000 cmp dword ptr [esi+158h],0 ds:0023:00000158=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 8054151c to 8051d36a STACK_TEXT: ee900ffc 8054151c 00000000 00000158 00000000 nt!MmAccessFault+0x2 ee900ffc 805415ca 00000000 00000158 00000000 nt!KiTrap0E+0xcc ee901088 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9010fc 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901170 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9011e4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901258 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9012cc 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901340 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9013b4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901428 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee90149c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901510 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901584 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9015f8 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee90166c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9016e0 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901754 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9017c8 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee90183c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9018b0 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901924 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901998 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901a0c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901a80 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901af4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901b68 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901bdc 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901c50 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901cc4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901d38 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901dac 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901e20 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901e94 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901f08 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901f7c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee901ff0 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902064 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9020d8 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee90214c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9021c0 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902234 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9022a8 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee90231c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902390 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902404 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902478 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9024ec 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902560 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9025d4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902648 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9026bc 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902730 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9027a4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902818 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee90288c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902900 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902974 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9029e8 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902a5c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902ad0 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902b44 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902bb8 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902c2c 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902ca0 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902d14 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902d88 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902dfc 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902e70 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902ee4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902f58 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee902fcc 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee903040 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee9030b4 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a ee903128 805415ca badb0d00 00000000 00000001 nt!KiTrap0E+0x17a STACK_COMMAND: .tss 0x28 ; kb MODULE_NAME: nt IMAGE_NAME: ntkrnlpa.exe FOLLOWUP_NAME: MachineOwner DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a FOLLOWUP_IP: nt!KiTrap0E+cc 8054151c 85c0 test eax,eax SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!KiTrap0E+cc FAILURE_BUCKET_ID: TRAP_FRAME_RECURSION BUCKET_ID: TRAP_FRAME_RECURSION Followup: MachineOwner |
|
[原创]这两天对某P双机调试的学习及成果
楼主,还有个问题想咨询下,在你代码里ul_imp_KdSendPacket和ul_imp_KdReceivePacket是什么意思?为什么要用KdRefreshDebuggerNotPresent和IoAcquireRemoveLockEx的偏移位置去算,我虚拟机是XP的,没有KdRefreshDebuggerNotPresent怎么办?这两个等同于求_imp__KdSendPacket和_imp_KdReceivePacket的地址吗?主要为了实现什么目的,求解答。 |
|
[原创]这两天对某P双机调试的学习及成果
哈哈,还真是,谢谢楼主。。。 |
|
[原创]这两天对某P双机调试的学习及成果
我还有个问题想问下,我在windbg下u IoAllocMdl 的时候,调试器总是直接busy,但是如果u kdsendpacket这类函数的时候就支持,这是为什么?是因为微软的标准符号里面没有IoAllocMdl 这个函数吗?求解释,谢谢。 |
|
[原创]这两天对某P双机调试的学习及成果
ok,非常感谢 |
|
[原创]这两天对某P双机调试的学习及成果
想问下步骤三IDA是打开什么文件?Tessafe.sys吗?还是其他文件,谢谢! |
|
[求助]关于ddms中找不到需要调试的进程
这个对一般手机来说怎么做到?难道要重刷机? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值