-
-
[求助] win7 32bit ndishook dump文件
-
发表于: 2010-7-14 10:27
-
蓝屏原因是什么???在vista挺好的
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 90b18439, The address that the exception occurred at
Arg3: 888bc9cc, Exception Record Address
Arg4: 888bc5b0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
FAULTING_IP:
Firewall6!HookNdisProtocolBlock+29 [d:\firewall6\func.c @ 183]
90b18439 8b4228 mov eax,dword ptr [edx+28h]
EXCEPTION_RECORD: 888bc9cc -- (.exr 0xffffffff888bc9cc)
ExceptionAddress: 90b18439 (Firewall6!HookNdisProtocolBlock+0x00000029)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 019c012b
Attempt to read from address 019c012b
CONTEXT: 888bc5b0 -- (.cxr 0xffffffff888bc5b0)
eax=019c0100 ebx=00000000 ecx=00000000 edx=019c0103 esi=83f6c0d0 edi=83f86000
eip=90b18439 esp=888bca94 ebp=888bcab0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
Firewall6!HookNdisProtocolBlock+0x29:
90b18439 8b4228 mov eax,dword ptr [edx+28h] ds:0023:019c012b=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 019c012b
READ_ADDRESS: 019c012b
FOLLOWUP_IP:
Firewall6!HookNdisProtocolBlock+29 [d:\firewall6\func.c @ 183]
90b18439 8b4228 mov eax,dword ptr [edx+28h]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 90b185be to 90b18439
STACK_TEXT:
888bcab0 90b185be 019c0103 00000000 90b18565 Firewall6!HookNdisProtocolBlock+0x29 [d:\firewall6\func.c @ 183]
888bcacc 90b1d03f 00000000 888bccbc 829ea728 Firewall6!InstallHook+0x5e [d:\firewall6\func.c @ 236]
888bcad8 829ea728 83f6c0d0 83f86000 00000000 Firewall6!DriverEntry+0x2f [d:\firewall6\firewall.c @ 25]
888bccbc 829e8499 00000001 00000000 888bcce4 nt!IopLoadDriver+0x7ed
888bcd00 828b4f2b 92173cd0 00000000 84f55670 nt!IopLoadUnloadDriver+0x70
888bcd50 82a5566d 80000001 d396c884 00000000 nt!ExpWorkerThread+0x10d
888bcd90 829070d9 828b4e1e 80000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
FAULTING_SOURCE_CODE:
179: PNDIS_OPEN_BLOCK pOpenBlock;
180: PMY_NDIS_PROTOCOL_BLOCK MyStruct=(PMY_NDIS_PROTOCOL_BLOCK)pProtocolBlock;
181:
182: if(KeGetCurrentIrql() == PASSIVE_LEVEL){
> 183: if(wcscmp(MyStruct->Name.Buffer,L"TCPIP")!=0){
184: return;
185: }
186:
187: //?¡À?¨®??DDo¡¥¨ºy¦Ì?¨¬????¡ê¡ã?¡Á??o¦Ì?o¡¥¨ºy¨¬???3¨¦?¦Ì¨ª3¦Ì?
188: *((ULONG*)((char*)pProtocolBlock+ProtocolRecOffset))=MyProtocolReceiveNetBufferLists;
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Firewall6!HookNdisProtocolBlock+29
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Firewall6
IMAGE_NAME: Firewall6.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c3c3408
STACK_COMMAND: .cxr 0xffffffff888bc5b0 ; kb
FAILURE_BUCKET_ID: 0x7E_Firewall6!HookNdisProtocolBlock+29
BUCKET_ID: 0x7E_Firewall6!HookNdisProtocolBlock+29
Followup: MachineOwner
我的代码:
void HookNdisProtocolBlock(IN BYTE *pProtocolBlock)
{
PNDIS_OPEN_BLOCK pOpenBlock;
PMY_NDIS_PROTOCOL_BLOCK MyStruct=(PMY_NDIS_PROTOCOL_BLOCK)pProtocolBlock;
if(KeGetCurrentIrql() == PASSIVE_LEVEL){//LINE 182
if(wcscmp(MyStruct->Name.Buffer,L"TCPIP")!=0){//183
return;
}
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 90b18439, The address that the exception occurred at
Arg3: 888bc9cc, Exception Record Address
Arg4: 888bc5b0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
FAULTING_IP:
Firewall6!HookNdisProtocolBlock+29 [d:\firewall6\func.c @ 183]
90b18439 8b4228 mov eax,dword ptr [edx+28h]
EXCEPTION_RECORD: 888bc9cc -- (.exr 0xffffffff888bc9cc)
ExceptionAddress: 90b18439 (Firewall6!HookNdisProtocolBlock+0x00000029)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 019c012b
Attempt to read from address 019c012b
CONTEXT: 888bc5b0 -- (.cxr 0xffffffff888bc5b0)
eax=019c0100 ebx=00000000 ecx=00000000 edx=019c0103 esi=83f6c0d0 edi=83f86000
eip=90b18439 esp=888bca94 ebp=888bcab0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
Firewall6!HookNdisProtocolBlock+0x29:
90b18439 8b4228 mov eax,dword ptr [edx+28h] ds:0023:019c012b=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 019c012b
READ_ADDRESS: 019c012b
FOLLOWUP_IP:
Firewall6!HookNdisProtocolBlock+29 [d:\firewall6\func.c @ 183]
90b18439 8b4228 mov eax,dword ptr [edx+28h]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 90b185be to 90b18439
STACK_TEXT:
888bcab0 90b185be 019c0103 00000000 90b18565 Firewall6!HookNdisProtocolBlock+0x29 [d:\firewall6\func.c @ 183]
888bcacc 90b1d03f 00000000 888bccbc 829ea728 Firewall6!InstallHook+0x5e [d:\firewall6\func.c @ 236]
888bcad8 829ea728 83f6c0d0 83f86000 00000000 Firewall6!DriverEntry+0x2f [d:\firewall6\firewall.c @ 25]
888bccbc 829e8499 00000001 00000000 888bcce4 nt!IopLoadDriver+0x7ed
888bcd00 828b4f2b 92173cd0 00000000 84f55670 nt!IopLoadUnloadDriver+0x70
888bcd50 82a5566d 80000001 d396c884 00000000 nt!ExpWorkerThread+0x10d
888bcd90 829070d9 828b4e1e 80000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
FAULTING_SOURCE_CODE:
179: PNDIS_OPEN_BLOCK pOpenBlock;
180: PMY_NDIS_PROTOCOL_BLOCK MyStruct=(PMY_NDIS_PROTOCOL_BLOCK)pProtocolBlock;
181:
182: if(KeGetCurrentIrql() == PASSIVE_LEVEL){
> 183: if(wcscmp(MyStruct->Name.Buffer,L"TCPIP")!=0){
184: return;
185: }
186:
187: //?¡À?¨®??DDo¡¥¨ºy¦Ì?¨¬????¡ê¡ã?¡Á??o¦Ì?o¡¥¨ºy¨¬???3¨¦?¦Ì¨ª3¦Ì?
188: *((ULONG*)((char*)pProtocolBlock+ProtocolRecOffset))=MyProtocolReceiveNetBufferLists;
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Firewall6!HookNdisProtocolBlock+29
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Firewall6
IMAGE_NAME: Firewall6.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c3c3408
STACK_COMMAND: .cxr 0xffffffff888bc5b0 ; kb
FAILURE_BUCKET_ID: 0x7E_Firewall6!HookNdisProtocolBlock+29
BUCKET_ID: 0x7E_Firewall6!HookNdisProtocolBlock+29
Followup: MachineOwner
我的代码:
void HookNdisProtocolBlock(IN BYTE *pProtocolBlock)
{
PNDIS_OPEN_BLOCK pOpenBlock;
PMY_NDIS_PROTOCOL_BLOCK MyStruct=(PMY_NDIS_PROTOCOL_BLOCK)pProtocolBlock;
if(KeGetCurrentIrql() == PASSIVE_LEVEL){//LINE 182
if(wcscmp(MyStruct->Name.Buffer,L"TCPIP")!=0){//183
return;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
