首页
社区
课程
招聘
[求助]请教这个代码为什么在双核下蓝屏
发表于: 2010-7-23 16:19 4522

[求助]请教这个代码为什么在双核下蓝屏

2010-7-23 16:19
4522
HOOK了 IDT 中没有占用的一个项目 ,这个中断在R3可访问,目地是为了监视进入这个中断的时候每个寄存器的值。,在下对内核一窍不通 求解
__asm
    {
        jmp s1
back:
        _emit 0xff
        _emit 0x25
        mov edi,edi
        mov edi,edi   //在HOOK后这里是有效的地址
s1:
        cli
        pushad
        lea eax,[esp+esp_delta]
        push eax
        call offset IdtMonFunc    
        popad
        sti
        jmp back
    }

void __stdcall IdtMonFunc(UINT oriesp)
{
    char *buf [20];
    UINT v1;
    
    __asm mov dword ptr [v1],eax
        sprintf(buf,"eax=%x ",v1);
//     KdPrint((buf));
    __asm mov dword ptr [v1],ebx
        sprintf(buf,"ebx=%x ",v1);
//     KdPrint((buf));
    __asm mov dword ptr [v1],ecx
        sprintf(buf,"ecx=%x ",v1);
//     KdPrint((buf));
    __asm mov dword ptr [v1],edx
        sprintf(buf,"edx=%x ",v1);
//     KdPrint((buf));
    __asm mov dword ptr [v1],esi
        sprintf(buf,"esi=%x ",v1);
//     KdPrint((buf));
    __asm mov dword ptr [v1],edi
        sprintf(buf,"edi=%x ",v1);
    __asm mov dword ptr [v1],ebp
        sprintf(buf,"ebp=%x ",v1);
//     KdPrint((buf));
//     KdPrint(("esp=%x",oriesp));
    return ;    
}

DUMP信息
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804deb57, The address that the exception occurred at
Arg3: f7696cf0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffdb00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c).  Type ".hh dbgerr001" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
nt!KiServiceExit2+0
804deb57 fa              cli

TRAP_FRAME:  f7696cf0 -- (.trap 0xfffffffff7696cf0)
ErrCode = 00000000
eax=00000000 ebx=69796c66 ecx=696b676e edx=72657373 esi=73cdca90 edi=8c20e8a6
eip=804deb57 esp=f7696d64 ebp=f7696d64 iopl=0        nv up ei ng nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000            efl=00210296
nt!KiServiceExit2:
804deb57 fa              cli
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  gameclient.exe

CLI_FAULT_INSTR:
nt!KiServiceExit2+0
804deb57 fa              cli

LAST_CONTROL_TRANSFER:  from 80523015 to 805383ca

STACK_TEXT:  
f76968b8 80523015 0000008e c0000005 804deb57 nt!KeBugCheckEx+0x1b
f7696c80 804df403 f7696c9c 00000000 f7696cf0 nt!KiDispatchException+0x3b1
f7696ce8 804df3b4 0012ff28 306a9c60 badb0d00 nt!CommonDispatchException+0x4d
f7696ddc 804ed7a1 f743cb85 89dc3ad8 00000000 nt!Kei386EoiHelper+0x18a
f7696de0 f743cb84 89dc3ad8 00000000 0000007f nt!KiThreadStartup+0x16
f7696de4 89dc3ad8 00000000 0000007f 00000000 NDIS!___PchSym_+0xc
WARNING: Frame IP not in any known module. Following frames may be wrong.
f7696de8 00000000 0000007f 00000000 00000000 0x89dc3ad8

STACK_COMMAND:  kb

FOLLOWUP_IP:
NDIS!___PchSym_+c
f743cb84 90              nop

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NDIS!___PchSym_+c

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  CLI_FAULT

BUCKET_ID:  CLI_FAULT

Followup: MachineOwner

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (3)
雪    币: 998
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
双核cpu别用cli。插dpc...
2010-7-23 23:16
0
雪    币: 243
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
cli.sti只能在单核下安全,只是对当前CPU中断。还是插DPC。。。
2010-7-24 21:01
0
雪    币: 16
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
thanks for  both of you.
2010-7-25 12:29
0
游客
登录 | 注册 方可回帖
返回
//