能力值:
( LV2,RANK:10 )
|
-
-
2 楼
以下的dump信息是错误3时捕捉的错误信息。同错误一时,原因应该是一致的,只不过调用例程的场景不一致。
READ_ADDRESS: 98192bc0
CURRENT_IRQL: 2
FAULTING_IP:
nt!MmUnlockPages+12b
80507c39 8b4710 mov eax,dword ptr [edi+10h]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: USR_TESTR3.exe
TRAP_FRAME: f7746b38 -- (.trap 0xfffffffff7746b38)
ErrCode = 00000000
eax=00000002 ebx=8170e01c ecx=81712d00 edx=00000004 esi=8170e01c edi=98192bb0
eip=80507c39 esp=f7746bac ebp=f7746bd0 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt!MmUnlockPages+0x12b:
80507c39 8b4710 mov eax,dword ptr [edi+10h] ds:0023:98192bc0=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 804f8b9d to 80528bdc
STACK_TEXT:
f77466ec 804f8b9d 00000003 f7746a48 00000000 nt!RtlpBreakWithStatusInstruction
f7746738 804f978a 00000003 98192bc0 80507c39 nt!KiBugCheckDebugBreak+0x19
f7746b18 80541683 0000000a 98192bc0 00000002 nt!KeBugCheck2+0x574
f7746b18 80507c39 0000000a 98192bc0 00000002 nt!KiTrap0E+0x233
f7746bd0 804f17e4 8170e000 8131a9d0 812f4e70 nt!MmUnlockPages+0x12b
f7746bf8 f96808d7 814a5ca0 f7746c20 804f15e3 nt!IopfCompleteRequest+0x1e8
f7746c04 804f15e3 814a5be8 812f4e70 812f4e80 Test!IrpCancelRoutine+0x37 [f:\WDM\Test\readwrite.cpp @ 617]
f7746c20 8056b8fd 812f4e70 8133f638 8131a7c0 nt!IoCancelIrp+0x6f
f7746c48 805c96f8 8131a7c0 8131a7c0 8131aa08 nt!IoCancelThreadIo+0x33
f7746d08 805c9b54 00000001 8131a7c0 00000000 nt!PspExitThread+0x42a
f7746d28 805c9d2f 8131a7c0 00000001 f7746d64 nt!PspTerminateThreadByPointer+0x52
f7746d54 8053e638 00000000 00000001 0012fed0 nt!NtTerminateProcess+0x105
f7746d54 7c92e514 00000000 00000001 0012fed0 nt!KiFastCallEntry+0xf8
0012fdd0 7c92de7a 7c81cace ffffffff 00000001 ntdll!KiFastSystemCallRet
0012fdd4 7c81cace ffffffff 00000001 00c43168 ntdll!NtTerminateProcess+0xc
0012fed0 7c81cb26 00000001 77e8f3b0 ffffffff kernel32!_ExitProcess+0x62
0012fee4 00455d19 00000001 00455f1f 00000001 kernel32!ExitProcess+0x14
WARNING: Stack unwind information not available. Following frames may be wrong.
0012ff24 00455f44 00000001 00000000 00000000 USR_TESTR3+0x55d19
0012ffc0 7c817077 00390038 00370035 7ffd5000 USR_TESTR3+0x55f44
0012fff0 00000000 0045116f 00000000 78746341 kernel32!BaseProcessStart+0x23
STACK_COMMAND: kb
FOLLOWUP_IP:
test!IrpCancelRoutine+37 [f:\WDM\Test\readwrite.cpp @ 617]
f96808d7 8be5 mov esp,ebp
FAULTING_SOURCE_CODE:
613: if( Irp == pdx->pBufIrp)
614: {
615: pdx->pBufIrp = NULL;
616: }
617:
618: Irp->IoStatus.Status = STATUS_CANCELLED;
619: Irp->IoStatus.Information = 0;
> 620: IoCompleteRequest(Irp,IO_NO_INCREMENT);
621:
622: return;
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: Test!IrpCancelRoutine+37
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Test
IMAGE_NAME: Test.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f0d65b2
FAILURE_BUCKET_ID: 0xA_Test!IrpCancelRoutine+37
BUCKET_ID: 0xA_Test!IrpCancelRoutine+37
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
问题解决啦。 上边写出的代码木有问题。 有问题的是IRP->MDLAddress被我MmProbeAndLockPages 锁定(其实已经被锁定), 然后再次其他时间调用了MmUnlockPages(pdx->pBufIrp->MdlAddress); 把IRP->MDLADDRESS给置换成分页的内存啦。
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
能自己搞定BSOD的都是好孩子
|
|
|