首页
社区
课程
招聘
[求助]驱动蓝屏,分配内存这行WinDBG结果,帮忙分析
发表于: 2012-5-14 15:30 5178

[求助]驱动蓝屏,分配内存这行WinDBG结果,帮忙分析

2012-5-14 15:30
5178
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e2e4f010, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: b9c48649, If non-zero, the instruction address which referenced the bad memory
        address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------

Could not read faulting driver name

READ_ADDRESS:  e2e4f010

FAULTING_IP:
KsBinSword!GetUndocumentFunctionAdress+f9 [f:\kb\kbsprocess.c @ 46]
b9c48649 8b510c          mov     edx,dword ptr [ecx+0Ch]

MM_INTERNAL_CODE:  1

CUSTOMER_CRASH_COUNT:  9

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  KsBinSword.exe

LAST_CONTROL_TRANSFER:  from b9c48898 to b9c48649

STACK_TEXT:  
a7bab434 b9c48898 00000001 00006654 a7bab470 KsBinSword!GetUndocumentFunctionAdress+0xf9 [f:\kb\kbsprocess.c @ 46]
a7bab890 b9c4ae8b 000001b4 1e7e54f7 890a2528 KsBinSword!KillPro+0x48 [f:\kb\kbsprocess.c @ 161]
a7babb4c 804f019f 88e932e0 8905d9a8 806e8410 KsBinSword!KsBinSwordDispatchDeviceControl+0x31b [f:\kb\ksbinsword.c @ 701]
a7babb5c 8058098e 8905da18 890a2528 8905d9a8 nt!IopfCallDriver+0x31
a7babb70 8058181d 88e932e0 8905d9a8 890a2528 nt!IopSynchronousServiceTail+0x70
a7babc0c 8057a298 00000144 00000000 00000000 nt!IopXxxControlFile+0x5c5
a7babc40 b98bce7d 00000144 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
WARNING: Stack unwind information not available. Following frames may be wrong.
a7babd34 8054267c 00000144 00000000 00000000 Hookport+0x4e7d
a7babd34 7c92e514 00000144 00000000 00000000 nt!KiFastCallEntry+0xfc
001299c8 00000000 00000000 00000000 00000000 0x7c92e514

STACK_COMMAND:  kb

FOLLOWUP_IP:
KsBinSword!GetUndocumentFunctionAdress+f9 [f:\kb\kbsprocess.c @ 46]
b9c48649 8b510c          mov     edx,dword ptr [ecx+0Ch]

FAULTING_SOURCE_CODE:  
    42:         module = (PSYSTEM_MODULE_INFORMATION)(( PULONG )buf + 1);
    43:        
    44:         ntosknlBase=(ULONG)module->Base;       
    45:         ExFreePool(buf);
>   46:         ntosknlBuff = (PULONG)ExAllocatePool(PagedPool, (ULONG)module->Size);
    47:         //ntosknlBuff = (PULONG)ExAllocatePool(PagedPool, 0x200000);
    48:         if(ntosknlBuff == NULL)
    49:         {
    50:               return 0;
    51:         }

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  KsBinSword!GetUndocumentFunctionAdress+f9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: KsBinSword

IMAGE_NAME:  KsBinSword.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4fb07d20

FAILURE_BUCKET_ID:  0x50_KsBinSword!GetUndocumentFunctionAdress+f9

BUCKET_ID:  0x50_KsBinSword!GetUndocumentFunctionAdress+f9

Followup: MachineOwner
---------

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 1
支持
分享
最新回复 (4)
雪    币: 326
活跃值: (56)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
2
ExFreePool(buf)的问题了。Typically the address is just plain bad or it
is pointing at freed memory。
2012-5-14 15:38
0
雪    币: 796
活跃值: (370)
能力值: ( LV9,RANK:380 )
在线值:
发帖
回帖
粉丝
3
PAGE_FAULT_IN_NONPAGED_AREA(50)

这个蓝屏,一般都是你引用或者使用的结构体是无效指针~~
2012-5-14 16:42
0
雪    币: 724
活跃值: (81)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
4
42: module = (PSYSTEM_MODULE_INFORMATION)(( PULONG )buf + 1);
43:
44: ntosknlBase=(ULONG)module->Base;
45: ExFreePool(buf);
> 46: ntosknlBuff = (PULONG)ExAllocatePool(PagedPool, (ULONG)module->Size);

先释放buf,再访问module->Size,牛!
2012-5-14 18:32
0
雪    币: 96
活跃值: (25)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
5
谢谢半道出家  我这个低级错误 确实能让你们笑话的
2012-5-15 10:18
0
游客
登录 | 注册 方可回帖
返回
//