-
-
360你半个月连蓝2次,你叫我情何以堪
-
发表于:
2012-7-22 14:50
6927
-
其实还是蛮喜欢360的软件的
用户体验蛮好
但是最近半个月连蓝2次,真是让人很烦
上次是公司的win7 64位机器
这次是家里的win7 32位
机子上没什么乱七八糟的驱动,自己从来也没做什么邪恶的事情,
就用qiyi影音看电影在 正是高潮 ,突然一下就给我蓝调了
下面是dump文件信息
0: kd> kv
ChildEBP RetAddr Args to Child
9a5bb9b8 91e9cfd3 badb0d00 00000000 00000000 nt!KiTrap0E+0x2cf (FPO: [0,0] TrapFrame @ 9a5bb9b8)
9a5bbaac 91e962bc 8755dc40 8767f370 9a5bbad4 afd!AfdPoll+0x4ce (FPO: [0,29,0])
9a5bbabc 8407158e 8767f370 86b8e198 86b8e198 afd!AfdDispatchDeviceControl+0x3b (FPO: [2,0,0])
*** WARNING: Unable to verify timestamp for 360AntiHacker.sys
*** ERROR: Module load completed but symbols could not be loaded for 360AntiHacker.sys
9a5bbad4 906e31db 88b705f0 8755db88 00000000 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9a5bbaf4 906e2c02 00000000 86b8e198 8755db88 360AntiHacker+0x21db
9a5bbb08 8407158e 8755db88 86b8e198 86b8e198 360AntiHacker+0x1c02
9a5bbb20 84264a49 88b705f0 86b8e198 86b8e298 nt!IofCallDriver+0x63
9a5bbb40 84267c1b 8755db88 88b705f0 00000000 nt!IopSynchronousServiceTail+0x1f8
9a5bbbdc 842ae4b4 8755db88 86b8e198 00000000 nt!IopXxxControlFile+0x6aa
*** WARNING: Unable to verify timestamp for Hookport.sys
*** ERROR: Module load completed but symbols could not be loaded for Hookport.sys
9a5bbc10 84c95f4f 000004c0 000004d4 00000000 nt!NtDeviceIoControlFile+0x2a
9a5bbd04 8407821a 000004c0 000004d4 00000000 Hookport+0x4f4f
9a5bbd04 775a7094 000004c0 000004d4 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a5bbd34)
0560fa88 00000000 00000000 00000000 00000000 0x775a7094
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 91e9cfd3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 841a3848
Unable to read MiSystemVaType memory at 84182e20
00000004
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdPoll+4ce
91e9cfd3 8b5204 mov edx,dword ptr [edx+4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: KwService.exe
TRAP_FRAME: 9a5bb9b8 -- (.trap 0xffffffff9a5bb9b8)
ErrCode = 00000000
eax=86b2a698 ebx=86960f9c ecx=86960f9c edx=00000000 esi=86746420 edi=86746488
eip=91e9cfd3 esp=9a5bba2c ebp=9a5bbaac iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
afd!AfdPoll+0x4ce:
91e9cfd3 8b5204 mov edx,dword ptr [edx+4] ds:0023:00000004=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 91e9cfd3 to 8407b5fb
STACK_TEXT:
9a5bb9b8 91e9cfd3 badb0d00 00000000 00000000 nt!KiTrap0E+0x2cf
9a5bbaac 91e962bc 8755dc40 8767f370 9a5bbad4 afd!AfdPoll+0x4ce
9a5bbabc 8407158e 8767f370 86b8e198 86b8e198 afd!AfdDispatchDeviceControl+0x3b
9a5bbad4 906e31db 88b705f0 8755db88 00000000 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9a5bbaf4 906e2c02 00000000 86b8e198 8755db88 360AntiHacker+0x21db
9a5bbb08 8407158e 8755db88 86b8e198 86b8e198 360AntiHacker+0x1c02
9a5bbb20 84264a49 88b705f0 86b8e198 86b8e298 nt!IofCallDriver+0x63
9a5bbb40 84267c1b 8755db88 88b705f0 00000000 nt!IopSynchronousServiceTail+0x1f8
9a5bbbdc 842ae4b4 8755db88 86b8e198 00000000 nt!IopXxxControlFile+0x6aa
9a5bbc10 84c95f4f 000004c0 000004d4 00000000 nt!NtDeviceIoControlFile+0x2a
9a5bbd04 8407821a 000004c0 000004d4 00000000 Hookport+0x4f4f
9a5bbd04 775a7094 000004c0 000004d4 00000000 nt!KiFastCallEntry+0x12a
0560fa88 00000000 00000000 00000000 00000000 0x775a7094
STACK_COMMAND: kb
FOLLOWUP_IP:
360AntiHacker+21db
906e31db ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: 360AntiHacker+21db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: 360AntiHacker
IMAGE_NAME: 360AntiHacker.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4fd99d8c
FAILURE_BUCKET_ID: 0xD1_360AntiHacker+21db
BUCKET_ID: 0xD1_360AntiHacker+21db
Followup: MachineOwner
---------
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)