Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.120821-1629
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Wed Feb  4 13:01:47.875 2015 (UTC + 8:00)
System Uptime: 0 days 9:30:07.823
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
......................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8053cc71, a89e1c90, 0}

Probably caused by : hardware ( nt!_SEH_epilog+6 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8053cc71, The address that the exception occurred at
Arg3: a89e1c90, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

FAULTING_IP:
nt!_SEH_epilog+6
8053cc71 0000            add     byte ptr [eax],al

TRAP_FRAME:  a89e1c90 -- (.trap 0xffffffffa89e1c90)
ErrCode = 00000002
eax=00000102 ebx=00000102 ecx=ffffffff edx=00000000 esi=a89e1d1c edi=00000102
eip=8053cc71 esp=a89e1d04 ebp=a89e1d50 iopl=0         nv up ei pl nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010203
nt!_SEH_epilog+0x6:
8053cc71 0000            add     byte ptr [eax],al          ds:0023:00000102=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  Tencentdl.exe

MISALIGNED_IP:
nt!_SEH_epilog+6
8053cc71 0000            add     byte ptr [eax],al

LAST_CONTROL_TRANSFER:  from 805426cc to 8053cc71

STACK_TEXT:  
a89e1d50 805426cc 0000023c 00000000 a89e1d1c nt!_SEH_epilog+0x6
a89e1d50 7c92e514 0000023c 00000000 a89e1d1c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
01c6feec 00000000 00000000 00000000 00000000 0x7c92e514

STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!_SEH_epilog+6
8053cc71 0000            add     byte ptr [eax],al

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!_SEH_epilog+6

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  IP_MISALIGNED

BUCKET_ID:  IP_MISALIGNED

Followup: MachineOwner
---------

3: kd> .trap 0xffffffffa89e1c90
ErrCode = 00000002
eax=00000102 ebx=00000102 ecx=ffffffff edx=00000000 esi=a89e1d1c edi=00000102
eip=8053cc71 esp=a89e1d04 ebp=a89e1d50 iopl=0         nv up ei pl nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010203
nt!_SEH_epilog+0x6:
8053cc71 0000            add     byte ptr [eax],al          ds:0023:00000102=??
3: kd> u 8053cc6b
nt!_SEH_epilog:
8053cc6b 8b4df0          mov     ecx,dword ptr [ebp-10h]
8053cc6e 64890d00000000  mov     dword ptr fs:[0],ecx
8053cc75 59              pop     ecx
8053cc76 5f              pop     edi
8053cc77 5e              pop     esi
8053cc78 5b              pop     ebx
8053cc79 c9              leave
8053cc7a 51              push    ecx
很奇葩啊，KiFastCallEntry里面崩了，难道发现新漏洞了？

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

上传的附件：

• DUMP.zip （20.29kb，7次下载）