首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 编程技术
    3. 发新帖
[求助]WIN10蓝屏日志,求大佬帮忙分析下
发表于: 2018-8-31 22:41 3343

[求助]WIN10蓝屏日志,求大佬帮忙分析下

老坛酸菜TM 活跃值
2018-8-31 22:41
3343
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
 or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
 debugger that was not attached when the system was booted. Normal breakpoints,
 "bp", can only be set if the debugger is attached at boot time. Hardware
 breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a39ffde3d5fa2996, Reserved
Arg2: b3b70a6a287be15d, Reserved
Arg3: fffff80205b80000, Failure type dependent information
Arg4: 0000000000000019, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification

Debugging Details:
------------------
BUGCHECK_STR:  0x109

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80282e0c802 to fffff80282d76350

SYMBOL_ON_RAW_STACK:  1

STACK_ADDR_RAW_STACK_SYMBOL: ffffa80b0d176270

STACK_COMMAND:  dds FFFFA80B0D176270-0x20 ; kb

STACK_TEXT:  
ffffa80b`0d176250  4359b040
ffffa80b`0d176254  ffffbe8b
ffffa80b`0d176258  00000000
ffffa80b`0d17625c  00000000
ffffa80b`0d176260  4125d740
ffffa80b`0d176264  ffffbe8b
ffffa80b`0d176268  02466200
ffffa80b`0d17626c  fffff802
ffffa80b`0d176270  820a7180
ffffa80b`0d176274  fffff802
ffffa80b`0d176278  00000000
ffffa80b`0d17627c  00000000
ffffa80b`0d176280  00000000
ffffa80b`0d176284  00000003
ffffa80b`0d176288  00000000
ffffa80b`0d17628c  00000000
ffffa80b`0d176290  00000000
ffffa80b`0d176294  00000000
ffffa80b`0d176298  82e0c8b0
ffffa80b`0d17629c  fffff802
ffffa80b`0d1762a0  0d178000
ffffa80b`0d1762a4  ffffa80b
ffffa80b`0d1762a8  0d171000
ffffa80b`0d1762ac  ffffa80b
ffffa80b`0d1762b0  00000000
ffffa80b`0d1762b4  00000000
ffffa80b`0d1762b8  00000008
ffffa80b`0d1762bc  00000000
ffffa80b`0d1762c0  4346f550
ffffa80b`0d1762c4  ffffbe8b
ffffa80b`0d1762c8  82c62f42
ffffa80b`0d1762cc  fffff802



FOLLOWUP_IP: 
FLTMGR!FltpPassThroughCompletionWorker+200
fffff802`02466200 483bc8          cmp     rcx,rax

SYMBOL_NAME:  FLTMGR!FltpPassThroughCompletionWorker+200

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: FLTMGR

IMAGE_NAME:  FLTMGR.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  7ad26c51

FAILURE_BUCKET_ID:  X64_0x109_FLTMGR!FltpPassThroughCompletionWorker+200

BUCKET_ID:  X64_0x109_FLTMGR!FltpPassThroughCompletionWorker+200

Followup: MachineOwner
---------



备注:
1、只会在WIN10下随机蓝屏(不固定时间),WIN7下没问题
2、当然是加载了我的驱动后才会蓝屏
3、看日志矛头直指 FltpPassThroughCompletionWorker,这个是个啥BJ玩意?


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2018-8-31 22:42 被老坛酸菜TM编辑 ,原因:
收藏
免费 0
支持
分享
最新回复 (4)
jonk
雪    币: 19
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
是显卡的驱动更新出的问题吗?
2018-8-31 23:19
0
cattyabcd
雪    币: 2822
活跃值: (154)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
不懂,有看到个类似的,大佬做下参考看看有没有用。https://bbs.pediy.com/thread-216799.htm
2018-9-1 00:17
0
放学打我不
雪    币: 4006
活跃值: (731)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
私信
4
PatchGuard :Type 19 -> Loaded module list modification -> 隐藏什么了?????
2018-9-1 01:32
0
老坛酸菜TM
雪    币: 42
活跃值: (208)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
放学打我不 PatchGuard :Type 19 -> Loaded module list modification -> 隐藏什么了?????
一针见血
2018-9-1 12:15
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//