这两天修改了驱动的代码 增加了几把锁和如下的函数
KeInitializeSpinLock(&);
ExInitializeResourceLite(&);
InitializeListHead(&);
KeEnterCriticalRegion();
KeLeaveCriticalRegion();
ExAllocateFromNPagedLookasideList();
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExInterlockedInsertHeadList
本来是想着优化一下 规范下代码 结果直接规范成随机性蓝屏了
下面这个蓝屏 跑着不一定什么时候出来 有可能五分钟有可能大半天
每把锁我都是释放了 检查了一整天因为我用的就2处 其他都用的资源锁并不提升irql
这个4A异常 我看了 如果是进入驱动 DriverIrpCtl 返回的时候irql != 0 便会出现这个异常
但是我看了我也没有这些代码会在 IrpCtl结束的时候调整irql,
大概可以确认不是主动的设置irql导致的,并且蓝屏的时候我感觉我的驱动是没有被通讯的状态
KeSetEvent 会修改irql 我也没有相关调用
模糊感觉是 申请的内存那个地方修改越界了 导致其他地方被破坏引起的,
哪位能指定一下经验使我快速找到原因呢
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 00007ffeb35ed1a4, Address of system function (system call routine) 这个是ZwDeviceIoControlFile 函数返回的地址
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: ffff800bebb4fa80, 0
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2093
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8431
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 8498
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Bugcheck.Code.DumpHeader
Value: 0x4a
Key : Bugcheck.Code.Register
Value: 0x4a
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
FILE_IN_CAB: 010323-70281-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 4a
BUGCHECK_P1: 7ffeb35ed1a4
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: ffff800bebb4fa80
CUSTOMER_CRASH_COUNT: 1
STACK_TEXT:
ffff800b`ebb4f848 fffff804`6560d329 : 00000000`0000004a 00007ffe`b35ed1a4 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff800b`ebb4f850 fffff804`6560d1df : ffff800b`ebb4fa80 fffff804`6588d685 00000000`00000028 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff800b`ebb4f990 00007ffe`b35ed1a4 : 00007ffe`63cd5375 00000000`000002f5 00000000`00000001 00000000`004c0000 : nt!KiSystemServiceExitPico+0x334
00000000`0521f758 00007ffe`63cd5375 : 00000000`000002f5 00000000`00000001 00000000`004c0000 00007ff7`12960000 : 0x00007ffe`b35ed1a4
00000000`0521f760 00000000`000002f5 : 00000000`00000001 00000000`004c0000 00007ff7`12960000 00000000`0521f7f0 : 0x00007ffe`63cd5375
00000000`0521f768 00000000`00000001 : 00000000`004c0000 00007ff7`12960000 00000000`0521f7f0 00007ffe`80001ddc : 0x2f5
00000000`0521f770 00000000`004c0000 : 00007ff7`12960000 00000000`0521f7f0 00007ffe`80001ddc 00000000`0521f7b0 : 0x1
00000000`0521f778 00007ff7`12960000 : 00000000`0521f7f0 00007ffe`80001ddc 00000000`0521f7b0 00007ffe`00000028 : 0x4c0000
00000000`0521f780 00000000`0521f7f0 : 00007ffe`80001ddc 00000000`0521f7b0 00007ffe`00000028 00000000`07447040 : 0x00007ff7`12960000
00000000`0521f788 00007ffe`80001ddc : 00000000`0521f7b0 00007ffe`00000028 00000000`07447040 00000000`00010000 : 0x521f7f0
00000000`0521f790 00000000`0521f7b0 : 00007ffe`00000028 00000000`07447040 00000000`00010000 28fc7b10`38282c29 : 0x00007ffe`80001ddc
00000000`0521f798 00007ffe`00000028 : 00000000`07447040 00000000`00010000 28fc7b10`38282c29 28282828`28286db8 : 0x521f7b0
00000000`0521f7a0 00000000`07447040 : 00000000`00010000 28fc7b10`38282c29 28282828`28286db8 28282828`28282828 : 0x00007ffe`00000028
00000000`0521f7a8 00000000`00010000 : 28fc7b10`38282c29 28282828`28286db8 28282828`28282828 28282828`28286ca0 : 0x7447040
00000000`0521f7b0 28fc7b10`38282c29 : 28282828`28286db8 28282828`28282828 28282828`28286ca0 2828c7d6`6afa2828 : 0x10000
00000000`0521f7b8 28282828`28286db8 : 28282828`28282828 28282828`28286ca0 2828c7d6`6afa2828 00000000`0521f860 : 0x28fc7b10`38282c29
00000000`0521f7c0 28282828`28282828 : 28282828`28286ca0 2828c7d6`6afa2828 00000000`0521f860 00000000`80002008 : 0x28282828`28286db8
00000000`0521f7c8 28282828`28286ca0 : 2828c7d6`6afa2828 00000000`0521f860 00000000`80002008 00000000`0521f8b0 : 0x28282828`28282828
00000000`0521f7d0 2828c7d6`6afa2828 : 00000000`0521f860 00000000`80002008 00000000`0521f8b0 00000000`0521f860 : 0x28282828`28286ca0
00000000`0521f7d8 00000000`0521f860 : 00000000`80002008 00000000`0521f8b0 00000000`0521f860 00007ffe`63d9667e : 0x2828c7d6`6afa2828
00000000`0521f7e0 00000000`80002008 : 00000000`0521f8b0 00000000`0521f860 00007ffe`63d9667e 00a69ac1`80002008 : 0x521f860
00000000`0521f7e8 00000000`0521f8b0 : 00000000`0521f860 00007ffe`63d9667e 00a69ac1`80002008 00000000`00002a84 : 0x80002008
00000000`0521f7f0 00000000`0521f860 : 00007ffe`63d9667e 00a69ac1`80002008 00000000`00002a84 00000000`00000000 : 0x521f8b0
00000000`0521f7f8 00007ffe`63d9667e : 00a69ac1`80002008 00000000`00002a84 00000000`00000000 00000000`0521f879 : 0x521f860
00000000`0521f800 00a69ac1`80002008 : 00000000`00002a84 00000000`00000000 00000000`0521f879 00000000`80004005 : 0x00007ffe`63d9667e
00000000`0521f808 00000000`00002a84 : 00000000`00000000 00000000`0521f879 00000000`80004005 00007f9b`263e1e36 : 0x00a69ac1`80002008
00000000`0521f810 00000000`00000000 : 00000000`0521f879 00000000`80004005 00007f9b`263e1e36 00007ff7`12960000 : 0x2a84
SYMBOL_NAME: nt!KiSystemServiceExitPico+334
MODULE_NAME: ntIMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.2364
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 334
FAILURE_BUCKET_ID: RAISED_IRQL_FAULT_nt!KiSystemServiceExitPico
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {653cf9d1-8739-775d-36e8-63e808ea4aa5}
Followup: MachineOwner
---------
莫非是 ExInterlockedInsertHeadList 和 KeAcquireSpinLockRaiseToDpc 不能用同一把锁的问题?
有一点奇怪的是如果我选择自动存储dump而不是小内存 蓝屏处理的dump将会是全部分页错误 然后无法加载
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
