*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {ff974cb0, 0, 80461e23, 0}
*** ERROR: Module load completed but symbols could not be loaded for Dbgv.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
*** WARNING: Unable to verify checksum for irp4exe.exe
*** ERROR: Module load completed but symbols could not be loaded for irp4exe.exe
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
Probably caused by : Dbgv.sys ( Dbgv+992 )
Followup: MachineOwner
---------
nt!RtlpBreakWithStatusInstruction:
80455558 cc              int     3
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff974cb0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80461e23, If non-zero, the instruction address which referenced the bad memory
 address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
READ_ADDRESS:  ff974cb0 Nonpaged pool
FAULTING_IP: 
nt!_output+434
80461e23 66833800        cmp     word ptr [eax],0
MM_INTERNAL_CODE:  0
DEFAULT_BUCKET_ID:  DRIVER_FAULT
BUGCHECK_STR:  0x50
PROCESS_NAME:  irp4exe.exe
TRAP_FRAME:  be1204d4 -- (.trap 0xffffffffbe1204d4)
ErrCode = 00000000
eax=ff974cb0 ebx=80064b53 ecx=ff974cb0 edx=7fffffff esi=7ffffffe edi=00000001
eip=80461e23 esp=be120548 ebp=be12079c iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!_output+0x434:
[COLOR=red]80461e23 66833800        cmp     word ptr [eax],0         ds:0023:ff974cb0=????[/COLOR]
Resetting default scope
LAST_CONTROL_TRANSFER:  from 8042a9eb to 80455558
STACK_TEXT:  
be1200b8 8042a9eb 00000003 be120100 ff974cb0 nt!RtlpBreakWithStatusInstruction
be1200e8 8042afde 00000003 c03fe5d0 80064b7c nt!KiBugCheckDebugBreak+0x31
be120474 80449d19 00000001 ff974cb0 00000000 nt!KeBugCheckEx+0x390
be1204bc 80467cbf 00000000 ff974cb0 00000000 nt!MmAccessFault+0x757
be1204bc 80461e23 00000000 ff974cb0 00000000 nt!KiTrap0E+0xc3
be12079c 80461626 be1207b4 f41a69de be120b00 nt!_output+0x434
be1207d4 be0e9992 be1207ec f41a69d0 be120afc nt!vsprintf+0x2d
WARNING: Stack unwind information not available. Following frames may be wrong.
be120af0 f41a6acd f41a69d0 ff974cb0 ff974cb0 Dbgv+0x992
be120bb8 8041ddf1 814ef030 815bef68 815bef68 irp4!MyDeviceIoControl+0xdd [e:\mydriver\irp\4\sys\irp4.c @ 172]
be120bcc 804ae9bc 815befd8 00000000 815bef68 nt!IopfCallDriver+0x35
be120be0 804af826 814ef030 815bef68 812e76e8 nt!IopSynchronousServiceTail+0x60
be120cb8 804a73ae 000003d4 00000000 00000000 nt!IopXxxControlFile+0x5e4
be120cec be6580ce 000003d4 00000000 00000000 nt!NtDeviceIoControlFile+0x28
be120d34 80465024 000003d4 00000000 00000000 klif+0x100ce
be120d34 77f88403 000003d4 00000000 00000000 nt!KiSystemService+0xc4
0012feb8 77e6951b 000003d4 00000000 00000000 ntdll!ZwDeviceIoControlFile+0xb
0012ff1c 00401072 000003d4 00222400 00000000 KERNEL32!DeviceIoControl+0xf8
0012ffc0 77e889d5 00000006 00000008 7ffdf000 irp4exe+0x1072
0012fff0 00000000 00401181 00000000 000000c8 KERNEL32!BaseProcessStart+0x3d

STACK_COMMAND:  kb
FOLLOWUP_IP: 
Dbgv+992
be0e9992 83c40c          add     esp,0Ch
SYMBOL_STACK_INDEX:  7
SYMBOL_NAME:  Dbgv+992
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: Dbgv
IMAGE_NAME:  Dbgv.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  4436c4b6
FAILURE_BUCKET_ID:  0x50_Dbgv+992
BUCKET_ID:  0x50_Dbgv+992
Followup: MachineOwner
---------

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法