*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {ff974cb0, 0, 80461e23, 0}
*** ERROR: Module load completed but symbols could not be loaded for Dbgv.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
*** WARNING: Unable to verify checksum for irp4exe.exe
*** ERROR: Module load completed but symbols could not be loaded for irp4exe.exe
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
Probably caused by : Dbgv.sys ( Dbgv+992 )
Followup: MachineOwner
---------
nt!RtlpBreakWithStatusInstruction:
80455558 cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ff974cb0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80461e23, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
READ_ADDRESS: ff974cb0 Nonpaged pool
FAULTING_IP:
nt!_output+434
80461e23 66833800 cmp word ptr [eax],0
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: irp4exe.exe
TRAP_FRAME: be1204d4 -- (.trap 0xffffffffbe1204d4)
ErrCode = 00000000
eax=ff974cb0 ebx=80064b53 ecx=ff974cb0 edx=7fffffff esi=7ffffffe edi=00000001
eip=80461e23 esp=be120548 ebp=be12079c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!_output+0x434:
[COLOR=red]80461e23 66833800 cmp word ptr [eax],0 ds:0023:ff974cb0=????[/COLOR]
Resetting default scope
LAST_CONTROL_TRANSFER: from 8042a9eb to 80455558
STACK_TEXT:
be1200b8 8042a9eb 00000003 be120100 ff974cb0 nt!RtlpBreakWithStatusInstruction
be1200e8 8042afde 00000003 c03fe5d0 80064b7c nt!KiBugCheckDebugBreak+0x31
be120474 80449d19 00000001 ff974cb0 00000000 nt!KeBugCheckEx+0x390
be1204bc 80467cbf 00000000 ff974cb0 00000000 nt!MmAccessFault+0x757
be1204bc 80461e23 00000000 ff974cb0 00000000 nt!KiTrap0E+0xc3
be12079c 80461626 be1207b4 f41a69de be120b00 nt!_output+0x434
be1207d4 be0e9992 be1207ec f41a69d0 be120afc nt!vsprintf+0x2d
WARNING: Stack unwind information not available. Following frames may be wrong.
be120af0 f41a6acd f41a69d0 ff974cb0 ff974cb0 Dbgv+0x992
be120bb8 8041ddf1 814ef030 815bef68 815bef68 irp4!MyDeviceIoControl+0xdd [e:\mydriver\irp\4\sys\irp4.c @ 172]
be120bcc 804ae9bc 815befd8 00000000 815bef68 nt!IopfCallDriver+0x35
be120be0 804af826 814ef030 815bef68 812e76e8 nt!IopSynchronousServiceTail+0x60
be120cb8 804a73ae 000003d4 00000000 00000000 nt!IopXxxControlFile+0x5e4
be120cec be6580ce 000003d4 00000000 00000000 nt!NtDeviceIoControlFile+0x28
be120d34 80465024 000003d4 00000000 00000000 klif+0x100ce
be120d34 77f88403 000003d4 00000000 00000000 nt!KiSystemService+0xc4
0012feb8 77e6951b 000003d4 00000000 00000000 ntdll!ZwDeviceIoControlFile+0xb
0012ff1c 00401072 000003d4 00222400 00000000 KERNEL32!DeviceIoControl+0xf8
0012ffc0 77e889d5 00000006 00000008 7ffdf000 irp4exe+0x1072
0012fff0 00000000 00401181 00000000 000000c8 KERNEL32!BaseProcessStart+0x3d
STACK_COMMAND: kb
FOLLOWUP_IP:
Dbgv+992
be0e9992 83c40c add esp,0Ch
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: Dbgv+992
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Dbgv
IMAGE_NAME: Dbgv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4436c4b6
FAILURE_BUCKET_ID: 0x50_Dbgv+992
BUCKET_ID: 0x50_Dbgv+992
Followup: MachineOwner
---------
Windows XP and later versions of Windows provide optimized versions of the sequenced singly-linked list functions that are not available in Windows 2000. If your driver uses these functions and also must run with Windows 2000, the driver must define the _WIN2K_COMPAT_SLIST_USAGE flag, as follows:
#define _WIN2K_COMPAT_SLIST_USAGE
For x86-based processors, this flag causes the compiler to use versions of the sequenced singly-linked list functions that are compatible with Windows 2000.
抓狂,还是分析不出来。
