-
-
[求助]初学驱动,大家帮我看下这个dump反应出来的一个信息
-
发表于: 2009-9-29 00:43
-
Use !analyze -v to get detailed debugging information.
BugCheck D1, {e49bf000, 2, 0, b176394a}
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
Probably caused by : ntoskrnl.exe ( nt!KiTrap0E+233 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: e49bf000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: b176394a, address which referenced memory
Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
READ_ADDRESS: e49bf000 Paged pool
CURRENT_IRQL: 2
FAULTING_IP:
+365952f0263dfe0
b176394a 0fb711 movzx edx,word ptr [ecx]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: ccSvcHst.exe
TRAP_FRAME: b238dc10 -- (.trap 0xffffffffb238dc10)
ErrCode = 00000000
eax=e49bf000 ebx=00000000 ecx=e49bf000 edx=00000064 esi=00000004 edi=0897d73c
eip=b176394a esp=b238dc84 ebp=b238dc90 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
b176394a 0fb711 movzx edx,word ptr [ecx] ds:0023:e49bf000=????
Resetting default scope
LAST_CONTROL_TRANSFER: from b176394a to 804e287f
STACK_TEXT:
b238dc10 b176394a badb0d00 00000064 00000000 nt!KiTrap0E+0x233
WARNING: Frame IP not in any known module. Following frames may be wrong.
b238dc90 b1763cc9 e49beee0 00000001 b1763a4c 0xb176394a
b238dcb8 805723b8 00001cdc 00000000 82beb040 0xb1763cc9
b238dd48 804df7ec 00001cdc 0897d73c 0897d744 nt!NtQueryVolumeInformationFile+0xc1
b238dd48 7c92eb94 00001cdc 0897d73c 0897d744 nt!KiFastCallEntry+0xf8
0897d74c 00000000 00000000 00000000 00000000 0x7c92eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+233
804e287f f7457000000200 test dword ptr [ebp+70h],20000h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+233
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45e55172
FAILURE_BUCKET_ID: 0xD1_nt!KiTrap0E+233
BUCKET_ID: 0xD1_nt!KiTrap0E+233
Followup: MachineOwner
---------
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
