ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.FAULTING_MODULE: 804d8000 ntDEBUG_FLR_IMAGE_TIMESTAMP: 4b305894EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"FAULTING_IP:
HideDirFile!FilterDispatch+ca [c:\123\hidedirfile.c @ 687]
b86a37da 8b3e mov edi,dword ptr [esi]TRAP_FRAME: b2e9fbc8 -- (.trap 0xffffffffb2e9fbc8)
ErrCode = 00000000
eax=00000008 ebx=88e54008 ecx=00000048 edx=b2e9fc58 esi=6e6549ca edi=6c6c642e
eip=b86a37da esp=b2e9fc3c ebp=b2e9fc7c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
HideDirFile!FilterDispatch+0xca:
b86a37da 8b3e mov edi,dword ptr [esi] ds:0023:6e6549ca=????????
Resetting default scopeCUSTOMER_CRASH_COUNT: 2DEFAULT_BUCKET_ID: DRIVER_FAULTBUGCHECK_STR: 0x8ELAST_CONTROL_TRANSFER: from 804f00b5 to b86a37daSTACK_TEXT:
b2e9fc7c 804f00b5 00000000 00000400 806e5410 HideDirFile!FilterDispatch+0xca [c:\123\hidedirfile.c @ 687]
WARNING: Stack unwind information not available. Following frames may be wrong.
b2e9fca0 8057c7eb 8926b4f8 88e54008 88f1a878 nt+0x180b5
b2e9fd38 8054188c 00000b88 00000000 00000000 nt+0xa47eb
b2e9fd64 7c92e514 badb0d00 01f8e204 00000000 nt+0x6988c
b2e9fd68 badb0d00 01f8e204 00000000 00000000 0x7c92e514
b2e9fd6c 01f8e204 00000000 00000000 00000000 0xbadb0d00
b2e9fd70 00000000 00000000 00000000 00000000 0x1f8e204
STACK_COMMAND: kbFOLLOWUP_IP:
HideDirFile!FilterDispatch+ca [c:\123\hidedirfile.c @ 687]
b86a37da 8b3e mov edi,dword ptr [esi]FAULTING_SOURCE_CODE:
683: }
684:
685: do {
686:
> 687: offset = dirInfo->NextEntryOffset;
688:
689: RtlInitUnicodeString( &ustr1, dirInfo->FileName );
690: ustr1.Length = (USHORT) dirInfo->FileNameLength;
691: RtlInitUnicodeString( &ustr2, L"HYET_0000" );
692: if ((dirInfo->FileNameLength > 0)&&
SYMBOL_STACK_INDEX: 0SYMBOL_NAME: HideDirFile!FilterDispatch+caFOLLOWUP_NAME: MachineOwnerMODULE_NAME: HideDirFileIMAGE_NAME: HideDirFile.sysBUCKET_ID: WRONG_SYMBOLS
是不是说687行那里错误,但是不知道为什么错误???
解决方案 »
- OpenCV 两次缩放与Canny边缘检测,为什么我的原图显示出来是灰色的??
- 如何检查多个线程是否存活还是终止了?
- 请问如果将别人做好的C++类封装成dll文件啊?
- 组Radio钮,如何选中指定钮?
- 怎么在vc里面来定义一个字节对齐
- #define D3DFVF_CUSTOMVERTEX (D3DFVF_XYZ | D3DFVF_DIFFUSE)是什么意思?
- 这个错误怎么办呢?warning LNK4006: _DllMain@12 already defined in Test2.obj; second definition ignored
- 自学VC好困惑的一个问题
- coolarcher (冷箭手.org) 进来拿分了!!!
- 突然拔掉串口后,出现错误
- DDK驱动
- 用VC编个并口通信的程序谁指点一下啊
dirInfo->NextEntryOffset 或者 dirInfo 或者 offset指向了非法地址
--- 可能访问指针等无效,检查一下对应行数附近代码指针等是否正确
return status;
}
HideDirFile!FilterDispatch+ca [c:\123\hidedirfile.c @ 687]
b86a37da 8b3e mov edi,dword ptr [esi]
这里指出了出错的代码。结合错误码,可以知道判断出esi是无效地址。根据上面列出的寄存器的值,esi=6e6549ca,这个值属于用户地址空间,驱动程序使用的地址空间通常是大于0x80000000的。定位到源代码是offset = dirInfo->NextEntryOffset,可以判断出是指针变量dirInfo的值有问题。看一下源代码中dirInfo的值是怎么来的。顺便提一下,驱动可以用WinDbg结合虚拟机双机调试,Dump文件中的信息很有限。
改为
if ((!MmIsAddressValid(dirInfo))||(dirInfo->NextEntryOffset> bufferLength)) { IoCompleteRequest(Irp, IO_NO_INCREMENT);return status;
}
如果需要分派新的内核地址空间进行映射,可以使用MmMapLockedPagesSpecifyCache
nt!DbgBreakPointWithStatus+0x4:
80528bdc cc int 3
kd> g
ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(5). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(6). WStatus = 5
Access violation - code c0000005 (!!! second chance !!!)
HideDirFile!FilterDispatch+0xea:
fa07377a 8b3e mov edi,dword ptr [esi]
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
kd> p
Access violation - code c0000005 (!!! second chance !!!)
HideDirFile!FilterDispatch+0xea:
fa07377a 8b3e mov edi,dword ptr [esi]
这是调试信息!!看不明白,还是说 c0000005
srv*e:\symbs*http://msdl.microsoft.com/download/symbols;C:\123\objfre_wxp_x86\i386
是你的源代码编译出来的pdb文件。那个