BSOD
两个。。。即使选择开机不启动S3,但是开机后稍微等一下仍然会蓝屏OS
[[i] 本帖最后由 1x2l 于 2008-4-28 22:00 编辑 [/i]] 看来要等过节后才能出稳定版了! Loading Dump File [C:\Documents and Settings\microran\桌面\Mini042808-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: c:\windows\symbols;srv*e:\symbolscache*[url=http://msdl.microsoft.com/download/symbols]http://msdl.microsoft.com/download/symbols[/url]
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x805543a0
Debug session time: Mon Apr 28 18:22:47.218 2008 (GMT+8)
System Uptime: 0 days 0:01:43.906
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 817ca0c0, 817ca0d0, a020001}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
kd> .reload
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................
Loading User Symbols
Loading unloaded module list
.........
kd> .reload
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................
Loading User Symbols
Loading unloaded module list
.........
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 817ca0c0, The pool entry we were looking for within the page.
Arg3: 817ca0d0, The next pool entry.
Arg4: 0a020001, (reserved)
Debugging Details:
------------------
*
FAULTING_MODULE: 804d8000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48155003
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
817ca0c0
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 80544e86 to 804f9aef
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f9e53560 80544e86 00000019 00000020 817ca0c0 nt+0x21aef
f9e535b0 80545277 817ca0c8 00000000 00000030 nt+0x6ce86
f9e535c0 f818ef6a 817ca0c8 00000002 00000000 nt+0x6d277
f9e535dc f818fa2f 00000000 f81ab614 f9e53d5c ncfilemon!clear_flt_chain+0x8e [e:\netchina\ncfilemon-2008-3-18\tdi_filter.c @ 4894]
f9e53d34 f8190763 00000000 813d4358 00000000 ncfilemon!tdi_filter_reload+0x231 [e:\netchina\ncfilemon-2008-3-18\tdi_filter.c @ 1615]
f9e53dac 805c5cce 00000000 00000000 00000000 ncfilemon!tdi_reload_thread+0xfd [e:\netchina\ncfilemon-2008-3-18\tdi_filter.c @ 1466]
f9e53ddc 805421c2 f8190666 00000000 00000000 nt+0xedcce
00000000 00000000 00000000 00000000 00000000 nt+0x6a1c2
STACK_COMMAND: kb
FOLLOWUP_IP:
ncfilemon!clear_flt_chain+8e [e:\netchina\ncfilemon-2008-3-18\tdi_filter.c @ 4894]
f818ef6a 897e0c mov dword ptr [esi+0Ch],edi
FAULTING_SOURCE_CODE:
4890: if(rule->driver_load_rule.szDriverServiceKeyName_rule)
4891: {
4892:
4893: free_np(rule->driver_load_rule.szDriverServiceKeyName_rule) ;
> 4894: rule->driver_load_rule.szDriverServiceKeyName_rule= NULL;
4895: }
4896:
4897: break;
4898:
4899:
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: ncfilemon!clear_flt_chain+8e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ncfilemon
IMAGE_NAME: ncfilemon.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
[[i] 本帖最后由 中网S3 于 2008-4-29 09:01 编辑 [/i]] 最近遇到的所有蓝屏都是这个原因,包括我的电脑也遇到了多次。猜测原因是内存读写越界造成的,就是说分配10个字节,写入了11个字节的内容。以致于破坏了内存池的头 在内核中下钩子是要求作者有很好的技术,尤其是下很底层的钩子更是决定于设计者的技术水平,恩,还是要关注那些正在雏形中或是未公开的技术,当一个新的RK蔓延的时候才是检验HIPS实力的时候,而且HIPS与ARK的结合是必然的,拦截RK的同时具备清除RK的能力,反正慢慢做吧,先解决蓝屏死机的问题吧^_^
页:
[1]