沙箱蓝屏

jefffire

在沙箱里运行一个软件，结果蓝屏了

星空下的吻

确实是由qutmdrv.sys这个驱动引发的蓝屏,至于原因是内核未被允许或未成功的捕获驱动发生的中断;
详细原因静待高手

郑伟用户

星空下的吻 发表于 2011-8-27 17:29
确实是由qutmdrv.sys这个驱动引发的蓝屏,至于原因是内核未被允许或未成功的捕获驱动发生的中断;
详细原因静 ...

qutmdrv.sys这个驱动在我体验360卫士过程中也蓝过几次，dump交给那个360的二飞，他说是毒霸引起的

dyhua

郑伟用户 发表于 2011-8-27 17:41
qutmdrv.sys这个驱动在我体验360卫士过程中也蓝过几次，dump交给那个360的二飞，他说是毒霸引起的

也有可能是这个驱动哦那个和毒霸度的驱动冲突
LZ的情况可能和你不一样

hjitss

1. 
   
2. Microsoft (R) Windows Debugger Version 6.1.7600.16385 X86
   
3. Copyright (c) Microsoft Corporation. All rights reserved.
   
4. 
   
5. 
   
6. Loading Dump File [E:\360data\重要数据\桌面\082711-17628-01.dmp]
   
7. Mini Kernel Dump File: Only registers and stack trace are available
   
8. 
   
9. Symbol search path is: *** Invalid ***
   
10. ****************************************************************************
    
11. * Symbol loading may be unreliable without a symbol search path.           *
    
12. * Use .symfix to have the debugger choose a symbol path.                   *
    
13. * After setting your symbol path, use .reload to refresh symbol locations. *
    
14. ****************************************************************************
    
15. Executable search path is:
    
16. *********************************************************************
    
17. * Symbols can not be loaded because symbol path is not initialized. *
    
18. *                                                                   *
    
19. * The Symbol Path can be set by:                                    *
    
20. *   using the _NT_SYMBOL_PATH environment variable.                 *
    
21. *   using the -y <symbol_path> argument when starting the debugger. *
    
22. *   using .sympath and .sympath+                                    *
    
23. *********************************************************************
    
24. Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    
25. *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    
26. *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    
27. Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    
28. Product: WinNt, suite: TerminalServer SingleUserTS
    
29. Built by: 7600.16841.x86fre.win7_gdr.110622-1503
    
30. Machine Name:
    
31. Kernel base = 0x84042000 PsLoadedModuleList = 0x8418a830
    
32. Debug session time: Sat Aug 27 16:21:00.713 2011 (UTC + 8:00)
    
33. System Uptime: 0 days 6:51:30.601
    
34. *********************************************************************
    
35. * Symbols can not be loaded because symbol path is not initialized. *
    
36. *                                                                   *
    
37. * The Symbol Path can be set by:                                    *
    
38. *   using the _NT_SYMBOL_PATH environment variable.                 *
    
39. *   using the -y <symbol_path> argument when starting the debugger. *
    
40. *   using .sympath and .sympath+                                    *
    
41. *********************************************************************
    
42. Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    
43. *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    
44. *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    
45. Loading Kernel Symbols
    
46. ...............................................................
    
47. ................................................................
    
48. .................................
    
49. Loading User Symbols
    
50. Loading unloaded module list
    
51. .......................
    
52. The call to LoadLibrary(ext) failed, Win32 error 0n2
    
53.     "系统找不到指定的文件。"
    
54. Please check your debugger configuration and/or network access.
    
55. The call to LoadLibrary(exts) failed, Win32 error 0n2
    
56.     "系统找不到指定的文件。"
    
57. Please check your debugger configuration and/or network access.
    
58. The call to LoadLibrary(kext) failed, Win32 error 0n2
    
59.     "系统找不到指定的文件。"
    
60. Please check your debugger configuration and/or network access.
    
61. The call to LoadLibrary(kdexts) failed, Win32 error 0n2
    
62.     "系统找不到指定的文件。"
    
63. Please check your debugger configuration and/or network access.
    
64. The call to LoadLibrary(ext) failed, Win32 error 0n2
    
65.     "系统找不到指定的文件。"
    
66. Please check your debugger configuration and/or network access.
    
67. The call to LoadLibrary(exts) failed, Win32 error 0n2
    
68.     "系统找不到指定的文件。"
    
69. Please check your debugger configuration and/or network access.
    
70. The call to LoadLibrary(kext) failed, Win32 error 0n2
    
71.     "系统找不到指定的文件。"
    
72. Please check your debugger configuration and/or network access.
    
73. The call to LoadLibrary(kdexts) failed, Win32 error 0n2
    
74.     "系统找不到指定的文件。"
    
75. Please check your debugger configuration and/or network access.
    
76. *******************************************************************************
    
77. *                                                                             *
    
78. *                        Bugcheck Analysis                                    *
    
79. *                                                                             *
    
80. *******************************************************************************
    
81. Bugcheck code 1000007F
    
82. Arguments 00000008 801e7000 00000000 00000000
    
83. 
    
84. *** WARNING: Unable to verify timestamp for halmacpi.dll
    
85. *** ERROR: Module load completed but symbols could not be loaded for halmacpi.dll
    
86. ChildEBP RetAddr  Args to Child              
    
87. WARNING: Stack unwind information not available. Following frames may be wrong.
    
88. 8f19c010 84010ba0 84175248 00000000 8f19c05c hal+0x5968
    
89. 8f19c020 840d7033 87955958 00000000 00000000 hal+0x5ba0
    
90. 8f19c05c 840d2251 9ca7a000 00000000 a445107b nt+0x95033
    
91. *** WARNING: Unable to verify timestamp for Ntfs.sys
    
92. *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
    
93. 8f19c0c8 8c847337 8c847224 8f19c0f0 00000000 nt+0x90251
    
94. 8f19c100 8c8c6e8f cd954370 8ac00b68 8f19c158 Ntfs+0x19337
    
95. 8f19c1fc 8407e4bc 88a40020 8ac00b68 8ac00b68 Ntfs+0x98e8f
    
96. *** WARNING: Unable to verify timestamp for fltmgr.sys
    
97. *** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
    
98. 8f19c214 847ae20c 8ac00b68 00000000 8ac00d64 nt+0x3c4bc
    
99. 8f19c238 847c18c9 8f19c258 88a3b170 00000000 fltmgr+0x620c
    
100. 8f19c284 8407e4bc 88a3b170 88a3f6a8 8ac00d64 fltmgr+0x198c9
     
101. *** WARNING: Unable to verify timestamp for qutmdrv.sys
     
102. *** ERROR: Module load completed but symbols could not be loaded for qutmdrv.sys
     
103. 8f19c29c 9707b90d 00000000 88658530 87347008 nt+0x3c4bc
     
104. 8f19c318 8407e4bc 88658530 8ac00b68 8ac00b68 qutmdrv+0xc90d
     
105. 8f19c330 847ae20c 8ac00b68 00000000 8ac00d88 nt+0x3c4bc
     
106. 8f19c354 847c18c9 8f19c374 886012b0 00000000 fltmgr+0x620c
     
107. 8f19c3a0 8407e4bc 886012b0 885ae5b0 c97a546c fltmgr+0x198c9
     
108. 8f19c3b8 84282b8d a4451423 8f19c560 00000000 nt+0x3c4bc
     
109. 8f19c490 842635f3 87b96b18 86df2440 c5cbad20 nt+0x240b8d
     
110. 8f19c50c 842897b9 00000000 8f19c560 00000240 nt+0x2215f3
     
111. 8f19c56c 84281b0b 8f19c764 86df2440 080d0d00 nt+0x2477b9
     
112. 8f19c5e8 842b9308 8f19c794 00100000 8f19c764 nt+0x23fb0b
     
113. 8f19c644 847c3b62 8f19c794 00100000 8f19c764 nt+0x277308
     
114. 
     

复制代码

hjitss

code]101.*** ERROR: Module load completed but symbols could not be loaded for qutmdrv.sys
[/code]这一行...

1. qutmdrv.sys

复制代码

[

sevenday

等科普

星空下的吻

郑伟用户 发表于 2011-8-27 17:41
qutmdrv.sys这个驱动在我体验360卫士过程中也蓝过几次，dump交给那个360的二飞，他说是毒霸引起的

和毒霸有隐性冲突;360只要不和其他安全软件一起安装,驱动稳定性绝对是一流的

-oAo-

呵呵恐怖

FOXFFF

学习学习。。。