*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 98208713, 99845790, 0}
*** WARNING: Unable to verify timestamp for hookport.sys
*** ERROR: Module load completed but symbols could not be loaded for hookport.sys
Probably caused by : BAPIDRV.SYS ( BAPIDRV+4713 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 98208713, The address that the exception occurred at
Arg3: 99845790, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
BAPIDRV+4713
98208713 8903 mov dword ptr [ebx],eax
TRAP_FRAME: 99845790 -- (.trap 0xffffffff99845790)
ErrCode = 00000003
eax=00000000 ebx=00180016 ecx=9820a52a edx=746c6644 esi=00000000 edi=00000560
eip=98208713 esp=99845804 ebp=99845ad8 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
BAPIDRV+0x4713:
98208713 8903 mov dword ptr [ebx],eax ds:0023:00180016=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: 360Safe.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 982087ae to 98208713
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
99845ad8 982087ae 879ff880 00000008 879ff880 BAPIDRV+0x4713
99845b08 83e4f4ac 85de1ed0 87ab8c28 87ab8c28 BAPIDRV+0x47ae
99845b20 840513be 85e47f18 87ab8c28 87ab8c98 nt!IofCallDriver+0x63
99845b40 8406e1af 85de1ed0 85e47f18 00000000 nt!IopSynchronousServiceTail+0x1f8
99845bdc 8407098a 85de1ed0 87ab8c28 00000000 nt!IopXxxControlFile+0x6aa
99845c10 9821ca41 000009d0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
99845d04 83e5643a 000009d0 00000000 00000000 hookport+0x4a41
99845d04 773c6344 000009d0 00000000 00000000 nt!KiFastCallEntry+0x12a
0012de70 00000000 00000000 00000000 00000000 0x773c6344
STACK_COMMAND: kb
FOLLOWUP_IP:
BAPIDRV+4713
98208713 8903 mov dword ptr [ebx],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: BAPIDRV+4713
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BAPIDRV
IMAGE_NAME: BAPIDRV.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4d7f47e1
FAILURE_BUCKET_ID: 0x8E_BAPIDRV+4713
BUCKET_ID: 0x8E_BAPIDRV+4713
Followup: MachineOwner
---------
1: kd> .process
Implicit process is now 8799dc20
1: kd> db 8799dc20
8799dc20 03 00 26 00 00 00 00 00-28 dc 99 87 28 dc 99 87 ..&.....(...(...
8799dc30 30 dc 99 87 30 dc 99 87-60 74 62 7e 00 00 00 00 0...0...`tb~....
8799dc40 00 00 00 00 00 00 00 00-00 00 00 00 c0 1c c6 87 ................
8799dc50 28 8f 09 86 00 00 00 00-01 00 01 00 00 00 00 00 (...............
8799dc60 03 00 00 00 64 dc 99 87-64 dc 99 87 00 00 00 00 ....d...d.......
8799dc70 01 00 01 00 00 00 00 00-02 00 00 00 08 00 00 00 ................
8799dc80 08 12 00 00 01 00 00 00-00 00 00 00 72 00 ac 20 ............r..
8799dc90 00 00 00 00 a0 00 00 00-00 00 00 00 00 00 00 00 ................
1: kd> d
8799dca0 42 d8 f7 10 00 00 00 00-06 00 00 00 02 00 00 00 B...............
8799dcb0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8799dcc0 0f e4 ee 9f 12 36 cc 01-00 00 00 00 00 00 00 00 .....6..........
8799dcd0 00 00 00 00 ec 0a 00 00-38 04 0a 86 e8 c0 e0 85 ........8.......
8799dce0 20 71 00 00 04 ff 03 00-cc 79 00 00 0c 52 04 00 q.......y...R..
8799dcf0 f9 2c 00 00 00 56 91 87-00 00 00 00 00 90 57 0e .,...V........W.
8799dd00 00 50 05 0e 10 80 27 8d-14 c1 e0 85 00 00 00 00 .P....'.........
8799dd10 78 f3 9c 87 08 43 7b 9c-5d a9 75 9c b6 df 04 00 x....C{.].u.....
1: kd> d
8799dd20 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8799dd30 00 00 00 00 00 00 00 00-26 2b 00 00 00 00 00 00 ........&+......
8799dd40 08 e0 44 fe b0 cc b6 87-f0 b3 d1 9d 00 00 40 00 ..D...........@.
8799dd50 20 59 90 2a 00 00 00 00-00 00 00 00 2c 00 00 00 Y.*........,...
8799dd60 04 08 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8799dd70 b8 ec 04 95 00 00 00 00-00 f0 f9 7f 00 00 00 00 ................
8799dd80 00 00 00 00 00 00 00 00-00 80 27 8d 33 36 30 53 ..........'.360S
8799dd90 61 66 65 2e 65 78 65 00-00 00 00 02 c8 cc b6 87 afe.exe.........
1: kd> kb
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
99845ad8 982087ae 879ff880 00000008 879ff880 BAPIDRV+0x4713
99845b08 83e4f4ac 85de1ed0 87ab8c28 87ab8c28 BAPIDRV+0x47ae
99845b20 840513be 85e47f18 87ab8c28 87ab8c98 nt!IofCallDriver+0x63
99845b40 8406e1af 85de1ed0 85e47f18 00000000 nt!IopSynchronousServiceTail+0x1f8
99845bdc 8407098a 85de1ed0 87ab8c28 00000000 nt!IopXxxControlFile+0x6aa
99845c10 9821ca41 000009d0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
99845d04 83e5643a 000009d0 00000000 00000000 hookport+0x4a41
99845d04 773c6344 000009d0 00000000 00000000 nt!KiFastCallEntry+0x12a
0012de70 00000000 00000000 00000000 00000000 0x773c6344
应该是 BAPIDRV.SYS的 崩溃,所在进程是 360safe.exe 可能是栈上数据被破坏了。感觉比较诡异,不知是否能再现? |
发表于 2011-6-29 17:54:54
楼主
