12
返回列表 发新帖
楼主: 沧桑浪子
收起左侧

[求助] 快看,快看,电脑蓝了,电脑蓝了,

[复制链接]
wowocock
发表于 2014-8-1 12:04:28 | 显示全部楼层
应该是要释放的指针出问题了,要释放的内存是0x8939e000,正好位于页边界,再往上就是无效数据,一般来说分配的内存指针前都有POOL HEADER的结构,释放的时候会检测头结构标志来检测是否被破坏,但这里的头结构地址显然无效所致。
唯一的解释就是释放的指针被人改过了,导致出了问题,RtkHDAud的可能比较大,建议升级下这个2013年的老驱动看看。
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_MMPOOL (d0)
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80549fbc, address which referenced memory
        An attempt was made to access a pageable (or completely invalid) address at an
        interrupt request level (IRQL) that is too high.  This is
        caused by drivers that have corrupted the system pool.  Run the driver
        verifier against any new (or suspect) drivers, and if that doesn't turn up
        the culprit, then use gflags to enable special pool.  You can also set
        HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ProtectNonPagedPool
        to a DWORD 1 value and reboot.  Then the system will unmap freed nonpaged pool,
        preventing drivers (although not DMA-hardware) from corrupting the pool.

Debugging Details:
------------------


READ_ADDRESS:  00000008

CURRENT_IRQL:  2

FAULTING_IP:
nt!MiFreePoolPages+41a
80549fbc 8b4608          mov     eax,dword ptr [esi+8]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD0

PROCESS_NAME:  System

TRAP_FRAME:  a45ea640 -- (.trap 0xffffffffa45ea640)
ErrCode = 00000000
eax=8939e000 ebx=03ffffff ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=80549fbc esp=a45ea6b4 ebp=a45ea6d8 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
nt!MiFreePoolPages+0x41a:
80549fbc 8b4608          mov     eax,dword ptr [esi+8] ds:0023:00000008=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 80549fbc to 8054580c

STACK_TEXT:  
a45ea640 80549fbc badb0d00 00000000 89619000 nt!KiTrap0E+0x180
a45ea6d8 8054c49a 8939e000 89727570 89727470 nt!MiFreePoolPages+0x41a
a45ea718 8054c95f 8939e000 00000000 a45ea750 nt!ExFreePoolWithTag+0x1ba
a45ea728 aecb2a55 8939e000 89727474 89727470 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
a45ea750 af151a81 89727478 a45ea770 aecbd745 RtkHDAud+0x1aa55
a45ea75c aecbd745 00000001 898b80f4 898b8008 RtkHDAud+0x4b9a81
a45ea770 aec9e631 89727474 a45ea79c aec37f01 RtkHDAud+0x25745
a45ea77c aec37f01 89727470 898b801c 898b8008 RtkHDAud+0x6631
a45ea790 aec22ec7 898b8020 a45ea7b0 aec1bfba portcls!CPortPinWaveCyclic::~CPortPinWaveCyclic+0x7a
a45ea79c aec1bfba 00000001 8ab1e0e8 898321e8 portcls!CPortPinWaveCyclic::`vector deleting destructor'+0xd
a45ea7b0 aec21fae 898b801c a45ea7d4 aec2c2ae portcls!CUnknown::NonDelegatingRelease+0x24
a45ea7bc aec2c2ae 898b8008 8ab1e030 89705a18 portcls!CPortPinWaveCyclic::Release+0x11
a45ea7d4 b59dc10c 8997a2d8 89705a18 a45ea7fc portcls!DispatchClose+0x44
a45ea7e4 aec2b8c0 8ab1e030 89705a18 89705a28 ks!KsDispatchIrp+0x71
a45ea7fc aec2b881 8ab1e030 89705a18 a45ea820 portcls!KsoDispatchIrp+0x43
a45ea80c af0d9225 8ab1e030 89705a18 8ad254f8 portcls!PcDispatchIrp+0x5f
a45ea820 804f01f9 8ab1e030 89705a18 89705a18 RtkHDAud+0x441225
a45ea830 80584b30 89cf0b78 00000000 00000000 nt!IopfCallDriver+0x31
a45ea868 805bc4de 00cf0b90 00000000 89cf0b78 nt!IopDeleteFile+0x132
a45ea884 805277e2 89cf0b90 00000000 000001d4 nt!ObpRemoveObjectRoutine+0xe0
a45ea89c 805bd3b3 89882768 e1002e00 898e6020 nt!ObfDereferenceObject+0x4c
a45ea8b4 805bd449 e1002e00 89cf0b90 000001d4 nt!ObpCloseHandleTableEntry+0x155
a45ea8fc 805bd581 000001d4 00000000 00000000 nt!ObpCloseHandle+0x87
a45ea910 805427e8 800001d4 a45ea9a4 80500f8d nt!NtClose+0x1d
a45ea910 80500f8d 800001d4 a45ea9a4 80500f8d nt!KiSystemServicePostCall
a45ea98c a806fef1 800001d4 e3ea32b8 a806b617 nt!ZwClose+0x11
a45ea998 a806b617 e4829670 a45ea9bc a8070226 sysaudio!CPinNodeInstance::~CPinNodeInstance+0x20
a45ea9a4 a8070226 00000001 e4829670 a8070269 sysaudio!CPinNodeInstance::`scalar deleting destructor'+0xd
a45ea9b0 a8070269 e4b1abec a45ea9d4 a8070253 sysaudio!CConnectNodeInstance::~CConnectNodeInstance+0x48
a45ea9bc a8070253 00000001 a806db7f e4b1abec sysaudio!CConnectNodeInstance::`scalar deleting destructor'+0xd
a45ea9c4 a806db7f e4b1abec 89b258b0 a45ea9f4 sysaudio!CConnectNodeInstance::Destroy+0x10
a45ea9d4 a806fcaf a8070243 e4b1abec a806fe80 sysaudio!CListMulti::EnumerateList+0x1a
a45ea9e0 a806fe80 e4b1abd0 a806b63d e4763d80 sysaudio!ListMultiDestroy<CConnectNodeInstance>::DestroyList+0xf
a45ea9e8 a806b63d e4763d80 a45eaa0c a806dbea sysaudio!CStartNodeInstance::~CStartNodeInstance+0x7e
a45ea9f4 a806dbea 00000001 e4763d80 a806dba2 sysaudio!CStartNodeInstance::`scalar deleting destructor'+0xd
a45eaa00 a806dba2 89b258a0 a45eaa1c a806e35c sysaudio!CPinInstance::~CPinInstance+0x2f
a45eaa0c a806e35c 00000001 8ac4ac08 a45eaa2c sysaudio!CPinInstance::`scalar deleting destructor'+0xd
a45eaa1c b59dc695 89d9d030 89b258a0 a45eaa74 sysaudio!CPinInstance::PinDispatchClose+0x26
a45eaa2c 804f01f9 89d9d030 89b258a0 89b258a0 ks!DispatchClose+0x32
a45eaa3c 80584b30 898e5d88 00000000 00000000 nt!IopfCallDriver+0x31
a45eaa74 805bc4de 008e5da0 00000000 898e5d88 nt!IopDeleteFile+0x132
a45eaa90 805277e2 898e5da0 00000000 89770000 nt!ObpRemoveObjectRoutine+0xe0
a45eaaa8 a65e6e8c a45eaac4 a65e6e5b 89770000 nt!ObfDereferenceObject+0x4c
a45eaab0 a65e6e5b 89770000 898e5da0 897708ac wdmaud!CloseSysAudio+0xe
a45eaac4 a65e6ed0 8adbb400 89633308 a45eaaf0 wdmaud!CloseWavePin+0x1f
a45eaad4 a65e6e2e 8977088c 0de29830 00000000 wdmaud!CloseTheWavePin+0x3e
a45eaaf0 a65e643e 89803a48 89770000 00000000 wdmaud!Dispatch_ClosePin+0x82
a45eab18 804f01f9 00000000 89770000 806e8410 wdmaud!SoundDispatch+0x1d7
a45eab28 805809a0 89803adc 899f39f0 89803a48 nt!IopfCallDriver+0x31
a45eab3c 8058182f 89e21f10 89803a48 899f39f0 nt!IopSynchronousServiceTail+0x70
a45eabd8 8057a292 00000b70 00000a00 00000000 nt!IopXxxControlFile+0x5c5
a45eac0c a313f289 00000b70 00000a00 00000000 nt!NtDeviceIoControlFile+0x2a
a45eacb0 805c2512 898fedd0 0012e501 00000001 FsWriteBack+0x7289
a45ead34 805427e8 00000b70 00000a00 00000000 nt!ObCreateObject+0x12a
a45ead34 7c92e514 00000b70 00000a00 00000000 nt!KiSystemServicePostCall
0012e57c 00000000 00000000 00000000 00000000 0x7c92e514


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!ExFreePool+f
8054c95f 5d              pop     ebp

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ExFreePool+f

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID:  0xD0_nt!ExFreePool+f

BUCKET_ID:  0xD0_nt!ExFreePool+f

Followup: Pool_corruption
---------

0: kd> .process
Implicit process is now 8ae6b660
0: kd> d  8ae6b660=174
00000000  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000010  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000020  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000030  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000040  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000050  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000060  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
00000070  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
0: kd> d  8ae6b660+174
8ae6b7d4  53 79 73 74 65 6d 00 00-00 00 00 00 00 00 00 00  System..........
8ae6b7e4  00 00 00 00 00 00 00 00-00 00 00 00 0c b6 e6 8a  ................
8ae6b7f4  cc ef 52 89 00 83 49 e3-20 30 67 b8 42 00 00 00  ..R...I. 0g.B...
8ae6b804  ff 0f 1f 00 01 00 00 00-00 00 00 00 00 00 00 00  ................
8ae6b814  00 00 00 00 ae 23 00 00-00 00 00 00 9b 3a 00 00  .....#.......:..
8ae6b824  00 00 00 00 61 6a 01 00-00 00 00 00 87 78 e1 00  ....aj.......x..
8ae6b834  00 00 00 00 89 51 cb 01-00 00 00 00 fd fa 41 00  .....Q........A.
8ae6b844  00 00 00 00 00 00 00 00-2f 06 00 00 00 00 00 00  ......../.......
0: kd> u nt!ExFreePool
nt!ExFreePool:
8054c950 8bff            mov     edi,edi
8054c952 55              push    ebp
8054c953 8bec            mov     ebp,esp
8054c955 6a00            push    0
8054c957 ff7508          push    dword ptr [ebp+8]
8054c95a e881f9ffff      call    nt!ExFreePoolWithTag (8054c2e0)
8054c95f 5d              pop     ebp
8054c960 c20400          ret     4
0: kd> d 8939e000
8939e000  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e010  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e020  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e030  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e040  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e050  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e060  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e070  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0: kd> d
8939e080  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e090  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e0a0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e0b0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e0c0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e0d0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e0e0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e0f0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0: kd> d
8939e100  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e110  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e120  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e130  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e140  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e150  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e160  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e170  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0: kd> d 8939e000-16
Page 7edb not present in the dump file. Type ".hh dbgerr004" for details
8939dfea  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8939dffa  ?? ?? ?? ?? ?? ?? 00 00-00 00 00 00 00 00 00 00  ??????..........
8939e00a  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e01a  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e02a  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e03a  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e04a  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
8939e05a  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
沧桑浪子
 楼主| 发表于 2014-8-1 12:16:37 | 显示全部楼层
wowocock 发表于 2014-8-1 12:04
应该是要释放的指针出问题了,要释放的内存是0x8939e000,正好位于页边界,再往上就是无效数据,一般来说分 ...


谢谢回复!我看着网上的教程一步一步的试着弄,添加的MEMORY .DMP

@360主动防御 @vdmcontrol

发现了

BugCheck D0, {8, 2, 0, 80549fbc}

*** ERROR: Module load completed but symbols could not be loaded for RtkHDAud.sys
*** ERROR: Module load completed but symbols could not be loaded for FsWriteBack.sys
*** ERROR: Module load completed but symbols could not be loaded for 360rosdrv.sys
Probably caused by : 360rosdrv.sys

Followup: MachineOwner
---------

wowocock
发表于 2014-8-1 14:06:17 | 显示全部楼层
我这里显示的和你不同。
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D0, {8, 2, 0, 80549fbc}

*** ERROR: Module load completed but symbols could not be loaded for RtkHDAud.sys
*** ERROR: Module load completed but symbols could not be loaded for FsWriteBack.sys
*** ERROR: Module load completed but symbols could not be loaded for 360rosdrv.sys
Probably caused by : Pool_Corruption ( nt!ExFreePool+f )

Followup: Pool_corruption
---------

沧桑浪子
 楼主| 发表于 2014-8-1 17:23:28 | 显示全部楼层
wowocock 发表于 2014-8-1 14:06
我这里显示的和你不同。
**************************************************************************** ...


那除了升级或者降级重装声卡驱动,其他还有什么好的解决办法吗?
沧桑浪子
 楼主| 发表于 2014-8-1 18:52:27 | 显示全部楼层
wowocock 发表于 2014-8-1 14:06
我这里显示的和你不同。
**************************************************************************** ...

相关文件
FsWriteBack.sys 未找到
360rosdrv.sys
RtkHDAud.sys http://pan.baidu.com/s/1sjyNx3f


以前也出现过这个情况,当时是2G内存条,后来换了4G内存条后好多了!
XP系统

@360主动防御

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-26 05:40 , Processed in 0.076296 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表