天琊(ya)V1.0 0228(增强保险箱)

显示全部楼层 · 发表于 2009-3-1 17:54:11

原帖由 405942873 于 2009-3-1 13:36 发表
如果老大想要DUMP文件其实不难~

专门开一个帖子. 置顶或者高亮.

写清楚设置流程.包括回帖格式啥的..

召集兄弟兄弟们统一虐待天琊.

只要有状况就按照回帖格式写.把dump文件发网盘或者E-MAIL一下~
...

目前这个版本好像稳定性还可以，不容易蓝？有时想折腾它蓝都难

显示全部楼层 · 发表于 2009-3-1 19:23:47

最新版Ch000001.sys蓝屏。
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x80555040
Debug session time: Sun Mar  1 19:11:50.740 2009 (GMT+8)
System Uptime: 0 days 0:06:24.375

*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: b2189c7f, The address that the exception occurred at
Arg3: f8242644, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - <Unable to get error code text>

FAULTING_IP:
Ch000001+13c7f
b2189c7f cc             int    3

TRAP_FRAME:  f8242644 -- (.trap 0xfffffffff8242644)
ErrCode = 00000000
eax=000000d0 ebx=8057282a ecx=821eb040 edx=00000001 esi=00000000 edi=f82427e0
eip=b2189c80 esp=f82426b8 ebp=f8242804 iopl=0       nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000          efl=00000202
Ch000001+0x13c80:
b2189c80 cc             int    3
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  csrss.exe

LAST_CONTROL_TRANSFER:  from 8057286e to b2189c80

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f8242804 8057286e 000000d0 00000001 821eb040 Ch000001+0x13c80
f82428a8 8053e648 000000d0 00000000 bf885558 nt!NtReadFile+0x44
f82428a8 804ffc05 000000d0 00000000 bf885558 nt!KiFastCallEntry+0xf8
f8242944 bf885498 000000d0 00000000 bf885558 nt!ZwReadFile+0x11
f824297c bf885596 e171f4d0 81c13020 f82429d4 win32k!StartDeviceRead+0x154
f824298c 804feb62 e171f4d0 e171f4f8 00000000 win32k!InputApc+0x66
f82429d4 80501d04 00000000 00000000 00000000 nt!KiDeliverApc+0x124
f82429ec 804faaf2 804fa86e e170a808 00000000 nt!KiSwapThread+0x64
f8242a24 bf807a6c 00000003 82056ff0 00000001 nt!KeWaitForMultipleObjects+0x284
f8242a5c bf89b6ef 00000002 82056ff0 bf89e63d win32k!xxxMsgWaitForMultipleObjects+0xb0
f8242d30 bf88469c bf9ab280 00000001 f8242d54 win32k!xxxDesktopThread+0x339
f8242d40 bf80108a bf9ab280 f8242d64 0078fff4 win32k!xxxCreateSystemThreads+0x6a
f8242d54 8053e648 00000000 00000022 00000000 win32k!NtUserCallOneParam+0x23
f8242d54 7c92e4f4 00000000 00000022 00000000 nt!KiFastCallEntry+0xf8
00000000 00000000 00000000 00000000 00000000 0x7c92e4f4

STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP:
Ch000001+13c7f
b2189c7f cc             int    3

SYMBOL_NAME:  Ch000001+13c7f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ch000001

IMAGE_NAME:  Ch000001.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49a90319

FAILURE_BUCKET_ID:  0x8E_Ch000001+13c7f

BUCKET_ID:  0x8E_Ch000001+13c7f

Followup: MachineOwner
---------

kd> .trap 0xfffffffff8242644
ErrCode = 00000000
eax=000000d0 ebx=8057282a ecx=821eb040 edx=00000001 esi=00000000 edi=f82427e0
eip=b2189c80 esp=f82426b8 ebp=f8242804 iopl=0       nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000          efl=00000202
Ch000001+0x13c80:
b2189c80 cc             int    3

显示全部楼层 · 发表于 2009-3-1 19:35:36

蓝屏文件不对，兄弟有DUMP文件吗？

显示全部楼层 · 发表于 2009-3-1 19:46:47

找了它的memory.dmp，minidump就不贴了。

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x80555040
Debug session time: Sun Mar  1 19:39:21.690 2009 (GMT+8)
System Uptime: 0 days 0:26:12.531
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details
Loading unloaded module list
............

*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 8E, {80000003, b204dc7f, f8262534, 0}

*** ERROR: Module load completed but symbols could not be loaded for Ch000001.sys
PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details
Probably caused by : Ch000001.sys ( Ch000001+13c7f )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: b204dc7f, The address that the exception occurred at
Arg3: f8262534, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - <Unable to get error code text>

FAULTING_IP:
Ch000001+13c7f
b204dc7f cc             int    3

TRAP_FRAME:  f8262534 -- (.trap 0xfffffffff8262534)
ErrCode = 00000000
eax=000000d0 ebx=00000000 ecx=821eb040 edx=00000000 esi=0000000e edi=f82626d0
eip=b204dc80 esp=f82625a8 ebp=f82626f4 iopl=0       nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000          efl=00000202
Ch000001+0x13c80:
b204dc80 cc             int    3
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  csrss.exe

LAST_CONTROL_TRANSFER:  from 804fdcff to 804f9cc5

STACK_TEXT:
f82620fc 804fdcff 0000008e 80000003 b204dc7f nt!KeBugCheckEx+0x1b
f82624c4 8053f091 f82624e0 00000000 f8262534 nt!KiDispatchException+0x3b1
f826252c 8053f7a1 f82626f4 b204dc80 badb0d00 nt!CommonDispatchException+0x4d
f826252c b204dc80 f82626f4 b204dc80 badb0d00 nt!KiTrap03+0xad
WARNING: Stack unwind information not available. Following frames may be wrong.
f82626f4 80570d93 000000d0 00000000 821eb040 Ch000001+0x13c80
f82627b0 8053e648 000000d0 f826285c f8262864 nt!NtQueryInformationFile+0xcd
f82627b0 804ff985 000000d0 f826285c f8262864 nt!KiFastCallEntry+0xf8
f826283c b20436be 000000d0 f826285c f8262864 nt!ZwQueryInformationFile+0x11
f826286c b2043727 000000d0 f82628d4 f8262970 Ch000001+0x96be
f82628a8 8053e648 000000d0 00000000 bf885558 Ch000001+0x9727
f82628a8 804ffc05 000000d0 00000000 bf885558 nt!KiFastCallEntry+0xf8
f8262944 bf885498 000000d0 00000000 bf885558 nt!ZwReadFile+0x11
f826297c bf885596 e17153f0 820b2da8 f82629d4 win32k!StartDeviceRead+0x154
f826298c 804feb62 e17153f0 e1715418 00000000 win32k!InputApc+0x66
f82629d4 80501d04 00000000 00000000 00000000 nt!KiDeliverApc+0x124
f82629ec 804faaf2 804fa86e e14a4aa8 00000000 nt!KiSwapThread+0x64
f8262a24 bf807a6c 00000003 81c9d0e0 00000001 nt!KeWaitForMultipleObjects+0x284
f8262a5c bf89b6ef 00000002 81c9d0e0 bf89e63d win32k!xxxMsgWaitForMultipleObjects+0xb0
f8262d30 bf88469c bf9ab280 00000001 f8262d54 win32k!xxxDesktopThread+0x339
f8262d40 bf80108a bf9ab280 f8262d64 0078fff4 win32k!xxxCreateSystemThreads+0x6a
f8262d54 8053e648 00000000 00000022 00000000 win32k!NtUserCallOneParam+0x23
f8262d54 7c92e4f4 00000000 00000022 00000000 nt!KiFastCallEntry+0xf8
00000000 00000000 00000000 00000000 00000000 0x7c92e4f4

STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP:
Ch000001+13c7f
b204dc7f cc             int    3

SYMBOL_NAME:  Ch000001+13c7f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ch000001

IMAGE_NAME:  Ch000001.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49a90319

FAILURE_BUCKET_ID:  0x8E_Ch000001+13c7f

BUCKET_ID:  0x8E_Ch000001+13c7f

Followup: MachineOwner
---------

kd> lmvm Ch000001
start end       module name
b203a000 b2060e80 Ch000001 (no symbols)
Loaded symbol image file: Ch000001.sys
Image path: \??\C:\Documents and Settings\Administrator\桌面\天琊0228\Ch000001.sys
Image name: Ch000001.sys
Timestamp:       Sat Feb 28 17:25:45 2009 (49A90319)
CheckSum:       000329F7
ImageSize:       00026E80
Translations:    0000.04b0 0000.04e4 0409.04b0 0409.04e4

kd> .trap 0xfffffffff8262534
ErrCode = 00000000
eax=000000d0 ebx=00000000 ecx=821eb040 edx=00000000 esi=0000000e edi=f82626d0
eip=b204dc80 esp=f82625a8 ebp=f82626f4 iopl=0       nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000          efl=00000202
Ch000001+0x13c80:
b204dc80 cc             int    3

显示全部楼层 · 发表于 2009-3-1 19:55:23

上面的memory.dmp是后来重新蓝屏时生成的。
虚拟机中运行了winflise.exe病毒，天琊在中有此病毒的机子上运行很不稳定，功能也受限。
样本地址：http://bbs.kafan.cn/thread-408416-1-2.html

[ 本帖最后由 dl123100 于 2009-3-1 20:02 编辑 ]

显示全部楼层 · 发表于 2009-3-1 20:00:57

一直关注这个软件，希望作者正式版早日上市

显示全部楼层 · 发表于 2009-3-1 20:18:19

原帖由 dl123100 于 2009-3-1 19:55 发表
上面的memory.dmp是后来重新蓝屏时生成的。
虚拟机中运行了winflise.exe病毒，天琊在中有此病毒的机子上运行很不稳定，功能也受限。
样本地址：http://bbs.kafan.cn/thread-408416-1-2.html

好的我测试一下

显示全部楼层 · 发表于 2009-3-1 20:24:16

又一个SZ安软啊

显示全部楼层 · 发表于 2009-3-1 20:25:39

我这里跑不出现象

显示全部楼层 · 发表于 2009-3-1 20:34:37

我刚一运行就蓝屏了，-_-!

[原创工具] 天琊(ya)V1.0 0228(增强保险箱)