SysReveal更新至v1.0.0.72【2011-03-28】

wqj19812000

支持，顶下

鹭影依凌

好东西顶一下谢谢楼主

后飞笨鸟

试用一下，谢谢分享。O(∩_∩)O~

英姿飒爽

不错，很好很强大

wo1234

顶上去 看一下，好像没有更新 那个“查看内存”功能不错，很有特色

fweiger

fweiger

系统 win sp3

niucool

哦，这个BUG已经有人报过，是由于字符串拷贝越界导致的，将在本月的下个版本中一并修复。谢谢。

ithurricane

今天启动SysReveal的时候发生了蓝屏现象。。。

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 9fcd2004, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 850de8a7, If non-zero, the instruction address which referenced the bad memory
        address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

Unable to load image \??\C:\Windows\system32\drivers\kmnife.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kmnife.sys
*** ERROR: Module load completed but symbols could not be loaded for kmnife.sys

Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from 83385718
Unable to read MiSystemVaType memory at 83365160
9fcd2004

FAULTING_IP:
kmnife+38a7
850de8a7 8b7b24          mov     edi,dword ptr [ebx+24h]

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR:  0x50

PROCESS_NAME:  SysReveal.exe

CURRENT_IRQL:  0

TRAP_FRAME:  a012d878 -- (.trap 0xffffffffa012d878)
ErrCode = 00000000
eax=a012d914 ebx=9fcd1fe0 ecx=850e3a79 edx=c0000000 esi=83227aa9 edi=00000200
eip=850de8a7 esp=a012d8ec ebp=a012d8f8 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
kmnife+0x38a7:
850de8a7 8b7b24          mov     edi,dword ptr [ebx+24h] ds:0023:9fcd2004=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 83263638 to 832a2903

STACK_TEXT:  
a012d860 83263638 00000000 9fcd2004 00000000 nt!MmAccessFault+0x106
a012d860 850de8a7 00000000 9fcd2004 00000000 nt!KiTrap0E+0xdc
WARNING: Stack unwind information not available. Following frames may be wrong.
a012d8f8 850dea08 9fcd1fe0 a012d914 8648ea08 kmnife+0x38a7
a012db28 850dea45 9fcd1fe0 8543a000 00000200 kmnife+0x3a08
a012dd5c 850dea45 8648ea08 8543a000 00000200 kmnife+0x3a45
a012df90 850dea45 873b2b90 8543a000 00000200 kmnife+0x3a45
a012e1c4 850de9f3 873b2878 8543a000 00000200 kmnife+0x3a45
a012e3f8 850de9f3 873f04d0 8543a000 00000200 kmnife+0x39f3
a012e62c 850de9f3 86b1a0e8 8543a000 00000200 kmnife+0x39f3
a012e670 83284903 00000000 a012e828 83346d20 kmnife+0x39f3
a012e68c 876020e1 86585b68 a012e6c0 87607fa3 nt!KiExitDispatcher+0x17c
a012e698 87607fa3 3ef7b757 a012e6d8 83284777 fileinfo!FIPfFileFSOpPostCallbackCleanup+0x129
a012e6c0 84ce4d98 00000000 a012e728 00000001 fileinfo!FIPostCreateCallback+0x237
a012e6ec 83285b33 85dc7b50 84ce4d98 a012e828 0x84ce4d98
a012e734 875a29a7 a012e754 875a2aa1 84ce4d98 nt!IopfCompleteRequest+0x128
a012e73c 875a2aa1 84ce4d98 c0000034 84ce4d98 fltmgr!FltpCompleteRequest+0x2d
a012e754 83284777 83346d20 00000000 00000001 fltmgr!FltpSynchronizeIoCleanup+0x4f
a012e794 8328d9d3 0000a000 00000000 832a704f nt!KeSetEvent+0xb2
a012e7a0 832a704f 00000000 0a03afb7 00072708 nt!PfFbLogEntryComplete+0x2c
a012e7bc 832b472b 11522125 00000000 00000018 nt!PfLogEvent+0x85
a012e7c0 11522125 00000000 00000018 00000010 nt!PfLogFileDataAccess+0xf4
a012e7c4 00000000 00000018 00000010 00000000 0x11522125


STACK_COMMAND:  kb

FOLLOWUP_IP:
kmnife+38a7
850de8a7 8b7b24          mov     edi,dword ptr [ebx+24h]

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  kmnife+38a7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: kmnife

IMAGE_NAME:  kmnife.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdfb951

FAILURE_BUCKET_ID:  0x50_kmnife+38a7

BUCKET_ID:  0x50_kmnife+38a7

Followup: MachineOwner
---------

fengyang

看来很好 试用看看