喝三精牌葡萄糖酸钙了。。帮忙看下Mini092410-01.dmp

hujiwa

喝三精牌葡萄糖酸钙了。。帮忙看下Mini092410-01.dmp


刚才我百度看了下win32k.sys的蓝屏，不过不知道我的具体原因

顺便告诉我下里面的错误号码，我刚才没注意看。。
我这没oracle.百度到DumPchk.exe也可以。

hujiwa

偶自己来学着看看。工具+百度

chen_c_yaun

Probably caused by : pibdkpfg.sys ( pibdkpfg+22c7b )
网上没有pibdkpfg.sys的信息，估计是某个程序的驱动文件

hujiwa

回复 3楼 chen_c_yaun  的帖子


    谢谢。我刚刚截了图。不会看
    怎么把cmd里面的信息导出来？？   

   

   

hujiwa

回复 3楼 chen_c_yaun  的帖子


    malware defender蓝屏。md的驱动名字是随机的。毫不犹豫立马卸载360安全卫士，它很有可能，今天拿它打了补丁还没卸载

hujiwa

回复 3楼 chen_c_yaun  的帖子

刚才说360safe是凭直觉。现在查下来sbie也可能。我装了360的浏览器。目前再琢磨xuetr的hook信息

   

星河梦

回复 6楼 hujiwa  的帖子话说DebugView分析得到是MalwareDefender的问题啊（至少进程名是MalwareDefender）？难道你没装MD？
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: 80000002, The exception code that was not handled
Arg2: 8064742f, The address that the exception occurred at
Arg3: f6c786e8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0x80000002 (2147483650) - {

FAULTING_IP:
nt!ExRaiseDatatypeMisalignment+a
8064742f c3              ret

TRAP_FRAME:  f6c786e8 -- (.trap 0xfffffffff6c786e8)
ESP EDITED! New esp=f6c78a98
ErrCode = 00000000
eax=ed63c7d1 ebx=00000000 ecx=e1034247 edx=e1b7e3e8 esi=e1034248 edi=ed601548
eip=8064742f esp=f6c7875c ebp=f6c78aa4 iopl=0         nv up ei ng nz na po nc
cs=0000  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000282
nt!ExRaiseDatatypeMisalignment+0xa:
8064742f c3              ret
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  MalwareDefender

LAST_CONTROL_TRANSFER:  from 80566797 to 8064742f

STACK_TEXT:  
f6c78a98 80566797 00000000 f6c78ad4 80580cf6 nt!ExRaiseDatatypeMisalignment+0xa
f6c78aa4 80580cf6 e1034248 ed63c7d1 e1034248 nt!ProbeForWrite+0x54
f6c78ad4 ed63cc7b 800009f4 00000000 00000001 nt!NtQuerySymbolicLinkObject+0x80
WARNING: Stack unwind information not available. Following frames may be wrong.
f6c78afc ed61d902 800009f4 00000000 ed601548 pibdkpfg+0x22c7b
f6c78b24 ed61b5e9 85d75a48 85d75ab8 85ac5230 pibdkpfg+0x3902
f6c78b40 804e47f7 85e5d170 85d75a48 806ef2d0 pibdkpfg+0x15e9
f6c78b50 8056b148 85d75ab8 85d6e028 85d75a48 nt!IopfCallDriver+0x31
f6c78b64 8057bd03 85e5d170 85d75a48 85d6e028 nt!IopSynchronousServiceTail+0x60
f6c78c0c 8057e281 00000128 00000000 00000000 nt!IopXxxControlFile+0x611
f6c78c40 f6d019e7 00000128 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
f6c78d34 804df7ec 00000128 00000000 00000000 hookport+0x49e7
f6c78d34 7c92eb94 00000128 00000000 00000000 nt!KiFastCallEntry+0xf8
0130fe1c 00000000 00000000 00000000 00000000 0x7c92eb94


STACK_COMMAND:  kb

FOLLOWUP_IP:
pibdkpfg+22c7b
ed63cc7b 3d05000080      cmp     eax,80000005h

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  pibdkpfg+22c7b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: pibdkpfg

IMAGE_NAME:  pibdkpfg.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdab41c

FAILURE_BUCKET_ID:  0x8E_pibdkpfg+22c7b

BUCKET_ID:  0x8E_pibdkpfg+22c7b

Followup: MachineOwner
---------

hujiwa

回复 7楼 星河梦  的帖子


    我装MD了，确实是MD的问题
    1.MD会使得Win32k.sys和ntoskrnl.exe挂红
    2.MD会影响sandboxie使得sb的Object钩子挂红。

    刚才用xuetr琢磨的