vmware中,windbg一直连着调试,这个蓝屏是我有意在driver unload的时候产生的,首先理所当然报出了我有意弄的那些错误,接着屏幕开始dumping physical memory to disk: 37 就停住了
windbg按g 无法继续,一会就出来,这是什么原因?
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000000, EXCEPTION_DIVIDED_BY_ZERO
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_0
TRAP_FRAME: f8b01adc -- (.trap 0xfffffffff8b01adc)
ErrCode = 00000000
eax=e1accc18 ebx=0000001e ecx=00000007 edx=0000001e esi=f8a9f116 edi=e1accc18
eip=805b64b4 esp=f8b01b50 ebp=f8b01b94 iopl=0 nv up ei pl nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010203
nt!ObpCaptureObjectName+0xc6:
805b64b4 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 804f880d to 80527da8
STACK_TEXT:
f8b00f44 804f880d 00000004 f8b012a0 00000000 nt!RtlpBreakWithStatusInstruction
f8b00f90 804f98d7 00000004 806d1d8f 8b6d6195 nt!KiBugCheckDebugBreak+0x19
f8b01370 804f9900 0000007f 00000000 00000000 nt!KeBugCheck2+0xa51
f8b01390 80597567 0000007f 806d1d8f 8b6d6195 nt!KeBugCheck+0x14
f8b013e8 8053e3ef f8b013f4 f8b0147c 806d1d8f nt!Ki386CheckDivideByZeroTrap+0x41
f8b013e8 806d1d8f f8b013f4 f8b0147c 806d1d8f nt!KiTrap00+0x83
f8b0147c f5e8d59f 00000596 00001000 82008668 hal!HalpPmTimerStallExecProc+0x9f
f8b01498 f5e98fbc f8b014c0 82008668 82008660 dump_atapi!AtapiCrashDumpIdeWritePio+0x1c7
f8b01504 804f2eb8 82008668 f8b01520 000024b6 dump_atapi!AtapiCrashDumpIdeWrite+0x150
f8b0155c 804f2f88 f5e98e6c f8b01650 00008000 nt!IopWritePageToDisk+0xe4
f8b01588 804f3c5f 000010ba f5e98e6c 821c059c nt!IopWriteSummaryDump+0x7e
f8b01648 804f98af 82008660 00000000 00000000 nt!IoWriteCrashDump+0x42d
f8b01a44 804f9925 00000050 f8a9f116 00000000 nt!KeBugCheck2+0xa29
f8b01a64 8051cf07 00000050 f8a9f116 00000000 nt!KeBugCheckEx+0x1b
f8b01ac4 805406ec 00000000 f8a9f116 00000000 nt!MmAccessFault+0x8e7
f8b01ac4 805b64b4 00000000 f8a9f116 00000000 nt!KiTrap0E+0xcc
f8b01b94 805b6641 e1001c00 f8b01d50 f8b01c18 nt!ObpCaptureObjectName+0xc6
f8b01be8 805b0ab6 821b9040 e1001c00 e1001c00 nt!ObpCaptureObjectCreateInformation+0x135
f8b01c2c 805ba669 f8b01d24 821b9040 e1001c00 nt!ObOpenObjectByName+0x62
f8b01c84 8053d808 f8b01d44 00010000 f8b01d24 nt!NtOpenSymbolicLinkObject+0x73
f8b01c84 804fec71 f8b01d44 00010000 f8b01d24 nt!KiFastCallEntry+0xf8
f8b01d08 8056917c f8b01d44 00010000 f8b01d24 nt!ZwOpenSymbolicLinkObject+0x11
f8b01d3c f8a9e032 f8b01d50 f62dcb84 f62dcb84 nt!IoDeleteSymbolicLink+0x3c
f8b01d58 80576633 81f007e0 f62dcb84 8055b1fc HelloDRIVER!DriverUnload+0x2c [e:\work\myddk\hellodriver\hellodriver.c @ 119]
f8b01d74 80534dd0 f62dcb84 00000000 821b6020 nt!IopLoadUnloadDriver+0x19
f8b01dac 805c5a28 f62dcb84 00000000 00000000 nt!ExpWorkerThread+0x100
f8b01ddc 80541fa2 80534cd0 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
dump_atapi!AtapiCrashDumpIdeWritePio+1c7
f5e8d59f 46 inc esi
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: dump_atapi!AtapiCrashDumpIdeWritePio+1c7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dump_atapi
IMAGE_NAME: dump_atapi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 41107b4d
FAILURE_BUCKET_ID: 0x7f_0_dump_atapi!AtapiCrashDumpIdeWritePio+1c7
BUCKET_ID: 0x7f_0_dump_atapi!AtapiCrashDumpIdeWritePio+1c7
Followup: MachineOwner
---------
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
