首页
论坛
课程
招聘
[求助]nt!KiApcInterrupt蓝屏原因
2019-7-25 12:01 1085

[求助]nt!KiApcInterrupt蓝屏原因

2019-7-25 12:01
1085
终于完成了一个驱动,但是在使用时却发现蓝屏

KMODE_EXCEPTION_NOT_HANDLED (1e)

This is a very common bugcheck.  Usually the exception address pinpoints

the driver/function that caused the problem.  Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff80004825118, The address that the exception occurred at

Arg3: 0000000000000000, Parameter 0 of the exception

Arg4: 000007ffffff0000, Parameter 1 of the exception



Some register values may be zeroed or incorrect.
rax=000007ffffff0000 rbx=0000000000000000 rcx=000007ffffff0000
rdx=fffff8800dcfe230 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80004825118 rsp=fffff8800dcfd870 rbp=00000001401c5bac
 r8=000000000000030b  r9=000000000000000e r10=fffff8800dcfe1d0
r11=000000013f640000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt! ?? ::FNODOBFM::`string'+0xbf95:
fffff800`04825118 8a01            mov     al,byte ptr [rcx] ds:000007ff`ffff0000=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800048de738 to fffff80004893bc0

STACK_TEXT:  
fffff880`0dcfce58 fffff800`048de738 : 00000000`0000001e ffffffff`c0000005 fffff800`04825118 00000000`00000000 : nt!KeBugCheckEx
fffff880`0dcfce60 fffff800`04893242 : fffff880`0dcfd638 fffff880`0dcfd990 fffff880`0dcfd6e0 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x487ed
fffff880`0dcfd500 fffff800`04891dba : 00000000`00000000 000007ff`ffff0000 fffff880`0dcfd700 fffff880`0dcfd990 : nt!KiExceptionDispatch+0xc2
fffff880`0dcfd6e0 fffff800`04825118 : 00000000`00000010 00000000`00010206 fffff880`0dcfd890 00000000`00000018 : nt!KiPageFault+0x23a
fffff880`0dcfd870 fffff800`04b853cd : fffff880`00000000 00000001`3f640000 fffff880`00000000 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0xbf95
fffff880`0dcfd900 fffff800`04885121 : 00000000`00000000 fffff880`0e27c3b0 fffff880`05900180 fffff880`0dcff000 : nt!PspGetSetContextInternal+0x265
fffff880`0dcfdea0 fffff800`048865f7 : 00000000`00000000 00000000`00000000 fffff8a0`000164e0 00000000`e9fe1463 : nt!PspGetSetContextSpecialApc+0xa1
fffff880`0dcfdfb0 fffff800`048868a7 : ffffffff`bffa6ab6 00000000`00000000 00000000`00000000 fffffa80`1953bb50 : nt!KiDeliverApc+0x1c7
fffff880`0dcfe030 fffff880`09957d25 : 00000001`401c5bac 00000000`00000246 00000000`00000000 00000000`00000000 : nt!KiApcInterrupt+0xd7
fffff880`0dcfe1c8 00000001`401c5bac : 00000000`00000246 00000000`00000000 00000000`00000000 00000000`00000000 : minifilter+0x14bd25
fffff880`0dcfe1d0 00000000`00000246 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000213 : 0x00000001`401c5bac
fffff880`0dcfe1d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000213 00000000`00000213 : 0x246


显示是C0000005,可是根本就没有代码调用nt!KiApcInterrupt 
minifilter+0x14bd25 地址处是VMP区段,

不知道为什么?
请大佬们帮我看下,非常感谢!

第五届安全开发者峰会(SDC 2021)议题征集正式开启!

收藏
点赞0
打赏
分享
最新回复 (2)
雪    币: 23
活跃值: 活跃值 (20)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
juwh 活跃值 2019-7-25 13:45
2
0
大佬们,帮帮忙啊,给我提点思路和可能的排查原因,这个不是一定会出现,偶尔才会出现一次,我只能拿到dump分析!
雪    币: 23
活跃值: 活跃值 (20)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
juwh 活跃值 2019-7-25 13:46
3
0
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18356.amd64fre.win7sp1_gdr.140101-1436
Machine Name:
Kernel base = 0xfffff800`0481e000 PsLoadedModuleList = 0xfffff800`04a61890
Debug session time: Fri Jul 19 06:38:02.797 2019 (UTC + 8:00)
System Uptime: 0 days 8:29:38.561
游客
登录 | 注册 方可回帖
返回