我有一个NDIS过滤器驱动程序。它拦截OID路径。使用DeviceIOControl从用户模式调用此驱动程序时,系统崩溃为SYSTEM_SERVICE_EXCEPTION。
转储在这里:
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8012066346e, Address of the instruction which caused the bugcheck
Arg3: ffffd000f9930c90, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for npf.sys
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.18202.amd64fre.winblue_ltsb.160119-0600
SYSTEM_MANUFACTURER: AAEON
SYSTEM_PRODUCT_NAME: EPIC-BDU7
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: V1.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: PB9UAM12
BIOS_DATE: 07/15/2015
BASEBOARD_MANUFACTURER: AAEON
BASEBOARD_PRODUCT: EPIC-BDU7
BASEBOARD_VERSION: V1.0
DUMP_TYPE: 2
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8012066346e
BUGCHECK_P3: ffffd000f9930c90
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
ndis!NdisFOidRequest+62
fffff801`2066346e f780780e000000040000 test dword ptr [rax+0E78h],400h
CONTEXT: ffffd000f9930c90 -- (.cxr 0xffffd000f9930c90)
rax=656c694602150003 rbx=ffffe00097e1e0c0 rcx=ffffe000980f8b00
rdx=ffffe00097e1e0c0 rsi=00000000c0000001 rdi=ffffe000980f8b00
rip=fffff8012066346e rsp=ffffd000f99316c0 rbp=ffffd000f9931891
r8=0000000000000000 r9=0000000000000002 r10=0000000000000000
r11=fffff801223c4d07 r12=ffffe00097c638c8 r13=ffffe00095a2e3e0
r14=ffffe00097e1e000 r15=ffffe00097e1e098
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
ndis!NdisFOidRequest+0x62:
fffff801`2066346e f780780e000000040000 test dword ptr [rax+0E78h],400h ds:002b:656c6946`02150e7b=????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: 82f
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3d
CPU_STEPPING: 4
CPU_MICROCODE: 6,3d,4,0 (F,M,S,R) SIG: 1F'00000000 (cache) 1F'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: EFANetworkRedu
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: AKISN0W-PC
ANALYSIS_SESSION_TIME: 03-18-2016 23:19:14.0141
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
LAST_CONTROL_TRANSFER: from fffff801223c2057 to fffff8012066346e
STACK_TEXT:
ffffd000`f99316c0 fffff801`223c2057 : 00000000`80000004 ffffe000`97c638c0 00000000`80000004 ffffe000`97c638c0 : ndis!NdisFOidRequest+0x62
ffffd000`f9931780 fffff801`4880e9e0 : 00000000`00000001 ffffe000`95a2e3e0 ffffe000`97483ab0 ffffe000`9818a080 : npf!NPF_IoControl+0x50b [j:\npcap\packetwin7\npf\npf\packet.c @ 1998]
ffffd000`f9931810 fffff801`488b5fa6 : ffffe000`97483a05 ffffd000`f9931b80 ffffe000`95a64780 ffffe000`97483ab0 : nt!IopSynchronousServiceTail+0x160
ffffd000`f99318e0 fffff801`48881eee : ffffd000`f9931a38 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xd86
ffffd000`f9931a20 fffff801`48570bb3 : ffffe000`97a7c080 ffffd000`001f0003 00000000`003ae828 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffffd000`f9931a90 00000000`777b2352 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`003af128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777b2352
THREAD_SHA1_HASH_MOD_FUNC: f354ebcbce73c80400d16c63b39be1a5e6cb013a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f520e4b6e586b809f1bb5333e4aeed20386b9eef
THREAD_SHA1_HASH_MOD: a42ba1f53eaabb205023e38281f0fec5e9957ea0
FOLLOWUP_IP:
npf!NPF_IoControl+50b [j:\npcap\packetwin7\npf\npf\packet.c @ 1998]
fffff801`223c2057 ?? ???
FAULTING_SOURCE_LINE: j:\npcap\packetwin7\npf\npf\packet.c
FAULTING_SOURCE_FILE: j:\npcap\packetwin7\npf\npf\packet.c
FAULTING_SOURCE_LINE_NUMBER: 1998
FAULTING_SOURCE_CODE:
1994: break;
1995: }
1996: }
1997:
> 1998: Status = NdisFOidRequest(Open->AdapterHandle, &pRequest->Request);
1999: }
2000: else
2001: {
2002: //
2003: // Release ownership of the Ndis Handle
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: npf!NPF_IoControl+50b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: npf
IMAGE_NAME: npf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 56eba84d
STACK_COMMAND: .cxr 0xffffd000f9930c90 ; kb
BUCKET_ID_FUNC_OFFSET: 50b
FAILURE_BUCKET_ID: 0x3B_npf!NPF_IoControl
BUCKET_ID: 0x3B_npf!NPF_IoControl
PRIMARY_PROBLEM_CLASS: 0x3B_npf!NPF_IoControl
TARGET_TIME: 2016-03-18T14:55:45.000Z
OSBUILD: 9600
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-01-20 00:19:09
BUILDDATESTAMP_STR: 160119-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.18202.amd64fre.winblue_ltsb.160119-0600
ANALYSIS_SESSION_ELAPSED_TIME: 9ca8
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_npf!npf_iocontrol
FAILURE_ID_HASH: {1a9eb099-6ac7-8089-67e0-fac2e851dbd1}
Followup: MachineOwner
错误的源代码在这里:
https://github.com/nmap/npcap/blob/master/packetWin7/npf/npf/Packet.c
这个错误很糟糕。似乎每次都不会发生。我之前在另一个函数中遇到过这个bug。 (见这篇文章:https://stackoverflow.com/questions/31869373/get-system-service-exception-bluescreen-when-starting-wireshark-on-win10-vmware)。然后我评论说要避免这个bug。但它出现在这里:(
其实我不知道导致这个bug的原因是什么?谢谢!