hi all,
I am debugging a filter driver, but I am not familiar with kernel debugging.
I use windbg and did an !analyze -v on the crash dump file and got the
following results. Who can help me to have a look at it ? aegisfsf is my
driver module name. It seems the instruction at f769091d referenced
invalid memory at 0xe42be000. The FAULTING_IP was at aegisfsf+291d.
How can I get the function name at offset 291d ? I got this dump file
from one of our customers. Is it possible to fix the bug just by using this
dump file? Any help will be appreciated!
Best regards,
Jiang
0: kd> !analyze -v
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad or
it
is pointing at freed memory.
Arguments:
Arg1: e42be000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: f769091d, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
READ_ADDRESS: e42be000 Paged pool
FAULTING_IP:
aegisfsf+291d
f769091d 668b0e mov cx,[esi]
MM_INTERNAL_CODE: 1
IMAGE_NAME: aegisfsf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 42df44fd
MODULE_NAME: aegisfsf
FAULTING_MODULE: f768e000 aegisfsf
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
LAST_CONTROL_TRANSFER: from f769040c to f769091d
TRAP_FRAME: a8e4306c -- (.trap ffffffffa8e4306c)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=00000068 edx=a8e4323c esi=e42be000
edi=00000078
eip=f769091d esp=a8e430e0 ebp=a8e430e8 iopl=0 nv up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
aegisfsf+0x291d:
f769091d 668b0e mov cx,[esi]
ds:0023:e42be000=????
Resetting default scope
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
a8e430e8 f769040c a8e43124 00000104 e42bdee8 aegisfsf+0x291d
a8e4318c 006e0061 00650074 005c0063 0069004c aegisfsf+0x240c
a8e43190 00650074 005c0063 0069004c 00650076 0x6e0061
a8e43194 005c0063 0069004c 00650076 00700055 0x650074
a8e43198 0069004c 00650076 00700055 00610064 0x5c0063
a8e4319c 00650076 00700055 00610064 00650074 0x69004c
a8e431a0 00700055 00610064 00650074 0044005c 0x650076
a8e431a4 00610064 00650074 0044005c 0077006f 0x700055
a8e431a8 00650074 0044005c 0077006f 006c006e 0x610064
a8e431ac 0044005c 0077006f 006c006e 0061006f 0x650074
a8e431b0 0077006f 006c006e 0061006f 00730064 0x44005c
a8e431b4 006c006e 0061006f 00730064 0054005c 0x77006f
a8e431b8 0061006f 00730064 0054005c 00690072 0x6c006e
a8e431bc 00730064 0054005c 00690072 00690046 0x61006f
a8e431c0 0054005c 00690072 00690046 0065006c 0x730064
a8e431c4 00690072 00690046 0065006c 0073005f 0x54005c
a8e431c8 00690046 0065006c 0073005f 006d0079 0x690072
a8e431cc 0065006c 0073005f 006d0079 006e0061 0x690046
a8e431d0 0073005f 006d0079 006e0061 00650074 0x65006c
a8e431d4 006d0079 006e0061 00650074 00240063 0x73005f
a8e431d8 006e0061 00650074 00240063 00300032 0x6d0079
a8e431dc 00650074 00240063 00300032 00720074 0x6e0061
a8e431e0 00240063 00300032 00720074 00730075 0x650074
a8e431e4 00300032 00720074 00730075 00650074 0x240063
a8e431e8 00720074 00730075 00650074 00240064 0x300032
a8e431ec 00730075 00650074 00240064 00300032 0x720074
a8e431f0 00650074 00240064 00300032 00700061 0x730075
a8e431f4 00240064 00300032 00700061 006c0070 0x650074
a8e431f8 00300032 00700061 006c0070 00630069 0x240064
a8e431fc 00700061 006c0070 00630069 00740061 0x300032
a8e43200 006c0070 00630069 00740061 006f0069 0x700061
a8e43204 00630069 00740061 006f0069 0024006e 0x6c0070
a8e43208 00740061 006f0069 0024006e 00300032 0x630069
a8e4320c 006f0069 0024006e 00300032 0069006c 0x740061
a8e43210 0024006e 00300032 0069006c 00740073 0x6f0069
a8e43214 00300032 0069006c 00740073 0031005f 0x24006e
a8e43218 0069006c 00740073 0031005f 0031002e 0x300032
a8e4321c 00740073 0031005f 0031002e 0065005f 0x69006c
a8e43220 0031005f 0031002e 0065005f 0067006e 0x740073
a8e43224 0031002e 0065005f 0067006e 0069006c 0x31005f
a8e43228 0065005f 0067006e 0069006c 00680073 0x31002e
a8e4322c 0067006e 0069006c 00680073 00000000 0x65005f
a8e43230 0069006c 00680073 00000000 00000000 0x67006e
a8e43234 00680073 00000000 00000000 00000000 0x69006c
a8e43238 00000000 00000000 00000000 00000000 0x680073
FOLLOWUP_IP:
aegisfsf+291d
f769091d 668b0e mov cx,[esi]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: aegisfsf+291d
STACK_COMMAND: .trap ffffffffa8e4306c ; kb
FAILURE_BUCKET_ID: 0x50_aegisfsf+291d
BUCKET_ID: 0x50_aegisfsf+291d
Followup: MachineOwner
Do You Yahoo!?
ÑÅ»¢Ãâ·ÑGÓÊÏä£ÖйúµÚÒ»¾øÎÞÀ¬»øÓʼþɧÈų¬´óÓÊÏä
http://cn.mail.yahoo.com/?id=77071
