当我使用StartService
, 或其他方式手动启动驱动程序时,或者当设置为 auto_start 时系统自动加载驱动程序时会导致蓝屏出现之前DriverEntry
。
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\041421-18486-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
OK c:\symbols
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23864.amd64fre.win7sp1_ldr.170707-0600
Machine Name:
Kernel base = 0xfffff800`0364a000 PsLoadedModuleList = 0xfffff800`0388c750
Debug session time: Wed Apr 14 10:45:37.450 2021 (UTC + 1:00)
System Uptime: 0 days 0:00:03.199
Loading Kernel Symbols
......................................................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver list
For analysis of this file, run !analyze -v
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa801a70b8f8, Address of the WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000000000000, Low order 32-bits of the MCi_STATUS value.
Debugging Details:
------------------
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on QWERTYUIOP
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 1
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 124
BUGCHECK_P1: 0
BUGCHECK_P2: fffffa801a70b8f8
BUGCHECK_P3: 0
BUGCHECK_P4: 0
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
fffff880`03fa25b0 fffff800`03909cd9 : fffffa80`1a70b8d0 fffffa80`19aa2660 fffff8a0`00413b10 00000000`00000000 : nt!WheapCreateLiveTriageDump+0x6c
fffff880`03fa2ad0 fffff800`037e96d7 : fffffa80`1a70b8d0 fffff800`038632f8 fffffa80`19aa2660 00000000`00000202 : nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880`03fa2b00 fffff800`03750fd5 : fffff800`038c5bc0 00000000`00000001 fffff8a0`00413a88 fffffa80`19aa2660 : nt!WheapProcessWorkQueueItem+0x57
fffff880`03fa2b40 fffff800`036c3c85 : fffff800`03ae6200 fffff800`03750fb0 fffffa80`19aa2600 00000000`00000000 : nt!WheapWorkQueueWorkerRoutine+0x25
fffff880`03fa2b70 fffff800`03955152 : 00000000`00000000 fffffa80`19aa2660 00000000`00000080 fffffa80`19a8db10 : nt!ExpWorkerThread+0x111
fffff880`03fa2c00 fffff800`036ab926 : fffff880`03d89180 fffffa80`19aa2660 fffff880`03d940c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03fa2c40 00000000`00000000 : fffff880`03fa3000 fffff880`03f9d000 fffff880`04782720 00000000`00000000 : nt!KiStartSystemThread+0x16
MODULE_NAME: GenuineIntel
IMAGE_NAME: GenuineIntel.sys
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_CACHE
OS_VERSION: 7.1.7601.23864
BUILDLAB_STR: win7sp1_ldr
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
FAILURE_ID_HASH: {270f58cb-a20a-a72d-6d81-eb8c82f01f7a}
Followup: MachineOwner
---------
4: kd> !errrec fffffa801a70b8f8
===============================================================================
Common Platform Error Record @ fffffa801a70b8f8
-------------------------------------------------------------------------------
Record Id : 01d73112eb4e0c21
Severity : Fatal (1)
Length : 928
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Creator : Microsoft
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Notify Type : Machine Check Exception
Timestamp : 4/14/2021 9:45:37 (UTC)
Flags : 0x00000002 PreviousError
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
===============================================================================
Section 0 : Processor Generic
-------------------------------------------------------------------------------
Descriptor @ fffffa801a70b978
Section @ fffffa801a70ba50
Offset : 344
Length : 192
Flags : 0x00000001 Primary
Severity : Fatal
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Proc. Type : x86/x64
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Instr. Set : x64
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Error Type : Cache error
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Operation : Generic
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Flags : 0x00
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Level : 2
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
CPU Version : 0x00000000000906e9
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Processor ID : 0x0000000000000000
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
===============================================================================
Section 1 : x86/x64 Processor Specific
-------------------------------------------------------------------------------
Descriptor @ fffffa801a70b9c0
Section @ fffffa801a70bb10
Offset : 536
Length : 128
Flags : 0x00000000
Severity : Fatal
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Local APIC Id : 0x0000000000000000
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
CPU Id : e9 06 09 00 00 08 10 00 - bf fb fa 7f ff fb eb bf
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
Proc. Info 0 @ fffffa801a70bb10
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
===============================================================================
Section 2 : x86/x64 MCA
-------------------------------------------------------------------------------
Descriptor @ fffffa801a70ba08
Section @ fffffa801a70bb90
Offset : 664
Length : 264
Flags : 0x00000000
Severity : Fatal
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Error : GCACHEL2_ERR_ERR (Proc 0 Bank 6)
Status : 0xee2000000040110a
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Address : 0x00000000fef1ffc0
fffff800038370e8: Unable to get Flags value from nt!KdVersionBlock
Misc. : 0x0000007880010086
使用SetupOpenInfFile
和正确安装了驱动程序SetupInstallFileW
:
λ sc qc MyDriver
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: MyDriver
TYPE : 1 KERNEL_DRIVER
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \??\C:\Windows\system32\drivers\MyDriver.sys
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MyDriver
DEPENDENCIES :
SERVICE_START_NAME :
我使用的是 Windows 7 的 kmspico 激活版本。我已打开调试模式、关闭测试签名和关闭驱动程序签名强制,MyDriver.sys 是使用 Visual Studio 2017 编译的基本 WDM Driver.c。
我只是无法想象为什么我会得到这个蓝屏,出于某种原因,在我构建的 Windows 7 中,这是我在 4 年的 30 个蓝屏 minidump 中得到的唯一蓝屏,都是 0x124,但都需要一个特定的软件触发,看到所有其他驱动程序都可以正确启动。此外,我在 2018 年遇到的每一个蓝屏都显示:
Error : GCACHEL2_ERR_ERR (Proc 0 Bank 6)
Status : 0xee2000000040110a
Address : 0x00000000fef1ffc0
Misc. : 0x0000007880010086
但是再一次,我的电脑现在可以运行 150 天,而且只有在我启动这个特定的驱动程序时才会发生。
这很相似,但没有帮助。
在 MiniDump 上,它说异常发生在ntosknl.exe+4acfac
is nt!WheapCreateLiveTriageDump+0x6c
,这是指令mov [rsp+518h+Size], rdi
,但这似乎是在 0x124 事件中为 WHEA 实时转储创建的线程,并且KeBugCheckEx
在顶部没有显示导致异常的调用堆栈像普通蓝屏一样的堆栈;因此,我实际上并没有看到蓝屏,因为KeBugCheckEx
它显示了蓝屏并且在这种情况下没有被调用。每个 0x124 蓝屏都有nt!WheapCreateLiveTriageDump+0x6c
在堆栈的顶部,并显示为由于某种原因导致异常的地址 - 我认为这是因为它是之后的指令RtlCaptureContext
,这就是堆栈上的返回地址,所以这就是捕获的上下文。通常,当你得到一个KeBugCheckEx
蓝屏,显示的故障 IP 是首先导致异常的 IP,并且将位于调用堆栈的某个位置,并且看到它不是此调用堆栈的一部分,它仅使用RtlCaptureContext
帧的返回地址。它以某种方式知道故障模块是GenunineIntel.sys
,除非它总是显示 0x124 - 显然我不认为这是导致 MCA 的模块。
不要回答我的硬件有问题——我没有。好吧,这是我的 CPU,我的 BIOS 与所述的不同,但我更新到 2019版本 1.9.0,它仍然蓝屏,具有相同的 MCI 状态,但这不应该是相关的,因为这是一个条件这是由软件创建的,并且仅在我加载该特定驱动程序时才会发生,因此它应该可以在不更改硬件或固件的情况下解决。
实际上有趣的是,我什至得到了一个 7E 错误检查,这是蓝屏第一次显示蓝屏,但 minidump 显示 0x124 ......
我只是在一个虚拟机中运行它,windbg 内核调试器通过命名管道连接到虚拟 COM1 端口,它闯入了调试器,你猜对了
MyDriver!__security_init_cookie+0x2d
,实际上我们在图像中的 fail 分支之后看到了一堆 cc 断点. 就像我说的那样,它没有达到DriverEntry
,所以我期待错误出现在GsDriverEntry
. 我会回复您导致此功能失败的原因。但是对于这个错误,它是由未连接调试器时的断点异常引起的——更重要的是不是硬件问题这是原始代码:
当你盯着它看时,很明显它会失败
该修复程序将
.vxproj
文件更改为 Windows7,其中显示为 Windows10现在我有这个
__security_init_cookie
: