帮忙分析下dump文件
使用ndis6.0的lwf驱动,在某一台机器(Win7 32位)上运行一段时间后就会蓝屏,出现了好几次,高手帮忙分析下dump文件吧,万分感谢。
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: c8000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 95a97bf8, address which referenced memory
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.23572.x86fre.win7sp1_ldr.161011-0600
SYSTEM_MANUFACTURER: Dell Inc.
SYSTEM_PRODUCT_NAME: OptiPlex 380
BIOS_VENDOR: Dell Inc.
BIOS_VERSION: A07
BIOS_DATE: 06/13/2012
BASEBOARD_MANUFACTURER: Dell Inc.
BASEBOARD_PRODUCT: 0HN7XN
BASEBOARD_VERSION: A01
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc8000000
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: ffffffff95a97bf8
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 85fbc850
Unable to get MmSystemRangeStart
c8000000
CURRENT_IRQL: 2
FAULTING_IP:
ndislwf+4bf8
95a97bf8 8907 mov dword ptr [edi],eax
CPU_COUNT: 2
CPU_MHZ: bb0
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 17
CPU_STEPPING: a
CPU_MICROCODE: 6,17,a,0 (F,M,S,R) SIG: A0B'00000000 (cache) A0B'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: NTSC.exe
ANALYSIS_SESSION_HOST: DUMING-PC
ANALYSIS_SESSION_TIME: 12-07-2016 18:29:53.0120
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
TRAP_FRAME: 8dd4ae94 -- (.trap 0xffffffff8dd4ae94)
ErrCode = 00000002
eax=fbcb4000 ebx=c7f61035 ecx=00000004 edx=c7fcd779 esi=0000b028 edi=c8000000
eip=95a97bf8 esp=8dd4af08 ebp=8dd4af14 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
ndislwf+0x4bf8:
95a97bf8 8907 mov dword ptr [edi],eax ds:0023:c8000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 95a97bf8 to 85e9006f
STACK_TEXT:
8dd4ae94 95a97bf8 badb0d00 c7fcd779 000001ff nt!KiTrap0E+0x1b3
WARNING: Stack unwind information not available. Following frames may be wrong.
8dd4af14 95a97a80 c7f61008 0000002d c7f94008 ndislwf+0x4bf8
8dd4af44 95a9d6b2 c7f61008 00000800 8dd4af98 ndislwf+0x4a80
8dd4af9c 95a9c09f 89ad1620 006835a0 c96811f8 ndislwf+0xa6b2
8dd4afec 8bd1be94 c96811f8 c96835a0 00000000 ndislwf+0x909f
8dd4b038 8bd195fe 027b40e0 8dd4b058 00000001 ndis!ndisMIndicatePacketsToNetBufferLists+0xea
8dd4b060 8bd1a467 897b40e0 004b6ae4 c7e43c00 ndis!ndisMLoopbackPacketX+0xfe
8dd4b088 8bd1a32a 8dd4b0a8 8dd4b0a8 00000000 ndis!ndisMSendPacketsXToMiniport+0xa4
8dd4b0f0 8bcb24ef 897b40e0 c7e43c18 00000000 ndis!ndisMSendNetBufferListsToPackets+0x84
8dd4b110 8bcb245f c7e43c18 c7e43c18 00000000 ndis!ndisFilterSendNetBufferLists+0x87
8dd4b128 95a9dbe8 89ad1008 c7e43c18 00000000 ndis!NdisFSendNetBufferLists+0x38
8dd4b144 95a9ba06 89ad1008 c7e43c18 00000000 ndislwf+0xabe8
8dd4b17c 8bcb24ef 00000000 8a63f288 00000000 ndislwf+0x8a06
8dd4b19c 8bcb245f 8a63f288 8a63f288 00000000 ndis!ndisFilterSendNetBufferLists+0x87
8dd4b1b4 95a68c20 89ad2c48 8a63f288 00000000 ndis!NdisFSendNetBufferLists+0x38
8dd4b230 8bcb262f 89ad2a20 8a63f288 00000000 pacer!PcFilterSendNetBufferLists+0x256
8dd4b25c 8bd16bad 897b40e0 8a63f288 00000000 ndis!ndisSendNBLToFilter+0xf2
8dd4b28c 8be8b77b 89ad5008 8a63f288 00000000 ndis!NdisSendNetBufferLists+0x162
8dd4b2d8 8beae1f4 89ad3950 00000000 00000000 tcpip!FlSendPackets+0x416
8dd4b32c 8bead280 8bf11ec0 00000000 00000000 tcpip!IppFragmentPackets+0x2e2
8dd4b364 8be8a853 8bf11ec0 88a19d54 88a19df0 tcpip!IppDispatchSendPacketHelper+0x266
8dd4b404 8be8b33e 00a19d54 00000000 c9715008 tcpip!IppPacketizeDatagrams+0x8d6
8dd4b484 8be88438 00000000 00000004 8bf11ec0 tcpip!IppSendDatagramsCommon+0x67f
8dd4b4a4 8be90d37 88a0d100 8dd4b530 00000000 tcpip!IpNlpSendDatagrams+0x4b
8dd4b680 8be88af0 00000000 00000000 8a45f4a8 tcpip!UdpSendMessagesOnPathCreation+0x7c0
8dd4b784 8be88c9c 88a0d130 00d4b874 00000000 tcpip!UdpSendMessages+0x595
8dd4b798 85ed8be5 8dd4b828 a53d2e09 00000000 tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x13
8dd4b800 8be90e74 8be88c89 8dd4b828 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
8dd4b840 929819c2 8a45f4a8 8dd4b874 c9645008 tcpip!UdpTlProviderSendMessages+0x67
8dd4b858 929a127f ca574800 8dd4b874 ca574800 afd!AfdTLSendMessages+0x27
8dd4b8b0 929a18e2 ca574800 c9645008 1f4db92c afd!AfdTLFastDgramSend+0x7d
8dd4b920 929913e1 ca574800 8dd4b9dc 00000008 afd!AfdFastDatagramSend+0x5d3
8dd4ba98 956dc13d c9f45301 00000001 0016ee60 afd!AfdFastIoDeviceControl+0x3dc
8dd4bb40 860816dd c9f453b8 00000001 0016ee60 360AntiHacker+0x413d
8dd4bc08 860c8ab0 00000f94 000003cc 00000000 nt!IopXxxControlFile+0x3ef
8dd4bc74 85e1dba9 00010022 89e19400 8dd4bcc4 nt!NtDeviceIoControlFile+0x2a
8dd4bd04 85e8cdb6 00000f94 000003cc 00000000 hal!KfLowerIrql+0x61
8dd4bd04 77a66c74 00000f94 000003cc 00000000 nt!KiSystemServicePostCall
0016ef1c 00000000 00000000 00000000 00000000 0x77a66c74
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 9a53d370306b2230f89e27abadb5d71b90433cca
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7ec25259ab6f0a9bfc0301a2ed7b5ee41c3e806c
THREAD_SHA1_HASH_MOD: a22634f0cf372b6554fe11a3bc36415697e105a9
FOLLOWUP_IP:
ndislwf+4bf8
95a97bf8 8907 mov dword ptr [edi],eax
FAULT_INSTR_CODE: d1030789
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: ndislwf+4bf8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ndislwf
IMAGE_NAME: ndislwf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 58354701
FAILURE_BUCKET_ID: 0xD1_ndislwf+4bf8
BUCKET_ID: 0xD1_ndislwf+4bf8
PRIMARY_PROBLEM_CLASS: 0xD1_ndislwf+4bf8
TARGET_TIME: 2016-12-07T08:28:34.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x86
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-10-11 22:52:36
BUILDDATESTAMP_STR: 161011-0600
BUILDLAB_STR: win7sp1_ldr
BUILDOSVER_STR: 6.1.7601.23572.x86fre.win7sp1_ldr.161011-0600
ANALYSIS_SESSION_ELAPSED_TIME: 8a7
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xd1_ndislwf+4bf8
FAILURE_ID_HASH: {595d8d66-f9cc-c58e-a528-5714bca43127}
Followup: MachineOwner