Dosyaların inceleme bakımından direkt açıklanabilecek dosyalar değiller. Misal olarak;
Kod:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an.
interrupt request level (IRQL) that is too high. This is usually.
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000007, memory referenced.
Arg2: 0000000000000002, IRQL.
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation.
Arg4: 0000000000000007, address which referenced memory.
Bu durumda, ilgili işlevin yüksek bir IRQL durumunda geçersiz bir adresi referans göstermesi gerekiyor. Referans adresi ilk bakışta geçersiz değil olarak görünüyor ve kullanıcı kısmına aittir. Pte komutu çalışmıyor ama ilgili adresin geçersiz olduğunu görebiliyoruz:
Kod:
3: kd> db 0000000000000007.
00000000`00000007 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000017 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000027 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000037 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000047 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000057 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000067 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`00000077 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
Aynı zamanda yürütülen ve çökmenin yaşandığı adres bu'dur. Çökme Pointer'a ait. Bu geçersiz adrese referans olan şey ne? Göz atarsak;
Kod:
3: kd> KnL.
# Child-SP RetAddr Call Site.
00 fffffd84`f0ae9118 fffff804`5ce123a9 nt!KeBugCheckEx
01 fffffd84`f0ae9120 fffff804`5ce0dd78 nt!KiBugCheckDispatch+0x69
02 fffffd84`f0ae9260 00000000`00000007 nt!KiPageFault+0x478
03 fffffd84`f0ae93f0 00000000`00000004 0x7 < Çökme.
04 fffffd84`f0ae93f8 fffffd84`f0ae9428 0x4.
05 fffffd84`f0ae9400 fffffd84`f0ae9420 0xfffffd84`f0ae9428
06 fffffd84`f0ae9408 ffff8881`497d7180 0xfffffd84`f0ae9420
07 fffffd84`f0ae9410 ffff8881`497d7180 0xffff8881`497d7180
08 fffffd84`f0ae9418 fffff804`5ce2e92e 0xffff8881`497d7180 < Kernel Mode çağrıları.
09 fffffd84`f0ae9420 fffff804`5cc37f5f nt!KiSwapThread+0x1f63fe < İş parçacığı değişimi.
0a fffffd84`f0ae94d0 fffff804`5cccf62e nt!KiCommitThreadWait+0x14f
0b fffffd84`f0ae9570 fffff594`75a37438 nt!KeWaitForMultipleObjects+0x2be <
0c fffffd84`f0ae9680 fffff594`76a98b0f win32kbase!LegacyInputDispatcher::WaitAndDispatch+0x88
0d fffffd84`f0ae97b0 fffff594`75ab8853 win32kfull!RawInputThread+0x7bf
0e fffffd84`f0ae9970 fffff594`76ad2280 win32kbase!xxxCreateSystemThreads+0xc3
0f fffffd84`f0ae9aa0 fffff594`75ec474d win32kfull!NtUserCallNoParam+0x70 << User-Mode üzerinden Kernel Mode'a ithaf yapılan çağrılar.
10 fffffd84`f0ae9ad0 fffff804`5ce11b08 win32k!NtUserCallNoParam+0x15
11 fffffd84`f0ae9b00 00007ffb`505e10e4 nt!KiSystemServiceCopyEnd+0x28
12 000000f3`d0bbfdf8 00000000`00000000 0x00007ffb`505e10e4 << User-Mode çağrıları.
İstisnayı aldığı noktadan sonra yapılan değişim ve sonrasında gelen kernel çağrıları görüyoruz. Bu çağrıların bağlamları belli değil.
Kod:
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind.
that the kernel isn't allowed to have/catch (bound trap) or that.
is always instant death (double fault). The first number in the.
BugCheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these.
traps are. Here is a *portion* of those codes:
If kv shows a taskGate.
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe.
use .trap on that value.
Else.
.trap on the appropriate frame will show where the trap was taken.
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif.
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffff8401518ffe70.
Arg3: aaaaaaaaaaaaaaaa < Stack Pointer.
Arg4: fffff806298065cd.
1 tane minidump -veya daha fazladır belki de-
Exception_Double_Fault (0x8) nedeniyle UNEXPECTED_KERNEL_MODE_TRAP hatası veriyor. Bu, bir sorundan kurtulmak için bir istisna işleyicisi çalışırken, istisna işleyicisini çalıştırırken başka bir istisnanın meydana geldiği anlamına gelir. Bu tür mavile genelde donanımla ilgilidir, çünkü neredeyse tüm istisna işleyicileri Microsoft işlevleridir.
Senin dosyanda ise ana durum incelenmez bir halde;
Rich (BB code):
4: kd> K
# Child-SP RetAddr Call Site.
00 ffff8401`518ffd28 fffff806`298123a9 nt!KeBugCheckEx
01 ffff8401`518ffd30 fffff806`2980c852 nt!KiBugCheckDispatch+0x69
02 ffff8401`518ffe70 fffff806`298065cd nt!KiDoubleFaultAbort+0x2d2
03 aaaaaaaa`aaaaaaaa 00000000`00000000 nt!SwapContext+0x1ad < Bağlam değişikliği.
Bir bağlam değişimi sırasında hata meydana geldiği için incelenmesi zor bir hale geliyor.
Bu dosyada göze çarpan şey ise iş parçacığı ham yığınındaki çağrılar:
Kod:
4: kd> !thread
THREAD ffff8401518dc1c0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 4
Not impersonating.
GetUlongFromAddress: unable to read from fffff8062a0115ac.
Owning Process fffff8062a124a00 Image:
Attached Process ffffa90450877040 Image: System.
fffff78000000000: Unable to get shared data.
Wait Start TickCount 399374
Context Switch Count 19854522 IdealProcessor: 4
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address nt!KiIdleLoop (0xfffff806298025b0)
Stack Init fffffe0e3da53c90 Current aaaaaaaaaaaaaaaa.
Base fffffe0e3da54000 Limit fffffe0e3da4e000 Call 0000000000000000.
Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
Child-SP RetAddr : Args to Child.
0xffff8401518ffd28 : 0xfffff806298123a9 : nt!KiBugCheckDispatch+0x69
[...]
0xfffffe0e3da524f8 : 0xfffff8062d7384b5 : tcpip!InetInspectReceiveTcpDatagram+0x665
0xfffffe0e3da52518 : 0xfffff80634fcbe2e : rt640x64!NICSendNetBufferNPQ+0xb22
0xfffffe0e3da52548 : 0xfffff8062d737d61 : tcpip!TcpTcbExtractDatagram+0xd1
[...]
0xfffffe0e3da53188 : 0xfffff8062964a15a : nt!KiIntSteerEtwEventEnabled+0x2a
0xfffffe0e3da531b8 : 0xfffff80629651cf1 : nt!KeIntSteerPeriodic+0x101
0xfffffe0e3da531f0 : 0xfffff8062a020f20 : nt!PpmCheckStartDpc
0xfffffe0e3da532a8 : 0xfffff8062a020f20 : nt!PpmCheckStartDpc
0xfffffe0e3da532c8 : 0xfffff80629651a28 : nt!PpmParkSteerInterrupts+0x458
0xfffffe0e3da53318 : 0xfffff80652382e4d : amdppm!ReadGenAddrEx+0x11
0xfffffe0e3da53348 : 0xfffff80652384203 : amdppm!GetCpcDifferentialFeedback+0x33
0xfffffe0e3da53558 : 0xfffff80652382e03 : amdppm!ReadGenAddr+0x1f
0xfffffe0e3da53560 : 0xfffff806297654d0 : nt!HalpApic1WriteRegister
0xfffffe0e3da53568 : 0xfffff8062973706b : nt!HalpApicTimerArm+0x5b
0xfffffe0e3da53588 : 0xfffff80652382e4d : amdppm!ReadGenAddrEx+0x11
0xfffffe0e3da53598 : 0xfffff8062975bbb1 : nt!HalpSetTimer+0x155
0xfffffe0e3da535a0 : 0xfffff806297654d0 : nt!HalpApic1WriteRegister
0xfffffe0e3da535a8 : 0xfffff8062974a7ed : nt!HalpApicTimerInitialize+0x4d
0xfffffe0e3da535b8 : 0xfffff80652384203 : amdppm!GetCpcDifferentialFeedback+0x33
0xfffffe0e3da535d0 : 0xfffff806297654d0 : nt!HalpApic1WriteRegister
0xfffffe0e3da535d8 : 0xfffff8062974a78c : nt!HalpApicTimerStop+0x1c
0xfffffe0e3da535e8 : 0xfffff8065238bdd1 : amdppm!PerfReadWrappingCounter+0x41
0xfffffe0e3da535f8 : 0xfffff8062964dd9e : nt!KiCheckForTimerExpiration+0xae
0xfffffe0e3da53600 : 0xfffff8062974a770 : nt!HalpApicTimerStop
0xfffffe0e3da53608 : 0xfffff8062974c197 : nt!HalpTimerClockStop+0x37
0xfffffe0e3da53628 : 0xffffa90459ab9ca8 : 0xfffff8065238bd90 : amdppm!PerfReadWrappingCounter
0xfffffe0e3da53688 : 0xfffff8062964d940 : nt!KeAccumulateTicks+0x30
0xfffffe0e3da536a8 : 0xfffff80629968163 : nt!PpmIdleUpdateConcurrency+0x73
0xfffffe0e3da536e0 : 0xfffff80652381b00 : amdppm!AcpiCStateIdleCancel
0xfffffe0e3da53898 : 0xfffff8065238c155 : amdppm!AcpiCStatePreselect+0x15
0xfffffe0e3da53a90 : 0xfffff806297f9c00 : nt!HalpApic1EndOfInterrupt
0xfffffe0e3da53a98 : 0xfffff8062971e98a : nt!HalPerformEndOfInterrupt+0x1a
0xfffffe0e3da53ac8 : 0xfffff806298055ca : nt!KiDpcInterrupt+0x2da
0xfffffe0e3da53ae8 : 0xfffff8062964b878 : nt!PoIdle+0x3a8
0xfffffe0e3da53c18 : 0xfffff80629806a18 : nt!SwapContext+0x5f8
0xfffffe0e3da53c38 : 0xfffff8062980260a : nt!KiIdleLoop+0x5a
0xfffffe0e3da53c58 : 0xfffff80629802726 : nt!KiIdleLoop+0x176
Buraları daha uzun anlatabilirdim lakin şu an çok da halim yok. C-state durumlarını devre dışı bırakıp gözlemlemeni öneririm. Diğer 2-3 dosyana da eğer sorun çözülmezse bakarım.