BSoD DRIVER_VERIFIER_DETECTED_VIOLATION

BSoD DRIVER_VERIFIER_DETECTED_VIOLATION

我最近遇到了很多 BSoD,所以我跑了驱动程序验证程序verifier在命令行中)。它生成DRIVER_VERIFIER_DETECTED_VIOLATIONBSoD. 使用 WinDbg 分析转储:

!analyze -v

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4) A device driver attempting to corrupt the system has been caught.  This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes. Arguments: Arg1: 000000000009400b, subclass of driver violation. Arg2: fffff8014749aba0 Arg3: ffffe0002413ff20 Arg4: ffffe0002413ff78

Debugging Details:
------------------


ADDITIONAL_DEBUG_TEXT:  Failed to find the associated rule. Please upgrade your debugger (ext.dll).

BUGCHECK_STR:  0xc4_9400b

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8014748e487 to fffff80334de1fa0

STACK_TEXT:   
nt!KeBugCheckEx 
VerifierExt!SLIC_StatefulAbort+0x22b 
VerifierExt!Ndis_OnTimerExpire+0x442 
VerifierExt!XdvPassiveTimerRoutine+0x43
nt!IopProcessWorkItem+0x76
nt!ExpWorkerThread+0x293
nt!PspSystemThreadStartup+0x58
nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:  nt!IopProcessWorkItem+76 fffff803`34ce0ffa f7058410300000000008 test dword ptr [nt!PerfGlobalGroupMask+0x8 (fffff803`34fe2088)],8000000h

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!IopProcessWorkItem+76

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5318053f

BUCKET_ID_FUNC_OFFSET:  76

FAILURE_BUCKET_ID:  0xc4_9400b_VRF_nt!IopProcessWorkItem

BUCKET_ID:  0xc4_9400b_VRF_nt!IopProcessWorkItem

Followup: MachineOwner

lmvm nt

start             end                 module name
fffff803`34c8e000 fffff803`35417000   nt         (pdb symbols)          c:\symbols\ntkrnlmp.pdb\D67FECD43A49492C87EC845789255D641\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: c:\symbols\ntoskrnl.exe\5318053F789000\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Thu Mar 06 06:18:55 2014 (5318053F)
    CheckSum:         00721D34
    ImageSize:        00789000
    File version:     6.3.9600.17041
    Product version:  6.3.9600.17041
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   6.3.9600.17041
    FileVersion:      6.3.9600.17041 (winblue_gdr.140305-1710)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

您对如何进行此操作有什么想法吗?以及如何处理Please upgrade your debugger (ext.dll)

相关内容