Windows驱动程序BugCheck 7E在驱动程序加载

这一个正在困扰着我。

我的驱动程序在所有来宾虚拟系统（Windows xp / 7，x86和x64）以及一些特定的主机上工作得很好。

然而，在我的 PC上，我正在接收一个0x7E停止代码，因为我在OSRLoader中启动了驱动程序。

是的，testing指示和debugging模式都启用。

Visual C ++，断点不会中断

Linux内核硬件断点

在multithreading应用程序中设置硬件断点不会触发

Windows内核条件断点不评估

c ++：visual studio 2008/2010“断点不会被打”问题

这是一些转储信息（警告，巨大）：

0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYstem_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit,but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code,but ... If this happens,make sure a debugger gets connected,and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffff80000003,The exception code that was not handled Arg2: fffff88000c0af0f,The address that the exception occurred at Arg3: fffff88002fb1d78,Exception Record Address Arg4: fffff88002fb15e0,Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid FAULTING_IP: CI!CiValidateImageHeader+167 fffff880`00c0af0f cc int 3 EXCEPTION_RECORD: fffff88002fb1d78 -- (.exr 0xfffff88002fb1d78) ExceptionAddress: fffff88000c0af0f (CI!CiValidateImageHeader+0x0000000000000167) ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 1 Parameter[0]: 0000000000000000 CONTEXT: fffff88002fb15e0 -- (.cxr 0xfffff88002fb15e0) rax=0000000000000000 rbx=00000000000000ff rcx=1748c3f2dac60000 rdx=0000000000000008 rsi=fffff88002fb2100 rdi=00000000c0000428 rip=fffff88000c0af0f rsp=fffff88002fb1fb0 rbp=0000000000000000 r8=0000000000000001 r9=fffff80002d0bbe0 r10=fffff80002e4a900 r11=fffff88002fb1fa8 r12=0000000000006000 r13=fffff98018700000 r14=fffffa8002621520 r15=0000000000000001 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 CI!CiValidateImageHeader+0x167: fffff880`00c0af0f cc int 3 Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x7E PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached. EXCEPTION_ParaMETER1: 0000000000000000 LAST_CONTROL_TRANSFER: from fffff80002f35b18 to fffff88000c0af0f STACK_TEXT: fffff880`02fb1fb0 fffff800`02f35b18 : 00000000`00000006 00000000`000fffff fffffa80`02621520 00000000`00000000 : CI!CiValidateImageHeader+0x167 fffff880`02fb2090 fffff800`02f3591a : 00000000`00000000 00000000`01000000 fffffa80`055e6010 00000000`00000000 : nt!SeValidateImageHeader+0x58 fffff880`02fb20d0 fffff800`0302dea2 : fffffa80`02621520 fffffa80`055e6010 00000000`00000001 00000000`00000006 : nt!MiValidateImageHeader+0x21a fffff880`02fb21a0 fffff800`02fba3cf : fffff880`02fb2400 00000000`00000000 fffff880`02fb26b8 fffff880`02fb23f8 : nt! ?? ::NNGAKEGL::`string'+0x4e3e3 fffff880`02fb23b0 fffff800`02cce293 : fffffa80`02505b60 fffff880`02fb2658 fffff880`02fb2448 00000000`00000000 : nt!NtCreateSection+0x162 fffff880`02fb2430 fffff800`02cca830 : fffff800`030a7f16 00000000`00000000 fffff800`02fbc607 00000000`00000001 : nt!KiSystemServicecopyEnd+0x13 fffff880`02fb2638 fffff800`030a7f16 : 00000000`00000000 fffff800`02fbc607 00000000`00000001 fffffa80`0254c518 : nt!KiServiceLinkage fffff880`02fb2640 fffff800`030a82dc : ffffffff`80000ea4 fffffa80`00100000 fffffa80`0254c518 00000000`00000000 : nt!MmCheckSystemImage+0x96 fffff880`02fb2770 fffff800`030a84f7 : ffffffff`80000ea4 fffff800`00000001 fffff8a0`0b36c500 00000000`00000000 : nt!MiCreateSectionForDriver+0xcc fffff880`02fb2820 fffff800`030b3d9a : 00000000`00000000 fffff880`02fb29f8 fffffa80`02505b60 fffff800`02e48e00 : nt!MiObtainSectionForDriver+0xd7 fffff880`02fb2880 fffff800`030b69bd : fffff880`02fb29f8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmloadSystemImage+0x23a fffff880`02fb29a0 fffff800`030b7375 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`02829388 : nt!IopLoadDriver+0x44d fffff880`02fb2c70 fffff800`02cdc1e1 : fffff8a0`00000000 ffffffff`80000e90 fffff800`030b7320 fffffa80`02505b60 : nt!IopLoadUnloadDriver+0x55 fffff880`02fb2cb0 fffff800`02f6e6e6 : b9ce705b`ee973fcb fffffa80`02505b60 00000000`00000080 fffffa80`024ef5f0 : nt!ExpWorkerThread+0x111 fffff880`02fb2d40 fffff800`02cad566 : fffff880`009eb180 fffffa80`02505b60 fffff880`009f5f40 50320c1b`3fdc0847 : nt!PspSystemThreadStartup+0x5a fffff880`02fb2d80 00000000`00000000 : fffff880`02fb3000 fffff880`02fad000 fffff880`02fb13f0 00000000`00000000 : nt!KiStartSystemThread+0x16 FOLLOWUP_IP: CI!CiValidateImageHeader+167 fffff880`00c0af0f cc int 3 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: CI!CiValidateImageHeader+167 FOLLOWUP_NAME: MachineOwner MODULE_NAME: CI IMAGE_NAME: CI.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4a5be01d STACK_COMMAND: .cxr 0xfffff88002fb15e0 ; kb FAILURE_BUCKET_ID: X64_0x7E_CI!CiValidateImageHeader+167 BUCKET_ID: X64_0x7E_CI!CiValidateImageHeader+167 Followup: MachineOwner ---------

正如在顶部状态的一点点，我用/ DEBUG启动，它显示没有比我已经有的更多。

我的代码中的第一个日志甚至没有被打到：

/* * DriverEntry * Driver entry point */ NTSTATUS DriverEntry(IN PDRIVER_OBJECT driver,IN PUNICODE_STRING path) { // Setup vars UNICODE_STRING devLink,devName; PDEVICE_OBJECT devObj = NULL; NTSTATUS ntsReturn; // Log Entry LOG("Driver Entry"); // Setup driver unload function driver->DriverUnload = DrvUnload;

WinDbg在其视图中没有任何显示。

我怎么知道这是什么原因？ 当windbg没有连接时，断点会导致BSOD，并且（显然）在连接时冻结我的电脑，给我没有真正的可用数据。

设置gdb断点select一个不同的构造函数集32位与64位

如何在IDLE中添加断点到python程序？

WinDbg中的“Break指令exception”是什么？

托pipe的System :: Diagnostics :: Debugger :: Launchfunction的非托pipe/本机替代scheme？

如何在Visual C ++中以编程方式设置断点？

它看起来像你在CI.dll打一个调试断言。 您只需从调试器输入g并继续加载您的驱动程序。

这是Windows的x64版本的默认行为。 如果你不想看到这个断言，你必须在启动时间F8，并选择“禁用驱动程序签名实施”，这是每次启动有效。 （你每次重新启动都必须这样做）。 或者，您可以使用32位Windows和32位版本的驱动程序进行调试。

这里是更多的信息：

http://msdn.microsoft.com/en-us/library/ff547565(v=vs.85).aspx

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。