1. 首页
  2. 问答
  3. Windows 10上的BSOD 0xC4

Windows 10上的BSOD 0xC4

2015-10-15 92 views
1

我有一个使用WDK 8.1构建的驱动程序,我试图在Windows 10上运行 启用了代码完整性检查的验证程序。当驱动程序启动时,我收到以下蓝屏:
是否需要重新构建驱动程序并更改任何设置。 “Arg1:00002000,驱动程序违规的子类”的含义是什么。Windows 10上的BSOD 0xC4

     Bugcheck Analysis: 
DRIVER_VERIFIER_DETECTED_VIOLATION (c4) 
A device driver attempting to corrupt the system has been caught. This is 
because the driver was specified in the registry as being suspect (by the 
administrator) and the kernel has enabled substantial checking of this  driver. 
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will 
be among the most commonly seen crashes. 

Arguments: 

Arg1: 00002000, subclass of driver violation. 
Arg2: 93d76b70 
Arg3: 00000000 
Arg4: 00000000 

Debugging Details: 
------------------ 

Failed calling InternetOpenUrl, GLE=12007 

BUGCHECK_STR: 0xc4_2000 

IMAGE_NAME: McPvDrv.sys 

DEBUG_FLR_IMAGE_TIMESTAMP: 5317613a 

MODULE_NAME: McPvDrv 

FAULTING_MODULE: 93d70000 McPvDrv 

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT 

PROCESS_NAME: System 

CURRENT_IRQL: 0 

LAST_CONTROL_TRANSFER: from 8277336a to 8233bac4 

STACK_TEXT: 
876c76d8 8277336a 000000c4 00002000 93d76b70 nt!KeBugCheckEx 
876c76fc 8241f7ea 93d76b70 00000000 00000000 nt!VerifierBugCheckIfAppropriate+0x36 
876c771c 8276c018 93d76b70 00000000 00000000 nt!VfReportIssueWithOptions+0xd3 
876c773c 8276a4b7 00000000 00000000 876c77c4 nt!VfCheckPoolType+0x61 
876c774c 93d76b70 00000000 00000014 0000002d nt!VerifierExAllocatePool+0x15 
WARNING: Stack unwind information not available. Following frames may be wrong. 
876c77c4 93d7581d 93d7e14c 00000020 876c79ec McPvDrv+0x6b70 
876c7a34 93d75fc1 93d73dba 00000001 71bfe534 McPvDrv+0x581d 
876c7ae0 93d7145c b27cef30 860ebbe0 82217938 McPvDrv+0x5fc1 
876c7b20 825a2920 b27cef30 b27ef000 ab95fcf0 McPvDrv+0x145c 
876c7d00 825bd192 00000000 876c7d1c ab95fcf0 nt!IopLoadDriver+0x62a 
876c7d20 82314145 ab95fcf0 00000000 861a8700 nt!IopLoadUnloadDriver+0x42 
876c7d70 822a3da1 82487220 71bfe2e4 00000000 nt!ExpWorkerThread+0xd5 
876c7db0 8234f2f1 82314070 82487220 00000000 nt!PspSystemThreadStartup+0x5b 
876c7dbc 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x15 


STACK_COMMAND: kb 

FOLLOWUP_IP: 
McPvDrv+6b70 
93d76b70 8bf0   mov  esi,eax 

SYMBOL_STACK_INDEX: 5 

SYMBOL_NAME: McPvDrv+6b70 

FOLLOWUP_NAME: wintriag 

FAILURE_BUCKET_ID: 0xc4_2000_VRF_McPvDrv+6b70 

BUCKET_ID: 0xc4_2000_VRF_McPvDrv+6b70 

Followup: wintriag

来源

2015-10-15 Raj

回答

1
根据 https://msdn.microsoft.com/en-us/library/windows/hardware/ff560187(v=vs.85).aspx

ARG为0x2000建议您致电StorPortInitialize功能

请仔细检查您使用的是正确的操作系统符号,否则调试器输出可以是完全错误的!还包括您的驱动程序的符号文件夹路径(文件 - >符号文件路径)。 您在此处:https://msdn.microsoft.com/en-us/library/windows/desktop/ms681416(v=vs.85).aspx有关如何使用Microsoft符号服务器的详细信息,以便下载所需的OS符号。 您可以添加到您的符号路径,如srv c:\ MyTempSymbolFolderhttp://msdl.microsoft.com/download/symbols但请务必使用“;”不要划符号路径

这样做应该是能够做到这一点的命令成功之后的WinDbg! .reload/F NT .reload/F McPvDrv.sys

,现在重新运行分析-v命令,可能会向您显示修改后的调用堆栈

来源

2015-10-28 10:36:32

相关问题

 相关问题