被dxgmms1.sys搞蓝了

2011-11-24 Nie.Meining Debug

Win7,32位,吃着早餐还看着片,突然就蓝屏了。加载dump文件看了下,IRQL_NOT_LESS_OR_EQUAL。

0: kd> kb

ChildEBP RetAddr  Args to Child            

926f4b14 842b49fc badb0d00 926f4bf8 badb0d00 nt!KiTrap0E+0x2cf

926f4b98 842b2553 84365d20 880c9cf8 88eab118 nt!KiSignalSynchronizationObject+0x15

926f4bc4 9517fe77 880c9cf8 00000000 00000000 nt!KeSetEvent+0x8e

926f4bf0 951814c8 00000000 926f4c18 951951df dxgmms1!VIDMM_GLOBAL::ProcessTerminationCommand+0x51

926f4bfc 951951df 884ae610 88eab118 88eab118 dxgmms1!VidMmiProcessTerminationCommand+0x10

926f4c18 9519618f eea6fa40 8765a098 926f4c3c dxgmms1!VidSchiSubmitDeviceCommand+0x33

926f4c28 951963de 88eab118 84272509 87f44788 dxgmms1!VidSchiSubmitQueueCommand+0xaf

926f4c3c 95196485 87f44788 00000000 881e1438 dxgmms1!VidSchiRun_PriorityTable+0x24

926f4c50 84443fda 87f44788 b82d3fba 00000000 dxgmms1!VidSchiWorkerThread+0x7f

926f4c90 842ec1d9 95196406 87f44788 00000000 nt!PspSystemThreadStartup+0x9e

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

 

蓝在系统函数里,看看KeSetEvent的参数:

0: kd> !object 880c9cf8

GetUlongFromAddress: unable to read from 843a4844

 

参数地址读不出内容。当前IRQL为2:

0: kd> !irql

Debugger saved IRQL for processor 0x0 -- 2 (DISPATCH_LEVEL)

 

不过应该没啥关系,MSDN里写了:

If Wait is set to FALSE, the caller can be running at IRQL <= DISPATCH_LEVEL. Otherwise, callers of KeSetEvent must be running at IRQL <= APC_LEVEL and in a nonarbitrary thread context.

所以应该不是换出去了,果断就是dxgmms1.sys使用一个无效地址做参数调用了KeSetEvent函数。
dxgmms1.sys是DirectX Graphics MMS驱动,上网搜了搜,貌似被这个驱动搞蓝的机子挺多的。

发表评论:

Powered by emlog