蓝屏再次:usbhub! Usbhhubprocesschangeworker + EC [英] Blue screen again : usbhub! Usbhhubprocesschangeworker+ec
问题描述
我调试了minidump文件。我有一些问题。 Windbg向我提供以下信息:
I have debugged the minidump file . I have some problems . Windbg provides me infomation below:
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xFE
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff88005a12a60 to fffff80004293bc0
STACK_TEXT:
fffff880`047fcad8 fffff880`05a12a60 : 00000000`000000fe 00000000`00000008 00000000`00000006 00000000`0000000a : nt!KeBugCheckEx
fffff880`047fcae0 fffff800`0458a1d3 : fffffa80`0867e050 00000000`00000001 ffffffff`dc3a58a0 fffff800`044392d8 : usbhub!UsbhHubProcessChangeWorker+0xec
fffff880`047fcb40 fffff800`0429d261 : fffff800`00000000 fffffa80`00000001 fffff800`0424c200 fffff800`00000000 : nt!IopProcessWorkItem+0x23
fffff880`047fcb70 fffff800`045302ea : 00000000`00000000 fffffa80`06a0b040 00000000`00000080 fffffa80`069ef990 : nt!ExpWorkerThread+0x111
fffff880`047fcc00 fffff800`042848e6 : fffff880`04565180 fffffa80`06a0b040 fffff880`0456ffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`047fcc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
usbhub!UsbhHubProcessChangeWorker+ec
fffff880`05a12a60 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: usbhub!UsbhHubProcessChangeWorker+ec
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: usbhub
IMAGE_NAME: usbhub.sys
问题在于代码:
the problem is at the code :
FOLLOWUP_IP:
usbhub!UsbhHubProcessChangeWorker+ec
fffff880`05a12a60 cc int 3
使用IDA Pro我得到了汇编代码,显然代码在
的位置
by using IDA Pro I got the assebmle code ,and obviously the code at the location of
UsbhHubProcessChangeWorker+ec是有效的而不是int中断。在这里它给出了int,为什么?这是什么意思?
我的尝试:
调试windbg中的minidump并有一些信息
is valid and not int interrupt . Here it gives int ,why ? what does it mean ?
What I have tried:
Debug minidump in windbg and have some information
推荐答案
这里给出了int ,为什么?是什么意思?
Here it gives int ,why ? what does it mean ?
调试器在设置断点时插入INT(中断)3。一旦命中,调试器将控制并删除INT 3指令,将其替换为原始代码,以允许继续调试过程。
INT (Interrupt) 3 is inserted by debuggers when setting a breakpoint. Once that is hit, the debugger takes control and removes the INT 3 instruction by replacing it with the original code to allow continuation of the debugged process.
但是当os运行时我没有断点。
But I have not make a breakpoint when the os is running .
来自Windows的书内部第2部分作者:Mark E Russinovich和其他人:
From the book Windows Internals Part 2 by Mark E Russinovich and others:
如果出现STATUS_BREAKPOINT异常,请将其拆开地址将确认是否存在断点指令。处理器指令INT 3称为调试器指令陷阱。 INT 3指令在执行时会导致系统调用内核的调试器异常处理程序。如果调试器连接到计算机,系统将中断。
In the case of a STATUS_BREAKPOINT exception, unassembling the address will confirm the presence of a breakpoint instruction. The processor instruction INT 3 is called the trap to debugger instruction. An INT 3 instruction, when executed, causes the system to call the kernel’s debugger exception handler. If a debugger is attached to the computer, the system will break in.
0: kd>
u 92c70a78
myfault+0xa78: 92c70a78 cc int 3
...断点通常不应出现在设备驱动程序的零售版本中。使用lm命令,有时可以确定设备驱动程序的目标环境。在编译驱动程序以进行发布时(除非被开发人员覆盖),设置一个指示释放类型的标志。查看File flags属性时,Debug字样的存在表明驱动程序是使用已检查(或调试)环境构建的。
Breakpoints shouldn’t usually appear in retail versions of device drivers. Using the lm command, it’s sometimes possible to determine which environment a device driver was targeted for. When compiling a driver for release (and unless overridden by the developer), a flag is set indicating the release type. When viewing the File flags property, the presence of the word Debug indicates that the driver was built using a checked (or debug) environment.
[/ EDIT]
这篇关于蓝屏再次:usbhub! Usbhhubprocesschangeworker + EC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
