BlueScream分析结果:
==================================================**
Dump File : 121814-18735-01.dmp
Crash Time : 2014/12/18 7:19:00
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x870d4030
Parameter 3 : 0x870d419c
Parameter 4 : 0x82a54e10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+dee98
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.17207 (win7_gdr.130104-1435)
Processor : 32-bit
Crash Address : ntoskrnl.exe+dee98
Stack Address 1 : ntoskrnl.exe+2df2a1
Stack Address 2 : ntoskrnl.exe+25ce5a
Stack Address 3 : ntoskrnl.exe+25cd9d
Computer Name :
Full Path : C:\windows\Minidump\121814-18735-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 138,153
Dump File Time : 2014/12/18 7:20:11
WinDbg分析结果:
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 870d4030, Terminating object
Arg3: 870d419c, Process image file name
Arg4: 82a54e10, Explanatory message (ascii)
Debugging Details:
PROCESS_OBJECT: 870d4030
IMAGE_NAME: (M
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: (M
FAULTING_MODULE: 00000000
PROCESS_NAME: Test.exe
BUGCHECK_STR: 0xF4_Test.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82b1a2a1 to 82919e98
STACK_TEXT:
e0df8b9c 82b1a2a1 000000f4 00000003 870d4030 nt!KeBugCheckEx+0x1e
e0df8bc0 82a97e5a 82a54e10 870d419c 870d42a0 nt!PspCatchCriticalBreak+0x71
e0df8bf0 82a97d9d 870d4030 859e0d48 00000000 nt!PspTerminateAllThreads+0x2d
e0df8c24 828788fa 00000520 00000000 034ffa4c nt!NtTerminateProcess+0x1a2
e0df8c24 76ff7094 00000520 00000000 034ffa4c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
034ffa4c 00000000 00000000 00000000 00000000 0x76ff7094
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xF4_Test.exe_IMAGE__(M___
BUCKET_ID: 0xF4_Test.exe_IMAGE__(M___
Followup: MachineOwner
其中Test.exe是我们自己开发的应用程序,请问下这个是因为csrss.exe被Test.exe进程杀掉了吗,但是我在代码里试了下,csrss.exe的句柄应该是获取不到,按道理杀不掉才对。