2 tanglu5003328 tanglu5003328 于 2017.09.18 17:13 提问

xp系统安装自定制Gina登录模块后,PGPfsfd.sys导致系统蓝屏重启 1C

背景:安装指静脉操作系统登录控制软件后(类似于指纹认证,取代Windows登录时输入的密码,指静脉认证通过自动登录系统),自定制了xp系统Gina库,在部分安装pgp加密软件机器上出现蓝屏重启现象(卸载指静脉登录软件后恢复正常,不蓝屏重启),在没有安装pgp加密软件的机器没有蓝屏重启现象。

蓝屏dump文件分析结果如下:

Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\TL\Desktop\报错日志\WER1ec0.dir00\Mini091217-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*d:/temp/*http://msdl.microsoft.com/download/symbols;D:\MyDebugDump
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.130107-0416
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Tue Sep 12 14:21:28.319 2017 (UTC + 8:00)
System Uptime: 0 days 0:02:15.053
Loading Kernel Symbols
...............................................................
................................................................
.
Loading User Symbols
Loading unloaded module list
.................


  • *
  • Bugcheck Analysis *
  • * *******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 35, {8a4eb008, 0, 0, 0}

*** WARNING: Unable to verify timestamp for PGPfsfd.sys
*** ERROR: Module load completed but symbols could not be loaded for PGPfsfd.sys
Probably caused by : PGPfsfd.sys ( PGPfsfd+b8ee )

Followup: MachineOwner

3: kd> !analyze -v


  • *
  • Bugcheck Analysis *
  • * *******************************************************************************

NO_MORE_IRP_STACK_LOCATIONS (35)
A higher level driver has attempted to call a lower level driver through
the IoCallDriver() interface, but there are no more stack locations in the
packet, hence, the lower level driver would not be able to access its
parameters, as there are no parameters for it. This is a disasterous
situation, since the higher level driver "thinks" it has filled in the
parameters for the lower level driver (something it MUST do before it calls
it), but since there is no stack location for the latter driver, the former
has written off of the end of the packet. This means that some other memory
has probably been trashed at this point.
Arguments:
Arg1: 8a4eb008, Address of the IRP
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x35

PROCESS_NAME: winlogon.exe

LAST_CONTROL_TRANSFER: from 804f01d0 to 804faf9f

STACK_TEXT:

9d8365ac 804f01d0 00000035 8a4eb008 00000000 nt!KeBugCheckEx+0x1b
9d8365c4 b96eee9b 00000000 8a4eb008 8a4eb078 nt!IopfCallDriver+0x18
9d8365e8 b96fb754 9d836608 89bb0c68 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b
9d836624 804f01e9 89bb0c68 8a4eb008 8a4eb008 fltMgr!FltpCreate+0x26a
9d836634 b96fb6c3 8a4eb008 00000000 8a7b6b70 nt!IopfCallDriver+0x31
9d836664 804f01e9 89c0eee8 8a4eb008 8a4eb008 fltMgr!FltpCreate+0x1d9
9d836674 b96cb8ee 89c17550 8a675a00 8a04ad00 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
9d836698 b96d7e49 89c0eee8 8a675a00 89c17550 PGPfsfd+0xb8ee
9d8366c4 b96d9bed 89c17498 8a675a00 8a78b168 PGPfsfd+0x17e49
9d8366dc 804f01e9 89c17550 8a4eb008 8a7badb0 PGPfsfd+0x19bed
9d836784 804f01e9 89c13c10 8a4eb008 8a4eb008 nt!IopfCallDriver+0x31
9d8367bc 804f01e9 8a675a00 8a4eb008 8a4eb008 nt!IopfCallDriver+0x31
9d8367cc b96eee9b 00000000 8a4eb008 8a4eb0e4 nt!IopfCallDriver+0x31
9d8367f0 b96fb754 9d836810 8978a678 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b
9d83682c 804f01e9 8978a678 8a4eb008 9d836cc0 fltMgr!FltpCreate+0x26a
9d83683c b957a5ba 8943d62c 8943d628 00000000 nt!IopfCallDriver+0x31
9d836870 b957b974 8943d628 b956f088 8943d628 Mup!DnrRedirectFileOpen+0x443
9d8368d0 b957c894 0043d628 00f800c0 8a4eb108 Mup!DnrNameResolve+0x53c
9d836900 b9576d97 89b7b5d0 8a4eb008 8a7b7ac0 Mup!DnrStartNameResolution+0x292
9d836970 b9574fe6 89b7b5d0 8a7b7a08 8a4eb008 Mup!DfsCommonCreate+0x237
9d8369b8 b9575086 8a7b7a08 8a4eb008 8a4eb018 Mup!DfsFsdCreate+0xe0
9d836a10 804f01e9 8a7b7a08 8a4eb008 8a4eb008 Mup!MupCreate+0xbc
9d836a20 80584232 8a7b79f0 894bb414 9d836bb8 nt!IopfCallDriver+0x31
9d836b00 805c0490 8a7b7a08 00000000 894bb370 nt!IopParseDevice+0xa12
9d836b78 805bca1c 00000000 9d836bb8 00000040 nt!ObpLookupObjectName+0x53c
9d836bcc 8057816c 00000000 00000000 00000001 nt!ObOpenObjectByName+0xea
9d836d54 805426cc 02c8df7c 02c8df44 02c8dfa8 nt!NtQueryFullAttributesFile+0x124
9d836d54 7c92e514 02c8df7c 02c8df44 02c8dfa8 nt!KiFastCallEntry+0xfc
02c8dfa8 00000000 00000000 00000000 00000000 0x7c92e514

STACK_COMMAND: kb

FOLLOWUP_IP:
PGPfsfd+b8ee
b96cb8ee ?? ???

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: PGPfsfd+b8ee

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: PGPfsfd

IMAGE_NAME: PGPfsfd.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4e1bdf32

FAILURE_BUCKET_ID: 0x35_PGPfsfd+b8ee

BUCKET_ID: 0x35_PGPfsfd+b8ee

Followup: MachineOwner

3: kd> lmvm PGPfsfd
start end module name
b96c0000 b96eb000 PGPfsfd T (no symbols)

Loaded symbol image file: PGPfsfd.sys
Image path: PGPfsfd.sys
Image name: PGPfsfd.sys
Timestamp: Tue Jul 12 13:44:18 2011 (4E1BDF32)
CheckSum: 0002657B
ImageSize: 0002B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
请高手帮忙分析下,指个方向,拜谢。

Csdn user default icon
上传中...
上传图片
插入图片