Re:分析求助:鼠标有反应,别的电脑插鼠标没有反应应
点击联系发帖人
时间:2018-07-12 16:48
Re: 分析求助:鼠标有反应,别的没有反应。 - 高端调试 :: 论坛
欢迎光临 高端调试
帖子排序:&
Oldest to newest
Newest to oldest
分析求助:鼠标有反应,别的没有反应。
文件压缩后有10mb左右,上传出现问题,放到了:敬请下载。
一下是简单的分析,请各位高手给出正确的分析方法和结果。
0: kd& !locks**** DUMP OF ALL RESOURCE OBJECTS ****KD: Scanning for held locks.......
Resource @ Ntfs!NtfsData (0xf7b6d5b0)&&& Shared 1 owning threads&&&& Threads: 8b1a68d0-01&*& KD: Scanning for held locks.........................................
Resource @ 0x879bdc2c&&& Shared 1 owning threads&&& Contention Count = 7856&&& NumberOfSharedWaiters = 18&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8acf2020-01&&& 8ace13f0-01&&& 89d4c440-01&*& 8aa60a98-01&&& &&&&&&&&&&&&& 8b1a63f0-01&&& 88e32020-01&&& 8ab04020-01&&& &&& &&&&&&&&&&&&& &&& 8a194b78-01&&& 89d50508-01&&& 8ac96b08-01&&& &&&&&&&&&&&&& &&& 87e5f300-01&&& 8aa796f8-01&&& &&& &&&&&&&&&&&&& -01&&& &&& 8ac76020-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 8b1a6b40&&&&&&
KD: Scanning for held locks.
Resource @ 0x8ac04378&&& Exclusively owned&&& Contention Count = 91&&& NumberOfSharedWaiters = 2&&&& Threads: 89d4c440-01&*& 8b1a6db0-01&&& 8b1a7738-01&&& KD: Scanning for held locks.
Resource @ 0x8abfcf58&&& Shared 1 owning threads&&& Contention Count = 7&&& NumberOfSharedWaiters = 1&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8b1a63f0-01&*& 8b1a68d0-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 89d4c440&&&&&&
KD: Scanning for held locks.........................
Resource @ 0x894ac888&&& Exclusively owned&&&& Threads: 89d4c440-01&*&
Resource @ 0x894acda8&&& Exclusively owned&&& Contention Count = 2&&& NumberOfSharedWaiters = 1&&&& Threads: 89d4c440-01&*& 8b1a79a8-01&&& KD: Scanning for held locks.....
Resource @ 0x883d0bc0&&& Shared 1 owning threads&&& Contention Count = 24547&&&& Threads: 89d4c440-03&*& KD: Scanning for held locks....................
Resource @ 0x889e2ae0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x894af688&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ae07eb8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc6598&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ac969c8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x8ace8e08&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8aa601e8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x88efc580&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879bbdf0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c1618&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc5758&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8a18d3b0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879c5318&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c5ad8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.......3329 total locks, 23 locks currently held
0: kd& !thread& 8b1a63f0THREAD 8b1a63f0& Cid & Teb:
Win32Thread:
WAIT: (Unknown) KernelMode Non-Alertable&&& 8b2e80b0& Semaphore Limit 0x7fffffff&&& 8b1a6468& NotificationTimerNot impersonatingDeviceMap&&&&&&&&&&&&&&&& e10018f0Owning Process&&&&&&&&&&& 8b1a89e8&&&&&& Image:&&&&&&&& SystemAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 5288&&&&&&&&&&&& UserTime&&&&&&&&&&&&&&&&& 00:00:00.000KernelTime&&&&&&&&&&&&&&& 00:00:01.343Start Address nt!ExpWorkerThread (0x)Stack Init f78d7000 Current f78d6430 Base f78d7000 Limit f78d4000 Call 0Priority 14 BasePriority 13 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& f78d5 8b1a63f0 8b1a1 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])f78da62 8b1a63f0 879bdc2c
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])f78d64bc 8087cbed 8b2e80b0 000000 nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])f78d64f8 8087d02f f78d8 f78d6608 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])f78d7d 879bdc2c 00006 nt!ExAcquireResourceSharedLite+0xf5 (FPO: [2,3,4])f78d652c f7b78 879bd7f8
Ntfs!NtfsAcquireSharedVcb+0x23 (FPO: [3,0,4])f78daff6 f78dd0 80a5bf00 Ntfs!NtfsCommonQueryInformation+0xd2 (FPO: [SEH])f78d65f4 f7b8b02f f78dd0
Ntfs!NtfsFsdDispatchSwitch+0x12a (FPO: [SEH])f78dc 879bd718
89d79270 Ntfs!NtfsFsdDispatchWait+0x1c (FPO: [2,66,0])f78ddf33 fdc45 nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d674c fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])f78dc 89dd4d0 b5e7bab8 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])f78d67a4 e7472e f78d67d8 b5e7472e nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d67b0 b5ed4d0 80a5c456
nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d67d8 b5e74aef 89d79270 88bbd038
xxx!FilemonQueryFile+0xce (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 845]f78d68d8 b5e00 88bbd038 87895f18 xxx!FilemonGetFullPath+0x23f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 939]f78d6ab0 b5ee60 8aaf8208 8aaf8208 xxx!FilemonHookRoutine+0x1da (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2279]f78d6ac4 809b550c aaf8208 88bbd038 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]f78d6af4 1e67f f78d6b14 8081e67f nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d6b00 d6b3c 8ac24ac8 nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d6b14 bbd00b f78d6b3c f78d6c04 nt!IoSynchronousPageWrite+0xaf (FPO: [5,0,4])f78d6c30 8083780b e3ebb430 e3ebb4b0 8ac24ac8 nt!MiFlushSectionInternal+0x6ba (FPO: [6,61,4])f78d6c74 8080f8de 8ac24a90 f78d6c00
nt!MmFlushSection+0x211 (FPO: [5,6,0])f78d6cfc 00
nt!CcFlushCache+0x3a6 (FPO: [4,24,4])f78d6d40
8b1a63f0 808ae5c0 8b19d190 nt!CcWriteBehind+0x11b (FPO: [0,8,4])f78d6d80 b19d190 b1a63f0 nt!CcWorkerThread+0x15a (FPO: [SEH])f78d6dac b19d190 00000 nt!ExpWorkerThread+0xeb (FPO: [1,5,0])f78d6ddc 00
nt!PspSystemThreadStartup+0x2e (FPO: [SEH])00 00000 nt!KiThreadStartup+0x16
0: kd& !thread& 89d4c440THREAD 89d4c440& Cid 0b9c.0ba0& Teb: 7ffdd000 Win32Thread: e118c610 WAIT: (Unknown) KernelMode Non-Alertable&&& 8acf4428& SynchronizationEvent&&& 89d4c4b8& NotificationTimerIRP List:&&& 89d5c878: (0006,01fc) Flags: & Mdl: Not impersonatingDeviceMap&&&&&&&&&&&&&&&& e32abaf8Owning Process&&&&&&&&&&& 89d4c020&&&&&& Image:&&&&&&&& cmd.exeAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 178844&&&&&&&&&&&&&&&& LargeStackUserTime&&&&&&&&&&&&&&&&& 00:00:00.250KernelTime&&&&&&&&&&&&&&& 00:00:03.640Win32 Start Address 0x4ad07670Start Address 0x7c8217f8Stack Init b663d000 Current b663c49c Base b663d000 Limit b6639000 Call 0Priority 14 BasePriority 8 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& b663c4b4 d4c440 89d4c4e8
nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])b663c4e0 d4c440 8abfcf58
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])b663c528 8087cbed 8acfb
nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])b663c564 08 b663c870 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])b663c584 f7b515b4 8abfcf58 b663c801 b663c5b8 nt!ExAcquireResourceExclusiveLite+0x8d (FPO: [2,3,0])b663c594 f7b8e3b1 b663c870 e3c801 Ntfs!NtfsAcquireResourceExclusive+0x20 (FPO: [3,0,0])b663c5b8 f7b90d9d b663c801 e880d0 Ntfs!NtfsAcquireExclusiveFcb+0x42 (FPO: [4,1,4])b663c5d4 f7b7bfce b663c870 ec29a8 Ntfs!NtfsAcquireExclusiveScb+0x17 (FPO: [2,0,4])b663c658 f7b9e8fa b663c870 3c978 Ntfs!NtfsWriteUsnJournalChanges+0x71 (FPO: [SEH])b663c854 f7b928d9 b663c870 89d5c878 80a5bf00 Ntfs!NtfsCommonCleanup+0x21ff (FPO: [SEH])b663c9c4 809b550c 879bd718 89d5c878 89d79270 Ntfs!NtfsFsdCleanup+0xcf (FPO: [SEH])b663c9f4 72c45 b663ca28 f7272c45 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca00 fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ca28 809b550c 89dc878 89d5ca50 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])b663ca58 e792e0 b663cc2c b5e792e0 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca64 b5e792e0 80a5bf00 87895e60 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663cc2c b5ee60 89d5c878 89d5c878 xxx!FilemonHookRoutine+0x1390 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2663]b663cc40 809b550c d5c878 88b07318 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]b663cc70 fccac 808f9732 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663cc7c 808f00 8b18f730 88b07318 nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ccac 80934bac 89d4c020 20196 nt!IopCloseFile+0x2ae (FPO: [5,7,0])b663ccdc 809344ad 89d4c020 b18f730 nt!ObpDecrementHandleCount+0xcc (FPO: [4,2,4])b663cd04 a9a58 88b18 nt!ObpCloseHandleTableEntry+0x131 (FPO: [5,1,0])b663cd48 01 b663cd64 nt!ObpCloseHandle+0x82 (FPO: [2,7,4])b663cd58 2fafc 7c9585ec nt!NtClose+0x1b (FPO: [1,0,0])b663cd58 7c9585ec 2fafc 7c9585ec nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b663cd64)WARNING: Stack unwind information not available. Following frames may be wrong.0012fafc 00
ntdll+0x285ec
能说下是那个资源引起的死锁吗?我查了下:Threads: 8b1a63f0 拥有17个,其中15个是Exclusively Threads: 89d4c440 拥有6个,其中两个是Shared 类型的。而我们模块的地址是:b5e700&& xxx&& (private pdb symbols)& d:\xxx\client\filemon\filemon\objchk_wnet_x86\i386\xxx.pdb那些Resource的地址都不在我们的驱动模块里面?
0: kd& !irp 89d5c878 Irp is active with 11 stacks 9 is current (= 0x89d5ca08)&No Mdl: No System Buffer: Thread 89d4c440:& Irp stack trace.& &&&& cmd& flg cl Device&& File&&&& Completion-Context&[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0 10 00-&&&
Args: 00 &[ 12, 0]&& 0 e0 879bd718 88bef4-89d5ca2c Success Error Cancel &&&&& \FileSystem\Ntfs nt!IovpInternalCompletionTrapArgs: 00 &[ 12, 0]&& 0& 0 89d18 b5e77a40-&&& &&&&& \FileSystem\FltMgr xxxArgs: 00 &[ 12, 0]&& 0& 0 b00-&&& &&&&& \Driver\xxxArgs: 00 0: kd& !devobj 879bd718 Device object (879bd718) is for:& \FileSystem\Ntfs DriverObject 8b1c03e0Current Irp
RefCount 0 Type
Flags DevExt 879bd7d0 DevObjExt 879bdfd0 ExtensionFlags (0xc0000000)& DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDOAttachedDevice (Upper) 89d79270 \FileSystem\FltMgrDevice queue is not busy.0: kd& !irp 88b07318 IRP signature does not match, probably not an IRP0: kd& dt nt!_file_object 88b07318 && +0x000 Type&&&&&&&&&&&& : 5&& +0x002 Size&&&&&&&&&&&& : 112&& +0x004 DeviceObject&&&& : 0x8b1c7630 _DEVICE_OBJECT&& +0x008 Vpb&&&&&&&&&&&&& : 0x8b1c75a8 _VPB&& +0x00c FsContext&&&&&&& : 0xe31c2a70 && +0x010 FsContext2&&&&&& : 0xe31c2bb8 && +0x014 SectionObjectPointer : 0x8aa60fec _SECTION_OBJECT_POINTERS&& +0x018 PrivateCacheMap& : (null) && +0x01c FinalStatus&&&&& : 0&& +0x020 RelatedFileObject : 0x _FILE_OBJECT&& +0x024 LockOperation&&& : 0 ''&& +0x025 DeletePending&&& : 0 ''&& +0x026 ReadAccess&&&&&& : 0 ''&& +0x027 WriteAccess&&&&& : 0x1 ''&& +0x028 DeleteAccess&&&& : 0 ''&& +0x029 SharedRead&&&&&& : 0x1 ''&& +0x02a SharedWrite&&&&& : 0 ''&& +0x02b SharedDelete&&&& : 0 ''&& +0x02c Flags&&&&&&&&&&& : 0x44042&& +0x030 FileName&&&&&&&& : _UNICODE_STRING "\www\addtest.txt"&& +0x038 CurrentByteOffset : _LARGE_INTEGER 0x7&& +0x040 Waiters&&&&&&&&& : 0&& +0x044 Busy&&&&&&&&&&&& : 1&& +0x048 LastLock&&&&&&&& : (null) && +0x04c Lock&&&&&&&&&&&& : _KEVENT&& +0x05c Event&&&&&&&&&&& : _KEVENT&& +0x06c CompletionContext : (null) 0: kd& !fileobj 88b07318
\www\addtest.txt
Related File Object: 0x
Device Object: 0x8b1c7630&& \Driver\FtdiskVpb: 0x8b1c75a8Access: Write SharedRead
Flags:& 0x44042Synchronous IOCache SupportedCleanup CompleteHandle Created
File Object is currently busy and has 0 waiters.
FsContext: 0xe31c2a70 FsContext2: 0xe31c2bb8CurrentByteOffset: 7Cache Data:& Section Object Pointers: 8aa60fec& Shared Cache Map: 88e32810&&&&&&&& File Offset: 7 in VACB number 0& Vacb: 8b192df0& Your data is at: c3c00007
诚心求解答,第一次分析这。
希望张老师等大牛出现回答。
IP 地址: 已记录&&
发 贴: 1,299
Re: 分析求助:鼠标有反应,别的没有反应。
典型的死锁:
- CC线程8b1a63f0想获取Cmd线程89d4c440拥有的0x879bdc2c
- Cmd线程89d4c440想获取CC线程8b1a63f0拥有的0x8abfcf58
通过搜索内核池可以看到0x8abfcf58是NTFS创建的,根据栈回溯,与FCB(File Control Block)关联
!pool 0x8abfcf58
*8abfcf50 size: 40 previous size: 8 (Allocated) *Ntfr
Pooltag Ntfr : ERESOURCE, Binary : ntfs.sys
NtfR - ntfs.sys - READ_AHEAD_THREAD
类似的0x879bdc2c与设备对象和VCB (Volume Control Block)关联
如此看来,CC线程拿到了FCB,想要VCB,Cmd线程拿到了VCB,想要FCB...
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢老张的分析。如何解决呢?痛苦的思索中。说明:自己的驱动代码中没有处理FCB和VCB内容,倒是用了3个ERESOURCE。不足之处,请继续指教。可能是因为两个!pool命令的内容太多,导致回复失败。看看能不能再补上。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
回复的内容及返回的错误页面。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢张老师的来信。问题可能已经解决,按照理论上也解决了。开始的时候出现一两次死机,可能是别的原因,以后想出现都没有出现。经过这么多天的测试,没有出现问题,断定解决了。
IP 地址: 已记录&&
|- 论坛搜索
|- 热门主题
|- 未回复的主题
|- 找回密码
|- Windows内核调试
|- C/C++本地代码调试
|- .Net程序调试
|- 脚本程序调试
|- Java程序调试
|- Linux内核调试
|- 《程序员》杂志调试专栏
|- 远程调试
|- 调试ACPI和BIOS
|- 特殊的调试任务
|- 转储分析
|- Windows内核
|- Linux内核
|- CPU架构
|- PCI/PCI Express架构
|- 软件物语
|- 社区活动
|- 名人逸事
|- 欢迎使用CnForums
|- BUG也精彩
|- 豆腐工程
|- 软件圈里十大怪
Windows Vista
|- 用调试利剑剖析VISTA内幕
|- 老专家如何破解新问题
|- 我的电脑谁说了算?
Office开发
驱动程序开发
|- Windows驱动开发
|- Linux驱动开发
|- Windows CE驱动开发
用户态开发
|- Windows本地代码(native)高级开发
|- Web应用开发
|- WinFX和.Net
|- Office开发
|- 高端调试团队
|- 版面布局
|- 活动建议
|- 网站维护
|- 64-bit Windows
|- 64-bit CPU
|- 《软件调试》的示例程序
|- 《软件调试》的工具
|- 《软件调试》书友
|- 《软件调试》答疑
|- 《软件调试》勘误和意见
|- 《格蠹汇编》
|- PaaS和SaaS
|- 游戏开发与调试
(C) ADVDBG.ORG All Rights Reserved.UCBUG游戏网-最安全的绿色下载站点!
→ Word文档内容选中不了、鼠标没反应问题的解决方法一览404 Not Found
404 Not FoundRe: 分析求助:鼠标有反应,别的没有反应。 - 高端调试 :: 论坛
欢迎光临 高端调试
帖子排序:&
Oldest to newest
Newest to oldest
分析求助:鼠标有反应,别的没有反应。
文件压缩后有10mb左右,上传出现问题,放到了:敬请下载。
一下是简单的分析,请各位高手给出正确的分析方法和结果。
0: kd& !locks**** DUMP OF ALL RESOURCE OBJECTS ****KD: Scanning for held locks.......
Resource @ Ntfs!NtfsData (0xf7b6d5b0)&&& Shared 1 owning threads&&&& Threads: 8b1a68d0-01&*& KD: Scanning for held locks.........................................
Resource @ 0x879bdc2c&&& Shared 1 owning threads&&& Contention Count = 7856&&& NumberOfSharedWaiters = 18&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8acf2020-01&&& 8ace13f0-01&&& 89d4c440-01&*& 8aa60a98-01&&& &&&&&&&&&&&&& 8b1a63f0-01&&& 88e32020-01&&& 8ab04020-01&&& &&& &&&&&&&&&&&&& &&& 8a194b78-01&&& 89d50508-01&&& 8ac96b08-01&&& &&&&&&&&&&&&& &&& 87e5f300-01&&& 8aa796f8-01&&& &&& &&&&&&&&&&&&& -01&&& &&& 8ac76020-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 8b1a6b40&&&&&&
KD: Scanning for held locks.
Resource @ 0x8ac04378&&& Exclusively owned&&& Contention Count = 91&&& NumberOfSharedWaiters = 2&&&& Threads: 89d4c440-01&*& 8b1a6db0-01&&& 8b1a7738-01&&& KD: Scanning for held locks.
Resource @ 0x8abfcf58&&& Shared 1 owning threads&&& Contention Count = 7&&& NumberOfSharedWaiters = 1&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8b1a63f0-01&*& 8b1a68d0-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 89d4c440&&&&&&
KD: Scanning for held locks.........................
Resource @ 0x894ac888&&& Exclusively owned&&&& Threads: 89d4c440-01&*&
Resource @ 0x894acda8&&& Exclusively owned&&& Contention Count = 2&&& NumberOfSharedWaiters = 1&&&& Threads: 89d4c440-01&*& 8b1a79a8-01&&& KD: Scanning for held locks.....
Resource @ 0x883d0bc0&&& Shared 1 owning threads&&& Contention Count = 24547&&&& Threads: 89d4c440-03&*& KD: Scanning for held locks....................
Resource @ 0x889e2ae0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x894af688&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ae07eb8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc6598&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ac969c8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x8ace8e08&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8aa601e8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x88efc580&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879bbdf0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c1618&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc5758&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8a18d3b0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879c5318&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c5ad8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.......3329 total locks, 23 locks currently held
0: kd& !thread& 8b1a63f0THREAD 8b1a63f0& Cid & Teb:
Win32Thread:
WAIT: (Unknown) KernelMode Non-Alertable&&& 8b2e80b0& Semaphore Limit 0x7fffffff&&& 8b1a6468& NotificationTimerNot impersonatingDeviceMap&&&&&&&&&&&&&&&& e10018f0Owning Process&&&&&&&&&&& 8b1a89e8&&&&&& Image:&&&&&&&& SystemAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 5288&&&&&&&&&&&& UserTime&&&&&&&&&&&&&&&&& 00:00:00.000KernelTime&&&&&&&&&&&&&&& 00:00:01.343Start Address nt!ExpWorkerThread (0x)Stack Init f78d7000 Current f78d6430 Base f78d7000 Limit f78d4000 Call 0Priority 14 BasePriority 13 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& f78d5 8b1a63f0 8b1a1 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])f78da62 8b1a63f0 879bdc2c
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])f78d64bc 8087cbed 8b2e80b0 000000 nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])f78d64f8 8087d02f f78d8 f78d6608 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])f78d7d 879bdc2c 00006 nt!ExAcquireResourceSharedLite+0xf5 (FPO: [2,3,4])f78d652c f7b78 879bd7f8
Ntfs!NtfsAcquireSharedVcb+0x23 (FPO: [3,0,4])f78daff6 f78dd0 80a5bf00 Ntfs!NtfsCommonQueryInformation+0xd2 (FPO: [SEH])f78d65f4 f7b8b02f f78dd0
Ntfs!NtfsFsdDispatchSwitch+0x12a (FPO: [SEH])f78dc 879bd718
89d79270 Ntfs!NtfsFsdDispatchWait+0x1c (FPO: [2,66,0])f78ddf33 fdc45 nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d674c fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])f78dc 89dd4d0 b5e7bab8 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])f78d67a4 e7472e f78d67d8 b5e7472e nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d67b0 b5ed4d0 80a5c456
nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d67d8 b5e74aef 89d79270 88bbd038
xxx!FilemonQueryFile+0xce (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 845]f78d68d8 b5e00 88bbd038 87895f18 xxx!FilemonGetFullPath+0x23f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 939]f78d6ab0 b5ee60 8aaf8208 8aaf8208 xxx!FilemonHookRoutine+0x1da (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2279]f78d6ac4 809b550c aaf8208 88bbd038 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]f78d6af4 1e67f f78d6b14 8081e67f nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d6b00 d6b3c 8ac24ac8 nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d6b14 bbd00b f78d6b3c f78d6c04 nt!IoSynchronousPageWrite+0xaf (FPO: [5,0,4])f78d6c30 8083780b e3ebb430 e3ebb4b0 8ac24ac8 nt!MiFlushSectionInternal+0x6ba (FPO: [6,61,4])f78d6c74 8080f8de 8ac24a90 f78d6c00
nt!MmFlushSection+0x211 (FPO: [5,6,0])f78d6cfc 00
nt!CcFlushCache+0x3a6 (FPO: [4,24,4])f78d6d40
8b1a63f0 808ae5c0 8b19d190 nt!CcWriteBehind+0x11b (FPO: [0,8,4])f78d6d80 b19d190 b1a63f0 nt!CcWorkerThread+0x15a (FPO: [SEH])f78d6dac b19d190 00000 nt!ExpWorkerThread+0xeb (FPO: [1,5,0])f78d6ddc 00
nt!PspSystemThreadStartup+0x2e (FPO: [SEH])00 00000 nt!KiThreadStartup+0x16
0: kd& !thread& 89d4c440THREAD 89d4c440& Cid 0b9c.0ba0& Teb: 7ffdd000 Win32Thread: e118c610 WAIT: (Unknown) KernelMode Non-Alertable&&& 8acf4428& SynchronizationEvent&&& 89d4c4b8& NotificationTimerIRP List:&&& 89d5c878: (0006,01fc) Flags: & Mdl: Not impersonatingDeviceMap&&&&&&&&&&&&&&&& e32abaf8Owning Process&&&&&&&&&&& 89d4c020&&&&&& Image:&&&&&&&& cmd.exeAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 178844&&&&&&&&&&&&&&&& LargeStackUserTime&&&&&&&&&&&&&&&&& 00:00:00.250KernelTime&&&&&&&&&&&&&&& 00:00:03.640Win32 Start Address 0x4ad07670Start Address 0x7c8217f8Stack Init b663d000 Current b663c49c Base b663d000 Limit b6639000 Call 0Priority 14 BasePriority 8 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& b663c4b4 d4c440 89d4c4e8
nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])b663c4e0 d4c440 8abfcf58
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])b663c528 8087cbed 8acfb
nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])b663c564 08 b663c870 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])b663c584 f7b515b4 8abfcf58 b663c801 b663c5b8 nt!ExAcquireResourceExclusiveLite+0x8d (FPO: [2,3,0])b663c594 f7b8e3b1 b663c870 e3c801 Ntfs!NtfsAcquireResourceExclusive+0x20 (FPO: [3,0,0])b663c5b8 f7b90d9d b663c801 e880d0 Ntfs!NtfsAcquireExclusiveFcb+0x42 (FPO: [4,1,4])b663c5d4 f7b7bfce b663c870 ec29a8 Ntfs!NtfsAcquireExclusiveScb+0x17 (FPO: [2,0,4])b663c658 f7b9e8fa b663c870 3c978 Ntfs!NtfsWriteUsnJournalChanges+0x71 (FPO: [SEH])b663c854 f7b928d9 b663c870 89d5c878 80a5bf00 Ntfs!NtfsCommonCleanup+0x21ff (FPO: [SEH])b663c9c4 809b550c 879bd718 89d5c878 89d79270 Ntfs!NtfsFsdCleanup+0xcf (FPO: [SEH])b663c9f4 72c45 b663ca28 f7272c45 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca00 fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ca28 809b550c 89dc878 89d5ca50 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])b663ca58 e792e0 b663cc2c b5e792e0 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca64 b5e792e0 80a5bf00 87895e60 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663cc2c b5ee60 89d5c878 89d5c878 xxx!FilemonHookRoutine+0x1390 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2663]b663cc40 809b550c d5c878 88b07318 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]b663cc70 fccac 808f9732 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663cc7c 808f00 8b18f730 88b07318 nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ccac 80934bac 89d4c020 20196 nt!IopCloseFile+0x2ae (FPO: [5,7,0])b663ccdc 809344ad 89d4c020 b18f730 nt!ObpDecrementHandleCount+0xcc (FPO: [4,2,4])b663cd04 a9a58 88b18 nt!ObpCloseHandleTableEntry+0x131 (FPO: [5,1,0])b663cd48 01 b663cd64 nt!ObpCloseHandle+0x82 (FPO: [2,7,4])b663cd58 2fafc 7c9585ec nt!NtClose+0x1b (FPO: [1,0,0])b663cd58 7c9585ec 2fafc 7c9585ec nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b663cd64)WARNING: Stack unwind information not available. Following frames may be wrong.0012fafc 00
ntdll+0x285ec
能说下是那个资源引起的死锁吗?我查了下:Threads: 8b1a63f0 拥有17个,其中15个是Exclusively Threads: 89d4c440 拥有6个,其中两个是Shared 类型的。而我们模块的地址是:b5e700&& xxx&& (private pdb symbols)& d:\xxx\client\filemon\filemon\objchk_wnet_x86\i386\xxx.pdb那些Resource的地址都不在我们的驱动模块里面?
0: kd& !irp 89d5c878 Irp is active with 11 stacks 9 is current (= 0x89d5ca08)&No Mdl: No System Buffer: Thread 89d4c440:& Irp stack trace.& &&&& cmd& flg cl Device&& File&&&& Completion-Context&[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0 10 00-&&&
Args: 00 &[ 12, 0]&& 0 e0 879bd718 88bef4-89d5ca2c Success Error Cancel &&&&& \FileSystem\Ntfs nt!IovpInternalCompletionTrapArgs: 00 &[ 12, 0]&& 0& 0 89d18 b5e77a40-&&& &&&&& \FileSystem\FltMgr xxxArgs: 00 &[ 12, 0]&& 0& 0 b00-&&& &&&&& \Driver\xxxArgs: 00 0: kd& !devobj 879bd718 Device object (879bd718) is for:& \FileSystem\Ntfs DriverObject 8b1c03e0Current Irp
RefCount 0 Type
Flags DevExt 879bd7d0 DevObjExt 879bdfd0 ExtensionFlags (0xc0000000)& DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDOAttachedDevice (Upper) 89d79270 \FileSystem\FltMgrDevice queue is not busy.0: kd& !irp 88b07318 IRP signature does not match, probably not an IRP0: kd& dt nt!_file_object 88b07318 && +0x000 Type&&&&&&&&&&&& : 5&& +0x002 Size&&&&&&&&&&&& : 112&& +0x004 DeviceObject&&&& : 0x8b1c7630 _DEVICE_OBJECT&& +0x008 Vpb&&&&&&&&&&&&& : 0x8b1c75a8 _VPB&& +0x00c FsContext&&&&&&& : 0xe31c2a70 && +0x010 FsContext2&&&&&& : 0xe31c2bb8 && +0x014 SectionObjectPointer : 0x8aa60fec _SECTION_OBJECT_POINTERS&& +0x018 PrivateCacheMap& : (null) && +0x01c FinalStatus&&&&& : 0&& +0x020 RelatedFileObject : 0x _FILE_OBJECT&& +0x024 LockOperation&&& : 0 ''&& +0x025 DeletePending&&& : 0 ''&& +0x026 ReadAccess&&&&&& : 0 ''&& +0x027 WriteAccess&&&&& : 0x1 ''&& +0x028 DeleteAccess&&&& : 0 ''&& +0x029 SharedRead&&&&&& : 0x1 ''&& +0x02a SharedWrite&&&&& : 0 ''&& +0x02b SharedDelete&&&& : 0 ''&& +0x02c Flags&&&&&&&&&&& : 0x44042&& +0x030 FileName&&&&&&&& : _UNICODE_STRING "\www\addtest.txt"&& +0x038 CurrentByteOffset : _LARGE_INTEGER 0x7&& +0x040 Waiters&&&&&&&&& : 0&& +0x044 Busy&&&&&&&&&&&& : 1&& +0x048 LastLock&&&&&&&& : (null) && +0x04c Lock&&&&&&&&&&&& : _KEVENT&& +0x05c Event&&&&&&&&&&& : _KEVENT&& +0x06c CompletionContext : (null) 0: kd& !fileobj 88b07318
\www\addtest.txt
Related File Object: 0x
Device Object: 0x8b1c7630&& \Driver\FtdiskVpb: 0x8b1c75a8Access: Write SharedRead
Flags:& 0x44042Synchronous IOCache SupportedCleanup CompleteHandle Created
File Object is currently busy and has 0 waiters.
FsContext: 0xe31c2a70 FsContext2: 0xe31c2bb8CurrentByteOffset: 7Cache Data:& Section Object Pointers: 8aa60fec& Shared Cache Map: 88e32810&&&&&&&& File Offset: 7 in VACB number 0& Vacb: 8b192df0& Your data is at: c3c00007
诚心求解答,第一次分析这。
希望张老师等大牛出现回答。
IP 地址: 已记录&&
发 贴: 1,299
Re: 分析求助:鼠标有反应,别的没有反应。
典型的死锁:
- CC线程8b1a63f0想获取Cmd线程89d4c440拥有的0x879bdc2c
- Cmd线程89d4c440想获取CC线程8b1a63f0拥有的0x8abfcf58
通过搜索内核池可以看到0x8abfcf58是NTFS创建的,根据栈回溯,与FCB(File Control Block)关联
!pool 0x8abfcf58
*8abfcf50 size: 40 previous size: 8 (Allocated) *Ntfr
Pooltag Ntfr : ERESOURCE, Binary : ntfs.sys
NtfR - ntfs.sys - READ_AHEAD_THREAD
类似的0x879bdc2c与设备对象和VCB (Volume Control Block)关联
如此看来,CC线程拿到了FCB,想要VCB,Cmd线程拿到了VCB,想要FCB...
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢老张的分析。如何解决呢?痛苦的思索中。说明:自己的驱动代码中没有处理FCB和VCB内容,倒是用了3个ERESOURCE。不足之处,请继续指教。可能是因为两个!pool命令的内容太多,导致回复失败。看看能不能再补上。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
回复的内容及返回的错误页面。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢张老师的来信。问题可能已经解决,按照理论上也解决了。开始的时候出现一两次死机,可能是别的原因,以后想出现都没有出现。经过这么多天的测试,没有出现问题,断定解决了。
IP 地址: 已记录&&
|- 论坛搜索
|- 热门主题
|- 未回复的主题
|- 找回密码
|- Windows内核调试
|- C/C++本地代码调试
|- .Net程序调试
|- 脚本程序调试
|- Java程序调试
|- Linux内核调试
|- 《程序员》杂志调试专栏
|- 远程调试
|- 调试ACPI和BIOS
|- 特殊的调试任务
|- 转储分析
|- Windows内核
|- Linux内核
|- CPU架构
|- PCI/PCI Express架构
|- 软件物语
|- 社区活动
|- 名人逸事
|- 欢迎使用CnForums
|- BUG也精彩
|- 豆腐工程
|- 软件圈里十大怪
Windows Vista
|- 用调试利剑剖析VISTA内幕
|- 老专家如何破解新问题
|- 我的电脑谁说了算?
Office开发
驱动程序开发
|- Windows驱动开发
|- Linux驱动开发
|- Windows CE驱动开发
用户态开发
|- Windows本地代码(native)高级开发
|- Web应用开发
|- WinFX和.Net
|- Office开发
|- 高端调试团队
|- 版面布局
|- 活动建议
|- 网站维护
|- 64-bit Windows
|- 64-bit CPU
|- 《软件调试》的示例程序
|- 《软件调试》的工具
|- 《软件调试》书友
|- 《软件调试》答疑
|- 《软件调试》勘误和意见
|- 《格蠹汇编》
|- PaaS和SaaS
|- 游戏开发与调试
(C) ADVDBG.ORG All Rights Reserved.}
欢迎光临 高端调试
帖子排序:&
Oldest to newest
Newest to oldest
分析求助:鼠标有反应,别的没有反应。
文件压缩后有10mb左右,上传出现问题,放到了:敬请下载。
一下是简单的分析,请各位高手给出正确的分析方法和结果。
0: kd& !locks**** DUMP OF ALL RESOURCE OBJECTS ****KD: Scanning for held locks.......
Resource @ Ntfs!NtfsData (0xf7b6d5b0)&&& Shared 1 owning threads&&&& Threads: 8b1a68d0-01&*& KD: Scanning for held locks.........................................
Resource @ 0x879bdc2c&&& Shared 1 owning threads&&& Contention Count = 7856&&& NumberOfSharedWaiters = 18&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8acf2020-01&&& 8ace13f0-01&&& 89d4c440-01&*& 8aa60a98-01&&& &&&&&&&&&&&&& 8b1a63f0-01&&& 88e32020-01&&& 8ab04020-01&&& &&& &&&&&&&&&&&&& &&& 8a194b78-01&&& 89d50508-01&&& 8ac96b08-01&&& &&&&&&&&&&&&& &&& 87e5f300-01&&& 8aa796f8-01&&& &&& &&&&&&&&&&&&& -01&&& &&& 8ac76020-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 8b1a6b40&&&&&&
KD: Scanning for held locks.
Resource @ 0x8ac04378&&& Exclusively owned&&& Contention Count = 91&&& NumberOfSharedWaiters = 2&&&& Threads: 89d4c440-01&*& 8b1a6db0-01&&& 8b1a7738-01&&& KD: Scanning for held locks.
Resource @ 0x8abfcf58&&& Shared 1 owning threads&&& Contention Count = 7&&& NumberOfSharedWaiters = 1&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8b1a63f0-01&*& 8b1a68d0-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 89d4c440&&&&&&
KD: Scanning for held locks.........................
Resource @ 0x894ac888&&& Exclusively owned&&&& Threads: 89d4c440-01&*&
Resource @ 0x894acda8&&& Exclusively owned&&& Contention Count = 2&&& NumberOfSharedWaiters = 1&&&& Threads: 89d4c440-01&*& 8b1a79a8-01&&& KD: Scanning for held locks.....
Resource @ 0x883d0bc0&&& Shared 1 owning threads&&& Contention Count = 24547&&&& Threads: 89d4c440-03&*& KD: Scanning for held locks....................
Resource @ 0x889e2ae0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x894af688&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ae07eb8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc6598&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ac969c8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x8ace8e08&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8aa601e8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x88efc580&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879bbdf0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c1618&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc5758&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8a18d3b0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879c5318&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c5ad8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.......3329 total locks, 23 locks currently held
0: kd& !thread& 8b1a63f0THREAD 8b1a63f0& Cid & Teb:
Win32Thread:
WAIT: (Unknown) KernelMode Non-Alertable&&& 8b2e80b0& Semaphore Limit 0x7fffffff&&& 8b1a6468& NotificationTimerNot impersonatingDeviceMap&&&&&&&&&&&&&&&& e10018f0Owning Process&&&&&&&&&&& 8b1a89e8&&&&&& Image:&&&&&&&& SystemAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 5288&&&&&&&&&&&& UserTime&&&&&&&&&&&&&&&&& 00:00:00.000KernelTime&&&&&&&&&&&&&&& 00:00:01.343Start Address nt!ExpWorkerThread (0x)Stack Init f78d7000 Current f78d6430 Base f78d7000 Limit f78d4000 Call 0Priority 14 BasePriority 13 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& f78d5 8b1a63f0 8b1a1 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])f78da62 8b1a63f0 879bdc2c
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])f78d64bc 8087cbed 8b2e80b0 000000 nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])f78d64f8 8087d02f f78d8 f78d6608 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])f78d7d 879bdc2c 00006 nt!ExAcquireResourceSharedLite+0xf5 (FPO: [2,3,4])f78d652c f7b78 879bd7f8
Ntfs!NtfsAcquireSharedVcb+0x23 (FPO: [3,0,4])f78daff6 f78dd0 80a5bf00 Ntfs!NtfsCommonQueryInformation+0xd2 (FPO: [SEH])f78d65f4 f7b8b02f f78dd0
Ntfs!NtfsFsdDispatchSwitch+0x12a (FPO: [SEH])f78dc 879bd718
89d79270 Ntfs!NtfsFsdDispatchWait+0x1c (FPO: [2,66,0])f78ddf33 fdc45 nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d674c fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])f78dc 89dd4d0 b5e7bab8 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])f78d67a4 e7472e f78d67d8 b5e7472e nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d67b0 b5ed4d0 80a5c456
nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d67d8 b5e74aef 89d79270 88bbd038
xxx!FilemonQueryFile+0xce (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 845]f78d68d8 b5e00 88bbd038 87895f18 xxx!FilemonGetFullPath+0x23f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 939]f78d6ab0 b5ee60 8aaf8208 8aaf8208 xxx!FilemonHookRoutine+0x1da (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2279]f78d6ac4 809b550c aaf8208 88bbd038 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]f78d6af4 1e67f f78d6b14 8081e67f nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d6b00 d6b3c 8ac24ac8 nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d6b14 bbd00b f78d6b3c f78d6c04 nt!IoSynchronousPageWrite+0xaf (FPO: [5,0,4])f78d6c30 8083780b e3ebb430 e3ebb4b0 8ac24ac8 nt!MiFlushSectionInternal+0x6ba (FPO: [6,61,4])f78d6c74 8080f8de 8ac24a90 f78d6c00
nt!MmFlushSection+0x211 (FPO: [5,6,0])f78d6cfc 00
nt!CcFlushCache+0x3a6 (FPO: [4,24,4])f78d6d40
8b1a63f0 808ae5c0 8b19d190 nt!CcWriteBehind+0x11b (FPO: [0,8,4])f78d6d80 b19d190 b1a63f0 nt!CcWorkerThread+0x15a (FPO: [SEH])f78d6dac b19d190 00000 nt!ExpWorkerThread+0xeb (FPO: [1,5,0])f78d6ddc 00
nt!PspSystemThreadStartup+0x2e (FPO: [SEH])00 00000 nt!KiThreadStartup+0x16
0: kd& !thread& 89d4c440THREAD 89d4c440& Cid 0b9c.0ba0& Teb: 7ffdd000 Win32Thread: e118c610 WAIT: (Unknown) KernelMode Non-Alertable&&& 8acf4428& SynchronizationEvent&&& 89d4c4b8& NotificationTimerIRP List:&&& 89d5c878: (0006,01fc) Flags: & Mdl: Not impersonatingDeviceMap&&&&&&&&&&&&&&&& e32abaf8Owning Process&&&&&&&&&&& 89d4c020&&&&&& Image:&&&&&&&& cmd.exeAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 178844&&&&&&&&&&&&&&&& LargeStackUserTime&&&&&&&&&&&&&&&&& 00:00:00.250KernelTime&&&&&&&&&&&&&&& 00:00:03.640Win32 Start Address 0x4ad07670Start Address 0x7c8217f8Stack Init b663d000 Current b663c49c Base b663d000 Limit b6639000 Call 0Priority 14 BasePriority 8 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& b663c4b4 d4c440 89d4c4e8
nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])b663c4e0 d4c440 8abfcf58
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])b663c528 8087cbed 8acfb
nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])b663c564 08 b663c870 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])b663c584 f7b515b4 8abfcf58 b663c801 b663c5b8 nt!ExAcquireResourceExclusiveLite+0x8d (FPO: [2,3,0])b663c594 f7b8e3b1 b663c870 e3c801 Ntfs!NtfsAcquireResourceExclusive+0x20 (FPO: [3,0,0])b663c5b8 f7b90d9d b663c801 e880d0 Ntfs!NtfsAcquireExclusiveFcb+0x42 (FPO: [4,1,4])b663c5d4 f7b7bfce b663c870 ec29a8 Ntfs!NtfsAcquireExclusiveScb+0x17 (FPO: [2,0,4])b663c658 f7b9e8fa b663c870 3c978 Ntfs!NtfsWriteUsnJournalChanges+0x71 (FPO: [SEH])b663c854 f7b928d9 b663c870 89d5c878 80a5bf00 Ntfs!NtfsCommonCleanup+0x21ff (FPO: [SEH])b663c9c4 809b550c 879bd718 89d5c878 89d79270 Ntfs!NtfsFsdCleanup+0xcf (FPO: [SEH])b663c9f4 72c45 b663ca28 f7272c45 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca00 fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ca28 809b550c 89dc878 89d5ca50 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])b663ca58 e792e0 b663cc2c b5e792e0 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca64 b5e792e0 80a5bf00 87895e60 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663cc2c b5ee60 89d5c878 89d5c878 xxx!FilemonHookRoutine+0x1390 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2663]b663cc40 809b550c d5c878 88b07318 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]b663cc70 fccac 808f9732 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663cc7c 808f00 8b18f730 88b07318 nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ccac 80934bac 89d4c020 20196 nt!IopCloseFile+0x2ae (FPO: [5,7,0])b663ccdc 809344ad 89d4c020 b18f730 nt!ObpDecrementHandleCount+0xcc (FPO: [4,2,4])b663cd04 a9a58 88b18 nt!ObpCloseHandleTableEntry+0x131 (FPO: [5,1,0])b663cd48 01 b663cd64 nt!ObpCloseHandle+0x82 (FPO: [2,7,4])b663cd58 2fafc 7c9585ec nt!NtClose+0x1b (FPO: [1,0,0])b663cd58 7c9585ec 2fafc 7c9585ec nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b663cd64)WARNING: Stack unwind information not available. Following frames may be wrong.0012fafc 00
ntdll+0x285ec
能说下是那个资源引起的死锁吗?我查了下:Threads: 8b1a63f0 拥有17个,其中15个是Exclusively Threads: 89d4c440 拥有6个,其中两个是Shared 类型的。而我们模块的地址是:b5e700&& xxx&& (private pdb symbols)& d:\xxx\client\filemon\filemon\objchk_wnet_x86\i386\xxx.pdb那些Resource的地址都不在我们的驱动模块里面?
0: kd& !irp 89d5c878 Irp is active with 11 stacks 9 is current (= 0x89d5ca08)&No Mdl: No System Buffer: Thread 89d4c440:& Irp stack trace.& &&&& cmd& flg cl Device&& File&&&& Completion-Context&[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0 10 00-&&&
Args: 00 &[ 12, 0]&& 0 e0 879bd718 88bef4-89d5ca2c Success Error Cancel &&&&& \FileSystem\Ntfs nt!IovpInternalCompletionTrapArgs: 00 &[ 12, 0]&& 0& 0 89d18 b5e77a40-&&& &&&&& \FileSystem\FltMgr xxxArgs: 00 &[ 12, 0]&& 0& 0 b00-&&& &&&&& \Driver\xxxArgs: 00 0: kd& !devobj 879bd718 Device object (879bd718) is for:& \FileSystem\Ntfs DriverObject 8b1c03e0Current Irp
RefCount 0 Type
Flags DevExt 879bd7d0 DevObjExt 879bdfd0 ExtensionFlags (0xc0000000)& DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDOAttachedDevice (Upper) 89d79270 \FileSystem\FltMgrDevice queue is not busy.0: kd& !irp 88b07318 IRP signature does not match, probably not an IRP0: kd& dt nt!_file_object 88b07318 && +0x000 Type&&&&&&&&&&&& : 5&& +0x002 Size&&&&&&&&&&&& : 112&& +0x004 DeviceObject&&&& : 0x8b1c7630 _DEVICE_OBJECT&& +0x008 Vpb&&&&&&&&&&&&& : 0x8b1c75a8 _VPB&& +0x00c FsContext&&&&&&& : 0xe31c2a70 && +0x010 FsContext2&&&&&& : 0xe31c2bb8 && +0x014 SectionObjectPointer : 0x8aa60fec _SECTION_OBJECT_POINTERS&& +0x018 PrivateCacheMap& : (null) && +0x01c FinalStatus&&&&& : 0&& +0x020 RelatedFileObject : 0x _FILE_OBJECT&& +0x024 LockOperation&&& : 0 ''&& +0x025 DeletePending&&& : 0 ''&& +0x026 ReadAccess&&&&&& : 0 ''&& +0x027 WriteAccess&&&&& : 0x1 ''&& +0x028 DeleteAccess&&&& : 0 ''&& +0x029 SharedRead&&&&&& : 0x1 ''&& +0x02a SharedWrite&&&&& : 0 ''&& +0x02b SharedDelete&&&& : 0 ''&& +0x02c Flags&&&&&&&&&&& : 0x44042&& +0x030 FileName&&&&&&&& : _UNICODE_STRING "\www\addtest.txt"&& +0x038 CurrentByteOffset : _LARGE_INTEGER 0x7&& +0x040 Waiters&&&&&&&&& : 0&& +0x044 Busy&&&&&&&&&&&& : 1&& +0x048 LastLock&&&&&&&& : (null) && +0x04c Lock&&&&&&&&&&&& : _KEVENT&& +0x05c Event&&&&&&&&&&& : _KEVENT&& +0x06c CompletionContext : (null) 0: kd& !fileobj 88b07318
\www\addtest.txt
Related File Object: 0x
Device Object: 0x8b1c7630&& \Driver\FtdiskVpb: 0x8b1c75a8Access: Write SharedRead
Flags:& 0x44042Synchronous IOCache SupportedCleanup CompleteHandle Created
File Object is currently busy and has 0 waiters.
FsContext: 0xe31c2a70 FsContext2: 0xe31c2bb8CurrentByteOffset: 7Cache Data:& Section Object Pointers: 8aa60fec& Shared Cache Map: 88e32810&&&&&&&& File Offset: 7 in VACB number 0& Vacb: 8b192df0& Your data is at: c3c00007
诚心求解答,第一次分析这。
希望张老师等大牛出现回答。
IP 地址: 已记录&&
发 贴: 1,299
Re: 分析求助:鼠标有反应,别的没有反应。
典型的死锁:
- CC线程8b1a63f0想获取Cmd线程89d4c440拥有的0x879bdc2c
- Cmd线程89d4c440想获取CC线程8b1a63f0拥有的0x8abfcf58
通过搜索内核池可以看到0x8abfcf58是NTFS创建的,根据栈回溯,与FCB(File Control Block)关联
!pool 0x8abfcf58
*8abfcf50 size: 40 previous size: 8 (Allocated) *Ntfr
Pooltag Ntfr : ERESOURCE, Binary : ntfs.sys
NtfR - ntfs.sys - READ_AHEAD_THREAD
类似的0x879bdc2c与设备对象和VCB (Volume Control Block)关联
如此看来,CC线程拿到了FCB,想要VCB,Cmd线程拿到了VCB,想要FCB...
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢老张的分析。如何解决呢?痛苦的思索中。说明:自己的驱动代码中没有处理FCB和VCB内容,倒是用了3个ERESOURCE。不足之处,请继续指教。可能是因为两个!pool命令的内容太多,导致回复失败。看看能不能再补上。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
回复的内容及返回的错误页面。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢张老师的来信。问题可能已经解决,按照理论上也解决了。开始的时候出现一两次死机,可能是别的原因,以后想出现都没有出现。经过这么多天的测试,没有出现问题,断定解决了。
IP 地址: 已记录&&
|- 论坛搜索
|- 热门主题
|- 未回复的主题
|- 找回密码
|- Windows内核调试
|- C/C++本地代码调试
|- .Net程序调试
|- 脚本程序调试
|- Java程序调试
|- Linux内核调试
|- 《程序员》杂志调试专栏
|- 远程调试
|- 调试ACPI和BIOS
|- 特殊的调试任务
|- 转储分析
|- Windows内核
|- Linux内核
|- CPU架构
|- PCI/PCI Express架构
|- 软件物语
|- 社区活动
|- 名人逸事
|- 欢迎使用CnForums
|- BUG也精彩
|- 豆腐工程
|- 软件圈里十大怪
Windows Vista
|- 用调试利剑剖析VISTA内幕
|- 老专家如何破解新问题
|- 我的电脑谁说了算?
Office开发
驱动程序开发
|- Windows驱动开发
|- Linux驱动开发
|- Windows CE驱动开发
用户态开发
|- Windows本地代码(native)高级开发
|- Web应用开发
|- WinFX和.Net
|- Office开发
|- 高端调试团队
|- 版面布局
|- 活动建议
|- 网站维护
|- 64-bit Windows
|- 64-bit CPU
|- 《软件调试》的示例程序
|- 《软件调试》的工具
|- 《软件调试》书友
|- 《软件调试》答疑
|- 《软件调试》勘误和意见
|- 《格蠹汇编》
|- PaaS和SaaS
|- 游戏开发与调试
(C) ADVDBG.ORG All Rights Reserved.UCBUG游戏网-最安全的绿色下载站点!
→ Word文档内容选中不了、鼠标没反应问题的解决方法一览404 Not Found
404 Not FoundRe: 分析求助:鼠标有反应,别的没有反应。 - 高端调试 :: 论坛
欢迎光临 高端调试
帖子排序:&
Oldest to newest
Newest to oldest
分析求助:鼠标有反应,别的没有反应。
文件压缩后有10mb左右,上传出现问题,放到了:敬请下载。
一下是简单的分析,请各位高手给出正确的分析方法和结果。
0: kd& !locks**** DUMP OF ALL RESOURCE OBJECTS ****KD: Scanning for held locks.......
Resource @ Ntfs!NtfsData (0xf7b6d5b0)&&& Shared 1 owning threads&&&& Threads: 8b1a68d0-01&*& KD: Scanning for held locks.........................................
Resource @ 0x879bdc2c&&& Shared 1 owning threads&&& Contention Count = 7856&&& NumberOfSharedWaiters = 18&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8acf2020-01&&& 8ace13f0-01&&& 89d4c440-01&*& 8aa60a98-01&&& &&&&&&&&&&&&& 8b1a63f0-01&&& 88e32020-01&&& 8ab04020-01&&& &&& &&&&&&&&&&&&& &&& 8a194b78-01&&& 89d50508-01&&& 8ac96b08-01&&& &&&&&&&&&&&&& &&& 87e5f300-01&&& 8aa796f8-01&&& &&& &&&&&&&&&&&&& -01&&& &&& 8ac76020-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 8b1a6b40&&&&&&
KD: Scanning for held locks.
Resource @ 0x8ac04378&&& Exclusively owned&&& Contention Count = 91&&& NumberOfSharedWaiters = 2&&&& Threads: 89d4c440-01&*& 8b1a6db0-01&&& 8b1a7738-01&&& KD: Scanning for held locks.
Resource @ 0x8abfcf58&&& Shared 1 owning threads&&& Contention Count = 7&&& NumberOfSharedWaiters = 1&&& NumberOfExclusiveWaiters = 1&&&& Threads: 8b1a63f0-01&*& 8b1a68d0-01&&& &&&& Threads Waiting On Exclusive Access:&&&&&&&&&&&&& 89d4c440&&&&&&
KD: Scanning for held locks.........................
Resource @ 0x894ac888&&& Exclusively owned&&&& Threads: 89d4c440-01&*&
Resource @ 0x894acda8&&& Exclusively owned&&& Contention Count = 2&&& NumberOfSharedWaiters = 1&&&& Threads: 89d4c440-01&*& 8b1a79a8-01&&& KD: Scanning for held locks.....
Resource @ 0x883d0bc0&&& Shared 1 owning threads&&& Contention Count = 24547&&&& Threads: 89d4c440-03&*& KD: Scanning for held locks....................
Resource @ 0x889e2ae0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x894af688&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ae07eb8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc6598&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8ac969c8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x8ace8e08&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8aa601e8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x88efc580&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879bbdf0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c1618&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8acc5758&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x8a18d3b0&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x879c5318&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*&
Resource @ 0x884c5ad8&&& Exclusively owned&&&& Threads: 8b1a63f0-01&*& KD: Scanning for held locks.......3329 total locks, 23 locks currently held
0: kd& !thread& 8b1a63f0THREAD 8b1a63f0& Cid & Teb:
Win32Thread:
WAIT: (Unknown) KernelMode Non-Alertable&&& 8b2e80b0& Semaphore Limit 0x7fffffff&&& 8b1a6468& NotificationTimerNot impersonatingDeviceMap&&&&&&&&&&&&&&&& e10018f0Owning Process&&&&&&&&&&& 8b1a89e8&&&&&& Image:&&&&&&&& SystemAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 5288&&&&&&&&&&&& UserTime&&&&&&&&&&&&&&&&& 00:00:00.000KernelTime&&&&&&&&&&&&&&& 00:00:01.343Start Address nt!ExpWorkerThread (0x)Stack Init f78d7000 Current f78d6430 Base f78d7000 Limit f78d4000 Call 0Priority 14 BasePriority 13 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& f78d5 8b1a63f0 8b1a1 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])f78da62 8b1a63f0 879bdc2c
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])f78d64bc 8087cbed 8b2e80b0 000000 nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])f78d64f8 8087d02f f78d8 f78d6608 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])f78d7d 879bdc2c 00006 nt!ExAcquireResourceSharedLite+0xf5 (FPO: [2,3,4])f78d652c f7b78 879bd7f8
Ntfs!NtfsAcquireSharedVcb+0x23 (FPO: [3,0,4])f78daff6 f78dd0 80a5bf00 Ntfs!NtfsCommonQueryInformation+0xd2 (FPO: [SEH])f78d65f4 f7b8b02f f78dd0
Ntfs!NtfsFsdDispatchSwitch+0x12a (FPO: [SEH])f78dc 879bd718
89d79270 Ntfs!NtfsFsdDispatchWait+0x1c (FPO: [2,66,0])f78ddf33 fdc45 nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d674c fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])f78dc 89dd4d0 b5e7bab8 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])f78d67a4 e7472e f78d67d8 b5e7472e nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d67b0 b5ed4d0 80a5c456
nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d67d8 b5e74aef 89d79270 88bbd038
xxx!FilemonQueryFile+0xce (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 845]f78d68d8 b5e00 88bbd038 87895f18 xxx!FilemonGetFullPath+0x23f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 939]f78d6ab0 b5ee60 8aaf8208 8aaf8208 xxx!FilemonHookRoutine+0x1da (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2279]f78d6ac4 809b550c aaf8208 88bbd038 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]f78d6af4 1e67f f78d6b14 8081e67f nt!IovCallDriver+0x112 (FPO: [1,5,0])f78d6b00 d6b3c 8ac24ac8 nt!IofCallDriver+0x13 (FPO: [0,0,0])f78d6b14 bbd00b f78d6b3c f78d6c04 nt!IoSynchronousPageWrite+0xaf (FPO: [5,0,4])f78d6c30 8083780b e3ebb430 e3ebb4b0 8ac24ac8 nt!MiFlushSectionInternal+0x6ba (FPO: [6,61,4])f78d6c74 8080f8de 8ac24a90 f78d6c00
nt!MmFlushSection+0x211 (FPO: [5,6,0])f78d6cfc 00
nt!CcFlushCache+0x3a6 (FPO: [4,24,4])f78d6d40
8b1a63f0 808ae5c0 8b19d190 nt!CcWriteBehind+0x11b (FPO: [0,8,4])f78d6d80 b19d190 b1a63f0 nt!CcWorkerThread+0x15a (FPO: [SEH])f78d6dac b19d190 00000 nt!ExpWorkerThread+0xeb (FPO: [1,5,0])f78d6ddc 00
nt!PspSystemThreadStartup+0x2e (FPO: [SEH])00 00000 nt!KiThreadStartup+0x16
0: kd& !thread& 89d4c440THREAD 89d4c440& Cid 0b9c.0ba0& Teb: 7ffdd000 Win32Thread: e118c610 WAIT: (Unknown) KernelMode Non-Alertable&&& 8acf4428& SynchronizationEvent&&& 89d4c4b8& NotificationTimerIRP List:&&& 89d5c878: (0006,01fc) Flags: & Mdl: Not impersonatingDeviceMap&&&&&&&&&&&&&&&& e32abaf8Owning Process&&&&&&&&&&& 89d4c020&&&&&& Image:&&&&&&&& cmd.exeAttached Process&&&&&&&&& N/A&&&&&&&&&&& Image:&&&&&&&& N/AWait Start TickCount&&&&& 18959&&&&&&&&& Ticks: 186 (0:00:00:02.906)Context Switch Count&&&&& 178844&&&&&&&&&&&&&&&& LargeStackUserTime&&&&&&&&&&&&&&&&& 00:00:00.250KernelTime&&&&&&&&&&&&&&& 00:00:03.640Win32 Start Address 0x4ad07670Start Address 0x7c8217f8Stack Init b663d000 Current b663c49c Base b663d000 Limit b6639000 Call 0Priority 14 BasePriority 8 PriorityDecrement 1ChildEBP RetAddr& Args to Child&&&&&&&&&&&&& b663c4b4 d4c440 89d4c4e8
nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])b663c4e0 d4c440 8abfcf58
nt!KiSwapThread+0x2e5 (FPO: [0,7,0])b663c528 8087cbed 8acfb
nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])b663c564 08 b663c870 nt!ExpWaitForResource+0xd5 (FPO: [0,5,4])b663c584 f7b515b4 8abfcf58 b663c801 b663c5b8 nt!ExAcquireResourceExclusiveLite+0x8d (FPO: [2,3,0])b663c594 f7b8e3b1 b663c870 e3c801 Ntfs!NtfsAcquireResourceExclusive+0x20 (FPO: [3,0,0])b663c5b8 f7b90d9d b663c801 e880d0 Ntfs!NtfsAcquireExclusiveFcb+0x42 (FPO: [4,1,4])b663c5d4 f7b7bfce b663c870 ec29a8 Ntfs!NtfsAcquireExclusiveScb+0x17 (FPO: [2,0,4])b663c658 f7b9e8fa b663c870 3c978 Ntfs!NtfsWriteUsnJournalChanges+0x71 (FPO: [SEH])b663c854 f7b928d9 b663c870 89d5c878 80a5bf00 Ntfs!NtfsCommonCleanup+0x21ff (FPO: [SEH])b663c9c4 809b550c 879bd718 89d5c878 89d79270 Ntfs!NtfsFsdCleanup+0xcf (FPO: [SEH])b663c9f4 72c45 b663ca28 f7272c45 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca00 fdbf00 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ca28 809b550c 89dc878 89d5ca50 fltMgr!FltpDispatch+0x6f (FPO: [2,6,0])b663ca58 e792e0 b663cc2c b5e792e0 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663ca64 b5e792e0 80a5bf00 87895e60 ffffffff nt!IofCallDriver+0x13 (FPO: [0,0,0])b663cc2c b5ee60 89d5c878 89d5c878 xxx!FilemonHookRoutine+0x1390 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2663]b663cc40 809b550c d5c878 88b07318 xxx!FilemonDispatch+0x2f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\xxx\client\filemon\filemon\filemon.c @ 2736]b663cc70 fccac 808f9732 nt!IovCallDriver+0x112 (FPO: [1,5,0])b663cc7c 808f00 8b18f730 88b07318 nt!IofCallDriver+0x13 (FPO: [0,0,0])b663ccac 80934bac 89d4c020 20196 nt!IopCloseFile+0x2ae (FPO: [5,7,0])b663ccdc 809344ad 89d4c020 b18f730 nt!ObpDecrementHandleCount+0xcc (FPO: [4,2,4])b663cd04 a9a58 88b18 nt!ObpCloseHandleTableEntry+0x131 (FPO: [5,1,0])b663cd48 01 b663cd64 nt!ObpCloseHandle+0x82 (FPO: [2,7,4])b663cd58 2fafc 7c9585ec nt!NtClose+0x1b (FPO: [1,0,0])b663cd58 7c9585ec 2fafc 7c9585ec nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b663cd64)WARNING: Stack unwind information not available. Following frames may be wrong.0012fafc 00
ntdll+0x285ec
能说下是那个资源引起的死锁吗?我查了下:Threads: 8b1a63f0 拥有17个,其中15个是Exclusively Threads: 89d4c440 拥有6个,其中两个是Shared 类型的。而我们模块的地址是:b5e700&& xxx&& (private pdb symbols)& d:\xxx\client\filemon\filemon\objchk_wnet_x86\i386\xxx.pdb那些Resource的地址都不在我们的驱动模块里面?
0: kd& !irp 89d5c878 Irp is active with 11 stacks 9 is current (= 0x89d5ca08)&No Mdl: No System Buffer: Thread 89d4c440:& Irp stack trace.& &&&& cmd& flg cl Device&& File&&&& Completion-Context&[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0& 0 00-&&&
Args: 00 &[& 0, 0]&& 0 10 00-&&&
Args: 00 &[ 12, 0]&& 0 e0 879bd718 88bef4-89d5ca2c Success Error Cancel &&&&& \FileSystem\Ntfs nt!IovpInternalCompletionTrapArgs: 00 &[ 12, 0]&& 0& 0 89d18 b5e77a40-&&& &&&&& \FileSystem\FltMgr xxxArgs: 00 &[ 12, 0]&& 0& 0 b00-&&& &&&&& \Driver\xxxArgs: 00 0: kd& !devobj 879bd718 Device object (879bd718) is for:& \FileSystem\Ntfs DriverObject 8b1c03e0Current Irp
RefCount 0 Type
Flags DevExt 879bd7d0 DevObjExt 879bdfd0 ExtensionFlags (0xc0000000)& DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDOAttachedDevice (Upper) 89d79270 \FileSystem\FltMgrDevice queue is not busy.0: kd& !irp 88b07318 IRP signature does not match, probably not an IRP0: kd& dt nt!_file_object 88b07318 && +0x000 Type&&&&&&&&&&&& : 5&& +0x002 Size&&&&&&&&&&&& : 112&& +0x004 DeviceObject&&&& : 0x8b1c7630 _DEVICE_OBJECT&& +0x008 Vpb&&&&&&&&&&&&& : 0x8b1c75a8 _VPB&& +0x00c FsContext&&&&&&& : 0xe31c2a70 && +0x010 FsContext2&&&&&& : 0xe31c2bb8 && +0x014 SectionObjectPointer : 0x8aa60fec _SECTION_OBJECT_POINTERS&& +0x018 PrivateCacheMap& : (null) && +0x01c FinalStatus&&&&& : 0&& +0x020 RelatedFileObject : 0x _FILE_OBJECT&& +0x024 LockOperation&&& : 0 ''&& +0x025 DeletePending&&& : 0 ''&& +0x026 ReadAccess&&&&&& : 0 ''&& +0x027 WriteAccess&&&&& : 0x1 ''&& +0x028 DeleteAccess&&&& : 0 ''&& +0x029 SharedRead&&&&&& : 0x1 ''&& +0x02a SharedWrite&&&&& : 0 ''&& +0x02b SharedDelete&&&& : 0 ''&& +0x02c Flags&&&&&&&&&&& : 0x44042&& +0x030 FileName&&&&&&&& : _UNICODE_STRING "\www\addtest.txt"&& +0x038 CurrentByteOffset : _LARGE_INTEGER 0x7&& +0x040 Waiters&&&&&&&&& : 0&& +0x044 Busy&&&&&&&&&&&& : 1&& +0x048 LastLock&&&&&&&& : (null) && +0x04c Lock&&&&&&&&&&&& : _KEVENT&& +0x05c Event&&&&&&&&&&& : _KEVENT&& +0x06c CompletionContext : (null) 0: kd& !fileobj 88b07318
\www\addtest.txt
Related File Object: 0x
Device Object: 0x8b1c7630&& \Driver\FtdiskVpb: 0x8b1c75a8Access: Write SharedRead
Flags:& 0x44042Synchronous IOCache SupportedCleanup CompleteHandle Created
File Object is currently busy and has 0 waiters.
FsContext: 0xe31c2a70 FsContext2: 0xe31c2bb8CurrentByteOffset: 7Cache Data:& Section Object Pointers: 8aa60fec& Shared Cache Map: 88e32810&&&&&&&& File Offset: 7 in VACB number 0& Vacb: 8b192df0& Your data is at: c3c00007
诚心求解答,第一次分析这。
希望张老师等大牛出现回答。
IP 地址: 已记录&&
发 贴: 1,299
Re: 分析求助:鼠标有反应,别的没有反应。
典型的死锁:
- CC线程8b1a63f0想获取Cmd线程89d4c440拥有的0x879bdc2c
- Cmd线程89d4c440想获取CC线程8b1a63f0拥有的0x8abfcf58
通过搜索内核池可以看到0x8abfcf58是NTFS创建的,根据栈回溯,与FCB(File Control Block)关联
!pool 0x8abfcf58
*8abfcf50 size: 40 previous size: 8 (Allocated) *Ntfr
Pooltag Ntfr : ERESOURCE, Binary : ntfs.sys
NtfR - ntfs.sys - READ_AHEAD_THREAD
类似的0x879bdc2c与设备对象和VCB (Volume Control Block)关联
如此看来,CC线程拿到了FCB,想要VCB,Cmd线程拿到了VCB,想要FCB...
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢老张的分析。如何解决呢?痛苦的思索中。说明:自己的驱动代码中没有处理FCB和VCB内容,倒是用了3个ERESOURCE。不足之处,请继续指教。可能是因为两个!pool命令的内容太多,导致回复失败。看看能不能再补上。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
回复的内容及返回的错误页面。
IP 地址: 已记录&&
Re: 分析求助:鼠标有反应,别的没有反应。
感谢张老师的来信。问题可能已经解决,按照理论上也解决了。开始的时候出现一两次死机,可能是别的原因,以后想出现都没有出现。经过这么多天的测试,没有出现问题,断定解决了。
IP 地址: 已记录&&
|- 论坛搜索
|- 热门主题
|- 未回复的主题
|- 找回密码
|- Windows内核调试
|- C/C++本地代码调试
|- .Net程序调试
|- 脚本程序调试
|- Java程序调试
|- Linux内核调试
|- 《程序员》杂志调试专栏
|- 远程调试
|- 调试ACPI和BIOS
|- 特殊的调试任务
|- 转储分析
|- Windows内核
|- Linux内核
|- CPU架构
|- PCI/PCI Express架构
|- 软件物语
|- 社区活动
|- 名人逸事
|- 欢迎使用CnForums
|- BUG也精彩
|- 豆腐工程
|- 软件圈里十大怪
Windows Vista
|- 用调试利剑剖析VISTA内幕
|- 老专家如何破解新问题
|- 我的电脑谁说了算?
Office开发
驱动程序开发
|- Windows驱动开发
|- Linux驱动开发
|- Windows CE驱动开发
用户态开发
|- Windows本地代码(native)高级开发
|- Web应用开发
|- WinFX和.Net
|- Office开发
|- 高端调试团队
|- 版面布局
|- 活动建议
|- 网站维护
|- 64-bit Windows
|- 64-bit CPU
|- 《软件调试》的示例程序
|- 《软件调试》的工具
|- 《软件调试》书友
|- 《软件调试》答疑
|- 《软件调试》勘误和意见
|- 《格蠹汇编》
|- PaaS和SaaS
|- 游戏开发与调试
(C) ADVDBG.ORG All Rights Reserved.}
我要回帖
更多关于 蓝牙鼠标已连接无反应 的文章
更多推荐
- ·马峰老师的理论法学体系怎么样?
- ·“TW”作为“台湾在国际上叫什么英文”的英文缩写,其背后有何法律依据?
- ·高考要求口语的专业口语考什么?
- ·福建南平八中是怎样的学校第四届学生会主席选举
- ·框架每平米建筑面积填充1立方砌块砌墙多少平方多少方?
- ·168包覆纱伟峰机工艺皮带盘数字是多少包纱机掉边求解决
- ·有没有大佬一体机能玩吃鸡吗吃鸡的?
- ·朵唯doovl3怎么拆L8plus手机壳L520手机套doov A10硅胶软A12全包防摔女款个性有指纹解锁吗
- ·华硕猛禽960+16g内存+速龙840玩绝地求生武器排名全部最低才45帧 驱动没问题
- ·华硕猛禽960+16g内存+速龙8速龙x2240玩绝地求生生全部最低才45帧是什么情况
- ·请问一下这一加6手机参数配置配置如何
- ·空调没开机内机异响挂机清洗完 再开机有吱吱异响是怎么回事 怎么解决
- ·华硕猛禽960+16g内存+速龙840玩绝地求生国服全部最低才45帧
- ·苹果7右边的苹果扬声器孔怎么清理有六个孔,为什么只有三个响,是不是坏了?求大神讲解一下
- ·上汽大通d90质量怎么样V80全新定制怎么样?
- ·上汽大通房车V80商用车安全配置怎么样?
- ·7500H的,发电机能带动冰箱吗可以带什么东西啊,可以带冰箱和空调吗
- ·请问这个是安卓手机的索泰超频软件怎么用吗?用这个对手机有害吗?
- ·上汽大通上海4s店V80傲运通智能系统怎么样?
- ·beego revellb15a低音炮和b15区别在哪里
- ·Re:分析求助:鼠标有反应,别的电脑插鼠标没有反应应
- ·上汽大通皮卡V80商用轻客安全性怎么样?
- ·我的苹果x铃声设置今天下载的铃声在手机里有显示,可是在电脑上想删除显示不了这两首歌怎么回事!
- ·石河子拉卡拉售后服务的售后服务怎么样?机具万一坏了怎么办?
- ·上汽大通d90官网定制V80定制怎么样?
- ·美版和国行的区别S7E国行6.0怎么打开不了WLAN?
- ·说多多在镜头盖防丢绳怎么装前装的是傻逼么
- ·有满足荣耀新生的老婆跟跟哥们有一腿吗
- ·履带吊型号quy160,MC一160,
- ·为什么我的苹果手机网页链接怎么取消百度,网页里的链接我点不了,平时那条链接会特别显示另外的颜色吗?就是蓝色那样,求解
- ·佳能打印机卡纸了怎么把纸拿出来6800能打88公分的纸吗
- ·笔记本右下角图标不见了无线网络图标问题,右键点击可以出现疑难解答和打开网络和共享中心图标,左键点击却没反应了
- ·上汽大通T60皮卡皮卡T60性能怎么样?
- ·阅课注册过查询商标有没有注册吗?还有哪些分类可以注册?
- ·学习早餐饼技术哪里好
