******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************IRQL_NOT_LESS_OR_EQUAL (a)An attempt was made to access a pageable (or completely invalid) address at aninterrupt request level (IRQL) that is too high. This is usuallycaused by drivers using improper addresses.If a kernel debugger is available get the stack backtrace.Arguments:Arg1: ***********, memory referencedArg2: 0000001c, IRQLArg3: ***********, value 0 = read operation, 1 = write operationArg4: 8042bbc9, address which referenced memoryDebugging Details:------------------READ_ADDRESS: ***********CURRENT_IRQL: 1cFAULTING_IP:nt!KeSetPriorityProcess+518042bbc9 *********** cmp word ptr [esi+16h],axDEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZEROBUGCHECK_STR: 0xAPROCESS_NAME: SpntSvc.exeLAST_CONTROL_TRANSFER: from 8042bbc9 to 8046ce9cSTACK_TEXT:bda959e0 8042bbc9 e271d890 *********** e267355c nt!KiTrap07+0x110bda95a60 bec11a82 87fa2900 *********** *********** nt!KeSetPriorityProcess+0x51WARNING: Stack unwind information not available. Following frames may be wrong.bda95a7c bec0d842 8a283430 e267533c bda95a9c TMFilter+0x19a82bda95a8c bec0d6d8 e267533c 8a26769c bda95af0 TMFilter+0x15842bda95a9c bebfc6e5 e267533c 8a26769c e271d890 TMFilter+0x156d8bda95af0 bec0beca e271d890 8a26769c e271d81c TMFilter+0x46e5bda95b0c bec0cc83 e271d81c 8a26769c *********** TMFilter+0x13ecabda95b64 bec060e5 e271d81c 8a2677ac *********** TMFilter+0x14c83bda95b8c bec0a562 bda95be4 859d7888 859d7888 TMFilter+0xe0e5bda95bd0 bec1a581 bda95be4 8a28f3d0 859d7888 TMFilter+0x12562bda95c00 8041e0bf 8a28f3d0 859d7888 859d7888 TMFilter+0x22581bda95c14 804b4a52 859d78f8 *********** 859d7888 nt!DisplayBootBitmap+0x33bda95c28 804b58a6 8a28f3d0 859d7888 8815b028 nt!IopGetRegistryValues+0xebda95d34 8046a079 0000012c 000003ac *********** nt!IopMountVolume+0x232bda95ddc 8046e656 bf0886ce 8a493328 *********** nt!ExfInterlockedInsertHeadList+0x1bda95ddc *********** bf0886ce 8a493328 *********** nt!KiTrap13+0x11aSTACK_COMMAND: kbFOLLOWUP_IP:TMFilter+19a82bec11a82 eb05 jmp TMFilter+0x19a89 (bec11a89)SYMBOL_STACK_INDEX: 2SYMBOL_NAME: TMFilter+19a82FOLLOWUP_NAME: MachineOwnerMODULE_NAME: TMFilterIMAGE_NAME: TMFilter.sysDEBUG_FLR_IMAGE_TIMESTAMP: 4371ec50FAILURE_BUCKET_ID: 0xA_VRFK_TMFilter+19a82BUCKET_ID: 0xA_VRFK_TMFilter+19a82Followup: MachineOwner---------
參考答案:bda959e0 8042bbc9 e271d890 *********** e267355c nt!KiTrap07+0x110
bda95a60 bec11a82 87fa2900 *********** *********** nt!KeSetPriorityProcess+0x51
WARNING: Stack unwind information not available. Following frames may be wrong.
bda95a7c bec0d842 8a283430 e267533c bda95a9c TMFilter+0x19a82
bda95a8c bec0d6d8 e267533c 8a26769c bda95af0 TMFilter+0x15842
bda95a9c bebfc6e5 e267533c 8a26769c e271d890 TMFilter+0x156d8
bda95af0 bec0beca e271d890 8a26769c e271d81c TMFilter+0x46e5
bda95b0c bec0cc83 e271d81c 8a26769c *********** TMFilter+0x13eca
bda95b64 bec060e5 e271d81c 8a2677ac *********** TMFilter+0x14c83
bda95b8c bec0a562 bda95be4 859d7888 859d7888 TMFilter+0xe0e5
bda95bd0 bec1a581 bda95be4 8a28f3d0 859d7888 TMFilter+0x12562
bda95c00 8041e0bf 8a28f3d0 859d7888 859d7888 TMFilter+0x22581
bda95c14 804b4a52 859d78f8 *********** 859d7888 nt!DisplayBootBitmap+0x33
bda95c28 804b58a6 8a28f3d0 859d7888 8815b028 nt!IopGetRegistryValues+0xe
bda95d34 8046a079 0000012c 000003ac *********** nt!IopMountVolume+0x232
bda95ddc 8046e656 bf0886ce 8a493328 *********** nt!ExfInterlockedInsertHeadList+0x1
bda95ddc *********** bf0886ce 8a493328 *********** nt!KiTrap13+0x11a
是虚拟内在调用时发出的信息
STACK_COMMAND: kb
FOLLOWUP_IP:
TMFilter+19a82
bec11a82 eb05 jmp TMFilter+0x19a89 (bec11a89)
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: TMFilter+19a82
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: TMFilter
IMAGE_NAME: TMFilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4371ec50
FAILURE_BUCKET_ID: 0xA_VRFK_TMFilter+19a82
BUCKET_ID: 0xA_VRFK_TMFilter+19a82
Followup: MachineOwner
注册表键值的启动项,具体是什么,我也不太清楚!
