Problematyczny driver a Verifier.exe

Autor: OMSON <omson_at_auto-graf.pl>
Data: Fri 14 Aug 2009 - 12:06:14 MET DST
Message-ID: <h63d89$cri$2@news.onet.pl>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed

Jakiś czas temu pisałem o problemach z BSOD-ami na rożnych maszynach
(PC/notebook) związanych ze sterownikiem interfejsu audio na USB firmy
ESI model UGM96.
Wg analizy minidump'ów przez WinDbg odpowiada za to sterownik kontrolera
UGMDRV.sys przedstawiony na zrzucie ekranu:

http://img39.imageshack.us/img39/5176/esidrivers.jpg

Czy z pomocą narzędzia Verifier.exe wchodzącego w skład Windows,
jest możliwość "zmuszenia" delikwenta do normalnego zachowania (tj nie
powodowania konfliktów systemowych)?

Pzdr, OMSON

P.S. Przykładowa analiza zrzutu minidump:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\Minidump\Mini072109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Tue Jul 21 02:28:57.890 2009 (GMT+2)
System Uptime: 0 days 0:13:37.655
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...........................................................
Loading User Symbols
Loading unloaded module list
.............
Unable to load image UGMDRV.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for UGMDRV.sys
*** ERROR: Module load completed but symbols could not be loaded for
UGMDRV.sys
*******************************************************************************
*
       *
* Bugcheck Analysis
       *
*
       *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, b04a258a, aedee1c8, 0}

Probably caused by : UGMDRV.sys ( UGMDRV+d58a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*
       *
* Bugcheck Analysis
       *
*
       *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b04a258a, The address that the exception occurred at
Arg3: aedee1c8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod "0x%08lx"
odwołuje się do pamięci pod adresem "0x%08lx". Pamięć nie może być "%s".

FAULTING_IP:
UGMDRV+d58a
b04a258a 8b5004 mov edx,dword ptr [eax+4]

TRAP_FRAME: aedee1c8 -- (.trap 0xffffffffaedee1c8)
ErrCode = 00000000
eax=00000000 ebx=88e1dcdc ecx=8949a000 edx=00000001 esi=89278350
edi=8949a000
eip=b04a258a esp=aedee23c ebp=00000000 iopl=0 nv up ei ng nz ac
po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010293
UGMDRV+0xd58a:
b04a258a 8b5004 mov edx,dword ptr [eax+4]
ds:0023:00000004=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: SONARPDR.exe

LAST_CONTROL_TRANSFER: from 00000000 to b04a258a

STACK_TEXT:
00000000 00000000 00000000 00000000 00000000 UGMDRV+0xd58a

STACK_COMMAND: kb

FOLLOWUP_IP:
UGMDRV+d58a
b04a258a 8b5004 mov edx,dword ptr [eax+4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: UGMDRV+d58a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: UGMDRV

IMAGE_NAME: UGMDRV.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49eedfaf

FAILURE_BUCKET_ID: 0x8E_UGMDRV+d58a

BUCKET_ID: 0x8E_UGMDRV+d58a

Followup: MachineOwner
---------
Received on Fri Aug 14 12:15:16 2009

To archiwum zostało wygenerowane przez hypermail 2.1.8 : Fri 14 Aug 2009 - 12:42:01 MET DST