360AntiHijack64.sys导致系统蓝屏
本帖最后由 360fans_u3160367 于 2025-3-28 21:30 编辑使用winDbg分析蓝屏文件得到如下内容:
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.000 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 43
Microsoft (R) Windows Debugger Version 10.0.27793.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 26100 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 26100.1.amd64fre.ge_release.240331-1435
Kernel base = 0xfffff806`7a400000 PsLoadedModuleList = 0xfffff806`7b2f47a0
Debug session time: Thu Mar 27 19:56:54.465 2025 (UTC + 8:00)
System Uptime: 0 days 0:26:16.064
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
......................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`7a8b7ce0 48894c2408 mov qword ptr ,rcx ss:0018:ffffa60f`f9017a30=000000000000000a
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffb40f9820a778, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80621f8e491, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key: Analysis.CPU.mSec
Value: 1546
Key: Analysis.Elapsed.mSec
Value: 18036
Key: Analysis.IO.Other.Mb
Value: 16
Key: Analysis.IO.Read.Mb
Value: 1
Key: Analysis.IO.Write.Mb
Value: 27
Key: Analysis.Init.CPU.mSec
Value: 562
Key: Analysis.Init.Elapsed.mSec
Value: 732874
Key: Analysis.Memory.CommitPeak.Mb
Value: 94
Key: Analysis.Version.DbgEng
Value: 10.0.27793.1000
Key: Analysis.Version.Deion
Value: 10.2410.02.02 amd64fre
Key: Analysis.Version.Ext
Value: 1.2410.2.2
Key: Bugcheck.Code.LegacyAPI
Value: 0xd1
Key: Bugcheck.Code.TargetModel
Value: 0xd1
Key: Failure.Bucket
Value: AV_360AntiHijack64!unknown_function
Key: Failure.Exception.IP.Address
Value: 0xfffff80621f8e491
Key: Failure.Exception.IP.Module
Value: 360AntiHijack64
Key: Failure.Exception.IP.Offset
Value: 0xe491
Key: Failure.Hash
Value: {92c381e8-2fc8-100a-274a-6e5b24ced303}
Key: WER.OS.Branch
Value: ge_release
Key: WER.OS.Version
Value: 10.0.26100.1
BUGCHECK_CODE:d1
BUGCHECK_P1: ffffb40f9820a778
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80621f8e491
FILE_IN_CAB:032725-17078-01.dmp
FAULTING_THREAD:ffffbc0fb8010540
READ_ADDRESS: fffff8067b3c34b0: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffb40f9820a778
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT:1
PROCESS_NAME:System
TRAP_FRAME:ffffa60ff9017b70 -- (.trap 0xffffa60ff9017b70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000022d4 rbx=0000000000000000 rcx=fffff80621f96190
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80621f8e491 rsp=ffffa60ff9017d00 rbp=ffffbc0f9834bd00
r8=0000000000000000r9=0000000000000000 r10=0000000000000000
r11=ffffb40f9820a788 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
360AntiHijack64+0xe491:
fffff806`21f8e491 493943f0 cmp qword ptr ,rax ds:ffffb40f`9820a778=????????????????
Resetting default scope
STACK_TEXT:
ffffa60f`f9017a28 fffff806`7aa8cee9 : 00000000`0000000a ffffb40f`9820a778 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffa60f`f9017a30 fffff806`7aa881a8 : 00000000`00000000 fffff806`21f87cb6 00000000`00000000 ffffa55e`07cc1e78 : nt!KiBugCheckDispatch+0x69
ffffa60f`f9017b70 fffff806`21f8e491 : ffffbc0f`bd6ee100 ffffa60f`f90187d8 ffffa60f`f90187d8 00000000`00000000 : nt!KiPageFault+0x468
ffffa60f`f9017d00 ffffbc0f`bd6ee100 : ffffa60f`f90187d8 ffffa60f`f90187d8 00000000`00000000 00000001`00000001 : 360AntiHijack64+0xe491
ffffa60f`f9017d08 ffffa60f`f90187d8 : ffffa60f`f90187d8 00000000`00000000 00000001`00000001 00000000`00000000 : 0xffffbc0f`bd6ee100
ffffa60f`f9017d10 ffffa60f`f90187d8 : 00000000`00000000 00000001`00000001 00000000`00000000 00000000`00000000 : 0xffffa60f`f90187d8
ffffa60f`f9017d18 00000000`00000000 : 00000001`00000001 00000000`00000000 00000000`00000000 ffffa60f`f9019120 : 0xffffa60f`f90187d8
SYMBOL_NAME:360AntiHijack64+e491
MODULE_NAME: 360AntiHijack64
IMAGE_NAME:360AntiHijack64.sys
STACK_COMMAND:.process /r /p 0xffffbc0f936d5040; .thread 0xffffbc0fb8010540 ; kb
BUCKET_ID_FUNC_OFFSET:e491
FAILURE_BUCKET_ID:AV_360AntiHijack64!unknown_function
OS_VERSION:10.0.26100.1
BUILDLAB_STR:ge_release
OSPLATFORM_TYPE:x64
OSNAME:Windows 10
FAILURE_ID_HASH:{92c381e8-2fc8-100a-274a-6e5b24ced303}
Followup: MachineOwner
---------
操作系统:Windows 11 家庭中文版 24H2
您好,您加下我的微信,将完整的dump文件发给我
页:
[1]