From the !irpfind, we can find the driver activities when the BSOD. There are 3 things we need to take care in the !irpfind result.
1. The major function is 16 (ex: [16, x]). This is the power managment activity for the device driver. The minor function 2 ([16, 2]) that mean one device change power state when the BSOD. The minor function 3 ([16, 3]) mean one device query the power state change.
2. The major function is 1b (ex: [1b, x]). It mean PnP activity. We can check the device driver PnP activity during the BSOD.
3. Scan all IRP activities. We can check what IRP are more than the others.
There is one example here. From the !irpfind result below. We can know the cdrom is doing the power state change and not completed yet when the BSOD. And the atapi driver also do the PnP action during the BSOD.
84f0dc20 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
84f10d18 [84d0c4c0] irpStack: (1b, 7) 85a0c028 [ \Driver\atapi]84f21db8 [86e7b9a0] irpStack: ( 3, 0) 86e4bb10 [ \Driver\HidUsb] 0x87066720
84f27008 [00000000] Irp is complete (CurrentLocation 16 > StackCount 15)
84f28008 [8709bd48] irpStack: ( 3, 0) 86d607d8 [ \Driver\HidUsb] 0x8706bd40
84f293e8 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
855b88a0 [00000000] irpStack: ( e, 0) 855c7de0 [ \Driver\ACPI]
855c2558 [00000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x00000000
855c7170 [00000000] Irp is complete (CurrentLocation 2 > StackCount 1)
855cd008 [00000000] irpStack: ( e, 0) 8561eb68 [ \Driver\ACPI]
855cd8c0 [00000000] irpStack: ( e, 0) 855b8710 [ \Driver\ACPI]
855f6410 [8704ad48] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85af62d0 [85b31a70] Irp is complete (CurrentLocation 8 > StackCount 7) 0x00000000
85afaa80 [84e90d48] Irp is complete (CurrentLocation 8 > StackCount 7) 0x00000000
85b26008 [00000000] Irp is complete (CurrentLocation 8 > StackCount 7) 0x00000000
85b77eb0 [00000000] Irp is complete (CurrentLocation 2 > StackCount 1)
85b88008 [85b7fd08] irpStack: ( d, 0) 85d6a770 [ \FileSystem\Npfs]
85b88a88 [85ae9030] irpStack: ( 3, 0) 85d6a770 [ \FileSystem\Npfs]
85caca90 [8725e030] irpStack: ( 3, 0) 86d60d18 [ \Driver\HidUsb] 0x872159f8
85cb0bc0 [00000000] Irp is complete (CurrentLocation 5 > StackCount 4)
85cb0da0 [00000000] irpStack: ( e, 0) 85f18e10 [ \Driver\enecir] 0x00000000
85cb15d8 [00000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x88437a20
85cda008 [00000000] irpStack: (16, 0) 84d06248 [ \Driver\ACPI]
85cda650 [00000000] irpStack: ( f, 0) 86d67030 [ \Driver\usbhub]
85d25570 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d2c700 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85d50f28 [873c4030] irpStack: ( d, 0) 85d6a770 [ \FileSystem\Npfs]
85d71368 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d74888 [00000000] irpStack: (16, 0) 855dd680 [ \Driver\ACPI]
85d74a78 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85d769d0 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d86178 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d86a30 [873f54d0] irpStack: ( c, 2) 85b28020 [ \FileSystem\Ntfs]
85d890e8 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85d95868 [00000000] irpStack: (16, 0) 86d65030 [ \Driver\usbhub]
85d98670 [00000000] irpStack: (16, 0) 869e4028 [ \Driver\usbohci]
85daa008 [00000000] irpStack: ( e, 0) 85604b00 [ \Driver\Compbatt]
85dae0c0 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85db40e8 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85db4818 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85db8180 [00000000] irpStack: (16, 2) 8561a3a0 [ \Driver\atapi]85dcbba0 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85dde0d0 [87260a60] irpStack: ( 3, 0) 86d607d8 [ \Driver\HidUsb] 0x872159f8
84f10d18 [84d0c4c0] irpStack: (1b, 7) 85a0c028 [ \Driver\atapi]84f21db8 [86e7b9a0] irpStack: ( 3, 0) 86e4bb10 [ \Driver\HidUsb] 0x87066720
84f27008 [00000000] Irp is complete (CurrentLocation 16 > StackCount 15)
84f28008 [8709bd48] irpStack: ( 3, 0) 86d607d8 [ \Driver\HidUsb] 0x8706bd40
84f293e8 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
855b88a0 [00000000] irpStack: ( e, 0) 855c7de0 [ \Driver\ACPI]
855c2558 [00000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x00000000
855c7170 [00000000] Irp is complete (CurrentLocation 2 > StackCount 1)
855cd008 [00000000] irpStack: ( e, 0) 8561eb68 [ \Driver\ACPI]
855cd8c0 [00000000] irpStack: ( e, 0) 855b8710 [ \Driver\ACPI]
855f6410 [8704ad48] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85af62d0 [85b31a70] Irp is complete (CurrentLocation 8 > StackCount 7) 0x00000000
85afaa80 [84e90d48] Irp is complete (CurrentLocation 8 > StackCount 7) 0x00000000
85b26008 [00000000] Irp is complete (CurrentLocation 8 > StackCount 7) 0x00000000
85b77eb0 [00000000] Irp is complete (CurrentLocation 2 > StackCount 1)
85b88008 [85b7fd08] irpStack: ( d, 0) 85d6a770 [ \FileSystem\Npfs]
85b88a88 [85ae9030] irpStack: ( 3, 0) 85d6a770 [ \FileSystem\Npfs]
85caca90 [8725e030] irpStack: ( 3, 0) 86d60d18 [ \Driver\HidUsb] 0x872159f8
85cb0bc0 [00000000] Irp is complete (CurrentLocation 5 > StackCount 4)
85cb0da0 [00000000] irpStack: ( e, 0) 85f18e10 [ \Driver\enecir] 0x00000000
85cb15d8 [00000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x88437a20
85cda008 [00000000] irpStack: (16, 0) 84d06248 [ \Driver\ACPI]
85cda650 [00000000] irpStack: ( f, 0) 86d67030 [ \Driver\usbhub]
85d25570 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d2c700 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85d50f28 [873c4030] irpStack: ( d, 0) 85d6a770 [ \FileSystem\Npfs]
85d71368 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d74888 [00000000] irpStack: (16, 0) 855dd680 [ \Driver\ACPI]
85d74a78 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85d769d0 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d86178 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85d86a30 [873f54d0] irpStack: ( c, 2) 85b28020 [ \FileSystem\Ntfs]
85d890e8 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85d95868 [00000000] irpStack: (16, 0) 86d65030 [ \Driver\usbhub]
85d98670 [00000000] irpStack: (16, 0) 869e4028 [ \Driver\usbohci]
85daa008 [00000000] irpStack: ( e, 0) 85604b00 [ \Driver\Compbatt]
85dae0c0 [00000000] Irp is complete (CurrentLocation 12 > StackCount 11)
85db40e8 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85db4818 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85db8180 [00000000] irpStack: (16, 2) 8561a3a0 [ \Driver\atapi]85dcbba0 [8701b030] irpStack: ( e, 0) 86ff3da0 [ \Driver\WinUsb] 0x870214d0
85dde0d0 [87260a60] irpStack: ( 3, 0) 86d607d8 [ \Driver\HidUsb] 0x872159f8
0: kd> !irp 84f10d18
Irp is active with 2 stacks 2 is current (= 0x84f10dac)
No Mdl: No System Buffer: Thread 84d0c4c0: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Irp is active with 2 stacks 2 is current (= 0x84f10dac)
No Mdl: No System Buffer: Thread 84d0c4c0: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 1b, 7] 0 e1 85a0c028 00000000 82a17aed-86f81b20 Success Error Cancel pending
\Driver\atapi nt!PnpDeviceCompletionRoutine Args: 00000000 00000000 00000000 00000000
>[ 1b, 7] 0 e1 85a0c028 00000000 82a17aed-86f81b20 Success Error Cancel pending
\Driver\atapi nt!PnpDeviceCompletionRoutine Args: 00000000 00000000 00000000 00000000
0: kd> !irp 85db8180
Irp is active with 4 stacks 2 is current (= 0x85db8214)
No Mdl: No System Buffer: Thread 00000000: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Irp is active with 4 stacks 2 is current (= 0x85db8214)
No Mdl: No System Buffer: Thread 00000000: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 16, 2] 0 e1 8561a3a0 00000000 82a7f197-85e28698 Success Error Cancel pending
\Driver\atapi nt!IopUnloadSafeCompletion
Args: 00000000 00000001 00000001 00000000
[ 16, 2] 0 e1 85e76c10 00000000 82a7f197-8712ae28 Success Error Cancel pending
\Driver\cdrom nt!IopUnloadSafeCompletion
Args: 00000000 00000001 00000001 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-872c5798
>[ 16, 2] 0 e1 8561a3a0 00000000 82a7f197-85e28698 Success Error Cancel pending
\Driver\atapi nt!IopUnloadSafeCompletion
Args: 00000000 00000001 00000001 00000000
[ 16, 2] 0 e1 85e76c10 00000000 82a7f197-8712ae28 Success Error Cancel pending
\Driver\cdrom nt!IopUnloadSafeCompletion
Args: 00000000 00000001 00000001 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-872c5798
Args: 00000000 00000000 00000000 00000000
沒有留言:
張貼留言