Blue screen again : usbhub! Usbhhubprocesschangeworker+ec

Question

0.00/5 (No votes)

See more:

I have debugged the minidump file . I have some problems . Windbg provides me infomation below:

C++

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xFE

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff88005a12a60 to fffff80004293bc0

STACK_TEXT:  
fffff880`047fcad8 fffff880`05a12a60 : 00000000`000000fe 00000000`00000008 00000000`00000006 00000000`0000000a : nt!KeBugCheckEx
fffff880`047fcae0 fffff800`0458a1d3 : fffffa80`0867e050 00000000`00000001 ffffffff`dc3a58a0 fffff800`044392d8 : usbhub!UsbhHubProcessChangeWorker+0xec
fffff880`047fcb40 fffff800`0429d261 : fffff800`00000000 fffffa80`00000001 fffff800`0424c200 fffff800`00000000 : nt!IopProcessWorkItem+0x23
fffff880`047fcb70 fffff800`045302ea : 00000000`00000000 fffffa80`06a0b040 00000000`00000080 fffffa80`069ef990 : nt!ExpWorkerThread+0x111
fffff880`047fcc00 fffff800`042848e6 : fffff880`04565180 fffffa80`06a0b040 fffff880`0456ffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`047fcc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
usbhub!UsbhHubProcessChangeWorker+ec
fffff880`05a12a60 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  usbhub!UsbhHubProcessChangeWorker+ec

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: usbhub

IMAGE_NAME:  usbhub.sys

the problem is at the code :

FOLLOWUP_IP: 
usbhub!UsbhHubProcessChangeWorker+ec
fffff880`05a12a60 cc              int     3

by using IDA Pro I got the assebmle code ,and obviously the code at the location of

UsbhHubProcessChangeWorker+ec

is valid and not int interrupt . Here it gives int ,why ? what does it mean ?

What I have tried:

Debug minidump in windbg and have some information

Posted 27-Apr-18 21:27pm

codeprojectddx

Updated 27-Apr-18 22:12pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Jochen Arndt · Answer 1 · 2018-04-27T22:13:00

Quote:
Here it gives int ,why ? what does it mean ?

INT (Interrupt) 3 is inserted by debuggers when setting a breakpoint. Once that is hit, the debugger takes control and removes the INT 3 instruction by replacing it with the original code to allow continuation of the debugged process.

[EDIT]

Quote:
But I have not make a breakpoint when the os is running .

From the book Windows Internals Part 2 by Mark E Russinovich and others:

Quote:
In the case of a STATUS_BREAKPOINT exception, unassembling the address will confirm the presence of a breakpoint instruction. The processor instruction INT 3 is called the trap to debugger instruction. An INT 3 instruction, when executed, causes the system to call the kernel’s debugger exception handler. If a debugger is attached to the computer, the system will break in.
0: kd>
u 92c70a78 
myfault+0xa78: 92c70a78  cc   int       3 
...
Breakpoints shouldn’t usually appear in retail versions of device drivers. Using the lm command, it’s sometimes possible to determine which environment a device driver was targeted for. When compiling a driver for release (and unless overridden by the developer), a flag is set indicating the release type. When viewing the File flags property, the presence of the word Debug indicates that the driver was built using a checked (or debug) environment.

[/EDIT]