解决 QQ2006 键盘加密造成的系统当机故障
2007-01-25 11:22
363 查看
该死的 QQ2006 键盘加密功能给我带来了很多的不便,为了保证我的系统和虚拟机能正常运行,我不得不一直使用 QQ2006 Beta3 ,并且在每次启动前必须把自动下载的升级程序删除才能继续正常使用 QQ,最近好友 YY 也遇到了这个问题,并将 Dump 文件传给了我,通过 WinDBG 的分析得知系统重启和蓝屏的罪魁祸首确是 QQ2006 的键盘加密驱动文件。之后从 YY 那边得到的资料基本上解决了这个问题。
首先使用 WinDBG 分析的结果如下:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:Mini012507-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: E:Symbols_WXPSP2
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d700
Debug session time: Thu Jan 25 09:00:47.319 2007 (GMT+8)
System Uptime: 0 days 0:27:20.203
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {e14c1898, 2, 0, 805d8b06}
*** WARNING: Unable to verify timestamp for npkcusb.sys
*** ERROR: Module load completed but symbols could not be loaded for npkcusb.sys
Unable to load image hidusb.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for hidusb.sys
Unable to load image HIDCLASS.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for HIDCLASS.SYS
Unable to load image kbdhid.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for kbdhid.sys
*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : npkcusb.sys ( npkcusb+384 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: e14c1898, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 805d8b06, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: e14c1898
CURRENT_IRQL: 2
FAULTING_IP:
nt!RtlValidRelativeSecurityDescriptor+143
805d8b06 0fb70a movzx ecx,word ptr [edx]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: csrss.exe
LOCK_ADDRESS: 80559b60 -- (!locks 80559b60)
Resource @ nt!PiEngineLock (0x80559b60) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0x80559b60
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from 805e12a6 to 805d8b06
STACK_TEXT:
f76dd2fc 805e12a6 f76dd318 e14c1898 00000052 nt!RtlValidRelativeSecurityDescriptor+0x143
f76dd310 805e1b40 8640568c 86405668 0000001c nt!SetVirtualBits+0x30
f76dd328 8060f7b7 f76dd348 8640568c 00000000 nt!PushException+0x85
f76dd358 80611121 8055d700 8055d5d0 8557f000 nt!CmpGetHiveName+0x113
f76dd5a0 8054160c 0000000b 8557f000 00022f30 nt!PiGetRelatedDevice+0x16e
f76dd5b8 80500e35 badb0d00 f76dd630 00000000 nt!RtlIpv4StringToAddressA+0xfd
f76dd650 f6e3d384 f6e3faec f7820190 85c3e0d8 nt!RtlpRunTable+0x345
WARNING: Stack unwind information not available. Following frames may be wrong.
f76dd668 f6e3df9c f7820190 f76dd684 85c3e0d8 npkcusb+0x384
f76dd790 804efeb1 85f421e0 85d73008 85d73008 npkcusb+0xf9c
f76dd7dc f6e49558 856eba98 85d73008 f76dd7fb nt!MiAddViewsForSection+0x38
f76dd7fc f766ee91 856eba98 85d73008 856ebb64 hidusb!HumInternalIoctl+0x5a
f76dd810 f7671b19 856eba98 85d73008 85d7316c HIDCLASS!HidpCallDriver+0x3f
f76dd864 f766f8e3 85f9c518 85d73008 f76dd8bc HIDCLASS!HidpIrpMajorWrite+0x17f
f76dd874 804efeb1 85f9c460 85d73008 85d73190 HIDCLASS!HidpMajorHandler+0x31
f76dd8bc aaa8595c 856fb9a0 86108038 85d73008 nt!MiAddViewsForSection+0x38
f76dd8e0 804efeb1 00000000 856fb9f8 85d731b4 kbdhid!KbdHid_IOCTL+0xea
f76dd918 804efeb1 863de8a8 85d73198 806e5410 nt!MiAddViewsForSection+0x38
f76dd93c 805804e3 863de8a8 85d73008 86404d78 nt!MiAddViewsForSection+0x38
f76dd9d8 80579038 000008e8 00000000 00000000 nt!MiFindEmptyAddressRangeDownTree+0x92
f76dda0c 8054160c 000008e8 00000000 00000000 nt!RtlLengthSecurityDescriptor+0x24
f76dda3c 805005d9 badb0d00 f76ddab4 ff00ffff nt!RtlIpv4StringToAddressA+0xfd
f76ddd30 bf86d09c f76cd4a8 00000002 f76ddd54 nt!RtlpStatusTable+0x371
f76ddd40 bf8010ca f76cd4a8 f76ddd64 0075fff4 win32k!vDisableSynchronize+0x36
f76ddd54 8054160c 00000000 00000022 00000000 win32k!TimersProc+0xe
f76ddd64 7c92eb94 badb0d00 0075ffec f71aad98 nt!RtlIpv4StringToAddressA+0xfd
00000000 00000000 00000000 00000000 00000000 0x7c92eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
npkcusb+384
f6e3d384 ?? ???
SYMBOL_STACK_INDEX: 7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: npkcusb
IMAGE_NAME: npkcusb.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 451240bb
SYMBOL_NAME: npkcusb+384
FAILURE_BUCKET_ID: 0xA_npkcusb+384
BUCKET_ID: 0xA_npkcusb+384
Followup: MachineOwner
---------
确认是 QQ2006 的键盘加密导致的系统故障后,参考 YY 的资料执行以下操作步骤:
1、进入 QQ 安装目录,找到“npkcusb.sys、npkcrypt.sys”文件,将其删除。注意:必须在 QQ2006 关闭的情况下删除;
2、进入注册表找到“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSBVid_413c&Pid_2003”并删除它。
最佳的做法就是在首次安装完 QQ 后,就删除键盘加密的驱动文件,之后删除注册表的键值并重新启动计算机。启动进入系统登录后会有短暂的时间键盘无法操作,稍后就可以正常使用。经过测试,系统和运行虚拟机时没有蓝屏或意外重启问题。其他的待观察……
首先使用 WinDBG 分析的结果如下:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:Mini012507-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: E:Symbols_WXPSP2
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d700
Debug session time: Thu Jan 25 09:00:47.319 2007 (GMT+8)
System Uptime: 0 days 0:27:20.203
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {e14c1898, 2, 0, 805d8b06}
*** WARNING: Unable to verify timestamp for npkcusb.sys
*** ERROR: Module load completed but symbols could not be loaded for npkcusb.sys
Unable to load image hidusb.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for hidusb.sys
Unable to load image HIDCLASS.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for HIDCLASS.SYS
Unable to load image kbdhid.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for kbdhid.sys
*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : npkcusb.sys ( npkcusb+384 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: e14c1898, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 805d8b06, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: e14c1898
CURRENT_IRQL: 2
FAULTING_IP:
nt!RtlValidRelativeSecurityDescriptor+143
805d8b06 0fb70a movzx ecx,word ptr [edx]
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: csrss.exe
LOCK_ADDRESS: 80559b60 -- (!locks 80559b60)
Resource @ nt!PiEngineLock (0x80559b60) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0x80559b60
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from 805e12a6 to 805d8b06
STACK_TEXT:
f76dd2fc 805e12a6 f76dd318 e14c1898 00000052 nt!RtlValidRelativeSecurityDescriptor+0x143
f76dd310 805e1b40 8640568c 86405668 0000001c nt!SetVirtualBits+0x30
f76dd328 8060f7b7 f76dd348 8640568c 00000000 nt!PushException+0x85
f76dd358 80611121 8055d700 8055d5d0 8557f000 nt!CmpGetHiveName+0x113
f76dd5a0 8054160c 0000000b 8557f000 00022f30 nt!PiGetRelatedDevice+0x16e
f76dd5b8 80500e35 badb0d00 f76dd630 00000000 nt!RtlIpv4StringToAddressA+0xfd
f76dd650 f6e3d384 f6e3faec f7820190 85c3e0d8 nt!RtlpRunTable+0x345
WARNING: Stack unwind information not available. Following frames may be wrong.
f76dd668 f6e3df9c f7820190 f76dd684 85c3e0d8 npkcusb+0x384
f76dd790 804efeb1 85f421e0 85d73008 85d73008 npkcusb+0xf9c
f76dd7dc f6e49558 856eba98 85d73008 f76dd7fb nt!MiAddViewsForSection+0x38
f76dd7fc f766ee91 856eba98 85d73008 856ebb64 hidusb!HumInternalIoctl+0x5a
f76dd810 f7671b19 856eba98 85d73008 85d7316c HIDCLASS!HidpCallDriver+0x3f
f76dd864 f766f8e3 85f9c518 85d73008 f76dd8bc HIDCLASS!HidpIrpMajorWrite+0x17f
f76dd874 804efeb1 85f9c460 85d73008 85d73190 HIDCLASS!HidpMajorHandler+0x31
f76dd8bc aaa8595c 856fb9a0 86108038 85d73008 nt!MiAddViewsForSection+0x38
f76dd8e0 804efeb1 00000000 856fb9f8 85d731b4 kbdhid!KbdHid_IOCTL+0xea
f76dd918 804efeb1 863de8a8 85d73198 806e5410 nt!MiAddViewsForSection+0x38
f76dd93c 805804e3 863de8a8 85d73008 86404d78 nt!MiAddViewsForSection+0x38
f76dd9d8 80579038 000008e8 00000000 00000000 nt!MiFindEmptyAddressRangeDownTree+0x92
f76dda0c 8054160c 000008e8 00000000 00000000 nt!RtlLengthSecurityDescriptor+0x24
f76dda3c 805005d9 badb0d00 f76ddab4 ff00ffff nt!RtlIpv4StringToAddressA+0xfd
f76ddd30 bf86d09c f76cd4a8 00000002 f76ddd54 nt!RtlpStatusTable+0x371
f76ddd40 bf8010ca f76cd4a8 f76ddd64 0075fff4 win32k!vDisableSynchronize+0x36
f76ddd54 8054160c 00000000 00000022 00000000 win32k!TimersProc+0xe
f76ddd64 7c92eb94 badb0d00 0075ffec f71aad98 nt!RtlIpv4StringToAddressA+0xfd
00000000 00000000 00000000 00000000 00000000 0x7c92eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
npkcusb+384
f6e3d384 ?? ???
SYMBOL_STACK_INDEX: 7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: npkcusb
IMAGE_NAME: npkcusb.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 451240bb
SYMBOL_NAME: npkcusb+384
FAILURE_BUCKET_ID: 0xA_npkcusb+384
BUCKET_ID: 0xA_npkcusb+384
Followup: MachineOwner
---------
确认是 QQ2006 的键盘加密导致的系统故障后,参考 YY 的资料执行以下操作步骤:
1、进入 QQ 安装目录,找到“npkcusb.sys、npkcrypt.sys”文件,将其删除。注意:必须在 QQ2006 关闭的情况下删除;
2、进入注册表找到“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSBVid_413c&Pid_2003”并删除它。
最佳的做法就是在首次安装完 QQ 后,就删除键盘加密的驱动文件,之后删除注册表的键值并重新启动计算机。启动进入系统登录后会有短暂的时间键盘无法操作,稍后就可以正常使用。经过测试,系统和运行虚拟机时没有蓝屏或意外重启问题。其他的待观察……
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- QQ提示“键盘加密技术无法启动”问题的解决办法
- 实现qq聊天界面设计 完美解决edittext 软键盘弹出时listview背景不被挤压+listview Item和edittext的相对位置不变
- Windows各种系统文件无法打开故障解决方法
- 简单过QQ的nProtect键盘加密保护
- 虚拟机上的系统,主键盘的数字键和符号键乱码问题的解决方法。
- 十四种系统故障的解决方法
- 卸载OICQ造成网上银行不能连接的故障的解决方法
- UBuntu系统安装KVM创建虚拟机遭遇故障的解决方法
- CentOs 6.3 x86_64系统下执行 mv /* ../ 命令造成系统错误故障恢复
- 通过souceCRT可以打印内核系统信息但是不能键盘输入的解决办法
- 系统启动故障及解决办法
- linux下由于系统编码问题造成乱码的解决办法
- 常见的电脑系统故障原因及解决办法
- 经验总结系统文件无法打开故障解决方法
- 个人总结出的49条网众无盘系统常见故障解决方法
- XP/Win7系统无法输入日文|加载键盘布局故障解决汇总
- 当UITextField被系统键盘挡住的时候如何解决
- linux下由于系统编码问题造成乱码的解决办法
- 系统安全:Win XP SP2 配置及故障解决技巧大揭露
- 如何解决AIX的文件系统故障