win7旗舰版 thinkpad t420-j4c 说是硬盘有坏道 已经换过新了。 但是还是蓝屏,dmp分析发在这里,求助论坛各位老大啊!
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 892baa30, Terminating object
Arg3: 892bab9c, Process image file name
Arg4: 83e35cf0, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: 892baa30
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 00000000
PROCESS_NAME: csrss.exe
EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - 0x%p
BUGCHECK_STR: 0xF4_IOERR
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
STACK_TEXT:
ad97cb9c 83efb067 000000f4 00000003 892baa30 nt!KeBugCheckEx+0x1e
ad97cbc0 83e78c1e 83e35cf0 892bab9c 892baca0 nt!PspCatchCriticalBreak+0x71
ad97cbf0 83e78b61 892baa30 89d66218 c0000006 nt!PspTerminateAllThreads+0x2d
ad97cc24 83c5a1ea ffffffff c0000006 033bf04c nt!NtTerminateProcess+0x1a2
ad97cc24 779e70b4 ffffffff c0000006 033bf04c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
033bf04c 00000000 00000000 00000000 00000000 0x779e70b4
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xF4_IOERR_IMAGE_csrss.exe
BUCKET_ID: 0xF4_IOERR_IMAGE_csrss.exe
Followup: MachineOwner
---------
上述问题经过卸载intel的rst驱动
升级了bios
重启过后,运行一段时间(不短)后再次出现蓝屏故障,dmp分析代码如下:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8c43c98b, The address that the exception occurred at
Arg3: b6a998b8, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
tcpip!TcpCreateListener+35
8c43c98b 8b4710 mov eax,dword ptr [edi+10h]
TRAP_FRAME: b6a998b8 -- (.trap 0xffffffffb6a998b8)
ErrCode = 00000000
eax=3ae63901 ebx=92e828aa ecx=b6a99980 edx=00000000 esi=b6a99980 edi=00000000
eip=8c43c98b esp=b6a9992c ebp=b6a99964 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
tcpip!TcpCreateListener+0x35:
8c43c98b 8b4710 mov eax,dword ptr [edi+10h] ds:0023:00000010=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: LMS.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 92e7e0be to 8c43c98b
STACK_TEXT:
b6a99964 92e7e0be 8743e008 b6a99980 86e648c0 tcpip!TcpCreateListener+0x35
b6a999c8 92e77ab0 874f17c0 866fe700 92e82342 tdx!TdxIssueListenRequest+0xc2
b6a999e8 92e7876f 86e648c8 86e648c0 866fe700 tdx!TdxListenTransportAddress+0x106
b6a99a10 92e7f3fd 00e648c0 866fe6d8 866fe748 tdx!TdxListenConnection+0xdb
b6a99a2c 83e5658e 8743ef00 866fe6d8 866fe6d8 tdx!TdxTdiDispatchInternalDeviceControl+0x13f
b6a99a44 92ee8446 866d69f8 86a6dde8 00000000 nt!IofCallDriver+0x63
b6a99a6c 92ecbded 866d69f8 866fe6d8 00000005 afd!AfdDelayedAcceptListen+0x1db
b6a99a88 92ee12a3 86a6dde8 00000000 2445db8c afd!AfdAddFreeConnection+0xa1
b6a99aec 92ed42bc 89eb64e8 872be130 b6a99b14 afd!AfdStartListen+0x26b
b6a99afc 83e5658e 872be130 86b80738 86b80738 afd!AfdDispatchDeviceControl+0x3b
b6a99b14 84049a49 89eb64e8 86b80738 86b80814 nt!IofCallDriver+0x63
b6a99b34 8404cc1b 872be130 89eb64e8 00000000 nt!IopSynchronousServiceTail+0x1f8
b6a99bd0 840934b4 872be130 86b80738 00000000 nt!IopXxxControlFile+0x6aa
b6a99c04 83e5d21a 00000204 00000230 00000000 nt!NtDeviceIoControlFile+0x2a
b6a99c04 772b70b4 00000204 00000230 00000000 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0172eb44 00000000 00000000 00000000 00000000 0x772b70b4
STACK_COMMAND: kb
FOLLOWUP_IP:
tdx!TdxIssueListenRequest+c2
92e7e0be 68c8000000 push 0C8h
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: tdx!TdxIssueListenRequest+c2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tdx
IMAGE_NAME: tdx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce78935
FAILURE_BUCKET_ID: 0x8E_tdx!TdxIssueListenRequest+c2
BUCKET_ID: 0x8E_tdx!TdxIssueListenRequest+c2
Followup: MachineOwner
---------
狠求大大帮忙啊!我是新手没分发……以后有了一定双手奉上啊!
-------------------------------------------------
经过一系列的拾掇,现在基本稳定。我想还是srt驱动与固态硬盘的读写有点冲突,现在基本已经不会再蓝屏了。
但是还有一个状况,这种状况代替了蓝屏现象的发生。
就是在运行一段时间后,系统会有一个弹出一个关于explorer.exe异常终止的警告框。
里面的提示是类似这样:
the instruction ao 0x7618A1C1 referenced memory at 0x71DBF748. The required data was not placed into memory because of an I/O error status of 0xc000000e.
我个人认为是硬盘在读取过程中,会间歇性的出现数据流无法读取的问题。某个软件应用正在调用时,就会报此错误导致重启。
不知我分析是否正确。
如果正确,那么就是这块固态硬盘有问题了?
我的系统是装在固态硬盘里的,所以我刚才把内存条卸下来,正在等待蓝屏,不知会怎样。
刚才出现卡机状态,但是未蓝屏或出现上面的报错提示然后重启的情况
-------------------------------------------------------------------------------------
等待了2个小时左右,终于出现了蓝屏状况,这次的dmp分析结果如下:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: c04208c8, lock type that was held (value 1,2,3, or PTE address)
Arg2: c000000e, error status (normally i/o status code)
Arg3: 0ca3c860, current process (virtual address for lock type 3, or PTE)
Arg4: 84119bec, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
ERROR_CODE: (NTSTATUS) 0xc000000e - <Unable to get error code text>
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR: 0x7a_c000000e
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: 8eb229f8 -- (.trap 0xffffffff8eb229f8)
ErrCode = 00000010
eax=85c79000 ebx=00000000 ecx=8935bdd8 edx=00000000 esi=8935bdd8 edi=00000000
eip=84119bec esp=8eb22a6c ebp=8eb22acc iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!EtwpFreeUserBufferSpace:
84119bec 0000 add byte ptr [eax],al ds:0023:85c79000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from 83ebce28 to 83ef7ef4
STACK_TEXT:
8eb2285c 83ebce28 0000007a c04208c8 c000000e nt!KeBugCheckEx+0x1e
8eb228cc 83ec0709 8eb22920 83f83300 8eb22940 nt!MiWaitForInPageComplete+0x302
8eb2295c 83ea996b 83f83300 84119bec 85f413c0 nt!MiIssueHardFault+0x3b3
8eb229e0 83e5a408 00000008 84119bec 00000000 nt!MmAccessFault+0x2656
8eb229e0 84119bec 00000008 84119bec 00000000 nt!KiTrap0E+0xdc
8eb22acc 84042b6d 85c484c0 8935bdd8 85c79000 nt!EtwpFreeUserBufferSpace
8eb22afc 8404e780 00c79000 85c484c0 85c79000 nt!EtwpRealtimeDeliverBuffer+0x82
8eb22b18 8404e64b 85c79000 00000000 85c79000 nt!EtwpFlushBufferToRealtime+0x2c
8eb22b3c 83e9c52b 00000000 00000000 85c484c0 nt!EtwpFlushBuffer+0xa1
8eb22c08 84040d0d 85c484c0 00000001 00000000 nt!EtwpFlushActiveBuffers+0x2c0
8eb22c50 84021fda 85c484c0 92198f06 00000000 nt!EtwpLogger+0x2a1
8eb22c90 83eca1f9 84040a6c 85c484c0 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
84119000-8411902d 46 bytes - nt!EtwpPsProvTraceThread+103
[ ff 38 5d 10 74 25 3b f3:00 00 00 00 00 00 00 00 ]
84119031-84119038 8 bytes - nt!EtwpPsProvTraceThread+134 (+0x31)
[ 3b c3 74 32 c7 45 fc 02:00 00 00 00 00 00 00 00 ]
8411903c-8411909f 100 bytes - nt!EtwpPsProvTraceThread+13f (+0x0b)
[ 8b 70 04 89 75 dc 8b 40:00 00 00 00 00 00 00 00 ]
841190a1 - nt!EtwpPsProvTraceThread+1a4 (+0x65)
[ 20:00 ]
841190a4-841190a9 6 bytes - nt!EtwpPsProvTraceThread+1a7 (+0x03)
[ 75 11 8d b1 88 02:00 00 00 00 00 00 ]
841190ac-841190d5 42 bytes - nt!EtwpPsProvTraceThread+1af (+0x08)
[ 8a 06 a8 02 75 05 87 45:00 00 00 00 00 00 00 00 ]
841190d8-841190ec 21 bytes - nt!EtwpPsProvTraceThread+1db (+0x2c)
[ 89 75 cc 89 85 7c ff ff:00 00 00 00 00 00 00 00 ]
841190f0-84119138 73 bytes - nt!EtwpPsProvTraceThread+1f3 (+0x18)
[ 89 45 8c 89 5d 90 89 55:00 00 00 00 00 00 00 00 ]
8411913c-84119165 42 bytes - nt!EtwpPsProvTraceThread+23d (+0x4c)
[ 89 5d b8 6a 0b 58 8d 8d:00 00 00 00 00 00 00 00 ]
84119167-8411918b 37 bytes - nt!EtwpPsProvTraceThread+268 (+0x2b)
[ 90 cc cc cc cc cc cc cc:00 00 00 00 00 00 00 00 ]
8411918d-84119195 9 bytes - nt!EtwpLogProcessPerfCtrs+f (+0x26)
[ 50 e8 ad 9c d3 ff 8b 86:00 00 00 00 00 00 00 00 ]
84119199-8411919e 6 bytes - nt!EtwpLogProcessPerfCtrs+1b (+0x0c)
[ 89 45 b4 8b 86 dc:00 00 00 00 00 00 ]
841191a2-841191a8 7 bytes - nt!EtwpLogProcessPerfCtrs+24 (+0x09)
[ 89 45 c4 8b 86 3c 02:00 00 00 00 00 00 00 ]
841191ab-841191b4 10 bytes - nt!EtwpLogProcessPerfCtrs+2d (+0x09)
[ c1 e0 0c 89 45 c8 8b 86:00 00 00 00 00 00 00 00 ]
841191b7-841191c2 12 bytes - nt!EtwpLogProcessPerfCtrs+39 (+0x0c)
[ c1 e0 0c 83 c4 0c 89 45:00 00 00 00 00 00 00 00 ]
841191c6-841191c9 4 bytes - nt!EtwpLogProcessPerfCtrs+48 (+0x0f)
[ 68 02 18 50:00 00 00 00 ]
841191cb-841191d0 6 bytes - nt!EtwpLogProcessPerfCtrs+4d (+0x05)
[ 89 45 d0 8b 86 c8:00 00 00 00 00 00 ]
841191d4-841191d6 3 bytes - nt!EtwpLogProcessPerfCtrs+56 (+0x09)
[ 83 65 f4:00 00 00 ]
841191d8-841191da 3 bytes - nt!EtwpLogProcessPerfCtrs+5a (+0x04)
[ 83 65 fc:00 00 00 ]
841191dc - nt!EtwpLogProcessPerfCtrs+5e (+0x04)
[ 6a:00 ]
841191de-841191e0 3 bytes - nt!EtwpLogProcessPerfCtrs+60 (+0x02)
[ 68 20 03:00 00 00 ]
841191e3-841191f7 21 bytes - nt!EtwpLogProcessPerfCtrs+65 (+0x05)
[ 89 45 d4 8d 45 b4 6a 01:00 00 00 00 00 00 00 00 ]
841191fb-84119250 86 bytes - nt!EtwpLogProcessPerfCtrs+7d (+0x18)
[ e8 81 1d db ff c9 c3 cc:00 00 00 00 00 00 00 00 ]
84119254-841192af 92 bytes - nt!EtwShutdown+b (+0x59)
[ a1 48 3a f4 83 33 c5 89:00 00 00 00 00 00 00 00 ]
841192b3-841192bf 13 bytes - nt!EtwShutdown+6a (+0x5f)
[ 89 85 44 ff ff ff e8 27:00 00 00 00 00 00 00 00 ]
841192c3-841192ca 8 bytes - nt!EtwShutdown+7a (+0x10)
[ 56 8d 85 48 ff ff ff 6a:00 00 00 00 00 00 00 00 ]
841192cc-841192e9 30 bytes - nt!EtwShutdown+83 (+0x09)
[ 50 c6 05 82 38 f5 83 01:00 00 00 00 00 00 00 00 ]
841192ec - nt!EtwShutdown+a3 (+0x20)
[ 02:00 ]
841192ee-841192f2 5 bytes - nt!EtwShutdown+a5 (+0x02)
[ 5b 0f bf cb 6a:00 00 00 00 00 ]
841192f4-84119308 21 bytes - nt!EtwShutdown+ab (+0x06)
[ e8 68 3d f3 ff 85 c0 74:00 00 00 00 00 00 00 00 ]
8411930a-8411932a 33 bytes - nt!EtwShutdown+c1 (+0x16)
[ 8d 04 85 20 4f f5 83 83:00 00 00 00 00 00 00 00 ]
8411932d-84119336 10 bytes - nt!EtwShutdown+e4 (+0x23)
[ 66 89 8d 50 ff ff ff 8d:00 00 00 00 00 00 00 00 ]
8411933a - nt!EtwShutdown+f1 (+0x0d)
[ 8b:00 ]
8411933c-841193ff 196 bytes - nt!EtwShutdown+f3 (+0x02)
[ 8d bd 60 ff ff ff a5 a5:00 00 00 00 00 00 00 00 ]
84119401-84119407 7 bytes - nt!EtwpUpdatePoolTagFilter+49 (+0xc5)
[ 33 c0 40 c7 43 04 2a:00 00 00 00 00 00 00 ]
8411940b-8411945c 82 bytes - nt!EtwpUpdatePoolTagFilter+53 (+0x0a)
[ eb ea cc cc cc cc cc 90:00 00 00 00 00 00 00 00 ]
84119460 - nt!EtwpPrepareWmitraceLoggerInfo+5 (+0x55)
[ 6a:00 ]
84119462-8411946a 9 bytes - nt!EtwpPrepareWmitraceLoggerInfo+7 (+0x02)
[ 56 e8 d8 99 d3 ff c7 06:00 00 00 00 00 00 00 00 ]
8411946e-84119470 3 bytes - nt!EtwpPrepareWmitraceLoggerInfo+13 (+0x0c)
[ c7 46 2c:00 00 00 ]
84119473 - nt!EtwpPrepareWmitraceLoggerInfo+18 (+0x05)
[ 02:00 ]
84119475-84119486 18 bytes - nt!EtwpPrepareWmitraceLoggerInfo+1a (+0x02)
[ a1 c0 49 f5 83 83 c4 0c:00 00 00 00 00 00 00 00 ]
84119489-8411949f 23 bytes - nt!EtwpPrepareWmitraceLoggerInfo+2e (+0x14)
[ 66 89 46 08 c3 cc cc cc:00 00 00 00 00 00 00 00 ]
841194a3-841194b7 21 bytes - nt!EtwWmitraceWorker+b (+0x1a)
[ a1 48 3a f4 83 33 c5 89:00 00 00 00 00 00 00 00 ]
841194bb-841194bf 5 bytes - nt!EtwWmitraceWorker+23 (+0x18)
[ 3c 02 0f 84 97:00 00 00 00 00 ]
841194c3-841194e2 32 bytes - nt!EtwWmitraceWorker+2b (+0x08)
[ 2c 04 3c 01 77 76 8d b5:00 00 00 00 00 00 00 00 ]
841194e6-84119519 52 bytes - nt!EtwWmitraceWorker+4e (+0x23)
[ ff 35 d8 49 f5 83 0f b6:00 00 00 00 00 00 00 00 ]
8411951b-84119521 7 bytes - nt!EtwWmitraceWorker+83 (+0x35)
[ ff 35 c0 49 f5 83 6a:00 00 00 00 00 00 00 ]
84119523-84119534 18 bytes - nt!EtwWmitraceWorker+8b (+0x08)
[ 68 dc 49 f5 83 e8 ba 82:00 00 00 00 00 00 00 00 ]
84119537-84119549 19 bytes - nt!EtwWmitraceWorker+9f (+0x14)
[ 56 68 e0 39 03 84 eb 3a:00 00 00 00 00 00 00 00 ]
8411954c-84119557 12 bytes - nt!EtwWmitraceWorker+b4 (+0x15)
[ c0 e8 0f 4b dc ff 83 c4:00 00 00 00 00 00 00 00 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
3789 errors : !nt (84119000-84119fff)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE_4096
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE_4096
BUCKET_ID: MEMORY_CORRUPTION_LARGE_4096
Followup: memory_corruption
---------
这次这个分析,我彻底看不懂了。
不过可以确定的是这个问题是出在虚拟内存里的内核文件无法倒腾到内存导致的错误。
所以可以看出跟上一根条子的问题并不是特别大。
那么具体的问题究竟在哪儿……?
一头雾水啊!感觉还是固态硬盘的问题,但是感觉又不像……
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)