-
-
[旧帖] [求助]最近WIN7 64经常蓝屏,求大神分析下DUMP 0.00雪花
-
发表于: 2012-10-10 21:35 1186
-
最近刚装了MSDN的 WIN7 SP1 64位的系统。 但是经常蓝屏。2条内存分别测试也会出现蓝屏,查看了DUMP,但是看不太懂,而且网上找不到解决方法,哪位大神帮忙分析下!
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\100912-22339-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`04415000 PsLoadedModuleList = 0xfffff800`04659670
Debug session time: Tue Oct 9 18:55:15.141 2012 (GMT+8)
System Uptime: 0 days 0:00:46.374
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffab000fb2120, 2, 1, fffff800044c62be}
Unable to load image \SystemRoot\System32\Drivers\Ntfs.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+b12be )
Followup: MachineOwner
---------
MODULE_NAME: nt
FAULTING_MODULE: fffff80004415000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffffab000fb2120
CURRENT_IRQL: 0
FAULTING_IP:
nt+b12be
fffff800`044c62be f0410fba6e1000 lock bts dword ptr [r14+10h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from fffff80004493769 to fffff800044941c0
STACK_TEXT:
fffff880`09cad4d8 fffff800`04493769 : 00000000`0000000a fffffab0`00fb2120 00000000`00000002 00000000`00000001 : nt+0x7f1c0
fffff880`09cad4e0 00000000`0000000a : fffffab0`00fb2120 00000000`00000002 00000000`00000001 fffff800`044c62be : nt+0x7e769
fffff880`09cad4e8 fffffab0`00fb2120 : 00000000`00000002 00000000`00000001 fffff800`044c62be fffffa80`04c15de0 : 0xa
fffff880`09cad4f0 00000000`00000002 : 00000000`00000001 fffff800`044c62be fffffa80`04c15de0 00000000`00000000 : 0xfffffab0`00fb2120
fffff880`09cad4f8 00000000`00000001 : fffff800`044c62be fffffa80`04c15de0 00000000`00000000 00000000`00000000 : 0x2
fffff880`09cad500 fffff800`044c62be : fffffa80`04c15de0 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`09cad508 fffffa80`04c15de0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0xb12be
fffff880`09cad510 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`04c15de0
fffff880`09cad518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad520 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad530 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad538 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad540 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad550 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad560 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad570 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad580 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad590 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`00f6a920 : 0x0
fffff880`09cad598 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`00f6a920 fffff880`09cad630 : 0x0
fffff880`09cad5a0 00000000`00000000 : 00000000`00000000 fffffa80`00f6a920 fffff880`09cad630 00000000`00000000 : 0x0
fffff880`09cad5a8 00000000`00000000 : fffffa80`00f6a920 fffff880`09cad630 00000000`00000000 00000980`00000000 : 0x0
fffff880`09cad5b0 fffffa80`00f6a920 : fffff880`09cad630 00000000`00000000 00000980`00000000 0000007f`fffffff8 : 0x0
fffff880`09cad5b8 fffff880`09cad630 : 00000000`00000000 00000980`00000000 0000007f`fffffff8 00001f80`00000200 : 0xfffffa80`00f6a920
fffff880`09cad5c0 00000000`00000000 : 00000980`00000000 0000007f`fffffff8 00001f80`00000200 00000000`00000000 : 0xfffff880`09cad630
fffff880`09cad5c8 00000980`00000000 : 0000007f`fffffff8 00001f80`00000200 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad5d0 0000007f`fffffff8 : 00001f80`00000200 00000000`00000000 00000000`00000000 fffff680`00098ff0 : 0x980`00000000
fffff880`09cad5d8 00001f80`00000200 : 00000000`00000000 00000000`00000000 fffff680`00098ff0 00000000`00000000 : 0x7f`fffffff8
fffff880`09cad5e0 00000000`00000000 : 00000000`00000000 fffff680`00098ff0 00000000`00000000 00000000`00000000 : 0x1f80`00000200
fffff880`09cad5e8 00000000`00000000 : fffff680`00098ff0 00000000`00000000 00000000`00000000 fffffab0`00fb2110 : 0x0
fffff880`09cad5f0 fffff680`00098ff0 : 00000000`00000000 00000000`00000000 fffffab0`00fb2110 00000000`00000000 : 0x0
fffff880`09cad5f8 00000000`00000000 : 00000000`00000000 fffffab0`00fb2110 00000000`00000000 fffff800`044923e0 : 0xfffff680`00098ff0
fffff880`09cad600 00000000`00000000 : fffffab0`00fb2110 00000000`00000000 fffff800`044923e0 ef600000`542e6867 : 0x0
fffff880`09cad608 fffffab0`00fb2110 : 00000000`00000000 fffff800`044923e0 ef600000`542e6867 fffff880`09cad6a0 : 0x0
fffff880`09cad610 00000000`00000000 : fffff800`044923e0 ef600000`542e6867 fffff880`09cad6a0 00000000`00000000 : 0xfffffab0`00fb2110
fffff880`09cad618 fffff800`044923e0 : ef600000`542e6867 fffff880`09cad6a0 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad620 ef600000`542e6867 : fffff880`09cad6a0 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x7d3e0
fffff880`09cad628 fffff880`09cad6a0 : 00000000`00000000 00000000`00000000 00000000`00000000 00001f80`01010000 : 0xef600000`542e6867
fffff880`09cad630 00000000`00000000 : 00000000`00000000 00000000`00000000 00001f80`01010000 fffff880`09cad720 : 0xfffff880`09cad6a0
fffff880`09cad638 00000000`00000000 : 00000000`00000000 00001f80`01010000 fffff880`09cad720 fffff880`09cad720 : 0x0
fffff880`09cad640 00000000`00000000 : 00001f80`01010000 fffff880`09cad720 fffff880`09cad720 00000000`00128f03 : 0x0
fffff880`09cad648 00001f80`01010000 : fffff880`09cad720 fffff880`09cad720 00000000`00128f03 fffffa80`0673d060 : 0x0
fffff880`09cad650 fffff880`09cad720 : fffff880`09cad720 00000000`00128f03 fffffa80`0673d060 00000000`00000000 : 0x1f80`01010000
fffff880`09cad658 fffff880`09cad720 : 00000000`00128f03 fffffa80`0673d060 00000000`00000000 00000000`00000000 : 0xfffff880`09cad720
fffff880`09cad660 00000000`00128f03 : fffffa80`0673d060 00000000`00000000 00000000`00000000 fffff880`09cad780 : 0xfffff880`09cad720
fffff880`09cad668 fffffa80`0673d060 : 00000000`00000000 00000000`00000000 fffff880`09cad780 00000000`00000001 : 0x128f03
fffff880`09cad670 00000000`00000000 : 00000000`00000000 fffff880`09cad780 00000000`00000001 00000000`00000000 : 0xfffffa80`0673d060
fffff880`09cad678 00000000`00000000 : fffff880`09cad780 00000000`00000001 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad680 fffff880`09cad780 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad688 00000000`00000001 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`09cad780
fffff880`09cad690 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`09cad698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffab0`00fb2120 : 0x0
fffff880`09cad6d8 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffab0`00fb2120 fffff880`0123c9f4 : 0x0
fffff880`09cad6e0 00000000`00000000 : 00000000`00000000 fffffab0`00fb2120 fffff880`0123c9f4 fffffa80`c0000201 : 0x0
fffff880`09cad6e8 00000000`00000000 : fffffab0`00fb2120 fffff880`0123c9f4 fffffa80`c0000201 fffff800`046c6ac0 : 0x0
fffff880`09cad6f0 fffffab0`00fb2120 : fffff880`0123c9f4 fffffa80`c0000201 fffff800`046c6ac0 fffff880`04563180 : 0x0
fffff880`09cad6f8 fffff880`0123c9f4 : fffffa80`c0000201 fffff800`046c6ac0 fffff880`04563180 fffff880`04563180 : 0xfffffab0`00fb2120
fffff880`09cad700 fffffa80`c0000201 : fffff800`046c6ac0 fffff880`04563180 fffff880`04563180 00000000`00000000 : Ntfs+0xd9f4
fffff880`09cad708 fffff800`046c6ac0 : fffff880`04563180 fffff880`04563180 00000000`00000000 fffffa80`03c02898 : 0xfffffa80`c0000201
fffff880`09cad710 fffff880`04563180 : fffff880`04563180 00000000`00000000 fffffa80`03c02898 fffff880`09cad740 : nt+0x2b1ac0
fffff880`09cad718 fffff880`04563180 : 00000000`00000000 fffffa80`03c02898 fffff880`09cad740 00000000`00000018 : 0xfffff880`04563180
fffff880`09cad720 00000000`00000000 : fffffa80`03c02898 fffff880`09cad740 00000000`00000018 fffff880`09cad8b8 : 0xfffff880`04563180
fffff880`09cad728 fffffa80`03c02898 : fffff880`09cad740 00000000`00000018 fffff880`09cad8b8 fffff880`0123ee44 : 0x0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+b12be
fffff800`044c62be f0410fba6e1000 lock bts dword ptr [r14+10h],0
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: nt+b12be
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\100912-22339-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`04415000 PsLoadedModuleList = 0xfffff800`04659670
Debug session time: Tue Oct 9 18:55:15.141 2012 (GMT+8)
System Uptime: 0 days 0:00:46.374
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffab000fb2120, 2, 1, fffff800044c62be}
Unable to load image \SystemRoot\System32\Drivers\Ntfs.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+b12be )
Followup: MachineOwner
---------
MODULE_NAME: nt
FAULTING_MODULE: fffff80004415000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffffab000fb2120
CURRENT_IRQL: 0
FAULTING_IP:
nt+b12be
fffff800`044c62be f0410fba6e1000 lock bts dword ptr [r14+10h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from fffff80004493769 to fffff800044941c0
STACK_TEXT:
fffff880`09cad4d8 fffff800`04493769 : 00000000`0000000a fffffab0`00fb2120 00000000`00000002 00000000`00000001 : nt+0x7f1c0
fffff880`09cad4e0 00000000`0000000a : fffffab0`00fb2120 00000000`00000002 00000000`00000001 fffff800`044c62be : nt+0x7e769
fffff880`09cad4e8 fffffab0`00fb2120 : 00000000`00000002 00000000`00000001 fffff800`044c62be fffffa80`04c15de0 : 0xa
fffff880`09cad4f0 00000000`00000002 : 00000000`00000001 fffff800`044c62be fffffa80`04c15de0 00000000`00000000 : 0xfffffab0`00fb2120
fffff880`09cad4f8 00000000`00000001 : fffff800`044c62be fffffa80`04c15de0 00000000`00000000 00000000`00000000 : 0x2
fffff880`09cad500 fffff800`044c62be : fffffa80`04c15de0 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`09cad508 fffffa80`04c15de0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0xb12be
fffff880`09cad510 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`04c15de0
fffff880`09cad518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad520 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad530 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad538 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad540 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad550 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad560 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad570 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad580 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad590 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`00f6a920 : 0x0
fffff880`09cad598 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`00f6a920 fffff880`09cad630 : 0x0
fffff880`09cad5a0 00000000`00000000 : 00000000`00000000 fffffa80`00f6a920 fffff880`09cad630 00000000`00000000 : 0x0
fffff880`09cad5a8 00000000`00000000 : fffffa80`00f6a920 fffff880`09cad630 00000000`00000000 00000980`00000000 : 0x0
fffff880`09cad5b0 fffffa80`00f6a920 : fffff880`09cad630 00000000`00000000 00000980`00000000 0000007f`fffffff8 : 0x0
fffff880`09cad5b8 fffff880`09cad630 : 00000000`00000000 00000980`00000000 0000007f`fffffff8 00001f80`00000200 : 0xfffffa80`00f6a920
fffff880`09cad5c0 00000000`00000000 : 00000980`00000000 0000007f`fffffff8 00001f80`00000200 00000000`00000000 : 0xfffff880`09cad630
fffff880`09cad5c8 00000980`00000000 : 0000007f`fffffff8 00001f80`00000200 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad5d0 0000007f`fffffff8 : 00001f80`00000200 00000000`00000000 00000000`00000000 fffff680`00098ff0 : 0x980`00000000
fffff880`09cad5d8 00001f80`00000200 : 00000000`00000000 00000000`00000000 fffff680`00098ff0 00000000`00000000 : 0x7f`fffffff8
fffff880`09cad5e0 00000000`00000000 : 00000000`00000000 fffff680`00098ff0 00000000`00000000 00000000`00000000 : 0x1f80`00000200
fffff880`09cad5e8 00000000`00000000 : fffff680`00098ff0 00000000`00000000 00000000`00000000 fffffab0`00fb2110 : 0x0
fffff880`09cad5f0 fffff680`00098ff0 : 00000000`00000000 00000000`00000000 fffffab0`00fb2110 00000000`00000000 : 0x0
fffff880`09cad5f8 00000000`00000000 : 00000000`00000000 fffffab0`00fb2110 00000000`00000000 fffff800`044923e0 : 0xfffff680`00098ff0
fffff880`09cad600 00000000`00000000 : fffffab0`00fb2110 00000000`00000000 fffff800`044923e0 ef600000`542e6867 : 0x0
fffff880`09cad608 fffffab0`00fb2110 : 00000000`00000000 fffff800`044923e0 ef600000`542e6867 fffff880`09cad6a0 : 0x0
fffff880`09cad610 00000000`00000000 : fffff800`044923e0 ef600000`542e6867 fffff880`09cad6a0 00000000`00000000 : 0xfffffab0`00fb2110
fffff880`09cad618 fffff800`044923e0 : ef600000`542e6867 fffff880`09cad6a0 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad620 ef600000`542e6867 : fffff880`09cad6a0 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x7d3e0
fffff880`09cad628 fffff880`09cad6a0 : 00000000`00000000 00000000`00000000 00000000`00000000 00001f80`01010000 : 0xef600000`542e6867
fffff880`09cad630 00000000`00000000 : 00000000`00000000 00000000`00000000 00001f80`01010000 fffff880`09cad720 : 0xfffff880`09cad6a0
fffff880`09cad638 00000000`00000000 : 00000000`00000000 00001f80`01010000 fffff880`09cad720 fffff880`09cad720 : 0x0
fffff880`09cad640 00000000`00000000 : 00001f80`01010000 fffff880`09cad720 fffff880`09cad720 00000000`00128f03 : 0x0
fffff880`09cad648 00001f80`01010000 : fffff880`09cad720 fffff880`09cad720 00000000`00128f03 fffffa80`0673d060 : 0x0
fffff880`09cad650 fffff880`09cad720 : fffff880`09cad720 00000000`00128f03 fffffa80`0673d060 00000000`00000000 : 0x1f80`01010000
fffff880`09cad658 fffff880`09cad720 : 00000000`00128f03 fffffa80`0673d060 00000000`00000000 00000000`00000000 : 0xfffff880`09cad720
fffff880`09cad660 00000000`00128f03 : fffffa80`0673d060 00000000`00000000 00000000`00000000 fffff880`09cad780 : 0xfffff880`09cad720
fffff880`09cad668 fffffa80`0673d060 : 00000000`00000000 00000000`00000000 fffff880`09cad780 00000000`00000001 : 0x128f03
fffff880`09cad670 00000000`00000000 : 00000000`00000000 fffff880`09cad780 00000000`00000001 00000000`00000000 : 0xfffffa80`0673d060
fffff880`09cad678 00000000`00000000 : fffff880`09cad780 00000000`00000001 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad680 fffff880`09cad780 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad688 00000000`00000001 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`09cad780
fffff880`09cad690 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`09cad698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffab0`00fb2120 : 0x0
fffff880`09cad6d8 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffab0`00fb2120 fffff880`0123c9f4 : 0x0
fffff880`09cad6e0 00000000`00000000 : 00000000`00000000 fffffab0`00fb2120 fffff880`0123c9f4 fffffa80`c0000201 : 0x0
fffff880`09cad6e8 00000000`00000000 : fffffab0`00fb2120 fffff880`0123c9f4 fffffa80`c0000201 fffff800`046c6ac0 : 0x0
fffff880`09cad6f0 fffffab0`00fb2120 : fffff880`0123c9f4 fffffa80`c0000201 fffff800`046c6ac0 fffff880`04563180 : 0x0
fffff880`09cad6f8 fffff880`0123c9f4 : fffffa80`c0000201 fffff800`046c6ac0 fffff880`04563180 fffff880`04563180 : 0xfffffab0`00fb2120
fffff880`09cad700 fffffa80`c0000201 : fffff800`046c6ac0 fffff880`04563180 fffff880`04563180 00000000`00000000 : Ntfs+0xd9f4
fffff880`09cad708 fffff800`046c6ac0 : fffff880`04563180 fffff880`04563180 00000000`00000000 fffffa80`03c02898 : 0xfffffa80`c0000201
fffff880`09cad710 fffff880`04563180 : fffff880`04563180 00000000`00000000 fffffa80`03c02898 fffff880`09cad740 : nt+0x2b1ac0
fffff880`09cad718 fffff880`04563180 : 00000000`00000000 fffffa80`03c02898 fffff880`09cad740 00000000`00000018 : 0xfffff880`04563180
fffff880`09cad720 00000000`00000000 : fffffa80`03c02898 fffff880`09cad740 00000000`00000018 fffff880`09cad8b8 : 0xfffff880`04563180
fffff880`09cad728 fffffa80`03c02898 : fffff880`09cad740 00000000`00000018 fffff880`09cad8b8 fffff880`0123ee44 : 0x0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+b12be
fffff800`044c62be f0410fba6e1000 lock bts dword ptr [r14+10h],0
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: nt+b12be
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
看原图
赞赏
雪币:
留言: