[求助]最近WIN7 64经常蓝屏，求大神分析下DUMP-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]最近WIN7 64经常蓝屏，求大神分析下DUMP 0.00雪花

发表于: 2012-10-10 21:35 1185

[旧帖] [求助]最近WIN7 64经常蓝屏，求大神分析下DUMP 0.00雪花

yueluoice

2012-10-10 21:35

1185

最近刚装了MSDN的 WIN7 SP1 64位的系统。但是经常蓝屏。2条内存分别测试也会出现蓝屏，查看了DUMP，但是看不太懂，而且网上找不到解决方法，哪位大神帮忙分析下！

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\100912-22339-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.          *
* Use .symfix to have the debugger choose a symbol path.                *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`04415000 PsLoadedModuleList = 0xfffff800`04659670
Debug session time: Tue Oct  9 18:55:15.141 2012 (GMT+8)
System Uptime: 0 days 0:00:46.374
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffab000fb2120, 2, 1, fffff800044c62be}

Unable to load image \SystemRoot\System32\Drivers\Ntfs.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+b12be )

Followup: MachineOwner
---------

MODULE_NAME: nt

FAULTING_MODULE: fffff80004415000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4fa390f3

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffffab000fb2120

CURRENT_IRQL:  0

FAULTING_IP:
nt+b12be
fffff800`044c62be f0410fba6e1000  lock bts dword ptr [r14+10h],0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

BUGCHECK_STR:  0xA

LAST_CONTROL_TRANSFER:  from fffff80004493769 to fffff800044941c0

STACK_TEXT:
fffff880`09cad4d8 fffff800`04493769 : 00000000`0000000a fffffab0`00fb2120 00000000`00000002 00000000`00000001 : nt+0x7f1c0
fffff880`09cad4e0 00000000`0000000a : fffffab0`00fb2120 00000000`00000002 00000000`00000001 fffff800`044c62be : nt+0x7e769
fffff880`09cad4e8 fffffab0`00fb2120 : 00000000`00000002 00000000`00000001 fffff800`044c62be fffffa80`04c15de0 : 0xa
fffff880`09cad4f0 00000000`00000002 : 00000000`00000001 fffff800`044c62be fffffa80`04c15de0 00000000`00000000 : 0xfffffab0`00fb2120
fffff880`09cad4f8 00000000`00000001 : fffff800`044c62be fffffa80`04c15de0 00000000`00000000 00000000`00000000 : 0x2
fffff880`09cad500 fffff800`044c62be : fffffa80`04c15de0 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`09cad508 fffffa80`04c15de0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0xb12be
fffff880`09cad510 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`04c15de0
fffff880`09cad518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad520 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad530 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad538 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad540 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad550 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad560 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad570 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad580 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad590 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`00f6a920 : 0x0
fffff880`09cad598 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`00f6a920 fffff880`09cad630 : 0x0
fffff880`09cad5a0 00000000`00000000 : 00000000`00000000 fffffa80`00f6a920 fffff880`09cad630 00000000`00000000 : 0x0
fffff880`09cad5a8 00000000`00000000 : fffffa80`00f6a920 fffff880`09cad630 00000000`00000000 00000980`00000000 : 0x0
fffff880`09cad5b0 fffffa80`00f6a920 : fffff880`09cad630 00000000`00000000 00000980`00000000 0000007f`fffffff8 : 0x0
fffff880`09cad5b8 fffff880`09cad630 : 00000000`00000000 00000980`00000000 0000007f`fffffff8 00001f80`00000200 : 0xfffffa80`00f6a920
fffff880`09cad5c0 00000000`00000000 : 00000980`00000000 0000007f`fffffff8 00001f80`00000200 00000000`00000000 : 0xfffff880`09cad630
fffff880`09cad5c8 00000980`00000000 : 0000007f`fffffff8 00001f80`00000200 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad5d0 0000007f`fffffff8 : 00001f80`00000200 00000000`00000000 00000000`00000000 fffff680`00098ff0 : 0x980`00000000
fffff880`09cad5d8 00001f80`00000200 : 00000000`00000000 00000000`00000000 fffff680`00098ff0 00000000`00000000 : 0x7f`fffffff8
fffff880`09cad5e0 00000000`00000000 : 00000000`00000000 fffff680`00098ff0 00000000`00000000 00000000`00000000 : 0x1f80`00000200
fffff880`09cad5e8 00000000`00000000 : fffff680`00098ff0 00000000`00000000 00000000`00000000 fffffab0`00fb2110 : 0x0
fffff880`09cad5f0 fffff680`00098ff0 : 00000000`00000000 00000000`00000000 fffffab0`00fb2110 00000000`00000000 : 0x0
fffff880`09cad5f8 00000000`00000000 : 00000000`00000000 fffffab0`00fb2110 00000000`00000000 fffff800`044923e0 : 0xfffff680`00098ff0
fffff880`09cad600 00000000`00000000 : fffffab0`00fb2110 00000000`00000000 fffff800`044923e0 ef600000`542e6867 : 0x0
fffff880`09cad608 fffffab0`00fb2110 : 00000000`00000000 fffff800`044923e0 ef600000`542e6867 fffff880`09cad6a0 : 0x0
fffff880`09cad610 00000000`00000000 : fffff800`044923e0 ef600000`542e6867 fffff880`09cad6a0 00000000`00000000 : 0xfffffab0`00fb2110
fffff880`09cad618 fffff800`044923e0 : ef600000`542e6867 fffff880`09cad6a0 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad620 ef600000`542e6867 : fffff880`09cad6a0 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x7d3e0
fffff880`09cad628 fffff880`09cad6a0 : 00000000`00000000 00000000`00000000 00000000`00000000 00001f80`01010000 : 0xef600000`542e6867
fffff880`09cad630 00000000`00000000 : 00000000`00000000 00000000`00000000 00001f80`01010000 fffff880`09cad720 : 0xfffff880`09cad6a0
fffff880`09cad638 00000000`00000000 : 00000000`00000000 00001f80`01010000 fffff880`09cad720 fffff880`09cad720 : 0x0
fffff880`09cad640 00000000`00000000 : 00001f80`01010000 fffff880`09cad720 fffff880`09cad720 00000000`00128f03 : 0x0
fffff880`09cad648 00001f80`01010000 : fffff880`09cad720 fffff880`09cad720 00000000`00128f03 fffffa80`0673d060 : 0x0
fffff880`09cad650 fffff880`09cad720 : fffff880`09cad720 00000000`00128f03 fffffa80`0673d060 00000000`00000000 : 0x1f80`01010000
fffff880`09cad658 fffff880`09cad720 : 00000000`00128f03 fffffa80`0673d060 00000000`00000000 00000000`00000000 : 0xfffff880`09cad720
fffff880`09cad660 00000000`00128f03 : fffffa80`0673d060 00000000`00000000 00000000`00000000 fffff880`09cad780 : 0xfffff880`09cad720
fffff880`09cad668 fffffa80`0673d060 : 00000000`00000000 00000000`00000000 fffff880`09cad780 00000000`00000001 : 0x128f03
fffff880`09cad670 00000000`00000000 : 00000000`00000000 fffff880`09cad780 00000000`00000001 00000000`00000000 : 0xfffffa80`0673d060
fffff880`09cad678 00000000`00000000 : fffff880`09cad780 00000000`00000001 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad680 fffff880`09cad780 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad688 00000000`00000001 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`09cad780
fffff880`09cad690 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffff880`09cad698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff880`09cad6d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffab0`00fb2120 : 0x0
fffff880`09cad6d8 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffab0`00fb2120 fffff880`0123c9f4 : 0x0
fffff880`09cad6e0 00000000`00000000 : 00000000`00000000 fffffab0`00fb2120 fffff880`0123c9f4 fffffa80`c0000201 : 0x0
fffff880`09cad6e8 00000000`00000000 : fffffab0`00fb2120 fffff880`0123c9f4 fffffa80`c0000201 fffff800`046c6ac0 : 0x0
fffff880`09cad6f0 fffffab0`00fb2120 : fffff880`0123c9f4 fffffa80`c0000201 fffff800`046c6ac0 fffff880`04563180 : 0x0
fffff880`09cad6f8 fffff880`0123c9f4 : fffffa80`c0000201 fffff800`046c6ac0 fffff880`04563180 fffff880`04563180 : 0xfffffab0`00fb2120
fffff880`09cad700 fffffa80`c0000201 : fffff800`046c6ac0 fffff880`04563180 fffff880`04563180 00000000`00000000 : Ntfs+0xd9f4
fffff880`09cad708 fffff800`046c6ac0 : fffff880`04563180 fffff880`04563180 00000000`00000000 fffffa80`03c02898 : 0xfffffa80`c0000201
fffff880`09cad710 fffff880`04563180 : fffff880`04563180 00000000`00000000 fffffa80`03c02898 fffff880`09cad740 : nt+0x2b1ac0
fffff880`09cad718 fffff880`04563180 : 00000000`00000000 fffffa80`03c02898 fffff880`09cad740 00000000`00000018 : 0xfffff880`04563180
fffff880`09cad720 00000000`00000000 : fffffa80`03c02898 fffff880`09cad740 00000000`00000018 fffff880`09cad8b8 : 0xfffff880`04563180
fffff880`09cad728 fffffa80`03c02898 : fffff880`09cad740 00000000`00000018 fffff880`09cad8b8 fffff880`0123ee44 : 0x0

STACK_COMMAND:  kb

FOLLOWUP_IP:
nt+b12be
fffff800`044c62be f0410fba6e1000  lock bts dword ptr [r14+10h],0

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  nt+b12be

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntoskrnl.exe

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner

[课程]FART 脱壳王！加量不加价！FART作者讲授！

收藏・0

免费・0

支持

最新回复 (1)
Cydelovy 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 29 粉丝 0 关注私信	Cydelovy 2 楼查看蓝屏代码ID，然后Google。。内存和内存插槽接触不良的话，会造成蓝屏，可能是内存金手指被氧化了，造成接触不良，可以用橡皮擦擦~ 2012-10-11 13:54 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

yueluoice

发帖

回帖

RANK

关注

私信

他的文章

[求助]最近WIN7 64经常蓝屏，求大神分析下DUMP 1186

关于我们

联系我们

企业服务

看雪公众号

最新回复 (1)
Cydelovy 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 29 粉丝 0 关注私信	Cydelovy 2 楼查看蓝屏代码ID，然后Google。。内存和内存插槽接触不良的话，会造成蓝屏，可能是内存金手指被氧化了，造成接触不良，可以用橡皮擦擦~ 2012-10-11 13:54 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复