[求助]跪求大神分析下蓝屏原因，跪谢！-编程技术-看雪-安全社区|安全招聘|kanxue.com

[求助]跪求大神分析下蓝屏原因，跪谢！

发表于: 2016-7-15 13:01 7628

[求助]跪求大神分析下蓝屏原因，跪谢！

sxhghj

2016-7-15 13:01

7628

小白一枚，求大神们分析下蓝屏原因，跪谢！。dmp格式文件打开后如下

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\Administrator\桌面\071416-30451-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02662000 PsLoadedModuleList = 0xfffff800`0289fe50
Debug session time: Thu Jul 14 17:03:09.831 2016 (GMT+8)
System Uptime: 2 days 5:00:37.799
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa800eb639e0, fffffa800eb63cc0, fffff800029dc240}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Probably caused by : csrss.exe

Followup: MachineOwner
---------

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・0

支持

最新回复 (18)
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 2 楼 !analyze -v 2016-7-15 14:08 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 3 楼使用!analyze -v 后得到如下内容 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ***************************************************************************** CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system operation has unexpectedly exited or been terminated. Several processes and threads are necessary for the operation of the system; when they are terminated (for any reason), the system can no longer function. Arguments: Arg1: 0000000000000003, Process Arg2: fffffa800eb639e0, Terminating object Arg3: fffffa800eb63cc0, Process image file name Arg4: fffff800029dc240, Explanatory message (ascii) Debugging Details: ------------------ * Kernel symbols are WRONG. Please fix symbols to do analysis. unable to get nt!KiCurrentEtwBufferOffset unable to get nt!KiCurrentEtwBufferBase ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: csrss FAULTING_MODULE: 0000000000000000 DEBUG_FLR_IMAGE_TIMESTAMP: 0 PROCESS_OBJECT: fffffa800eb639e0 IMAGE_NAME: csrss.exe CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xF4 CURRENT_IRQL: 0 STACK_TEXT: fffff880`1ba08ac8 fffff800`02a5f142 : 00000000`000000f4 00000000`00000003 fffffa80`0eb639e0 fffffa80`0eb63cc0 : nt+0x71f00 fffff880`1ba08ad0 00000000`000000f4 : 00000000`00000003 fffffa80`0eb639e0 fffffa80`0eb63cc0 fffff800`029dc240 : nt+0x3fd142 fffff880`1ba08ad8 00000000`00000003 : fffffa80`0eb639e0 fffffa80`0eb63cc0 fffff800`029dc240 00000000`016df1c0 : 0xf4 fffff880`1ba08ae0 fffffa80`0eb639e0 : fffffa80`0eb63cc0 fffff800`029dc240 00000000`016df1c0 fffffa80`0eb639e0 : 0x3 fffff880`1ba08ae8 fffffa80`0eb63cc0 : fffff800`029dc240 00000000`016df1c0 fffffa80`0eb639e0 fffff800`02a0b269 : 0xfffffa80`0eb639e0 fffff880`1ba08af0 fffff800`029dc240 : 00000000`016df1c0 fffffa80`0eb639e0 fffff800`02a0b269 ffffffff`ffffffff : 0xfffffa80`0eb63cc0 fffff880`1ba08af8 00000000`016df1c0 : fffffa80`0eb639e0 fffff800`02a0b269 ffffffff`ffffffff fffffa80`0fdaf060 : nt+0x37a240 fffff880`1ba08b00 fffffa80`0eb639e0 : fffff800`02a0b269 ffffffff`ffffffff fffffa80`0fdaf060 fffffa80`0eb639e0 : 0x16df1c0 fffff880`1ba08b08 fffff800`02a0b269 : ffffffff`ffffffff fffffa80`0fdaf060 fffffa80`0eb639e0 fffffa80`10949b30 : 0xfffffa80`0eb639e0 fffff880`1ba08b10 ffffffff`ffffffff : fffffa80`0fdaf060 fffffa80`0eb639e0 fffffa80`10949b30 00000000`00000328 : nt+0x3a9269 fffff880`1ba08b18 fffffa80`0fdaf060 : fffffa80`0eb639e0 fffffa80`10949b30 00000000`00000328 00000000`00000008 : 0xffffffff`ffffffff fffff880`1ba08b20 fffffa80`0eb639e0 : fffffa80`10949b30 00000000`00000328 00000000`00000008 fffffa80`10949b30 : 0xfffffa80`0fdaf060 fffff880`1ba08b28 fffffa80`10949b30 : 00000000`00000328 00000000`00000008 fffffa80`10949b30 00000000`00000000 : 0xfffffa80`0eb639e0 fffff880`1ba08b30 00000000`00000328 : 00000000`00000008 fffffa80`10949b30 00000000`00000000 fffffa80`0fdaf060 : 0xfffffa80`10949b30 fffff880`1ba08b38 00000000`00000008 : fffffa80`10949b30 00000000`00000000 fffffa80`0fdaf060 fffff800`0298fc74 : 0x328 fffff880`1ba08b40 fffffa80`10949b30 : 00000000`00000000 fffffa80`0fdaf060 fffff800`0298fc74 ffffffff`ffffffff : 0x8 fffff880`1ba08b48 00000000`00000000 : fffffa80`0fdaf060 fffff800`0298fc74 ffffffff`ffffffff 00000000`00000001 : 0xfffffa80`10949b30 STACK_COMMAND: kb FOLLOWUP_NAME: MachineOwner BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner 2016-7-15 14:14 0
轩辕之风雪币： 2291 活跃值： (938) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 4 楼让人分析dmp，你好歹发一下dmp文件嘛 2016-7-15 14:32 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 5 楼附件上传时提示错误，我看上传的格式里没dmp格式，这个要怎么上传呢？大神！ 2016-7-15 14:35 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 6 楼附件上传时提示错误，我看上传的格式里没dmp格式，这个要怎么上传呢？上传压缩文件吗？小白一个啥也不懂，大神见谅！上传的附件： dmp.rar （94.36kb，17次下载） 2016-7-15 14:38 0
gddcxysqw 雪币： 40 活跃值： (14) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 221 粉丝 0 关注私信	gddcxysqw 7 楼你对csrss做了什么让它退出了 2016-7-15 15:19 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 8 楼啥也没做，它自动被关了，开始我还以为是杀毒软件的原因，然后我把杀毒软件都卸载了，还是出这个问题，服务器老是蓝屏，愁死人了 2016-7-15 15:22 0
轩辕之风雪币： 2291 活跃值： (938) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 9 楼找找你电脑上的SimpNtfy.exe程序，是它把csrss.exe进程杀了。 2016-7-15 15:25 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 10 楼好的，谢谢大神，我去看看 2016-7-15 15:25 0
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 11 楼如果经常蓝屏的话，建议做完整DUMP，毕竟MINIDUMP里面会缺少很多信息。从你上面的信息来看，是csrss.exe这个进程产生了问题导致的，但这个是系统进程，他本身自己出问题的可能性很小，一般都是外在的原因导致，比如木马、病毒之类，注入DLL进入这个进程，然后导致程序出错等 BUGCHECK_STR: 0xF4，F4，内存类问题，，不行就把内存条拔下来擦擦看看 2016-7-15 16:43 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 12 楼好的，谢谢大神！我先换个杀毒软件杀下毒看看，之前没杀出来。另外，完整的DUMP怎么做啊？实在不懂 2016-7-15 16:51 0
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 13 楼我的电脑-》右键属性-》高级-》启动与故障恢复-》设置-》写入调试信息 2016-7-15 16:57 0
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 14 楼选“核心内存存储”就可以 2016-7-15 16:59 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 15 楼好的，谢谢了！ 2016-7-15 17:02 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 16 楼近况：在进程中手动停止SimpNtfy.exe后，目前稳定运行了13天了，毒也没有杀出来，不知道SimpNtfy.exe这个到底是啥进程？ 2016-7-28 09:25 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 17 楼近况：在进程中手动停止SimpNtfy.exe后，目前稳定运行了13天了，毒也没有杀出来，不知道SimpNtfy.exe这个到底是啥进程？ 2016-7-28 09:26 0
轩辕之风雪币： 2291 活跃值： (938) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 18 楼可以发出来给大家看看 2016-7-28 09:44 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 19 楼大神，我另一台服务器也蓝屏了，但是原因和上次的不一样，能否请您移步http://bbs.pediy.com/showthread.php?t=214109看看，谢谢！ 2016-11-21 17:30 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

sxhghj

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (18)
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 2 楼 !analyze -v 2016-7-15 14:08 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 3 楼使用!analyze -v 后得到如下内容 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ***************************************************************************** CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system operation has unexpectedly exited or been terminated. Several processes and threads are necessary for the operation of the system; when they are terminated (for any reason), the system can no longer function. Arguments: Arg1: 0000000000000003, Process Arg2: fffffa800eb639e0, Terminating object Arg3: fffffa800eb63cc0, Process image file name Arg4: fffff800029dc240, Explanatory message (ascii) Debugging Details: ------------------ * Kernel symbols are WRONG. Please fix symbols to do analysis. unable to get nt!KiCurrentEtwBufferOffset unable to get nt!KiCurrentEtwBufferBase ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: csrss FAULTING_MODULE: 0000000000000000 DEBUG_FLR_IMAGE_TIMESTAMP: 0 PROCESS_OBJECT: fffffa800eb639e0 IMAGE_NAME: csrss.exe CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xF4 CURRENT_IRQL: 0 STACK_TEXT: fffff880`1ba08ac8 fffff800`02a5f142 : 00000000`000000f4 00000000`00000003 fffffa80`0eb639e0 fffffa80`0eb63cc0 : nt+0x71f00 fffff880`1ba08ad0 00000000`000000f4 : 00000000`00000003 fffffa80`0eb639e0 fffffa80`0eb63cc0 fffff800`029dc240 : nt+0x3fd142 fffff880`1ba08ad8 00000000`00000003 : fffffa80`0eb639e0 fffffa80`0eb63cc0 fffff800`029dc240 00000000`016df1c0 : 0xf4 fffff880`1ba08ae0 fffffa80`0eb639e0 : fffffa80`0eb63cc0 fffff800`029dc240 00000000`016df1c0 fffffa80`0eb639e0 : 0x3 fffff880`1ba08ae8 fffffa80`0eb63cc0 : fffff800`029dc240 00000000`016df1c0 fffffa80`0eb639e0 fffff800`02a0b269 : 0xfffffa80`0eb639e0 fffff880`1ba08af0 fffff800`029dc240 : 00000000`016df1c0 fffffa80`0eb639e0 fffff800`02a0b269 ffffffff`ffffffff : 0xfffffa80`0eb63cc0 fffff880`1ba08af8 00000000`016df1c0 : fffffa80`0eb639e0 fffff800`02a0b269 ffffffff`ffffffff fffffa80`0fdaf060 : nt+0x37a240 fffff880`1ba08b00 fffffa80`0eb639e0 : fffff800`02a0b269 ffffffff`ffffffff fffffa80`0fdaf060 fffffa80`0eb639e0 : 0x16df1c0 fffff880`1ba08b08 fffff800`02a0b269 : ffffffff`ffffffff fffffa80`0fdaf060 fffffa80`0eb639e0 fffffa80`10949b30 : 0xfffffa80`0eb639e0 fffff880`1ba08b10 ffffffff`ffffffff : fffffa80`0fdaf060 fffffa80`0eb639e0 fffffa80`10949b30 00000000`00000328 : nt+0x3a9269 fffff880`1ba08b18 fffffa80`0fdaf060 : fffffa80`0eb639e0 fffffa80`10949b30 00000000`00000328 00000000`00000008 : 0xffffffff`ffffffff fffff880`1ba08b20 fffffa80`0eb639e0 : fffffa80`10949b30 00000000`00000328 00000000`00000008 fffffa80`10949b30 : 0xfffffa80`0fdaf060 fffff880`1ba08b28 fffffa80`10949b30 : 00000000`00000328 00000000`00000008 fffffa80`10949b30 00000000`00000000 : 0xfffffa80`0eb639e0 fffff880`1ba08b30 00000000`00000328 : 00000000`00000008 fffffa80`10949b30 00000000`00000000 fffffa80`0fdaf060 : 0xfffffa80`10949b30 fffff880`1ba08b38 00000000`00000008 : fffffa80`10949b30 00000000`00000000 fffffa80`0fdaf060 fffff800`0298fc74 : 0x328 fffff880`1ba08b40 fffffa80`10949b30 : 00000000`00000000 fffffa80`0fdaf060 fffff800`0298fc74 ffffffff`ffffffff : 0x8 fffff880`1ba08b48 00000000`00000000 : fffffa80`0fdaf060 fffff800`0298fc74 ffffffff`ffffffff 00000000`00000001 : 0xfffffa80`10949b30 STACK_COMMAND: kb FOLLOWUP_NAME: MachineOwner BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner 2016-7-15 14:14 0
轩辕之风雪币： 2291 活跃值： (938) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 4 楼让人分析dmp，你好歹发一下dmp文件嘛 2016-7-15 14:32 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 5 楼附件上传时提示错误，我看上传的格式里没dmp格式，这个要怎么上传呢？大神！ 2016-7-15 14:35 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 6 楼附件上传时提示错误，我看上传的格式里没dmp格式，这个要怎么上传呢？上传压缩文件吗？小白一个啥也不懂，大神见谅！上传的附件： dmp.rar （94.36kb，17次下载） 2016-7-15 14:38 0
gddcxysqw 雪币： 40 活跃值： (14) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 221 粉丝 0 关注私信	gddcxysqw 7 楼你对csrss做了什么让它退出了 2016-7-15 15:19 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 8 楼啥也没做，它自动被关了，开始我还以为是杀毒软件的原因，然后我把杀毒软件都卸载了，还是出这个问题，服务器老是蓝屏，愁死人了 2016-7-15 15:22 0
轩辕之风雪币： 2291 活跃值： (938) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 9 楼找找你电脑上的SimpNtfy.exe程序，是它把csrss.exe进程杀了。 2016-7-15 15:25 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 10 楼好的，谢谢大神，我去看看 2016-7-15 15:25 0
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 11 楼如果经常蓝屏的话，建议做完整DUMP，毕竟MINIDUMP里面会缺少很多信息。从你上面的信息来看，是csrss.exe这个进程产生了问题导致的，但这个是系统进程，他本身自己出问题的可能性很小，一般都是外在的原因导致，比如木马、病毒之类，注入DLL进入这个进程，然后导致程序出错等 BUGCHECK_STR: 0xF4，F4，内存类问题，，不行就把内存条拔下来擦擦看看 2016-7-15 16:43 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 12 楼好的，谢谢大神！我先换个杀毒软件杀下毒看看，之前没杀出来。另外，完整的DUMP怎么做啊？实在不懂 2016-7-15 16:51 0
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 13 楼我的电脑-》右键属性-》高级-》启动与故障恢复-》设置-》写入调试信息 2016-7-15 16:57 0
xjj 雪币： 286 活跃值： (62) 能力值： ( LV3，RANK：20 ) 在线值：发帖 1 回帖 101 粉丝 1 关注私信	xjj 14 楼选“核心内存存储”就可以 2016-7-15 16:59 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 15 楼好的，谢谢了！ 2016-7-15 17:02 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 16 楼近况：在进程中手动停止SimpNtfy.exe后，目前稳定运行了13天了，毒也没有杀出来，不知道SimpNtfy.exe这个到底是啥进程？ 2016-7-28 09:25 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 17 楼近况：在进程中手动停止SimpNtfy.exe后，目前稳定运行了13天了，毒也没有杀出来，不知道SimpNtfy.exe这个到底是啥进程？ 2016-7-28 09:26 0
轩辕之风雪币： 2291 活跃值： (938) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 18 楼可以发出来给大家看看 2016-7-28 09:44 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 19 楼大神，我另一台服务器也蓝屏了，但是原因和上次的不一样，能否请您移步http://bbs.pediy.com/showthread.php?t=214109看看，谢谢！ 2016-11-21 17:30 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复