[求助]跪求大神分析下蓝屏原因，跪谢！-编程技术-看雪-安全社区|安全招聘|kanxue.com

[求助]跪求大神分析下蓝屏原因，跪谢！

发表于: 2016-11-21 12:48 6429

[求助]跪求大神分析下蓝屏原因，跪谢！

sxhghj

2016-11-21 12:48

6429

DMP文件打开后，得到如下东西，请高手们分析下原因，小白实在看不懂，谢谢！
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Documents and Settings\Administrator\桌面\111716-28641-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.          *
* Use .symfix to have the debugger choose a symbol path.                *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0240e000 PsLoadedModuleList = 0xfffff800`02651670
Debug session time: Thu Nov 17 08:47:29.277 2016 (GMT+8)
System Uptime: 6 days 20:50:48.090
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
..............
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {168, 2, 0, fffff88001036735}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!KPRCB                                     ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!KPRCB                                     ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
Unable to load image \SystemRoot\system32\DRIVERS\NETIO.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETIO.SYS
*** ERROR: Module load completed but symbols could not be loaded for NETIO.SYS
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Probably caused by : NETIO.SYS ( NETIO+36735 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000168, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88001036735, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!KPRCB                                     ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!KPRCB                                     ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*************************************************************************
***                                                                ***
***                                                                ***
*** Your debugger is not using the correct symbols                ***
***                                                                ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.    ***
***                                                                ***
*** Certain .pdb files (such as the public OS symbols) do not    ***
*** contain the required information.  Contact the group that    ***
*** provided you with these symbols if you need this command to ***
*** work.                                                       ***
***                                                                ***
*** Type referenced: nt!_KPRCB                                  ***
***                                                                ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: NETIO

FAULTING_MODULE: fffff8000240e000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  5034f6a0

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0000000000000168

CURRENT_IRQL:  0

FAULTING_IP:
NETIO+36735
fffff880`01036735 4883bb6801000000 cmp    qword ptr [rbx+168h],0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0xD1

LAST_CONTROL_TRANSFER:  from fffff800024831a9 to fffff80002483c00

STACK_TEXT:
fffff800`0390f198 fffff800`024831a9 : 00000000`0000000a 00000000`00000168 00000000`00000002 00000000`00000000 : nt+0x75c00
fffff800`0390f1a0 00000000`0000000a : 00000000`00000168 00000000`00000002 00000000`00000000 fffff880`01036735 : nt+0x751a9
fffff800`0390f1a8 00000000`00000168 : 00000000`00000002 00000000`00000000 fffff880`01036735 fffff800`0390f280 : 0xa
fffff800`0390f1b0 00000000`00000002 : 00000000`00000000 fffff880`01036735 fffff800`0390f280 f2ba9cb2`7d1e04f0 : 0x168
fffff800`0390f1b8 00000000`00000000 : fffff880`01036735 fffff800`0390f280 f2ba9cb2`7d1e04f0 850b5147`0a85e914 : 0x2

STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP:
NETIO+36735
fffff880`01036735 4883bb6801000000 cmp    qword ptr [rbx+168h],0

SYMBOL_NAME:  NETIO+36735

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  NETIO.SYS

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner

[课程]Linux pwn 探索篇！

收藏・0

免费・0

支持

最新回复 (17)
gddcxysqw 雪币： 40 活跃值： (14) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 221 粉丝 0 关注私信	gddcxysqw 2 楼大哥你发的帖子全是让分析dump的吗? 2016-11-21 13:36 0
hackyzh 雪币： 1746 活跃值： (227) 能力值： ( LV9，RANK：210 ) 在线值：发帖 20 回帖 102 粉丝 10 关注私信	hackyzh 3 3 楼 Probably caused by : NETIO.SYS ( NETIO+36735 ) Followup: MachineOwner -------- 你上面不是有原因了么我也蓝屏了，载入windbg 什么东西都挑不出来 2016-11-21 13:44 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 4 楼我也不想啊！老是碰到这种问题，郁闷的要死,唉！ 2016-11-21 16:50 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 5 楼我也不想啊！老是碰到这种问题，郁闷的要死,唉！ 2016-11-21 17:01 0
luskyc 雪币： 248 活跃值： (3789) 能力值： ( LV2，RANK：10 ) 在线值：发帖 25 回帖 938 粉丝 11 关注私信	luskyc 6 楼蓝屏原因已经很清楚了，还要怎么分析？lz不上代码？ 2016-11-21 17:01 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 7 楼知道是NETIO.SYS被停止导致的，但不知道为什么被停止，上次有大神分析到为什么被停止，然后我把那个进程关闭就好了，这次是另外一台服务器，不知道为啥又蓝屏了，郁闷的不得了。 2016-11-21 17:04 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 8 楼代码是指这些吗？里面包含用!analyze -v后跳出来的分析，不知道还有什么，我对这个一点都不懂，见谅，谢谢！ Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: * Invalid * **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * ************************************************************************** Executable search path is: ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: Server, suite: TerminalServer Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533 Machine Name: Kernel base = 0xfffff800`0240e000 PsLoadedModuleList = 0xfffff800`02651670 Debug session time: Thu Nov 17 08:47:29.277 2016 (GMT+8) System Uptime: 6 days 20:50:48.090 ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... ................................................................ .............. Loading User Symbols Loading unloaded module list ....... ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck D1, {168, 2, 0, fffff88001036735} * Kernel symbols are WRONG. Please fix symbols to do analysis. ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* Unable to load image \SystemRoot\system32\DRIVERS\NETIO.SYS, Win32 error 0n2 * WARNING: Unable to verify timestamp for NETIO.SYS * ERROR: Module load completed but symbols could not be loaded for NETIO.SYS ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Probably caused by : NETIO.SYS ( NETIO+36735 ) Followup: MachineOwner --------- 0: kd> !analyze -v ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000168, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88001036735, address which referenced memory Debugging Details: ------------------ * Kernel symbols are WRONG. Please fix symbols to do analysis. ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: NETIO FAULTING_MODULE: fffff8000240e000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 5034f6a0 READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 0000000000000168 CURRENT_IRQL: 0 FAULTING_IP: NETIO+36735 fffff880`01036735 4883bb6801000000 cmp qword ptr [rbx+168h],0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from fffff800024831a9 to fffff80002483c00 STACK_TEXT: fffff800`0390f198 fffff800`024831a9 : 00000000`0000000a 00000000`00000168 00000000`00000002 00000000`00000000 : nt+0x75c00 fffff800`0390f1a0 00000000`0000000a : 00000000`00000168 00000000`00000002 00000000`00000000 fffff880`01036735 : nt+0x751a9 fffff800`0390f1a8 00000000`00000168 : 00000000`00000002 00000000`00000000 fffff880`01036735 fffff800`0390f280 : 0xa fffff800`0390f1b0 00000000`00000002 : 00000000`00000000 fffff880`01036735 fffff800`0390f280 f2ba9cb2`7d1e04f0 : 0x168 fffff800`0390f1b8 00000000`00000000 : fffff880`01036735 fffff800`0390f280 f2ba9cb2`7d1e04f0 850b5147`0a85e914 : 0x2 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: NETIO+36735 fffff880`01036735 4883bb6801000000 cmp qword ptr [rbx+168h],0 SYMBOL_NAME: NETIO+36735 FOLLOWUP_NAME: MachineOwner IMAGE_NAME: NETIO.SYS BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner 2016-11-22 10:36 0
hnbaoli 雪币： 244 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 32 粉丝 1 关注私信	hnbaoli 9 楼大哥，你就把dump给大家一份不就得了 2016-11-22 17:13 0
hnbaoli 雪币： 244 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 32 粉丝 1 关注私信	hnbaoli 10 楼感觉像是访问了不存在的内存地址。 2016-11-22 17:19 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 11 楼我不知道怎么上传DMP格式的附件，系统可上传的文件类型没有dmp格式。这个怎么传，愁死了。 2016-11-23 13:02 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 12 楼好玄啊！大神，这个要怎么处理？换内存？ 2016-11-23 13:04 0
轩辕之风雪币： 2291 活跃值： (933) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 13 楼压缩一下再传嘛，实在不行传到网盘什么的，甩个链接也行啊。你这贴一大堆文字，看着都辣眼睛 2016-11-23 13:20 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 14 楼哦！对哦，可以压缩，唉，茅塞顿开啊！已上传附件，两次蓝屏的dmp文件都在里面，跪求看看，谢谢！上传的附件：电脑蓝屏.zip （42.99kb，9次下载） 2016-11-23 13:55 0
轩辕之风雪币： 2291 活跃值： (933) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 15 楼你不是中病毒了吧，cacIs.exe 2016-11-23 14:34 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 16 楼行，那我先杀个毒看看，有什么杀毒软件推荐吗？大神，我现在用的360，感觉不是很给力。 2016-11-23 15:06 0
beanjoy 雪币： 50 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 7 粉丝 0 关注私信	beanjoy 17 楼关键信息： DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000168, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88001036735, address which referenced memory ... FAULTING_IP: NETIO+36735 fffff880`01036735 4883bb6801000000 cmp qword ptr [rbx+168h],0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from fffff800024831a9 to fffff80002483c00 STACK_TEXT: fffff800`0390f198 fffff800`024831a9 : 00000000`0000000a 00000000`00000168 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff800`0390f1a0 fffff800`02481e20 : 00000000`00000000 fffff800`0390fcd8 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3d39 fffff800`0390f2e0 fffff880`01036735 : 00000000`00258b8b 00000000`00258b8b 00000000`00258b8b fffff880`0100e890 : nt!KeSynchronizeExecution+0x29b0 fffff800`0390f470 00000000`00258b8b : 00000000`00258b8b 00000000`00258b8b fffff880`0100e890 fffffa80`213f5068 : NETIO+0x36735 fffff800`0390f478 00000000`00258b8b : 00000000`00258b8b fffff880`0100e890 fffffa80`213f5068 00000000`0000000c : 0x258b8b fffff800`0390f480 00000000`00258b8b : fffff880`0100e890 fffffa80`213f5068 00000000`0000000c fffffa80`213f5010 : 0x258b8b fffff800`0390f488 fffff880`0100e890 : fffffa80`213f5068 00000000`0000000c fffffa80`213f5010 00000000`00000101 : 0x258b8b fffff800`0390f490 fffffa80`213f5068 : 00000000`0000000c fffffa80`213f5010 00000000`00000101 00000000`00000014 : NETIO+0xe890 fffff800`0390f498 00000000`0000000c : fffffa80`213f5010 00000000`00000101 00000000`00000014 fffff800`0390fc40 : 0xfffffa80`213f5068 fffff800`0390f4a0 fffffa80`213f5010 : 00000000`00000101 00000000`00000014 fffff800`0390fc40 00000000`00258b8b : 0xc fffff800`0390f4a8 00000000`00000101 : 00000000`00000014 fffff800`0390fc40 00000000`00258b8b 00000000`00000103 : 0xfffffa80`213f5010 fffff800`0390f4b0 00000000`00000014 : fffff800`0390fc40 00000000`00258b8b 00000000`00000103 fffff800`0390fb40 : 0x101 fffff800`0390f4b8 fffff800`0390fc40 : 00000000`00258b8b 00000000`00000103 fffff800`0390fb40 fffff880`01039e16 : 0x14 fffff800`0390f4c0 00000000`00258b8b : 00000000`00000103 fffff800`0390fb40 fffff880`01039e16 fffff800`0390fb40 : 0xfffff800`0390fc40 fffff800`0390f4c8 00000000`00000103 : fffff800`0390fb40 fffff880`01039e16 fffff800`0390fb40 00000000`00000014 : 0x258b8b fffff800`0390f4d0 fffff800`0390fb40 : fffff880`01039e16 fffff800`0390fb40 00000000`00000014 fffff800`0390f5a8 : 0x103 fffff800`0390f4d8 fffff880`01039e16 : fffff800`0390fb40 00000000`00000014 fffff800`0390f5a8 00000c53`f505d3fb : 0xfffff800`0390fb40 fffff800`0390f4e0 fffff800`0390fb40 : 00000000`00000014 fffff800`0390f5a8 00000c53`f505d3fb fffffa80`213e03c0 : NETIO+0x39e16 fffff800`0390f4e8 00000000`00000014 : fffff800`0390f5a8 00000c53`f505d3fb fffffa80`213e03c0 fffff800`0390fc40 : 0xfffff800`0390fb40 fffff800`0390f4f0 fffff800`0390f5a8 : 00000c53`f505d3fb fffffa80`213e03c0 fffff800`0390fc40 fffff800`0390fcd0 : 0x14 fffff800`0390f4f8 00000c53`f505d3fb : fffffa80`213e03c0 fffff800`0390fc40 fffff800`0390fcd0 00000000`00000000 : 0xfffff800`0390f5a8 fffff800`0390f500 fffffa80`213e03c0 : fffff800`0390fc40 fffff800`0390fcd0 00000000`00000000 00000000`00258b8c : 0xc53`f505d3fb fffff800`0390f508 fffff800`0390fc40 : fffff800`0390fcd0 00000000`00000000 00000000`00258b8c fffff880`0100e890 : 0xfffffa80`213e03c0 fffff800`0390f510 fffff800`0390fcd0 : 00000000`00000000 00000000`00258b8c fffff880`0100e890 fffff800`0390fcd0 : 0xfffff800`0390fc40 fffff800`0390f518 00000000`00000000 : 00000000`00258b8c fffff880`0100e890 fffff800`0390fcd0 fffffa80`0df9d4e0 : 0xfffff800`0390fcd0 是netio.sys引起的崩溃，更新下驱动程序，或者网上搜索下netio.sys，有很多网友都遇到蓝屏，尝试下他们的解决方法。 2016-11-23 17:32 0
hnbaoli 雪币： 244 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 32 粉丝 1 关注私信	hnbaoli 18 楼打补丁https://support.microsoft.com/en-us/kb/2913431 2016-11-24 14:12 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

sxhghj

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (17)
gddcxysqw 雪币： 40 活跃值： (14) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 221 粉丝 0 关注私信	gddcxysqw 2 楼大哥你发的帖子全是让分析dump的吗? 2016-11-21 13:36 0
hackyzh 雪币： 1746 活跃值： (227) 能力值： ( LV9，RANK：210 ) 在线值：发帖 20 回帖 102 粉丝 10 关注私信	hackyzh 3 3 楼 Probably caused by : NETIO.SYS ( NETIO+36735 ) Followup: MachineOwner -------- 你上面不是有原因了么我也蓝屏了，载入windbg 什么东西都挑不出来 2016-11-21 13:44 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 4 楼我也不想啊！老是碰到这种问题，郁闷的要死,唉！ 2016-11-21 16:50 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 5 楼我也不想啊！老是碰到这种问题，郁闷的要死,唉！ 2016-11-21 17:01 0
luskyc 雪币： 248 活跃值： (3789) 能力值： ( LV2，RANK：10 ) 在线值：发帖 25 回帖 938 粉丝 11 关注私信	luskyc 6 楼蓝屏原因已经很清楚了，还要怎么分析？lz不上代码？ 2016-11-21 17:01 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 7 楼知道是NETIO.SYS被停止导致的，但不知道为什么被停止，上次有大神分析到为什么被停止，然后我把那个进程关闭就好了，这次是另外一台服务器，不知道为啥又蓝屏了，郁闷的不得了。 2016-11-21 17:04 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 8 楼代码是指这些吗？里面包含用!analyze -v后跳出来的分析，不知道还有什么，我对这个一点都不懂，见谅，谢谢！ Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: * Invalid * **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * ************************************************************************** Executable search path is: ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: Server, suite: TerminalServer Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533 Machine Name: Kernel base = 0xfffff800`0240e000 PsLoadedModuleList = 0xfffff800`02651670 Debug session time: Thu Nov 17 08:47:29.277 2016 (GMT+8) System Uptime: 6 days 20:50:48.090 ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... ................................................................ .............. Loading User Symbols Loading unloaded module list ....... ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck D1, {168, 2, 0, fffff88001036735} * Kernel symbols are WRONG. Please fix symbols to do analysis. ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* Unable to load image \SystemRoot\system32\DRIVERS\NETIO.SYS, Win32 error 0n2 * WARNING: Unable to verify timestamp for NETIO.SYS * ERROR: Module load completed but symbols could not be loaded for NETIO.SYS ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* Probably caused by : NETIO.SYS ( NETIO+36735 ) Followup: MachineOwner --------- 0: kd> !analyze -v ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000168, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88001036735, address which referenced memory Debugging Details: ------------------ * Kernel symbols are WRONG. Please fix symbols to do analysis. ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ********************************************************************* * * * * * Your debugger is not using the correct symbols * * * * In order for this command to work properly, your symbol path * * must point to .pdb files that have full type information. * * * * Certain .pdb files (such as the public OS symbols) do not * * contain the required information. Contact the group that * * provided you with these symbols if you need this command to * * work. * * * * Type referenced: nt!_KPRCB * * * ********************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ******************************************************************* ******************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: NETIO FAULTING_MODULE: fffff8000240e000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 5034f6a0 READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 0000000000000168 CURRENT_IRQL: 0 FAULTING_IP: NETIO+36735 fffff880`01036735 4883bb6801000000 cmp qword ptr [rbx+168h],0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from fffff800024831a9 to fffff80002483c00 STACK_TEXT: fffff800`0390f198 fffff800`024831a9 : 00000000`0000000a 00000000`00000168 00000000`00000002 00000000`00000000 : nt+0x75c00 fffff800`0390f1a0 00000000`0000000a : 00000000`00000168 00000000`00000002 00000000`00000000 fffff880`01036735 : nt+0x751a9 fffff800`0390f1a8 00000000`00000168 : 00000000`00000002 00000000`00000000 fffff880`01036735 fffff800`0390f280 : 0xa fffff800`0390f1b0 00000000`00000002 : 00000000`00000000 fffff880`01036735 fffff800`0390f280 f2ba9cb2`7d1e04f0 : 0x168 fffff800`0390f1b8 00000000`00000000 : fffff880`01036735 fffff800`0390f280 f2ba9cb2`7d1e04f0 850b5147`0a85e914 : 0x2 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: NETIO+36735 fffff880`01036735 4883bb6801000000 cmp qword ptr [rbx+168h],0 SYMBOL_NAME: NETIO+36735 FOLLOWUP_NAME: MachineOwner IMAGE_NAME: NETIO.SYS BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner 2016-11-22 10:36 0
hnbaoli 雪币： 244 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 32 粉丝 1 关注私信	hnbaoli 9 楼大哥，你就把dump给大家一份不就得了 2016-11-22 17:13 0
hnbaoli 雪币： 244 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 32 粉丝 1 关注私信	hnbaoli 10 楼感觉像是访问了不存在的内存地址。 2016-11-22 17:19 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 11 楼我不知道怎么上传DMP格式的附件，系统可上传的文件类型没有dmp格式。这个怎么传，愁死了。 2016-11-23 13:02 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 12 楼好玄啊！大神，这个要怎么处理？换内存？ 2016-11-23 13:04 0
轩辕之风雪币： 2291 活跃值： (933) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 13 楼压缩一下再传嘛，实在不行传到网盘什么的，甩个链接也行啊。你这贴一大堆文字，看着都辣眼睛 2016-11-23 13:20 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 14 楼哦！对哦，可以压缩，唉，茅塞顿开啊！已上传附件，两次蓝屏的dmp文件都在里面，跪求看看，谢谢！上传的附件：电脑蓝屏.zip （42.99kb，9次下载） 2016-11-23 13:55 0
轩辕之风雪币： 2291 活跃值： (933) 能力值： ( LV8，RANK：130 ) 在线值：发帖 34 回帖 322 粉丝 67 关注私信	轩辕之风 1 15 楼你不是中病毒了吧，cacIs.exe 2016-11-23 14:34 0
sxhghj 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 20 粉丝 0 关注私信	sxhghj 16 楼行，那我先杀个毒看看，有什么杀毒软件推荐吗？大神，我现在用的360，感觉不是很给力。 2016-11-23 15:06 0
beanjoy 雪币： 50 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 7 粉丝 0 关注私信	beanjoy 17 楼关键信息： DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000168, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88001036735, address which referenced memory ... FAULTING_IP: NETIO+36735 fffff880`01036735 4883bb6801000000 cmp qword ptr [rbx+168h],0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from fffff800024831a9 to fffff80002483c00 STACK_TEXT: fffff800`0390f198 fffff800`024831a9 : 00000000`0000000a 00000000`00000168 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff800`0390f1a0 fffff800`02481e20 : 00000000`00000000 fffff800`0390fcd8 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3d39 fffff800`0390f2e0 fffff880`01036735 : 00000000`00258b8b 00000000`00258b8b 00000000`00258b8b fffff880`0100e890 : nt!KeSynchronizeExecution+0x29b0 fffff800`0390f470 00000000`00258b8b : 00000000`00258b8b 00000000`00258b8b fffff880`0100e890 fffffa80`213f5068 : NETIO+0x36735 fffff800`0390f478 00000000`00258b8b : 00000000`00258b8b fffff880`0100e890 fffffa80`213f5068 00000000`0000000c : 0x258b8b fffff800`0390f480 00000000`00258b8b : fffff880`0100e890 fffffa80`213f5068 00000000`0000000c fffffa80`213f5010 : 0x258b8b fffff800`0390f488 fffff880`0100e890 : fffffa80`213f5068 00000000`0000000c fffffa80`213f5010 00000000`00000101 : 0x258b8b fffff800`0390f490 fffffa80`213f5068 : 00000000`0000000c fffffa80`213f5010 00000000`00000101 00000000`00000014 : NETIO+0xe890 fffff800`0390f498 00000000`0000000c : fffffa80`213f5010 00000000`00000101 00000000`00000014 fffff800`0390fc40 : 0xfffffa80`213f5068 fffff800`0390f4a0 fffffa80`213f5010 : 00000000`00000101 00000000`00000014 fffff800`0390fc40 00000000`00258b8b : 0xc fffff800`0390f4a8 00000000`00000101 : 00000000`00000014 fffff800`0390fc40 00000000`00258b8b 00000000`00000103 : 0xfffffa80`213f5010 fffff800`0390f4b0 00000000`00000014 : fffff800`0390fc40 00000000`00258b8b 00000000`00000103 fffff800`0390fb40 : 0x101 fffff800`0390f4b8 fffff800`0390fc40 : 00000000`00258b8b 00000000`00000103 fffff800`0390fb40 fffff880`01039e16 : 0x14 fffff800`0390f4c0 00000000`00258b8b : 00000000`00000103 fffff800`0390fb40 fffff880`01039e16 fffff800`0390fb40 : 0xfffff800`0390fc40 fffff800`0390f4c8 00000000`00000103 : fffff800`0390fb40 fffff880`01039e16 fffff800`0390fb40 00000000`00000014 : 0x258b8b fffff800`0390f4d0 fffff800`0390fb40 : fffff880`01039e16 fffff800`0390fb40 00000000`00000014 fffff800`0390f5a8 : 0x103 fffff800`0390f4d8 fffff880`01039e16 : fffff800`0390fb40 00000000`00000014 fffff800`0390f5a8 00000c53`f505d3fb : 0xfffff800`0390fb40 fffff800`0390f4e0 fffff800`0390fb40 : 00000000`00000014 fffff800`0390f5a8 00000c53`f505d3fb fffffa80`213e03c0 : NETIO+0x39e16 fffff800`0390f4e8 00000000`00000014 : fffff800`0390f5a8 00000c53`f505d3fb fffffa80`213e03c0 fffff800`0390fc40 : 0xfffff800`0390fb40 fffff800`0390f4f0 fffff800`0390f5a8 : 00000c53`f505d3fb fffffa80`213e03c0 fffff800`0390fc40 fffff800`0390fcd0 : 0x14 fffff800`0390f4f8 00000c53`f505d3fb : fffffa80`213e03c0 fffff800`0390fc40 fffff800`0390fcd0 00000000`00000000 : 0xfffff800`0390f5a8 fffff800`0390f500 fffffa80`213e03c0 : fffff800`0390fc40 fffff800`0390fcd0 00000000`00000000 00000000`00258b8c : 0xc53`f505d3fb fffff800`0390f508 fffff800`0390fc40 : fffff800`0390fcd0 00000000`00000000 00000000`00258b8c fffff880`0100e890 : 0xfffffa80`213e03c0 fffff800`0390f510 fffff800`0390fcd0 : 00000000`00000000 00000000`00258b8c fffff880`0100e890 fffff800`0390fcd0 : 0xfffff800`0390fc40 fffff800`0390f518 00000000`00000000 : 00000000`00258b8c fffff880`0100e890 fffff800`0390fcd0 fffffa80`0df9d4e0 : 0xfffff800`0390fcd0 是netio.sys引起的崩溃，更新下驱动程序，或者网上搜索下netio.sys，有很多网友都遇到蓝屏，尝试下他们的解决方法。 2016-11-23 17:32 0
hnbaoli 雪币： 244 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 32 粉丝 1 关注私信	hnbaoli 18 楼打补丁https://support.microsoft.com/en-us/kb/2913431 2016-11-24 14:12 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复