-
-
[求助]帮忙分析一个蓝屏,什么引起了BSOD?
-
发表于: 2020-5-23 14:43 3352
-
Loading Dump File [D:\BSOD\MEMORY.DMP]
Kernel Summary Dump File: Kernel address space is available, User address space may not be available.
WARNING: Whitespace at start of path element
* Path validation summary **
Response Time (ms) Location
Deferred SRV C:\symbols http://msdl.microsoft.com/download/symbols
WARNING: Whitespace at start of path element
Symbol search path is: SRV C:\symbols http://msdl.microsoft.com/download/symbols; SRV C:\symbols http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24150.amd64fre.win7sp1_ldr_escrow.180528-1700
Machine Name:
Kernel base = 0xfffff80004615000 PsLoadedModuleList = 0xfffff800
04854c90
Debug session time: Thu May 21 04:49:23.738 2020 (UTC + 8:00)
System Uptime: 2 days 1:31:16.765
Loading Kernel Symbols
...............................................................
................................................................
.....Page 3a53e9 not present in the dump file. Type ".hh dbgerr004" for details
...Page 3a382a not present in the dump file. Type ".hh dbgerr004" for details
..........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
* Symbol Loading Error Summary **
Module name Error
ntkrnlmp The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
For analysis of this file, run !analyze -v
2: kd> !analyze -v
- *
- Bugcheck Analysis *
- *
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800046b390a, Address of the instruction which caused the bugcheck
Arg3: fffff8801fcd5a40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
* Kernel symbols are WRONG. Please fix symbols to do analysis.
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec Value: 0 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on CIRRUS-PC Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 0 Key : Analysis.Memory.CommitPeak.Mb Value: 61 Key : Analysis.System Value: CreateObject
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
WRONG_SYMBOLS_TIMESTAMP: 5b0cb355
WRONG_SYMBOLS_SIZE: 5e3000
FAULTING_MODULE: fffff80004615000 nt
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff800046b390a
BUGCHECK_P3: fffff8801fcd5a40
BUGCHECK_P4: 0
CONTEXT: fffff8801fcd5a40 -- (.cxr 0xfffff8801fcd5a40)
rax=0000000000000100 rbx=fffff8801fcd6500 rcx=0000000000000000
rdx=0000000000100000 rsi=0000000000000000 rdi=0000000000100000
rip=fffff800046b390a rsp=fffff8801fcd6410 rbp=fffff981020c0000
r8=fffff8801fcd6500 r9=0000000000000000 r10=0000000000000fff
r11=0000000000000000 r12=fffffa8018572cd0 r13=0000000000000001
r14=0000000000100000 r15=fffffa800d684988
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!KeConnectInterruptForHal+0x8ba:
fffff800046b390a f6413820 test byte ptr [rcx+38h],20h ds:002b:00000000
00000038=??
Resetting default scope
ASSERT_DATA:
ASSERT_FILE_LOCATION: at Line 533553792
STACK_TEXT:
fffff8801fcd6410 fffff800
046b3adc : fffff88000000000 fffff880
1fcd6500 fffff981020c0000 00000000
00000001 : nt!KeConnectInterruptForHal+0x8ba
fffff8801fcd6470 fffff800
049ddd3e : 0000000000000040 00000000
00100000 fffff981020c0000 00000000
00040000 : nt!KeConnectInterruptForHal+0xa8c
fffff8801fcd64d0 fffff800
04665c11 : 0000000000000100 00000000
00100000 0000000000100001 fffffa80
0d684988 : nt!FsRtlMdlRead+0x13e
fffff8801fcd6500 fffff800
048fcc60 : fffffa8000000000 00000000
00100000 0000000000100000 fffff880
1fcd6630 : nt!CcCopyWrite+0x391
fffff8801fcd6560 fffff880
016ce16f : fffff88000000000 00000000
00000005 fffffa8000040000 fffffa80
18572c01 : nt!CcCopyRead+0x180
fffff8801fcd6620 fffff880
01001098 : fffffa8018572cd0 fffffa80
0d684920 fffff8a03bdcdc70 00000000
00000001 : Ntfs+0x9916f
fffff8801fcd6800 fffff880
0100491a : fffff8801fcd68d0 fffff880
01020400 0000000008c80000 fffffa80
18572c03 : fltmgr+0x1098
fffff8801fcd6860 fffff880
01020630 : fffffa8018572cd0 00000000
00000000 fffff8801fcd69c8 00000000
00100000 : fltmgr!FltIsCallbackDataDirty+0x23ba
fffff8801fcd68a0 fffff800
048fe321 : fffffa8018572cd0 fffffa80
00000001 fffffa800c7f7080 fffffa80
18572cd0 : fltmgr!FltDeletePushLock+0x1e0
fffff8801fcd6940 fffff800
046c79d3 : 0000000074f62450 00000000
00000000 0000000000000000 00000000
00000000 : nt!NtReadFile+0x441
fffff8801fcd6a70 00000000
74f62e09 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!longjmp+0x5c63
0000000011b2ee18 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : 0x74f62e09
SYMBOL_NAME: nt_wrong_symbols!5B0CB3555E3000
IMAGE_VERSION: 6.1.7601.24150
STACK_COMMAND: .cxr 0xfffff8801fcd5a40 ; kb
EXCEPTION_CODE_STR: 5B0CB355
EXCEPTION_STR: WRONG_SYMBOLS
PROCESS_NAME: ntoskrnl.wrong.symbols.exe
IMAGE_NAME: ntoskrnl.wrong.symbols.exe
MODULE_NAME: nt_wrong_symbols
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_7601.24150.amd64fre.win7sp1_ldr_escrow.180528-1700_TIMESTAMP_180529-015637_5B0CB355_nt_wrong_symbols!5B0CB3555E3000
OS_VERSION: 7.1.7601.24150
BUILDLAB_STR: win7sp1_ldr_escrow
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
FAILURE_ID_HASH: {cb7d819b-9afd-4919-80a7-ed3febb39787}
Followup: MachineOwner
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!