360 蓝屏

ccsfuture

貌似是360的一个驱动，腾讯游戏那个保护模块，以及显卡的一个驱动冲突。最近老蓝屏，受不鸟了。

附上dmp
求高手具体看看啥情况。



这个帖子里的问题就当作素材让高手参考吧，呵呵。

jefffire

排个队，也有个蓝屏，求高手分析
http://yunpan.cn/lk/40t3dvrivc

-oAo-

都与Q管组合？

§夢非夢§

最好别配上Q管，另外请蓝屏的坛友说明360卫士+什么？

GiBson

1. 
   
2. Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
   
3. Copyright (c) Microsoft Corporation. All rights reserved.
   
4. 
   
5. 
   
6. Loading Dump File [C:\Users\GiBson\Desktop\061812-19078-01.dmp]
   
7. Mini Kernel Dump File: Only registers and stack trace are available
   
8. 
   
9. WARNING: Whitespace at end of path element
   
10. Symbol search path is: srv*c:\DownstreamStore*http://msdl.microsoft.com/download/symbols
    
11. 
    
12. Executable search path is:
    
13. Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    
14. Product: WinNt, suite: TerminalServer SingleUserTS
    
15. Built by: 7601.17803.x86fre.win7sp1_gdr.120330-1504
    
16. Machine Name:
    
17. Kernel base = 0x84001000 PsLoadedModuleList = 0x8414a4d0
    
18. Debug session time: Mon Jun 18 20:22:19.542 2012 (GMT+8)
    
19. System Uptime: 0 days 3:41:55.087
    
20. Loading Kernel Symbols
    
21. ...............................................................
    
22. ................................................................
    
23. ..........................................
    
24. Loading User Symbols
    
25. Loading unloaded module list
    
26. .........
    
27. 2: kd> !analyze -v
    
28. *******************************************************************************
    
29. *                                                                             *
    
30. *                        Bugcheck Analysis                                    *
    
31. *                                                                             *
    
32. *******************************************************************************
    
33. 
    
34. PAGE_FAULT_IN_NONPAGED_AREA (50)
    
35. Invalid system memory was referenced.  This cannot be protected by try-except,
    
36. it must be protected by a Probe.  Typically the address is just plain bad or it
    
37. is pointing at freed memory.
    
38. Arguments:
    
39. Arg1: bdea3000, memory referenced.
    
40. Arg2: 00000000, value 0 = read operation, 1 = write operation.
    
41. Arg3: c480d974, If non-zero, the instruction address which referenced the bad memory
    
42.         address.
    
43. Arg4: 00000000, (reserved)
    
44. 
    
45. Debugging Details:
    
46. ------------------
    
47. 
    
48. Unable to load image \??\C:\Windows\system32\TesSafe.sys, Win32 error 0n2
    
49. *** WARNING: Unable to verify timestamp for TesSafe.sys
    
50. *** ERROR: Module load completed but symbols could not be loaded for TesSafe.sys
    
51. *** WARNING: Unable to verify timestamp for Hookport.sys
    
52. *** ERROR: Module load completed but symbols could not be loaded for Hookport.sys
    
53. 
    
54. Could not read faulting driver name
    
55. 
    
56. READ_ADDRESS: GetPointerFromAddress: unable to read from 8416a848
    
57. Unable to read MiSystemVaType memory at 84149e20
    
58. bdea3000
    
59. 
    
60. FAULTING_IP:
    
61. TesSafe+1974
    
62. c480d974 a5              movs    dword ptr es:[edi],dword ptr [esi]
    
63. 
    
64. MM_INTERNAL_CODE:  0
    
65. 
    
66. CUSTOMER_CRASH_COUNT:  1
    
67. 
    
68. DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
69. 
    
70. BUGCHECK_STR:  0x50
    
71. 
    
72. PROCESS_NAME:  crossfire.exe
    
73. 
    
74. CURRENT_IRQL:  0
    
75. 
    
76. TRAP_FRAME:  b612f510 -- (.trap 0xffffffffb612f510)
    
77. ErrCode = 00000000
    
78. eax=00002180 ebx=0000000f ecx=0000c000 edx=8da12000 esi=bdea3000 edi=8951df9c
    
79. eip=c480d974 esp=b612f584 ebp=b612f598 iopl=0         nv up ei ng nz ac po nc
    
80. cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010292
    
81. TesSafe+0x1974:
    
82. c480d974 a5              movs    dword ptr es:[edi],dword ptr [esi] es:0023:8951df9c=???????? ds:0023:bdea3000=????????
    
83. Resetting default scope
    
84. 
    
85. LAST_CONTROL_TRANSFER:  from 84042468 to 8408f3bf
    
86. 
    
87. STACK_TEXT:  
    
88. b612f4f8 84042468 00000000 bdea3000 00000000 nt!MmAccessFault+0x106
    
89. b612f4f8 c480d974 00000000 bdea3000 00000000 nt!KiTrap0E+0xdc
    
90. WARNING: Stack unwind information not available. Following frames may be wrong.
    
91. b612f598 c480f76d 8951df94 8951c000 8951c000 TesSafe+0x1974
    
92. b612f6d0 c4810ead c480d8ae 8951c000 b612fb08 TesSafe+0x376d
    
93. b612f6e0 c4857721 8951c000 8354ea68 86958030 TesSafe+0x4ead
    
94. b612fb08 840385be 86958030 8706ebf0 8706ebf0 TesSafe+0x4b721
    
95. b612fb20 8422bb09 8354ea68 8706ebf0 8706ec60 nt!IofCallDriver+0x63
    
96. b612fb40 8422ecdb 86958030 8354ea68 00000000 nt!IopSynchronousServiceTail+0x1f8
    
97. b612fbdc 8427561b 86958030 8706ebf0 00000000 nt!IopXxxControlFile+0x6aa
    
98. b612fc10 84d9af4f 0000126c 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    
99. b612fd04 8403f27a 0000126c 00000000 00000000 Hookport+0x4f4f
    
100. b612fd04 77427094 0000126c 00000000 00000000 nt!KiFastCallEntry+0x12a
     
101. 0919fd5c 00000000 00000000 00000000 00000000 0x77427094
     
102. 
     
103. 
     
104. STACK_COMMAND:  kb
     
105. 
     
106. FOLLOWUP_IP:
     
107. TesSafe+1974
     
108. c480d974 a5              movs    dword ptr es:[edi],dword ptr [esi]
     
109. 
     
110. SYMBOL_STACK_INDEX:  2
     
111. 
     
112. SYMBOL_NAME:  TesSafe+1974
     
113. 
     
114. FOLLOWUP_NAME:  MachineOwner
     
115. 
     
116. MODULE_NAME: TesSafe
     
117. 
     
118. IMAGE_NAME:  TesSafe.sys
     
119. 
     
120. DEBUG_FLR_IMAGE_TIMESTAMP:  4edd7664
     
121. 
     
122. FAILURE_BUCKET_ID:  0x50_TesSafe+1974
     
123. 
     
124. BUCKET_ID:  0x50_TesSafe+1974
     
125. 
     
126. Followup: MachineOwner
     
127. ---------
     

复制代码

进程：crossfire.exe（穿越火线）
驱动： TesSafe.sys
好像是腾讯的问题吧。。。。

GiBson

jefffire 发表于 2012-6-22 10:59
排个队，也有个蓝屏，求高手分析
http://yunpan.cn/lk/40t3dvrivc

062112-29811-01.dmp：
进程：System
驱动：NETwNs32.sys（我这里上不了百度，不知道这个是什么驱动 ）
另外一个dump也是这个进程和驱动。。。。

小蚂蚁的梦想

GiBson 发表于 2012-6-22 11:35
062112-29811-01.dmp：
进程：System
驱动：NETwNs32.sys（我这里上不了百度，不知道这个是什么驱动[:3 ...

网卡驱动问题 这个驱动

myzuzong

to be honest, posting things that are automatically generated by windbg like "probably caused by xxx" really does't help. everybody understands what "probably caused by" means, everybody knows how to drag a file into windbg, and everybody can even read the stack backtrace. but not everybody know how to correctly debug a problem. that's why we need software engineer.

ccsfuture

-oAo- 发表于 2012-6-22 11:10
都与Q管组合？

家里的老爷机 q管不是杀毒管家2合一么，图省事。

不对啊 这是我笔记本的蓝屏记录，这台破电脑没蓝屏！！！！

ccsfuture

GiBson 发表于 2012-6-22 11:27
进程：crossfire.exe（穿越火线）
驱动： TesSafe.sys
好像是腾讯的问题吧。。。。

一开机直接蓝 还没有运行任何程序呢？360和tx是不是对着干啊...........