求帮忙分析蓝屏文件……

显示全部楼层 · 发表于 2012-12-16 17:48:07

一个月之内蓝了三次，用windbg看不到~

显示全部楼层 · 发表于 2012-12-16 22:32:42

分析如下：
Microsoft (R) Windows Debugger Version 6.1.7601.17514 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\Lenovo\Desktop\121612-25942-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.          *
* Use .symfix to have the debugger choose a symbol path.                *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.x86fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0x84204000 PsLoadedModuleList = 0x8434e4d0
Debug session time: Sun Dec 16 17:13:18.198 2012 (UTC + 8:00)
System Uptime: 0 days 2:48:10.159
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                *
* The Symbol Path can be set by:                                  *
* using the _NT_SYMBOL_PATH environment variable.                *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+                                  *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
............................
The call to LoadLibrary(ext) failed, Win32 error 0n2
"系统找不到指定的文件。"
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 0n2
"系统找不到指定的文件。"
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 0n2
"系统找不到指定的文件。"
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 0n2
"系统找不到指定的文件。"
Please check your debugger configuration and/or network access.

请注意看worry项目。

显示全部楼层 · 发表于 2012-12-16 22:40:36

笙儿发表于 2012-12-16 22:32
分析如下：
Microsoft (R) Windows Debugger Version 6.1.7601.17514 X86
Copyright (c) Microsoft Corpo ...

就你这神马工具根本分析不准.....和官方分析出来的简直是天上地下

显示全部楼层 · 发表于 2012-12-16 23:58:21

vm001 发表于 2012-12-16 22:40
就你这神马工具根本分析不准.....和官方分析出来的简直是天上地下

windbg

显示全部楼层 · 发表于 2012-12-19 23:31:01

楼上正解

显示全部楼层 · 发表于 2012-12-19 23:41:17

笙儿发表于 2012-12-16 22:32
分析如下：
Microsoft (R) Windows Debugger Version 6.1.7601.17514 X86
Copyright (c) Microsoft Corpo ...

你的截图完全没写重点
halmacpi.dll
halmacpi.dll+5ba9 0x84617000 0x8464e000 0x00037000 0x4ce788d2 2010/11/20 16:37:38
ntkrnlpa.exe
ntkrnlpa.exe+7a849 0x84204000 0x84617000 0x00413000 0x503f7f43 2012/8/30 22:57:07
Wdf01000.sys
Wdf01000.sys+18e02 0x84e37000 0x84eb8000 0x00081000 0x5010ac41 2012/7/26 10:32:33

显示全部楼层 · 发表于 2012-12-20 12:48:23

笙儿发表于 2012-12-16 22:32
分析如下：
Microsoft (R) Windows Debugger Version 6.1.7601.17514 X86
Copyright (c) Microsoft Corpo ...

经常看到版主好心贴出结果，但是实际上版主的操作方法和理解有误，这次还是给您指出一下吧。

Symbol search path is: *** Invalid ***
这说明你没有设置符号路径，下面的分析都没啥意义，需要用命令“.symfix [path]”来设置路径，然后用“.reload [module]"命令加载符号

ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
这是windbg的错误信息，跟蓝屏原因无关。这句话的意思是：错误，模块加载完成，但是未能加载该模块的符号文件。意思是让你设置符号路径，这样windbg才能加载符号文件，才能进行进一步分析。

所以版主贴出的文字，全是windbg本身的报错信息，跟蓝屏本身毫无关系。

显示全部楼层 · 发表于 2012-12-20 12:53:37

myzuzong 发表于 2012-12-20 12:48
经常看到版主好心贴出结果，但是实际上版主的操作方法和理解有误，这次还是给您指出一下吧。

Symbol s ...

感谢，windbg不太会用，好心办了坏事了。抱歉。

[求助] 求帮忙分析蓝屏文件……

本帖子中包含更多资源

评分