藍屏分析

显示全部楼层 · 发表于 2013-7-2 11:33:00

用windbg分析dmp文件得到以下內容，，請大神幫我看看是什麽問題導致的。。。。。。

Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\seven\Desktop\PS2\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\WINdbg\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16384.amd64fre.win8_rtm.120725-1247
Machine Name:
Kernel base = 0xfffff802`8180a000 PsLoadedModuleList = 0xfffff802`81ad4a60
Debug session time: Sun Jun 30 01:58:20.939 2013 (UTC + 8:00)
System Uptime: 0 days 0:01:09.765
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols

Loading unloaded module list
........
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck DE, {2, fffff8a00090af58, fffff8a00090db59, d1d108c0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+29ef5 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

POOL_CORRUPTION_IN_FILE_AREA (de)
A driver corrupted pool memory used for holding pages destined for disk.
This was discovered by the memory manager when dereferencing the file.
Arguments:
Arg1: 0000000000000002
Arg2: fffff8a00090af58
Arg3: fffff8a00090db59
Arg4: 00000000d1d108c0

Debugging Details:
------------------

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0xDE

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff802819ec646 to fffff80281885040

STACK_TEXT:
fffff880`04cac2e8 fffff802`819ec646 : 00000000`000000de 00000000`00000002 fffff8a0`0090af58 fffff8a0`0090db59 : nt!KeBugCheckEx
fffff880`04cac2f0 fffff802`81859267 : 00000000`02c00000 fffffa80`0fccfa00 fffffa80`0c74c0c8 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x29ef5
fffff880`04cac3a0 fffff802`81834bbf : fffffa80`0c74c0c8 fffff880`04cac498 00000000`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x13b
fffff880`04cac410 fffff880`018cd56c : fffffa80`115958b0 fffff880`04cac840 00000000`00000001 fffff8a0`00316140 : nt!CcCoherencyFlushAndPurgeCache+0x7f
fffff880`04cac460 fffff880`018ccb4f : fffffa80`115958b0 fffff8a0`00316140 fffff880`04cac801 00000000`00000001 : Ntfs!NtfsFlushAndPurgeScb+0x14c
fffff880`04cac4d0 fffff880`018cd28d : fffffa80`115958b0 fffffa80`104b7790 fffffa80`0fbf5180 fffff8a0`00316010 : Ntfs!NtfsCommonFlushBuffers+0x37f
fffff880`04cac5c0 fffff802`818c5df5 : fffff880`04cac760 fffff8a0`00003100 00000000`00001000 00000000`00000000 : Ntfs!NtfsCommonFlushBuffersCallout+0x19
fffff880`04cac5f0 fffff802`818c6d85 : fffff880`018cd274 fffff880`04cac760 00000000`00000000 fffffa80`1077dd78 : nt!KeExpandKernelStackAndCalloutInternal+0xe5
fffff880`04cac6f0 fffff880`018cd246 : fffff880`04cac810 fffff880`018164fb 00000000`00000000 fffff880`018162ef : nt!KeExpandKernelStackAndCalloutEx+0x25
fffff880`04cac730 fffff880`018cd18d : 00000000`00000000 fffffa80`104b7790 fffffa80`104b7701 fffffa80`104b7790 : Ntfs!NtfsCommonFlushBuffersOnNewStack+0x52
fffff880`04cac790 fffff880`0176d4ee : fffffa80`1077dc00 fffffa80`104b7790 fffffa80`115958b0 fffff880`04cac7b8 : Ntfs!NtfsFsdFlushBuffers+0xb9
fffff880`04cac800 fffff880`0176b0b6 : fffffa80`0d989de0 fffffa80`0d989de0 fffffa80`104b7790 00000000`000007ff : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x25e
fffff880`04cac8a0 fffff802`81bce162 : fffffa80`104b7790 fffff8a0`00611010 fffff8a0`00611010 fffff880`02e75180 : fltmgr!FltpDispatch+0xb6
fffff880`04cac900 fffff802`81bcdf10 : fffffa80`0fd199c0 fffff8a0`00611010 00000000`00000001 fffff8a0`007d1000 : nt!CmpFileFlushAndPurge+0x10a
fffff880`04cac960 fffff802`81bcdd0c : 00000000`00000000 00000000`00001000 00000000`00000000 00000000`00058000 : nt!HvWriteDirtyDataToHive+0x174
fffff880`04cac9e0 fffff802`81bcd04e : 00000000`00000000 00000000`c0000001 00000000`00000000 fffff8a0`00611010 : nt!HvOptimizedSyncHive+0x118
fffff880`04caca20 fffff802`81ca83e4 : fffff8a0`00611010 fffff8a0`00000000 00000000`00000000 00000000`00000000 : nt!CmpFlushHive+0x21e
fffff880`04cacac0 fffff802`81d37638 : 00000000`00000000 00000000`00000020 00000000`00000020 00000000`fffffffe : nt!CmpDoFlushAll+0x30
fffff880`04cacaf0 fffff802`81b778f4 : fffffa80`10111040 fffffa80`10111040 fffff802`81b77710 fffff802`8188e770 : nt!CmShutdownSystem+0x230
fffff880`04cacb40 fffff802`818bd391 : fffffa80`10111040 fffffa80`10111000 fffffa80`11171a00 fffff802`81a8e000 : nt!PopGracefulShutdown+0x1e4
fffff880`04cacb80 fffff802`8182c521 : fffff880`02e02180 00000000`00000080 fffff802`818bd250 fffffa80`10111040 : nt!ExpWorkerThread+0x142
fffff880`04cacc10 fffff802`8186add6 : fffff880`02e02180 fffffa80`10111040 fffff880`02e0de40 fffffa80`0c776040 : nt!PspSystemThreadStartup+0x59
fffff880`04cacc60 00000000`00000000 : fffff880`04cad000 fffff880`04ca7000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+29ef5
fffff802`819ec646 cc             int    3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+29ef5

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5010ac4b

BUCKET_ID_FUNC_OFFSET:  29ef5

FAILURE_BUCKET_ID:  0xDE_nt!_??_::FNODOBFM::_string_

BUCKET_ID:  0xDE_nt!_??_::FNODOBFM::_string_

Followup: MachineOwner
---------

3: kd> lmvm nt
start          end                module name
fffff802`8180a000 fffff802`81f52000 nt       (pdb symbols)       c:\windbg\symbols\ntkrnlmp.pdb\724821001C1C4A03AED8C4C71C2E8D1D2\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp:       Thu Jul 26 10:32:43 2012 (5010AC4B)
CheckSum:       006AA6C8
ImageSize:       00748000
File version:    6.2.9200.16384
Product version:  6.2.9200.16384
File flags:    0 (Mask 3F)
File OS:       40004 NT Win32
File type:       1.0 App
File date:       00000000.00000000
Translations:    0409.04b0
CompanyName:    Microsoft Corporation
ProductName:    Microsoft? Windows? Operating System
InternalName:    ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.2.9200.16384
FileVersion:    6.2.9200.16384 (win8_rtm.120725-1247)
FileDescription:  NT Kernel & System
LegalCopyright: ? Microsoft Corporation. All rights reserved.

显示全部楼层 · 发表于 2013-7-2 11:51:40

看是有设置加载字符在C:\WINdbg\Symbols 不过里面的文件是否齐了建议你下面的
http://msdn.microsoft.com/en-us/windows/hardware/gg463028下载来安装在你的symbols下重新加载下~~
ps:看到你貌似是用大内存转存的 DMP文件还是不叫你发上来了

[系统] 藍屏分析

本帖子中包含更多资源

评分