电脑蓝屏了，求帮忙分析dump文件

renwukeren

电脑蓝屏了，求帮忙分析dump文件，谢谢

100lj

用BlueScreenView分析结果为：
导致崩溃的驱动程序:ntoskrnl.exe
这个还需要用windebug做进一步分析。

whf20

0x000000D1蓝屏错误分析：通常是由有问题的驱动程序引起的(比如罗技鼠标的Logitech MouseWare 9.10和9.24版驱动程序会引发这个故障)。同时，有缺陷的内存、损坏的虚拟内存文件、某些软件(比如多媒体软件、杀毒软件、备份软件、DVD播放软件)等也会导致这个错误。
解决方案：检查最新安装或升级的驱动程序(如果蓝屏中出现"acpi.sys"等类似文件名, 可以非常肯定是驱动程序问题)和软件；测试内存是否存在问题；删除和重建虚拟内存文件，然后在文件所在分区执行"chkdsk /r"命令。
如果在上网时遇到这个蓝屏，而你恰恰又在进行大量的数据下载和上传(比如:网络游戏、BT下载)，那么应该是网卡驱动的问题，需要升级其驱动程序。
不会操作的话请人或重装系统吧！

812534593

使用windbg看了下是这个驱动造成的h3comfilter.sys，你看看安装什么东西有这个，卸载或者重装下！

1. 
   
2. 
   
3. *******************************************************************************
   
4. *                                                                             *
   
5. *                        Bugcheck Analysis                                    *
   
6. *                                                                             *
   
7. *******************************************************************************
   
8. 
   
9. Use !analyze -v to get detailed debugging information.
   
10. 
    
11. BugCheck D1, {400000000, 2, 8, 400000000}
    
12. 
    
13. Unable to load image \SystemRoot\system32\DRIVERS\h3comfilter.sys, Win32 error 0n2
    
14. *** WARNING: Unable to verify timestamp for h3comfilter.sys
    
15. *** ERROR: Module load completed but symbols could not be loaded for h3comfilter.sys
    
16. Probably caused by : h3comfilter.sys ( h3comfilter+352e )
    
17. 
    
18. Followup: MachineOwner
    
19. ---------
    
20. 
    
21. 3: kd> !analyze -v
    
22. *******************************************************************************
    
23. *                                                                             *
    
24. *                        Bugcheck Analysis                                    *
    
25. *                                                                             *
    
26. *******************************************************************************
    
27. 
    
28. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    
29. An attempt was made to access a pageable (or completely invalid) address at an
    
30. interrupt request level (IRQL) that is too high.  This is usually
    
31. caused by drivers using improper addresses.
    
32. If kernel debugger is available get stack backtrace.
    
33. Arguments:
    
34. Arg1: 0000000400000000, memory referenced
    
35. Arg2: 0000000000000002, IRQL
    
36. Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
    
37. Arg4: 0000000400000000, address which referenced memory
    
38. 
    
39. Debugging Details:
    
40. ------------------
    
41. 
    
42. 
    
43. READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80004ac4100
    
44. 0000000400000000
    
45. 
    
46. CURRENT_IRQL:  2
    
47. 
    
48. FAULTING_IP:
    
49. +3730633033373662
    
50. 00000004`00000000 ??              ???
    
51. 
    
52. PROCESS_NAME:  System
    
53. 
    
54. CUSTOMER_CRASH_COUNT:  1
    
55. 
    
56. DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
57. 
    
58. BUGCHECK_STR:  0xD1
    
59. 
    
60. TRAP_FRAME:  fffff8800d2fb760 -- (.trap 0xfffff8800d2fb760)
    
61. NOTE: The trap frame does not contain all registers.
    
62. Some register values may be zeroed or incorrect.
    
63. rax=0000000000000000 rbx=0000000000000000 rcx=00000018fe2712ac
    
64. rdx=fffff8800cd81480 rsi=0000000000000000 rdi=0000000000000000
    
65. rip=0000000400000000 rsp=fffff8800d2fb8f8 rbp=0000000000000002
    
66. r8=0000000000000000  r9=0000000000000000 r10=fffff880049d5e20
    
67. r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
    
68. r14=0000000000000000 r15=0000000000000000
    
69. iopl=0         nv up ei pl zr na po nc
    
70. 00000004`00000000 ??              ???
    
71. Resetting default scope
    
72. 
    
73. LAST_CONTROL_TRANSFER:  from fffff8000488c169 to fffff8000488cbc0
    
74. 
    
75. FAILED_INSTRUCTION_ADDRESS:
    
76. +3730633033373662
    
77. 00000004`00000000 ??              ???
    
78. 
    
79. STACK_TEXT:  
    
80. fffff880`0d2fb618 fffff800`0488c169 : 00000000`0000000a 00000004`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
    
81. fffff880`0d2fb620 fffff800`0488ade0 : fffffa80`07d9b1a0 fffff880`0d2fba90 00000000`00000000 fffffa80`070abb50 : nt!KiBugCheckDispatch+0x69
    
82. fffff880`0d2fb760 00000004`00000000 : fffff880`018cf112 fffffa80`070abc00 00000000`00000002 fffff880`0d2fb9c0 : nt!KiPageFault+0x260
    
83. fffff880`0d2fb8f8 fffff880`018cf112 : fffffa80`070abc00 00000000`00000002 fffff880`0d2fb9c0 fffffa80`07d8d1a0 : 0x4`00000000
    
84. fffff880`0d2fb900 fffff880`0191a27c : fffffa80`03f37600 00000000`00000000 fffff880`0cd81480 00000000`00000000 : ndis!ndisOidRequestComplete+0x392
    
85. fffff880`0d2fb990 fffff880`0191a4fe : fffffa80`03f375a0 00000000`00000000 fffffa80`07d8d1a0 fffffa80`00000230 : ndis!ndisMOidRequestCompleteInternal+0xdc
    
86. fffff880`0d2fba10 fffff880`019675e9 : fffffa80`07d8d1a0 fffffa80`03fa8530 fffff880`01930110 00000000`00000100 : ndis!ndisCompleteLegacyRequest+0x10e
    
87. fffff880`0d2fba70 fffff880`07e0352e : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`0d2fbc00 : ndis!NdisMSetInformationComplete+0xa9
    
88. fffff880`0d2fbab0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`0d2fbc00 fffffa80`0c7c8930 : h3comfilter+0x352e
    
89. 
    
90. 
    
91. STACK_COMMAND:  kb
    
92. 
    
93. FOLLOWUP_IP:
    
94. h3comfilter+352e
    
95. fffff880`07e0352e ??              ???
    
96. 
    
97. SYMBOL_STACK_INDEX:  8
    
98. 
    
99. SYMBOL_NAME:  h3comfilter+352e
    
100. 
     
101. FOLLOWUP_NAME:  MachineOwner
     
102. 
     
103. MODULE_NAME: h3comfilter
     
104. 
     
105. IMAGE_NAME:  h3comfilter.sys
     
106. 
     
107. DEBUG_FLR_IMAGE_TIMESTAMP:  4c491c00
     
108. 
     
109. FAILURE_BUCKET_ID:  X64_0xD1_CODE_AV_BAD_IP_h3comfilter+352e
     
110. 
     
111. BUCKET_ID:  X64_0xD1_CODE_AV_BAD_IP_h3comfilter+352e
     
112. 
     
113. Followup: MachineOwner
     
114. ---------
     
115. 
     
116. 3: kd> !process
     
117. GetPointerFromAddress: unable to read from fffff80004ac4000
     
118. PROCESS fffffa8003e71040
     
119.     SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
     
120.     DirBase: 001a7000  ObjectTable: fffff8a000001780  HandleCount: <Data Not Accessible>
     
121.     Image: System
     
122.     VadRoot fffffa8006c16a00 Vads 23 Clone 0 Private 24. Modified 60570177. Locked 64.
     
123.     DeviceMap fffff8a000008bc0
     
124.     Token                             fffff8a000004b20
     
125.     ReadMemory error: Cannot get nt!KeMaximumIncrement value.
     
126. fffff78000000000: Unable to get shared data
     
127.     ElapsedTime                       00:00:00.000
     
128.     UserTime                          00:00:00.000
     
129.     KernelTime                        00:00:00.000
     
130.     QuotaPoolUsage[PagedPool]         0
     
131.     QuotaPoolUsage[NonPagedPool]      0
     
132.     Working Set Sizes (now,min,max)  (777, 0, 0) (3108KB, 0KB, 0KB)
     
133.     PeakWorkingSetSize                3748
     
134.     VirtualSize                       6 Mb
     
135.     PeakVirtualSize                   18 Mb
     
136.     PageFaultCount                    53481
     
137.     MemoryPriority                    BACKGROUND
     
138.     BasePriority                      8
     
139.     CommitCharge                      45
     
140. 
     
141.         *** Error in reading nt!_ETHREAD [url=home.php?mod=space&uid=340]@[/url] fffffa8003e71ab0
     
142. 
     
143. 
     
144. 
     

复制代码