本帖最后由 扬帆起航 于 2014-8-28 22:49 编辑
利用windbg分析蓝屏dump
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G:\082714-28002-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: D:\Symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18229.amd64fre.win7sp1_gdr.130801-1533
Machine Name:
Kernel base = 0xfffff800`04456000 PsLoadedModuleList = 0xfffff800`046996d0
Debug session time: Wed Aug 27 12:47:20.156 2014 (UTC + 8:00)
System Uptime: 0 days 0:08:08.374
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 116, {fffffa8007825010, fffff88005f08dac, 0, 2}
Unable to load image atikmpag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmpag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
Probably caused by : atikmpag.sys ( atikmpag+bdac )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: fffffa8007825010, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: fffff88005f08dac, The pointer into responsible device driver module (e.g. owner tag).
Arg3: 0000000000000000, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 0000000000000002, Optional internal context dependent data.
Debugging Details:
------------------
FAULTING_IP:
atikmpag+bdac
fffff880`05f08dac 4883ec28 sub rsp,28h
DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x116
PROCESS_NAME: System
CURRENT_IRQL: 0
STACK_TEXT:
fffff880`071ca918 fffff880`05e5d134 : 00000000`00000116 fffffa80`07825010 fffff880`05f08dac 00000000`00000000 : nt!KeBugCheckEx
fffff880`071ca920 fffff880`05e5ce3e : fffff880`05f08dac fffffa80`07825010 fffffa80`0775ad50 fffffa80`08152410 : dxgkrnl!TdrBugcheckOnTimeout+0xec
fffff880`071ca960 fffff880`0f80ff13 : fffffa80`07825010 00000000`00000000 fffffa80`0775ad50 fffffa80`08152410 : dxgkrnl!TdrIsRecoveryRequired+0x1a2
fffff880`071ca990 fffff880`0f83ded6 : fffffa80`ffffffff 00000000`00007923 fffff880`071caaf0 00000000`00000002 : dxgmms1!VidSchiReportHwHang+0x40b
fffff880`071caa70 fffff880`0f80b2aa : fffffa80`08152410 ffffffff`feced300 fffffa80`0775ad50 00000000`00000000 : dxgmms1!VidSchWaitForCompletionEvent+0x196
fffff880`071caab0 fffff880`0f837ff6 : 00000000`00000000 fffffa80`0775ad50 00000000`00000080 fffffa80`08152410 : dxgmms1!VidSchiScheduleCommandToRun+0x1b2
fffff880`071cabc0 fffff800`04769bae : 00000000`fffffc32 fffffa80`08bc9b50 fffffa80`06c924a0 fffffa80`08bc9b50 : dxgmms1!VidSchiWorkerThread+0xba
fffff880`071cac00 fffff800`044bc8c6 : fffff800`04646e80 fffffa80`08bc9b50 fffff800`04654cc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`071cac40 00000000`00000000 : fffff880`071cb000 fffff880`071c5000 fffff880`09df9d70 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
atikmpag+bdac
fffff880`05f08dac 4883ec28 sub rsp,28h
SYMBOL_NAME: atikmpag+bdac
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmpag
IMAGE_NAME: atikmpag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 53507abb
FAILURE_BUCKET_ID: X64_0x116_IMAGE_atikmpag.sys
BUCKET_ID: X64_0x116_IMAGE_atikmpag.sys
Followup: MachineOwner
---------
3: kd> lmvm atikmpag
start end module name
fffff880`05efd000 fffff880`05fa0000 atikmpag T (no symbols)
Loaded symbol image file: atikmpag.sys
Image path: atikmpag.sys
Image name: atikmpag.sys
Timestamp: Fri Apr 18 09:07:07 2014 (53507ABB)
CheckSum: 000A6939
ImageSize: 000A3000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
3: kd> !process
GetPointerFromAddress: unable to read from fffff80004703000
PROCESS fffffa8006c924a0
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00187000 ObjectTable: fffff8a000001a60 HandleCount: <Data Not Accessible>
Image: System
VadRoot fffffa8006c923d0 Vads 12 Clone 0 Private 15. Modified 1545018. Locked 64.
DeviceMap fffff8a000008e00
Token fffff8a000004040
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (328, 0, 0) (1312KB, 0KB, 0KB)
PeakWorkingSetSize 4188
VirtualSize 4 Mb
PeakVirtualSize 19 Mb
PageFaultCount 39938
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 35
*** Error in reading nt!_ETHREAD @ fffffa8006cfb040
查看上述内容,ATI显卡驱动文件:atikmpag.sys导致系统蓝屏出错
利用!process命令得以确定显卡驱动文件导致系统出错
建议使用公版驱动
|
发表于 2014-8-27 13:01:55
发表于 2014-8-27 15:12:12
楼主