本帖最后由 囊外迷茫 于 2015-12-26 12:27 编辑
我有2台电脑经常死机和蓝屏,安装的系统都是2003 r2 x64 sp2,dump日志如下
1、
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*D:\symbolslocal*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (16 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 3790.srv03_sp2_rtm.070216-1710
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
Debug session time: Tue Dec 15 08:56:09.252 2015 (GMT+8)
System Uptime: 3 days 5:51:00.089
Loading Kernel Symbols
........................................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
Loading unloaded module list
...........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff97fff0c5ddc, fffffadb41036040, 0}
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
Probably caused by : win32k.sys ( win32k!PFEOBJ::vFreepfdg+c4 )
Followup: MachineOwner
---------
7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff97fff0c5ddc, Address of the exception record for the exception that caused the bugcheck
Arg3: fffffadb41036040, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+c4
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffadb41036040 -- (.cxr 0xfffffadb41036040)
rax=ad0457ea000001ca rbx=0000000000000000 rcx=fffff97ff42658e0
rdx=0000000000000001 rsi=fffffadb41036900 rdi=fffffadb410368b8
rip=fffff97fff0c5ddc rsp=fffffadb41036850 rbp=0000000000000000
r8=fffffadfb9873850 r9=0000000000000000 r10=fffff80000831b30
r11=fffffadfb9873850 r12=fffff97ff3c25b10 r13=fffffadb41036a08
r14=0000000000000000 r15=fffffadb41036b10
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
win32k!PFEOBJ::vFreepfdg+0xc4:
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:ad0457ea`000001fa=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: fppdis3a.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff97fff172977 to fffff97fff0c5ddc
STACK_TEXT:
fffffadb`41036850 fffff97f`ff172977 : fffffadf`feab3cd0 fffffadb`41036980 fffffadb`41036900 00000000`00000001 : win32k!PFEOBJ::vFreepfdg+0xc4
fffffadb`41036890 fffff97f`ff2c173f : 00000000`00000000 fffffadb`41036980 00000000`00000000 fffff97f`f4244cc0 : win32k!RFONTOBJ::vDeleteRFONT+0x234
fffffadb`410368e0 fffff97f`ff172c2c : 00000000`00000000 fffff97f`f42d0db8 00000000`00000001 fffff97f`f4244cc0 : win32k!vRestartKillRFONTList+0x16f
fffffadb`41036940 fffff97f`ff0fc911 : 00000000`00000000 fffff800`00000204 00000000`00000000 fffff97f`00000001 : win32k!PFTOBJ::bUnloadWorkhorse+0x1c4
fffffadb`410369d0 fffff97f`ff0ff514 : fffffadb`41036b10 fffffadb`41036cf0 00000000`00000000 00000000`00000000 : win32k!GreRemoveFontResourceW+0x1c6
fffffadb`41036a60 fffff800`0102e3fd : fffffadf`d327e040 fffffadf`00000033 00000000`00000001 00000000`00000008 : win32k!NtGdiRemoveFontResourceW+0x1d3
fffffadb`41036c00 000007ff`7fcc0a3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`0012ea08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff`7fcc0a3a
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+c4
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+c4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49258e8c
STACK_COMMAND: .cxr 0xfffffadb41036040 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+c4
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+c4
Followup: MachineOwner
---------
7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff97fff0c5ddc, Address of the exception record for the exception that caused the bugcheck
Arg3: fffffadb41036040, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+c4
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffadb41036040 -- (.cxr 0xfffffadb41036040)
rax=ad0457ea000001ca rbx=0000000000000000 rcx=fffff97ff42658e0
rdx=0000000000000001 rsi=fffffadb41036900 rdi=fffffadb410368b8
rip=fffff97fff0c5ddc rsp=fffffadb41036850 rbp=0000000000000000
r8=fffffadfb9873850 r9=0000000000000000 r10=fffff80000831b30
r11=fffffadfb9873850 r12=fffff97ff3c25b10 r13=fffffadb41036a08
r14=0000000000000000 r15=fffffadb41036b10
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
win32k!PFEOBJ::vFreepfdg+0xc4:
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:ad0457ea`000001fa=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: fppdis3a.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff97fff172977 to fffff97fff0c5ddc
STACK_TEXT:
fffffadb`41036850 fffff97f`ff172977 : fffffadf`feab3cd0 fffffadb`41036980 fffffadb`41036900 00000000`00000001 : win32k!PFEOBJ::vFreepfdg+0xc4
fffffadb`41036890 fffff97f`ff2c173f : 00000000`00000000 fffffadb`41036980 00000000`00000000 fffff97f`f4244cc0 : win32k!RFONTOBJ::vDeleteRFONT+0x234
fffffadb`410368e0 fffff97f`ff172c2c : 00000000`00000000 fffff97f`f42d0db8 00000000`00000001 fffff97f`f4244cc0 : win32k!vRestartKillRFONTList+0x16f
fffffadb`41036940 fffff97f`ff0fc911 : 00000000`00000000 fffff800`00000204 00000000`00000000 fffff97f`00000001 : win32k!PFTOBJ::bUnloadWorkhorse+0x1c4
fffffadb`410369d0 fffff97f`ff0ff514 : fffffadb`41036b10 fffffadb`41036cf0 00000000`00000000 00000000`00000000 : win32k!GreRemoveFontResourceW+0x1c6
fffffadb`41036a60 fffff800`0102e3fd : fffffadf`d327e040 fffffadf`00000033 00000000`00000001 00000000`00000008 : win32k!NtGdiRemoveFontResourceW+0x1d3
fffffadb`41036c00 000007ff`7fcc0a3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`0012ea08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff`7fcc0a3a
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+c4
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+c4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49258e8c
STACK_COMMAND: .cxr 0xfffffadb41036040 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+c4
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+c4
Followup: MachineOwner
---------
7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff97fff0c5ddc, Address of the exception record for the exception that caused the bugcheck
Arg3: fffffadb41036040, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+c4
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffadb41036040 -- (.cxr 0xfffffadb41036040)
rax=ad0457ea000001ca rbx=0000000000000000 rcx=fffff97ff42658e0
rdx=0000000000000001 rsi=fffffadb41036900 rdi=fffffadb410368b8
rip=fffff97fff0c5ddc rsp=fffffadb41036850 rbp=0000000000000000
r8=fffffadfb9873850 r9=0000000000000000 r10=fffff80000831b30
r11=fffffadfb9873850 r12=fffff97ff3c25b10 r13=fffffadb41036a08
r14=0000000000000000 r15=fffffadb41036b10
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
win32k!PFEOBJ::vFreepfdg+0xc4:
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:ad0457ea`000001fa=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: fppdis3a.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff97fff172977 to fffff97fff0c5ddc
STACK_TEXT:
fffffadb`41036850 fffff97f`ff172977 : fffffadf`feab3cd0 fffffadb`41036980 fffffadb`41036900 00000000`00000001 : win32k!PFEOBJ::vFreepfdg+0xc4
fffffadb`41036890 fffff97f`ff2c173f : 00000000`00000000 fffffadb`41036980 00000000`00000000 fffff97f`f4244cc0 : win32k!RFONTOBJ::vDeleteRFONT+0x234
fffffadb`410368e0 fffff97f`ff172c2c : 00000000`00000000 fffff97f`f42d0db8 00000000`00000001 fffff97f`f4244cc0 : win32k!vRestartKillRFONTList+0x16f
fffffadb`41036940 fffff97f`ff0fc911 : 00000000`00000000 fffff800`00000204 00000000`00000000 fffff97f`00000001 : win32k!PFTOBJ::bUnloadWorkhorse+0x1c4
fffffadb`410369d0 fffff97f`ff0ff514 : fffffadb`41036b10 fffffadb`41036cf0 00000000`00000000 00000000`00000000 : win32k!GreRemoveFontResourceW+0x1c6
fffffadb`41036a60 fffff800`0102e3fd : fffffadf`d327e040 fffffadf`00000033 00000000`00000001 00000000`00000008 : win32k!NtGdiRemoveFontResourceW+0x1d3
fffffadb`41036c00 000007ff`7fcc0a3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`0012ea08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff`7fcc0a3a
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+c4
fffff97f`ff0c5ddc 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+c4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49258e8c
STACK_COMMAND: .cxr 0xfffffadb41036040 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+c4
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+c4
Followup: MachineOwner
---------
7: kd> lmvm win32k
start end module name
fffff97f`ff000000 fffff97f`ff464000 win32k (pdb symbols) D:\symbolslocal\win32k.pdb\177B04923C544B97BE9E418D8AA99F7C2\win32k.pdb
Loaded symbol image file: win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Fri Nov 21 00:21:32 2008 (49258E8C)
CheckSum: 00460D3B
ImageSize: 00464000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
2、
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini121615-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*D:\symbolslocal*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (12 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
Debug session time: Wed Dec 16 17:26:31.026 2015 (GMT+8)
System Uptime: 16 days 5:41:49.952
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
..............................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff97fff0e8aa0, 8, fffff97fff0e8aa0, 7}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : win32k.sys ( win32k!NtUserCallNextHookEx+30 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff97fff0e8aa0, memory referenced.
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation.
Arg3: fffff97fff0e8aa0, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000007, (reserved)
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: win32k
FAULTING_MODULE: fffff80001000000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 49258e8c
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffff97fff0e8aa0
FAULTING_IP:
win32k!NtUserCallNextHookEx+30
fffff97f`ff0e8aa0 48890511252d00 mov qword ptr [win32k!gptiCurrent (fffff97f`ff3bafb8)],rax
MM_INTERNAL_CODE: 7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x50
LAST_CONTROL_TRANSFER: from fffff800010a53e8 to fffff8000102e950
STACK_TEXT:
fffffad5`7850afc8 fffff800`010a53e8 : 00000000`00000050 fffff97f`ff0e8aa0 00000000`00000008 fffffad5`7850b0a0 : nt+0x2e950
fffffad5`7850afd0 00000000`00000050 : fffff97f`ff0e8aa0 00000000`00000008 fffffad5`7850b0a0 00000000`00000007 : nt+0xa53e8
fffffad5`7850afd8 fffff97f`ff0e8aa0 : 00000000`00000008 fffffad5`7850b0a0 00000000`00000007 fffff97f`f41bc740 : 0x50
fffffad5`7850afe0 80000000`80000013 : 00000000`f405cd20 fffff97f`ff097bb8 fffff6fb`7e5fffc0 fffff97f`f405cd20 : win32k!NtUserCallNextHookEx+0x30
fffffad5`7850b010 00000000`f405cd20 : fffff97f`ff097bb8 fffff6fb`7e5fffc0 fffff97f`f405cd20 fffff6fb`7dbedf90 : 0x80000000`80000013
fffffad5`7850b018 fffff97f`ff097bb8 : fffff6fb`7e5fffc0 fffff97f`f405cd20 fffff6fb`7dbedf90 00000000`00000000 : 0xf405cd20
fffffad5`7850b020 fffffade`68f75ce8 : fffffadf`d7fdc6d0 00001f80`0108b180 fffff97f`f3974c20 00000000`00000000 : win32k!GreSelectVisRgn+0x245
fffffad5`7850b0c0 fffffadf`d7fdc6d0 : 00001f80`0108b180 fffff97f`f3974c20 00000000`00000000 00000000`00000000 : 0xfffffade`68f75ce8
fffffad5`7850b0c8 00001f80`0108b180 : fffff97f`f3974c20 00000000`00000000 00000000`00000000 fffffade`5b493680 : 0xfffffadf`d7fdc6d0
fffffad5`7850b0d0 fffff97f`f3974c20 : 00000000`00000000 00000000`00000000 fffffade`5b493680 fffff800`011b8178 : 0x1f80`0108b180
fffffad5`7850b0d8 00000000`00000000 : 00000000`00000000 fffffade`5b493680 fffff800`011b8178 00000cc2`677f191c : 0xfffff97f`f3974c20
fffffad5`7850b0e0 00000000`00000000 : fffffade`5b493680 fffff800`011b8178 00000cc2`677f191c fffffade`68f75bf0 : 0x0
fffffad5`7850b0e8 fffffade`5b493680 : fffff800`011b8178 00000cc2`677f191c fffffade`68f75bf0 fffff97f`f3a148e0 : 0x0
fffffad5`7850b0f0 fffff800`011b8178 : 00000cc2`677f191c fffffade`68f75bf0 fffff97f`f3a148e0 00000000`00000000 : 0xfffffade`5b493680
fffffad5`7850b0f8 00000cc2`677f191c : fffffade`68f75bf0 fffff97f`f3a148e0 00000000`00000000 00000000`00000000 : nt+0x1b8178
fffffad5`7850b100 fffffade`68f75bf0 : fffff97f`f3a148e0 00000000`00000000 00000000`00000000 00000000`00000000 : 0xcc2`677f191c
fffffad5`7850b108 fffff97f`f3a148e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffade`68f75bf0
fffffad5`7850b110 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff97f`f3a148e0
fffffad5`7850b118 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b120 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b130 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b138 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b140 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b148 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffad5`7850b150 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff97f`ff0e8aa0 : 0x0
fffffad5`7850b158 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff97f`ff0e8aa0 00000000`00000000 : 0x0
fffffad5`7850b160 00000000`00000000 : 00000000`00000000 fffff97f`ff0e8aa0 00000000`00000000 fffffad5`7850b190 : 0x0
fffffad5`7850b168 00000000`00000000 : fffff97f`ff0e8aa0 00000000`00000000 fffffad5`7850b190 00000000`00000000 : 0x0
fffffad5`7850b170 fffff97f`ff0e8aa0 : 00000000`00000000 fffffad5`7850b190 00000000`00000000 ffffffff`ffb3b4c0 : 0x0
fffffad5`7850b178 00000000`00000000 : 00000000`78b53980 00000000`0398e140 00000000`0398e8b0 00000000`00000000 : win32k!NtUserCallNextHookEx+0x30
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!NtUserCallNextHookEx+30
fffff97f`ff0e8aa0 48890511252d00 mov qword ptr [win32k!gptiCurrent (fffff97f`ff3bafb8)],rax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k!NtUserCallNextHookEx+30
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: win32k.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
请大家帮忙看看,谢谢! |
发表于 2015-12-26 11:22:22
楼主
