搜索
查看: 938|回复: 4
收起左侧

[系统] 求助win7专业版NETIO.SYS蓝屏代码分析

[复制链接]
jym1989
发表于 2019-1-26 16:18:55 | 显示全部楼层 |阅读模式
使用WinDBG分析minidump
Probably caused by : NETIO.SYS
点开Debugging Details, 没有找到具体的PROCESS_NAME
有大神帮忙分析下到底是哪个进程导致蓝屏重启的吗, 谢谢了


  1. Microsoft (R) Windows Debugger Version 6.7.0005.1
  2. Copyright (c) Microsoft Corporation. All rights reserved.


  3. Loading Dump File [C:\012619-11824-01.dmp]
  4. Mini Kernel Dump File: Only registers and stack trace are available

  5. Symbol search path is: C:\WINDOWS\Symbols
  6. Executable search path is:
  7. Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
  8. *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
  9. Windows Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
  10. Product: WinNt, suite: TerminalServer SingleUserTS
  11. Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
  12. Kernel base = 0x84040000 PsLoadedModuleList = 0x8418a850
  13. Debug session time: Sat Jan 26 12:33:28.378 2019 (GMT+8)
  14. System Uptime: 0 days 2:25:23.705
  15. Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
  16. *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
  17. Loading Kernel Symbols
  18. ................................................................................................................................................
  19. Loading User Symbols
  20. Loading unloaded module list
  21. ......
  22. Unable to load image \SystemRoot\system32\drivers\NETIO.SYS, Win32 error 0n2
  23. *** WARNING: Unable to verify timestamp for NETIO.SYS
  24. *** ERROR: Module load completed but symbols could not be loaded for NETIO.SYS
  25. *******************************************************************************
  26. * *
  27. * Bugcheck Analysis *
  28. * *
  29. *******************************************************************************

  30. Use !analyze -v to get detailed debugging information.

  31. BugCheck D1, {0, 2, 0, 847a031c}

  32. *** WARNING: Unable to verify timestamp for ndis.sys
  33. Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
  34. *** WARNING: Unable to verify timestamp for tcpip.sys
  35. Unable to load image \SystemRoot\system32\DRIVERS\e1d6232.sys, Win32 error 0n2
  36. *** WARNING: Unable to verify timestamp for e1d6232.sys
  37. *** ERROR: Module load completed but symbols could not be loaded for e1d6232.sys
  38. Probably caused by : NETIO.SYS ( NETIO+731c )

  39. Followup: MachineOwner
  40. ---------

  41. 0: kd> !analyze -v
  42. *******************************************************************************
  43. * *
  44. * Bugcheck Analysis *
  45. * *
  46. *******************************************************************************

  47. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
  48. An attempt was made to access a pageable (or completely invalid) address at an
  49. interrupt request level (IRQL) that is too high. This is usually
  50. caused by drivers using improper addresses.
  51. If kernel debugger is available get stack backtrace.
  52. Arguments:
  53. Arg1: 00000000, memory referenced
  54. Arg2: 00000002, IRQL
  55. Arg3: 00000000, value 0 = read operation, 1 = write operation
  56. Arg4: 847a031c, address which referenced memory

  57. Debugging Details:
  58. ------------------


  59. READ_ADDRESS: 00000000

  60. CURRENT_IRQL: 2

  61. FAULTING_IP:
  62. NETIO+731c
  63. 847a031c 8b38 mov edi,dword ptr [eax]

  64. CUSTOMER_CRASH_COUNT: 1

  65. DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

  66. BUGCHECK_STR: 0xD1

  67. LAST_CONTROL_TRANSFER: from 847a031c to 840815cb

  68. STACK_TEXT:
  69. 841683ec 847a031c badb0d00 8747001f 00000001 nt!MmCopyToCachedPage+0x2b
  70. WARNING: Stack unwind information not available. Following frames may be wrong.
  71. 8416847c 8479af60 87479740 00000002 884b9cb8 NETIO+0x731c
  72. 84168494 847a0230 87479740 841684c8 884b9cb8 NETIO+0x1f60
  73. 841684ac 847a0284 87479740 841684c8 0000001c NETIO+0x7230
  74. 841684cc 8c72ad2c 841684e8 00000000 884b9cb8 NETIO+0x7284
  75. 841684e0 8cabedd5 0000002a 0000001c 0000000e ndis!NdisMInitializeTimer+0x48
  76. 84168504 8cabee4e 84168544 0000002a 0000000e tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x89dd5)
  77. 8416853c 8cacc894 884b9c18 8890f064 88884fa6 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x89e4e)
  78. 8416855c 8cacc8e5 8416856c 88884fa6 8890aa90 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x97894)
  79. 84168580 8cab6302 88901498 88884fa0 8cb1eb44 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x978e5)
  80. 841685a4 8cab1032 88901498 88884fa0 8cb1eb44 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x81302)
  81. 84168634 8cab5ce6 8890aa90 888dd2e0 00000001 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x7c032)
  82. 841686b0 8cab02fe 8890aa90 888dd2e0 00000000 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x80ce6)
  83. 841686e4 840c9654 888dd2e0 acdccc54 8822a728 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x7b2fe)
  84. 8416874c 8cab046c 8cab01e0 84168774 00000000 nt!FsRtlFindInTunnelCache+0x6a
  85. 84168788 8c79118d 8890aa02 888dd200 00000000 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x7b46c)
  86. 841687c0 8c77f5be 88908aa8 888dd2e0 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x6818d)
  87. 841687e8 8c77f4b2 00000000 888dd2e0 874f30e0 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x565be)
  88. 84168964 8c72ac1d 874f30e0 00000000 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x564b2)
  89. 84168980 8c77f553 874f30e0 888dd2e0 00000000 ndis!NdisWriteErrorLogEntry+0x12
  90. 841689a8 8c72ac78 874f30e0 888dd2e0 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x56553)
  91. 841689d0 93f11782 874f30e0 888dd2e0 00000000 ndis!NdisWriteErrorLogEntry+0x7e
  92. 841689f0 93f118e1 886d9000 888dd2e0 00000001 e1d6232+0x1f782
  93. 84168a30 93f058ae 016d9000 886d9cc0 00000000 e1d6232+0x1f8e1
  94. 84168ab4 93f0544f 886d9000 00000000 84168b40 e1d6232+0x138ae
  95. 84168af4 93f05aa4 886d9000 00000000 00000000 e1d6232+0x1344f
  96. 84168b10 8c77f892 886d9000 00000000 00000000 e1d6232+0x13aa4
  97. 84168b50 8c72aa0f 8882d2e4 0082d1d0 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x56892)
  98. 84168b78 840b81b5 8882d2e4 8882d1d0 00000000 ndis!NdisAllocatePacketPoolEx+0x49
  99. 84168bd4 840b8018 8416bd20 84175380 00000000 nt!ExpSmallNPagedPoolLookasideLists+0x6b5
  100. 84168c20 840b7e38 00000000 0000000e 00000000 nt!ExpSmallNPagedPoolLookasideLists+0x518
  101. 84168c24 00000000 0000000e 00000000 00000000 nt!ExpSmallNPagedPoolLookasideLists+0x338


  102. STACK_COMMAND: kb

  103. FOLLOWUP_IP:
  104. NETIO+731c
  105. 847a031c 8b38 mov edi,dword ptr [eax]

  106. SYMBOL_STACK_INDEX: 1

  107. FOLLOWUP_NAME: MachineOwner

  108. MODULE_NAME: NETIO

  109. IMAGE_NAME: NETIO.SYS

  110. DEBUG_FLR_IMAGE_TIMESTAMP: 4ce78963

  111. SYMBOL_NAME: NETIO+731c

  112. FAILURE_BUCKET_ID: 0xD1_NETIO+731c

  113. BUCKET_ID: 0xD1_NETIO+731c

  114. Followup: MachineOwner
  115. ---------

  116. 0: kd> lmvm NETIO
  117. start end module name
  118. 84799000 847d7000 NETIO T (no symbols)
  119. Loaded symbol image file: NETIO.SYS
  120. Image path: \SystemRoot\system32\drivers\NETIO.SYS
  121. Image name: NETIO.SYS
  122. Timestamp: Sat Nov 20 16:40:03 2010 (4CE78963)
  123. CheckSum: 0003F253
  124. ImageSize: 0003E000
  125. Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
复制代码


15852701396
发表于 2019-1-27 10:06:41 | 显示全部楼层
本帖最后由 15852701396 于 2019-1-27 10:08 编辑

NETIO.SYS  貌似这个驱动的问题?卸载你最新安装的软件呢
jym1989
 楼主| 发表于 2019-1-27 20:54:54 | 显示全部楼层
15852701396 发表于 2019-1-27 10:06
NETIO.SYS  貌似这个驱动的问题?卸载你最新安装的软件呢

谢谢你的回答. 因为没有头绪所以重装系统了
风之咩~
发表于 2019-1-27 21:01:46 | 显示全部楼层
本帖最后由 风之咩~ 于 2019-1-27 21:05 编辑

是不是弄了什么优化加速   我记得破解TCP半开连接数有几率会导致驱动蓝屏
jym1989
 楼主| 发表于 2019-1-27 22:20:11 | 显示全部楼层
风之咩~ 发表于 2019-1-27 21:01
是不是弄了什么优化加速   我记得破解TCP半开连接数有几率会导致驱动蓝屏

应该没有, 是客户那的一台工作电脑
装了
金山毒霸企业版
中联lis
oracle数据库
radmin等
连入了内网, 没有禁用U盘, 所以也可能是中毒了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|优惠券| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2019-4-20 20:56 , Processed in 0.038015 second(s), 4 queries , MemCache On.

快速回复 返回顶部 返回列表