求助win7专业版NETIO.SYS蓝屏代码分析

显示全部楼层 · 发表于 2019-1-26 16:18:55

使用WinDBG分析minidump
Probably caused by : NETIO.SYS
点开Debugging Details, 没有找到具体的PROCESS_NAME
有大神帮忙分析下到底是哪个进程导致蓝屏重启的吗, 谢谢了

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\012619-11824-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Kernel base = 0x84040000 PsLoadedModuleList = 0x8418a850
Debug session time: Sat Jan 26 12:33:28.378 2019 (GMT+8)
System Uptime: 0 days 2:25:23.705
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
Unable to load image \SystemRoot\system32\drivers\NETIO.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETIO.SYS
*** ERROR: Module load completed but symbols could not be loaded for NETIO.SYS
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 0, 847a031c}
*** WARNING: Unable to verify timestamp for ndis.sys
Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
Unable to load image \SystemRoot\system32\DRIVERS\e1d6232.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for e1d6232.sys
*** ERROR: Module load completed but symbols could not be loaded for e1d6232.sys
Probably caused by : NETIO.SYS ( NETIO+731c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 847a031c, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
NETIO+731c
847a031c 8b38 mov edi,dword ptr [eax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 847a031c to 840815cb
STACK_TEXT:
841683ec 847a031c badb0d00 8747001f 00000001 nt!MmCopyToCachedPage+0x2b
WARNING: Stack unwind information not available. Following frames may be wrong.
8416847c 8479af60 87479740 00000002 884b9cb8 NETIO+0x731c
84168494 847a0230 87479740 841684c8 884b9cb8 NETIO+0x1f60
841684ac 847a0284 87479740 841684c8 0000001c NETIO+0x7230
841684cc 8c72ad2c 841684e8 00000000 884b9cb8 NETIO+0x7284
841684e0 8cabedd5 0000002a 0000001c 0000000e ndis!NdisMInitializeTimer+0x48
84168504 8cabee4e 84168544 0000002a 0000000e tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x89dd5)
8416853c 8cacc894 884b9c18 8890f064 88884fa6 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x89e4e)
8416855c 8cacc8e5 8416856c 88884fa6 8890aa90 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x97894)
84168580 8cab6302 88901498 88884fa0 8cb1eb44 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x978e5)
841685a4 8cab1032 88901498 88884fa0 8cb1eb44 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x81302)
84168634 8cab5ce6 8890aa90 888dd2e0 00000001 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x7c032)
841686b0 8cab02fe 8890aa90 888dd2e0 00000000 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x80ce6)
841686e4 840c9654 888dd2e0 acdccc54 8822a728 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x7b2fe)
8416874c 8cab046c 8cab01e0 84168774 00000000 nt!FsRtlFindInTunnelCache+0x6a
84168788 8c79118d 8890aa02 888dd200 00000000 tcpip!_NULL_IMPORT_DESCRIPTOR <PERF> (tcpip+0x7b46c)
841687c0 8c77f5be 88908aa8 888dd2e0 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x6818d)
841687e8 8c77f4b2 00000000 888dd2e0 874f30e0 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x565be)
84168964 8c72ac1d 874f30e0 00000000 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x564b2)
84168980 8c77f553 874f30e0 888dd2e0 00000000 ndis!NdisWriteErrorLogEntry+0x12
841689a8 8c72ac78 874f30e0 888dd2e0 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x56553)
841689d0 93f11782 874f30e0 888dd2e0 00000000 ndis!NdisWriteErrorLogEntry+0x7e
841689f0 93f118e1 886d9000 888dd2e0 00000001 e1d6232+0x1f782
84168a30 93f058ae 016d9000 886d9cc0 00000000 e1d6232+0x1f8e1
84168ab4 93f0544f 886d9000 00000000 84168b40 e1d6232+0x138ae
84168af4 93f05aa4 886d9000 00000000 00000000 e1d6232+0x1344f
84168b10 8c77f892 886d9000 00000000 00000000 e1d6232+0x13aa4
84168b50 8c72aa0f 8882d2e4 0082d1d0 00000000 ndis!_NULL_IMPORT_DESCRIPTOR <PERF> (ndis+0x56892)
84168b78 840b81b5 8882d2e4 8882d1d0 00000000 ndis!NdisAllocatePacketPoolEx+0x49
84168bd4 840b8018 8416bd20 84175380 00000000 nt!ExpSmallNPagedPoolLookasideLists+0x6b5
84168c20 840b7e38 00000000 0000000e 00000000 nt!ExpSmallNPagedPoolLookasideLists+0x518
84168c24 00000000 0000000e 00000000 00000000 nt!ExpSmallNPagedPoolLookasideLists+0x338
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO+731c
847a031c 8b38 mov edi,dword ptr [eax]
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce78963
SYMBOL_NAME: NETIO+731c
FAILURE_BUCKET_ID: 0xD1_NETIO+731c
BUCKET_ID: 0xD1_NETIO+731c
Followup: MachineOwner
---------
0: kd> lmvm NETIO
start end module name
84799000 847d7000 NETIO T (no symbols)
Loaded symbol image file: NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Timestamp: Sat Nov 20 16:40:03 2010 (4CE78963)
CheckSum: 0003F253
ImageSize: 0003E000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

复制代码

显示全部楼层 · 发表于 2019-1-27 10:06:41

本帖最后由 15852701396 于 2019-1-27 10:08 编辑

NETIO.SYS 貌似这个驱动的问题？卸载你最新安装的软件呢

显示全部楼层 · 发表于 2019-1-27 20:54:54

15852701396 发表于 2019-1-27 10:06
NETIO.SYS 貌似这个驱动的问题？卸载你最新安装的软件呢

谢谢你的回答. 因为没有头绪所以重装系统了

显示全部楼层 · 发表于 2019-1-27 21:01:46

本帖最后由风之咩~ 于 2019-1-27 21:05 编辑

是不是弄了什么优化加速我记得破解TCP半开连接数有几率会导致驱动蓝屏

显示全部楼层 · 发表于 2019-1-27 22:20:11

风之咩~ 发表于 2019-1-27 21:01
是不是弄了什么优化加速我记得破解TCP半开连接数有几率会导致驱动蓝屏

应该没有, 是客户那的一台工作电脑
装了
金山毒霸企业版
中联lis
oracle数据库
radmin等
连入了内网, 没有禁用U盘, 所以也可能是中毒了

[系统] 求助win7专业版NETIO.SYS蓝屏代码分析