帮忙看一下这个DMP是哪个文件造成的、

显示全部楼层 · 发表于 2010-5-16 16:11:16

本帖最后由 65705960 于 2010-5-16 16:12 编辑

RT.... 我没有安装Debugging Tools。。麻烦帮忙看一下。。。
谢谢

显示全部楼层 · 发表于 2010-5-16 16:15:38

我是因为国内人气。比较高。才发在这里，结果还是没人啊

显示全部楼层 · 发表于 2010-5-16 16:19:27

你应该发水区

显示全部楼层 · 发表于 2010-5-16 16:19:31

回复 2# 65705960

ntkrnlpa.exe

显示全部楼层 · 发表于 2010-5-16 16:19:58

回复 4# 超级IP

谢谢、、

显示全部楼层 · 发表于 2010-5-16 16:20:21

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\temp\051610-14586-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0x85e48000 PsLoadedModuleList = 0x85f90810
Debug session time: Sun May 16 16:05:01.434 2010 (GMT+8)
System Uptime: 0 days 5:48:59.851
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 86068cc8, ab03b9a8, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntkrnlpa.exe ( nt+220cc8 )
Followup: MachineOwner
---------

复制代码

显示全部楼层 · 发表于 2010-5-16 16:25:27

1: kd> !analyze -v
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 86068cc8, The address that the exception occurred at
Arg3: ab03b9a8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

FAULTING_IP:
nt!ExpLookupHandleTableEntry+b
86068cc8 3b4134       cmp    eax,dword ptr [ecx+34h]

TRAP_FRAME:  ab03b9a8 -- (.trap 0xffffffffab03b9a8)
ErrCode = 00000000
eax=000001a0 ebx=000001a0 ecx=00000000 edx=00000000 esi=88e83670 edi=00000000
eip=86068cc8 esp=ab03ba1c ebp=ab03ba1c iopl=0       nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000          efl=00010206
nt!ExpLookupHandleTableEntry+0xb:
86068cc8 3b4134       cmp    eax,dword ptr [ecx+34h] ds:0023:00000034=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  crossfire.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8608f086 to 86068cc8

STACK_TEXT:
ab03ba1c 8608f086 000001a0 88e83670 000001a0 nt!ExpLookupHandleTableEntry+0xb
ab03ba34 8608ef9d 000001a0 ab03ba78 000001a0 nt!ExMapHandleToPointer+0x1b
ab03ba50 8608f12a 88e0b030 00000000 ab03baf4 nt!ObpCloseHandle+0x6a
ab03ba6c 85e8b44a 000001a0 ab03bbfc 85e88dad nt!NtClose+0x4e
ab03ba6c 85e88dad 000001a0 ab03bbfc 85e88dad nt!KiFastCallEntry+0x12a
ab03bae8 8bff5b8a 000001a0 89cbfdb0 8ab613c0 nt!ZwClose+0x11
WARNING: Stack unwind information not available. Following frames may be wrong.
ab03bbfc 85e844bc 8ab613c0 8858c4b8 8858c4b8 TesSafe+0x2ab8a
ab03bc14 86085f2e 89cbfdb0 8858c4b8 8858c528 nt!IofCallDriver+0x63
ab03bc34 860a2d11 8ab613c0 89cbfdb0 00000000 nt!IopSynchronousServiceTail+0x1f8
ab03bcd0 860a54ec 8ab613c0 8858c4b8 00000000 nt!IopXxxControlFile+0x6aa
ab03bd04 85e8b44a 000002bc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
ab03bd04 776664f4 000002bc 00000000 00000000 nt!KiFastCallEntry+0x12a
0012eea0 00000000 00000000 00000000 00000000 0x776664f4

STACK_COMMAND:  kb

FOLLOWUP_IP:
TesSafe+2ab8a
8bff5b8a ??             ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  TesSafe+2ab8a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: TesSafe

IMAGE_NAME:  TesSafe.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b597816

FAILURE_BUCKET_ID:  0x8E_TesSafe+2ab8a

BUCKET_ID:  0x8E_TesSafe+2ab8a

Followup: MachineOwner
---------

显示全部楼层 · 发表于 2010-5-16 16:26:29

汗、、、找到个BlueScreenView，只有50KB，就用了下、

显示全部楼层 · 发表于 2010-5-16 16:28:26

回复 7# dl123100

我这个也有TEASAFE.SYS. 是穿越火线的驱动。

显示全部楼层 · 发表于 2010-5-16 16:42:45

穿越火线引发的蓝屏吧？你可以反馈给腾讯官方

[求助] 帮忙看一下这个DMP是哪个文件造成的、

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块