蓝屏总结(一) 您所在的位置:网站首页 0000007a蓝屏原因 蓝屏总结(一)

蓝屏总结(一)

2023-08-22 13:22| 来源: 网络整理| 查看: 265

目录

一、蓝屏造成原因

二、通常的排查步骤

三、Debug步骤

四、使用Driver Verifier进行排查

五、Debug示例

1、分析示例 1

2、分析示例 2

一、蓝屏造成原因

        关于停止错误(蓝屏或者错误检查)没有简单的解释,包含很多因素,目前大量研究表明停止错误通常不是由微软Windows组件导致的,而是厂商的硬件驱动或者三方软件的驱动,包括声卡、无线网卡、安全程序等等。

        crash的根因一般都是由三方驱动代码引起的,另外一小部分是硬件问题和微软代码导致,还有一部分的原因未知由于内存崩溃导致无法分析。

        蓝屏一般不会由用户模式进行导致的,一般用户模式的进程如记事本等可能引起停止错误,这种情况也是驱动/硬件/OS的bug导致的。

二、通常的排查步骤

1、查看停止错误码,在线搜索是否有对应的已知问题、解决方案。

2、确认已经安装了最新的Windows更新、累积更新以及汇总更新,以及BIOS和FW也是最新的,运行相关的硬件和内存测试。

3、运行Machine Memory Dump CollectorWindows诊断包,这个诊断工具用来收集机器内存转储文件以及检查已知的解决方案。

4、运行 Microsoft Safety Scanner 或者其他病毒检测程序。

5、确保磁盘可用空间足够,一般建议留15%。

6、联系硬件或者软件厂商去更新驱动或者应用。

        问题的排查要关注:

一些错误的信息。这些信息可以暗示一些驱动造成这些问题是否有做一些软件或者硬件上的更改。

三、Debug步骤

1、确保crash发生时会产生一个完全内存转储文件,将crash机器的dump文件拷贝到另外一台计算机上进行debug分析

2、打开windbg工具以及dump文件。

3、界面中Bugcheck Analysis下面将会显示 !analyze -v,点击!analyze -v进行分析。

4、STACK_TEXT显示了造成crash的dll以及某个服务正在服务dll。一个bugcheck的可能原因有多狠,每个停止错误案例都有自己独特的原因。

Console 1 : nt!KeBugCheckEx 2 : nt!PspCatchCriticalBreak+0xff 3 : nt!PspTerminateAllThreads+0x1134cf 4 : nt!PspTerminateProcess+0xe0 5 : nt!NtTerminateProcess+0xa9 6 : nt!KiSystemServiceCopyEnd+0x13 7 : nt!KiServiceLinkage 8 : nt!KiDispatchException+0x1107fe 9 : nt!KiFastFailDispatch+0xe4 10 : nt!KiRaiseSecurityCheckFailure+0x3d3 11 : ntdll!RtlpHpFreeWithExceptionProtection$filt$0+0x44 12 : ntdll!_C_specific_handler+0x96 13 : ntdll!RtlpExecuteHandlerForException+0xd 14 : ntdll!RtlDispatchException+0x358 15 : ntdll!KiUserExceptionDispatch+0x2e 16 : ntdll!RtlpHpVsContextFree+0x11e 17 : ntdll!RtlpHpFreeHeap+0x48c 18 : ntdll!RtlpHpFreeWithExceptionProtection+0xda 19 : ntdll!RtlFreeHeap+0x24a 20 : FWPolicyIOMgr!FwBinariesFree+0xa7c2 21 : mpssvc!FwMoneisDiagEdpPolicyUpdate+0x1584f 22 : mpssvc!FwEdpMonUpdate+0x6c 23 : ntdll!RtlpWnfWalkUserSubscriptionList+0x29b 24 : ntdll!RtlpWnfProcessCurrentDescriptor+0x105 25 : ntdll!RtlpWnfNotificationThread+0x80 26 : ntdll!TppExecuteWaitCallback+0xe1 27 : ntdll!TppWorkerThread+0x8d0 28 : KERNEL32!BaseThreadInitThunk+0x14 29 : ntdll!RtlUserThreadStart+0x21

5、这个问题的Windows防火墙的一个组件mpssvc,修复的方法是暂时禁用防火墙然后重置防火墙。

四、使用Driver Verifier进行排查

        大约75%的停止错误都是由驱动错误引起,Driver Verifier工具可以提供一些方法来帮助排查,这包括在一个独立的内存中运行驱动,产生极限内存压力以及验证参数。具体开启方法为:

1、Win+R,打开运行窗口; 2、输入verifier.exe,回车运行Driver Verifier工具; 3、根据需要进行验证设置。

        Driver Verifier会消耗大量的CPU而且会影响计算机效率,可能会导致额外的crash。验证器在停止错误出现后禁用错误驱动知道成功重启系统进入桌面,这将会在系统下保留几个创建的dump文件。因此,不要试图通过一次操作验证所有的驱动,这会降低行性能并使系统变得不可用。一般在以下情况开启验证器:

1、测试一些特殊的驱动,比如最近有更新或者存在已知问题

2、一些无法分析的crash,启动所有第三方驱动和未签名的驱动验证

3、10-20个驱动为一组进行验证

4、某些情况可能会因为Driver Verifier导致机器不能启动,可以通过打开安全模式来禁用工具,因为工具在安全模式下不能运行。

五、Debug示例 1、分析示例 1

        这个bugcheck是在更新期间一个驱动发生hang导致微软的NDIS.sys出现bugcheck D1。 IMAGE_NAME显示了faulting driver,但是由于这个是微软的驱动所以不可以被代替或者移除,所以解决方案是在设备管理器中disable掉网络设备然后尝试更新。

Console 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 000000000011092a, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff807aa74f4c4, address which referenced memory Debugging Details: ------------------ KEY_VALUES_STRING: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 400 SIMULTANEOUS_TELSVC_INSTANCES: 0 SIMULTANEOUS_TELWP_INSTANCES: 0 BUILD_VERSION_STRING: 16299.15.amd64fre.rs3_release.170928-1534 SYSTEM_MANUFACTURER: Alienware SYSTEM_PRODUCT_NAME: Alienware 15 R2 SYSTEM_SKU: Alienware 15 R2 SYSTEM_VERSION: 1.2.8 BIOS_VENDOR: Alienware BIOS_VERSION: 1.2.8 BIOS_DATE: 01/29/2016 BASEBOARD_MANUFACTURER: Alienware BASEBOARD_PRODUCT: Alienware 15 R2 BASEBOARD_VERSION: A00 DUMP_TYPE: 2 BUGCHECK_P1: 11092a BUGCHECK_P2: 2 BUGCHECK_P3: 1 BUGCHECK_P4: fffff807aa74f4c4 WRITE_ADDRESS: fffff80060602380: Unable to get MiVisibleState Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd 000000000011092a CURRENT_IRQL: 2 FAULTING_IP: NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708] fffff807`aa74f4c4 48895120 mov qword ptr [rcx+20h],rdx CPU_COUNT: 8 CPU_MHZ: a20 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: BA'00000000 (cache) BA'00000000 (init) BLACKBOXPNP: 1 (!blackboxpnp) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System ANALYSIS_SESSION_HOST: SHENDRIX-DEV0 ANALYSIS_SESSION_TIME: 01-17-2019 11:06:05.0653 ANALYSIS_VERSION: 10.0.18248.1001 amd64fre TRAP_FRAME: ffffa884c0c3f6b0 -- (.trap 0xffffa884c0c3f6b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff807ad018bf0 rbx=0000000000000000 rcx=000000000011090a rdx=fffff807ad018c10 rsi=0000000000000000 rdi=0000000000000000 rip=fffff807aa74f4c4 rsp=ffffa884c0c3f840 rbp=000000002408fd00 r8=ffffb30e0e99ea30 r9=0000000001d371c1 r10=0000000020000080 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc NDIS!NdisQueueIoWorkItem+0x4: fffff807`aa74f4c4 48895120 mov qword ptr [rcx+20h],rdx ds:00000000`0011092a=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800603799e9 to fffff8006036e0e0 STACK_TEXT: ffffa884`c0c3f568 fffff800`603799e9 : 00000000`0000000a 00000000`0011092a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx [minkernel\ntos\ke\amd64\procstat.asm @ 134] ffffa884`c0c3f570 fffff800`60377d7d : fffff78a`4000a150 ffffb30e`03fba001 ffff8180`f0b5d180 00000000`000000ff : nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 2998] ffffa884`c0c3f6b0 fffff807`aa74f4c4 : 00000000`00000002 ffff8180`f0754180 00000000`00269fb1 ffff8180`f0754180 : nt!KiPageFault+0x23d [minkernel\ntos\ke\amd64\trap.asm @ 1248] ffffa884`c0c3f840 fffff800`60256b63 : ffffb30e`0e18f710 ffff8180`f0754180 ffffa884`c0c3fa18 00000000`00000002 : NDIS!NdisQueueIoWorkItem+0x4 [minio\ndis\sys\miniport.c @ 9708] ffffa884`c0c3f870 fffff800`60257bfd : 00000000`00000008 00000000`00000000 00000000`00269fb1 ffff8180`f0754180 : nt!KiProcessExpiredTimerList+0x153 [minkernel\ntos\ke\dpcsup.c @ 2078] ffffa884`c0c3f960 fffff800`6037123a : 00000000`00000000 ffff8180`f0754180 00000000`00000000 ffff8180`f0760cc0 : nt!KiRetireDpcList+0x43d [minkernel\ntos\ke\dpcsup.c @ 1512] ffffa884`c0c3fb60 00000000`00000000 : ffffa884`c0c40000 ffffa884`c0c39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a [minkernel\ntos\ke\amd64\idle.asm @ 166] RETRACER_ANALYSIS_TAG_STATUS: Failed in getting KPCR for core 2 THREAD_SHA1_HASH_MOD_FUNC: 5b59a784f22d4b5cbd5a8452fe39914b8fd7961d THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5643383f9cae3ca39073f7721b53f0c633bfb948 THREAD_SHA1_HASH_MOD: 20edda059578820e64b723e466deea47f59bd675 FOLLOWUP_IP: NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708] fffff807`aa74f4c4 48895120 mov qword ptr [rcx+20h],rdx FAULT_INSTR_CODE: 20518948 FAULTING_SOURCE_LINE: minio\ndis\sys\miniport.c FAULTING_SOURCE_FILE: minio\ndis\sys\miniport.c FAULTING_SOURCE_LINE_NUMBER: 9708 FAULTING_SOURCE_CODE: 9704: _In_ _Points_to_data_ PVOID WorkItemContext 9705: ) 9706: { 9707: > 9708: ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->Routine = Routine; 9709: ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->WorkItemContext = WorkItemContext; 9710: 9711: IoQueueWorkItem(((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->IoWorkItem, 9712: ndisDispatchIoWorkItem, 9713: CriticalWorkQueue, SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: NDIS!NdisQueueIoWorkItem+4 FOLLOWUP_NAME: ndiscore MODULE_NAME: NDIS IMAGE_NAME: NDIS.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 0 IMAGE_VERSION: 10.0.16299.99 DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR: Hybrid_FALSE DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR: GPU0_VenId0x1414_DevId0x8d_WDDM1.3_Active; STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 4 FAILURE_BUCKET_ID: AV_NDIS!NdisQueueIoWorkItem BUCKET_ID: AV_NDIS!NdisQueueIoWorkItem PRIMARY_PROBLEM_CLASS: AV_NDIS!NdisQueueIoWorkItem TARGET_TIME: 2017-12-10T14:16:08.000Z OSBUILD: 16299 OSSERVICEPACK: 98 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 784 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2017-11-26 03:49:20 BUILDDATESTAMP_STR: 170928-1534 BUILDLAB_STR: rs3_release BUILDOSVER_STR: 10.0.16299.15.amd64fre.rs3_release.170928-1534 ANALYSIS_SESSION_ELAPSED_TIME: 8377 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_ndis!ndisqueueioworkitem FAILURE_ID_HASH: {10686423-afa1-4852-ad1b-9324ac44ac96} FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96 Followup: ndiscore ---------

2、分析示例 2

        这个例子中,一个非微软的驱动导致页错误,所以微软这边没有这个驱动的symbols(对于堆栈的分析借助于symbols)。但这里的 IMAGE_NAME和MODULE_NAME指向WwanUsbMP.sys造成了这个问题,所以可以断开这个设备或者尝试更新驱动。

Console 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: 8ba10000, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: 82154573, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000000, (reserved) Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for WwanUsbMp.sys *** ERROR: Module load completed but symbols could not be loaded for WwanUsbMp.sys KEY_VALUES_STRING: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 16299.15.x86fre.rs3_release.170928-1534 MARKER_MODULE_NAME: IBM_ibmpmdrv SYSTEM_MANUFACTURER: LENOVO SYSTEM_PRODUCT_NAME: 20AWS07H00 SYSTEM_SKU: LENOVO_MT_20AW_BU_Think_FM_ThinkPad T440p SYSTEM_VERSION: ThinkPad T440p BIOS_VENDOR: LENOVO BIOS_VERSION: GLET85WW (2.39 ) BIOS_DATE: 09/29/2016 BASEBOARD_MANUFACTURER: LENOVO BASEBOARD_PRODUCT: 20AWS07H00 BASEBOARD_VERSION: Not Defined DUMP_TYPE: 2 BUGCHECK_P1: ffffffff8ba10000 BUGCHECK_P2: 0 BUGCHECK_P3: ffffffff82154573 BUGCHECK_P4: 0 READ_ADDRESS: 822821d0: Unable to get MiVisibleState 8ba10000 FAULTING_IP: nt!memcpy+33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213 82154573 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] MM_INTERNAL_CODE: 0 CPU_COUNT: 4 CPU_MHZ: 95a CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 21'00000000 (cache) 21'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System CURRENT_IRQL: 2 ANALYSIS_SESSION_HOST: SHENDRIX-DEV0 ANALYSIS_SESSION_TIME: 01-17-2019 10:54:53.0780 ANALYSIS_VERSION: 10.0.18248.1001 amd64fre TRAP_FRAME: 8ba0efa8 -- (.trap 0xffffffff8ba0efa8) ErrCode = 00000000 eax=8ba1759e ebx=a2bfd314 ecx=00001d67 edx=00000002 esi=8ba10000 edi=a2bfe280 eip=82154573 esp=8ba0f01c ebp=8ba0f024 iopl=0 nv up ei pl nz ac pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010216 nt!memcpy+0x33: 82154573 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] Resetting default scope LOCK_ADDRESS: 8226c6e0 -- (!locks 8226c6e0) Cannot get _ERESOURCE type Resource @ nt!PiEngineLock (0x8226c6e0) Available 1 total locks PNP_TRIAGE_DATA: Lock address : 0x8226c6e0 Thread Count : 0 Thread address: 0x00000000 Thread wait : 0x0 LAST_CONTROL_TRANSFER: from 82076708 to 821507e8 STACK_TEXT: 8ba0ede4 82076708 00000050 8ba10000 00000000 nt!KeBugCheckEx [minkernel\ntos\ke\i386\procstat.asm @ 114] 8ba0ee40 8207771e 8ba0efa8 8ba10000 8ba0eea0 nt!MiSystemFault+0x13c8 [minkernel\ntos\mm\mmfault.c @ 4755] 8ba0ef08 821652ac 00000000 8ba10000 00000000 nt!MmAccessFault+0x83e [minkernel\ntos\mm\mmfault.c @ 6868] 8ba0ef08 82154573 00000000 8ba10000 00000000 nt!_KiTrap0E+0xec [minkernel\ntos\ke\i386\trap.asm @ 5153] 8ba0f024 86692866 a2bfd314 8ba0f094 0000850a nt!memcpy+0x33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213] 8ba0f040 866961bc 8ba0f19c a2bfd0e8 00000000 NDIS!ndisMSetPowerManagementCapabilities+0x8a [minio\ndis\sys\miniport.c @ 7969] 8ba0f060 866e1f66 866e1caf adfb9000 00000000 NDIS!ndisMSetGeneralAttributes+0x23d [minio\ndis\sys\miniport.c @ 8198] 8ba0f078 ac50c15f a2bfd0e8 0000009f 00000001 NDIS!NdisMSetMiniportAttributes+0x2b7 [minio\ndis\sys\miniport.c @ 7184] WARNING: Stack unwind information not available. Following frames may be wrong. 8ba0f270 ac526f96 adfb9000 a2bfd0e8 8269b9b0 WwanUsbMp+0x1c15f 8ba0f3cc 866e368a a2bfd0e8 00000000 8ba0f4c0 WwanUsbMp+0x36f96 8ba0f410 867004b0 a2bfd0e8 a2bfd0e8 a2be2a70 NDIS!ndisMInvokeInitialize+0x60 [minio\ndis\sys\miniport.c @ 13834] 8ba0f7ac 866dbc8e a2acf730 866b807c 00000000 NDIS!ndisMInitializeAdapter+0xa23 [minio\ndis\sys\miniport.c @ 601] 8ba0f7d8 866e687d a2bfd0e8 00000000 00000000 NDIS!ndisInitializeAdapter+0x4c [minio\ndis\sys\initpnp.c @ 931] 8ba0f800 866e90bb adfb64d8 00000000 a2bfd0e8 NDIS!ndisPnPStartDevice+0x118 [minio\ndis\sys\configm.c @ 4235] 8ba0f820 866e8a58 adfb64d8 a2bfd0e8 00000000 NDIS!ndisStartDeviceSynchronous+0xbd [minio\ndis\sys\ndispnp.c @ 3096] 8ba0f838 866e81df adfb64d8 8ba0f85e 8ba0f85f NDIS!ndisPnPIrpStartDevice+0xb4 [minio\ndis\sys\ndispnp.c @ 1067] 8ba0f860 820a7e98 a2bfd030 adfb64d8 8ba0f910 NDIS!ndisPnPDispatch+0x108 [minio\ndis\sys\ndispnp.c @ 2429] 8ba0f878 8231f07e 8ba0f8ec adf5d4c8 872e2eb8 nt!IofCallDriver+0x48 [minkernel\ntos\io\iomgr\iosubs.c @ 3149] 8ba0f898 820b8569 820c92b8 872e2eb8 8ba0f910 nt!PnpAsynchronousCall+0x9e [minkernel\ntos\io\pnpmgr\irp.c @ 3005] 8ba0f8cc 820c9a76 00000000 820c92b8 872e2eb8 nt!PnpSendIrp+0x67 [minkernel\ntos\io\pnpmgr\irp.h @ 286] 8ba0f914 8234577b 872e2eb8 adf638b0 adf638b0 nt!PnpStartDevice+0x60 [minkernel\ntos\io\pnpmgr\irp.c @ 3187] 8ba0f94c 82346cc7 872e2eb8 adf638b0 adf638b0 nt!PnpStartDeviceNode+0xc3 [minkernel\ntos\io\pnpmgr\start.c @ 1712] 8ba0f96c 82343c68 00000000 a2bdb3d8 adf638b0 nt!PipProcessStartPhase1+0x4d [minkernel\ntos\io\pnpmgr\start.c @ 114] 8ba0fb5c 824db885 8ba0fb80 00000000 00000000 nt!PipProcessDevNodeTree+0x386 [minkernel\ntos\io\pnpmgr\enum.c @ 6129] 8ba0fb88 8219571b 85852520 8c601040 8226ba90 nt!PiRestartDevice+0x91 [minkernel\ntos\io\pnpmgr\enum.c @ 4743] 8ba0fbe8 820804af 00000000 00000000 8c601040 nt!PnpDeviceActionWorker+0xdb4b7 [minkernel\ntos\io\pnpmgr\action.c @ 674] 8ba0fc38 8211485c 85852520 421de295 00000000 nt!ExpWorkerThread+0xcf [minkernel\ntos\ex\worker.c @ 4270] 8ba0fc70 82166785 820803e0 85852520 00000000 nt!PspSystemThreadStartup+0x4a [minkernel\ntos\ps\psexec.c @ 7756] 8ba0fc88 82051e07 85943940 8ba0fcd8 82051bb9 nt!KiThreadStartup+0x15 [minkernel\ntos\ke\i386\threadbg.asm @ 82] 8ba0fc94 82051bb9 8b9cc600 8ba10000 8ba0d000 nt!KiProcessDeferredReadyList+0x17 [minkernel\ntos\ke\thredsup.c @ 5309] 8ba0fcd8 00000000 00000000 00000000 00000000 nt!KeSetPriorityThread+0x249 [minkernel\ntos\ke\thredobj.c @ 3881] RETRACER_ANALYSIS_TAG_STATUS: Failed in getting KPCR for core 1 THREAD_SHA1_HASH_MOD_FUNC: e029276c66aea80ba36903e89947127118d31128 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 012389f065d31c8eedd6204846a560146a38099b THREAD_SHA1_HASH_MOD: 44dc639eb162a28d47eaeeae4afe6f9eeccced3d FOLLOWUP_IP: WwanUsbMp+1c15f ac50c15f 8bf0 mov esi,eax FAULT_INSTR_CODE: f33bf08b SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: WwanUsbMp+1c15f FOLLOWUP_NAME: MachineOwner MODULE_NAME: WwanUsbMp IMAGE_NAME: WwanUsbMp.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5211bb0c DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR: Hybrid_FALSE DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR: GPU0_VenId0x1414_DevId0x8d_WDDM1.3_NotActive;GPU1_VenId0x8086_DevId0x416_WDDM1.3_Active_Post; STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 1c15f FAILURE_BUCKET_ID: AV_R_INVALID_WwanUsbMp!unknown_function BUCKET_ID: AV_R_INVALID_WwanUsbMp!unknown_function PRIMARY_PROBLEM_CLASS: AV_R_INVALID_WwanUsbMp!unknown_function TARGET_TIME: 2018-02-12T11:33:51.000Z OSBUILD: 16299 OSSERVICEPACK: 15 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x86 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2017-09-28 18:32:28 BUILDDATESTAMP_STR: 170928-1534 BUILDLAB_STR: rs3_release BUILDOSVER_STR: 10.0.16299.15.x86fre.rs3_release.170928-1534 ANALYSIS_SESSION_ELAPSED_TIME: 162bd ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_r_invalid_wwanusbmp!unknown_function FAILURE_ID_HASH: {31e4d053-0758-e43a-06a7-55f69b072cb3} FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3 Followup: MachineOwner --------- ReadVirtual: 812d1248 not properly sign extended



【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有