海运的博客

Windows用WinDbg分析蓝屏dump文件查找原因

发布时间:October 31, 2012 // 分类:Windows // No Comments

WinDbg官方下载:
http://msdl.microsoft.com/download/symbols/debuggers/dbg_x86_6.11.1.404.msi
http://msdl.microsoft.com/download/symbols/debuggers/dbg_amd64_6.11.1.404.msi
打开WinDbg设置Symbol File Path为:

SRV*http://msdl.microsoft.com/download/symbols

然后将dump文件拖入WinDbg窗口等待片刻即有分析结果,dump文件在C:WindowsMinidump目录。
windbg分析windows蓝屏原因.png
输入!analyze -v查看详细分析结果:

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff8811f7ffa80, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800042d2040, address which referenced memory

Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800044ff100
 fffff8811f7ffa80 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!RtlCopyMemoryNonTemporal+40
fffff800`042d2040 4c8b0c11        mov     r9,qword ptr [rcx+rdx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  ThunderPlatfor

TRAP_FRAME:  fffff88008a5e5c0 -- (.trap 0xfffff88008a5e5c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.

STACK_COMMAND:  kb

FOLLOWUP_IP: 
L1C62x64+5534
fffff880`05e6f534 ??              ???

SYMBOL_STACK_INDEX:  c

SYMBOL_NAME:  L1C62x64+5534

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: L1C62x64

IMAGE_NAME:  L1C62x64.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49d2f6fd

FAILURE_BUCKET_ID:  X64_0xA_L1C62x64+5534

BUCKET_ID:  X64_0xA_L1C62x64+5534

Followup: MachineOwner
---------

1: kd> lmvm L1C62x64
start             end                 module name
fffff880`05e6a000 fffff880`05e7c000   L1C62x64 T (no symbols)           
    Loaded symbol image file: L1C62x64.sys
    Image path: \SystemRoot\system32\DRIVERS\L1C62x64.sys
    Image name: L1C62x64.sys
    Timestamp:        Wed Apr 01 13:09:17 2009 (49D2F6FD)
    CheckSum:         0001660A
    ImageSize:        00012000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

可见是L1C62x64.sys的问题,查看了下是Atheros千M网卡的驱动文件,是进程ThunderPlatfor引起的系统蓝屏,先升级下网卡驱动试试,再不行就升级迅雷,郁闷ING。。。

标签:windows, 蓝屏, bluescreen, windbg, windows蓝屏原因分析

评论已关闭

分类
最新文章
最近回复
  • 海运: 正常情况下编译整个内核执行make menuconfig后就不会出现此提示,当单独编译单个模块...
  • oijq: 就是用的armbian的配置文件哈,按你的教程做的,在执行make LOCALVERSION=...
  • 海运: 使用armbian的配置文件,其它添加或修改自己懂的部分,不懂的就不要碰了。
  • oijq: 编译时这些选项全部选Y吗?Actions Semi Platforms (ARCH_ACTIO...
  • 海运: n1编译bbr内核模块参考这个:https://www.haiyun.me/archives/...
  • jiqz: make M=net/ipv4/ CONFIG_TCP_CONG_BBR=m modules编...
  • ruralhunter: 哦,文档里应该是对的,是.config
  • ruralhunter: cp /mnt/boot/config-4.18.7-aml-s9xxx .config这里应...
  • 海运: 你是编译不成功呢?还是编译后不能运行呢?还是运行后不能访问web界面呢?
  • 白墨: 可能不清楚就是编译安装后启动后访问不了web界面