dump信息如下
BugCheck 7E, {c0000005, 805338b7, faf5ac08, faf5a904}
*** Fatal System Error: 0x0000007e
(0xC0000005,0x805338B7,0xFAF5AC08,0xFAF5A904)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
Connected to Windows XP 2600 x86 compatible target at (Fri Jan 29 14:35:25.671 2010 (GMT+8)), ptr64 FALSE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlpa.exe -
Loading Kernel Symbols
Probably caused by : ntkrnlpa.exe ( nt!ExAcquireResourceSharedLite+65 )
Followup: MachineOwner
---------
nt!DbgBreakPointWithStatus+0x4:
80528bec cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805338b7, The address that the exception occurred at
Arg3: faf5ac08, Exception Record Address
Arg4: faf5a904, Context Record Address
Normal 0 7.8 磅 0 2 false false false MicrosoftInternetExplorer4 st1\:*{behavior:url(#ieooui) } /* Style Definitions */ table.MsoNormalTable {mso-style-name:普通表格; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}
MODULE_NAME: nt
FAULTING_MODULE: 804d8000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a7834f7
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
FAULTING_IP:
nt!ExAcquireResourceSharedLite+65
805338b7 66395e0c cmp word ptr [esi+0Ch],bx
EXCEPTION_RECORD: faf5ac08 -- (.exr 0xfffffffffaf5ac08)
ExceptionAddress: 805338b7 (nt!ExAcquireResourceSharedLite+0x00000065)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 6e664d52
Attempt to read from address 6e664d52
CONTEXT: faf5a904 -- (.cxr 0xfffffffffaf5a904)
eax=8130e6e8 ebx=00000000 ecx=ffa8c090 edx=faf5ad40 esi=6e664d46 edi=8130e6e8
eip=805338b7 esp=faf5acd0 ebp=faf5acdc iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010046
nt!ExAcquireResourceSharedLite+0x65:
805338b7 66395e0c cmp word ptr [esi+0Ch],bx ds:0023:6e664d52=????
Resetting default scope
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fa84f3ea to 805338b7
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
faf5acdc fa84f3ea 6e664d46 00000001 ffa8c090 nt!ExAcquireResourceSharedLite+0x65
faf5acf0 804e4b1f e1cf8758 00000001 80551190 Fastfat+0x83ea
faf5ad2c 804e71fe 8130a218 8055c140 8130e6e8 nt!CcFlushCache+0x5f3
faf5ad74 80535c12 8130a218 00000000 8130e6e8 nt!CcWaitForCurrentLazyWriterActivity+0x612
faf5adac 805c721e 8130a218 00000000 00000000 nt!ExQueueWorkItem+0x1b2
faf5addc 80542de2 80535b12 00000000 00000000 nt!PsRemoveCreateThreadNotifyRoutine+0x21e
00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x5a2
FOLLOWUP_IP:
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExAcquireResourceSharedLite+65
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntkrnlpa.exe
STACK_COMMAND: .cxr 0xfffffffffaf5a904 ; kb
BUCKET_ID: WRONG_SYMBOLS