Re: 怎么找出这个dmp出错模块?
WinDbg
怎么找出这个dmp出错模块?
xingzhen
2010-04-28, 14:37 下午
操作系统总蓝屏,想知道哪个模块或者那个程序引起的,分析结果如下:
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\user\Desktop\Mini042810-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Apr 28 13:08:47.453 2010 (GMT+8)
System Uptime: 0 days 0:00:52.046
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, cd4, 0, e224a350}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!PVOID ***
*** ***
*************************************************************************
unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
Probably caused by : ntoskrnl.exe ( nt+22f0d )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00000000, Memory contents of the pool block
Arg4: e224a350, Address of the block of pool being deallocated
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
MODULE_NAME: nt
FAULTING_MODULE: 804d8000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a78232a
POOL_ADDRESS: e224a350
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 8054b583 to 804faf0d
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
baf07c04 8054b583 000000c2 00000007 00000cd4 nt+0x22f0d
baf07c54 80635089 e224a350 ee494d43 e28a4e68 nt+0x73583
baf07c6c 8063bd8c e1649a58 e1036758 8063bea8 nt+0x15d089
baf07c80 80635164 e28a4e68 baf07c98 806355aa nt+0x163d8c
baf07c8c 806355aa e28a4e68 baf07cb0 806366aa nt+0x15d164
baf07c98 806366aa e28a4e68 00000000 e2923de0 nt+0x15d5aa
baf07cb0 805bb2a3 e2923df8 00000000 e2923de0 nt+0x15e6aa
baf07ccc 8052748c e2923df8 00000000 00000424 nt+0xe32a3
baf07cfc 805bc20f e155c658 e2923df8 00000424 nt+0x4f48c
baf07d44 805bc347 00000424 00000001 00000000 nt+0xe420f
baf07d58 805423fc 00000424 00c0e434 7c92e514 nt+0xe4347
baf07d64 7c92e514 badb0d00 00c0e42c 00000000 nt+0x6a3fc
baf07d68 badb0d00 00c0e42c 00000000 00000000 0x7c92e514
baf07d6c 00c0e42c 00000000 00000000 00000000 0xbadb0d00
baf07d70 00000000 00000000 00000000 00000000 0xc0e42c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+22f0d
804faf0d 5d pop ebp
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
SYMBOL_NAME: nt+22f0d
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Re: 怎么找出这个dmp出错模块?
SuperMouse
2010-04-28, 17:53 下午
你这里的符号不正确,先加载正确的内核调试符号吧
Re: 怎么找出这个dmp出错模块?
DebuggingLife
2010-05-18, 10:04 上午
先去MS的网站找到你OS对应的symbol然后再来进行windbg的操作,你现在显示的全是地址信息,16进制的.如果你有symbol windbg可以把这些翻译成modalname!classname::functionname这样的样字,你或许就更容易明白那里出错了!
希望有帮助!
Re: 怎么找出这个dmp出错模块?
Oak
2010-05-18, 16:33 下午
.symfix d:\symbol
!analyze -v
windows里应该有的都会下载下来,剩下的就是你自己的安装的了。
在方便点 下个Debugdialog , 会帮你把所有的事都办了。