Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
 
  ACPI调试
Linux内核调试
Windows内核调试
 
  调试战役
调试原理
新工具观察
 
  Linux
Windows Vista
Windows
 
  Linux驱动
WDF
WDM
 
  PCI Express
PCI/PCI-X
USB
无线通信协议
 
  64位CPU
ARM
IA-32
  CPU Info Center
 
  ACPI标准
系统认证
Desktop
服务器
 
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
 
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

WinDbg

帖子发起人: xingzhen   发起时间: 2010-04-28 14:37 下午   回复: 3

Print Search
帖子排序:    
   2010-04-28, 14:37 下午
xingzhen 离线,最后访问时间: 2010/4/28 6:20:54 xingzhen

发帖数前500位
注册: 2010-04-28
发 贴: 1
怎么找出这个dmp出错模块?
Reply Quote
操作系统总蓝屏,想知道哪个模块或者那个程序引起的,分析结果如下:
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\user\Desktop\Mini042810-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Apr 28 13:08:47.453 2010 (GMT+8)
System Uptime: 0 days 0:00:52.046
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 0, e224a350}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!PVOID ***
*** ***
*************************************************************************
unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
Probably caused by : ntoskrnl.exe ( nt+22f0d )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00000000, Memory contents of the pool block
Arg4: e224a350, Address of the block of pool being deallocated

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size

MODULE_NAME: nt

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4a78232a

POOL_ADDRESS: e224a350

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

LAST_CONTROL_TRANSFER: from 8054b583 to 804faf0d

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
baf07c04 8054b583 000000c2 00000007 00000cd4 nt+0x22f0d
baf07c54 80635089 e224a350 ee494d43 e28a4e68 nt+0x73583
baf07c6c 8063bd8c e1649a58 e1036758 8063bea8 nt+0x15d089
baf07c80 80635164 e28a4e68 baf07c98 806355aa nt+0x163d8c
baf07c8c 806355aa e28a4e68 baf07cb0 806366aa nt+0x15d164
baf07c98 806366aa e28a4e68 00000000 e2923de0 nt+0x15d5aa
baf07cb0 805bb2a3 e2923df8 00000000 e2923de0 nt+0x15e6aa
baf07ccc 8052748c e2923df8 00000000 00000424 nt+0xe32a3
baf07cfc 805bc20f e155c658 e2923df8 00000424 nt+0x4f48c
baf07d44 805bc347 00000424 00000001 00000000 nt+0xe420f
baf07d58 805423fc 00000424 00c0e434 7c92e514 nt+0xe4347
baf07d64 7c92e514 badb0d00 00c0e42c 00000000 nt+0x6a3fc
baf07d68 badb0d00 00c0e42c 00000000 00000000 0x7c92e514
baf07d6c 00c0e42c 00000000 00000000 00000000 0xbadb0d00
baf07d70 00000000 00000000 00000000 00000000 0xc0e42c


STACK_COMMAND: kb

FOLLOWUP_IP:
nt+22f0d
804faf0d 5d pop ebp

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

SYMBOL_NAME: nt+22f0d

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------


IP 地址: 已记录   报告
   2010-04-28, 17:53 下午
louyihua 离线,最后访问时间: 2014/11/22 12:40:40 SuperMouse

发帖数前150位
注册: 2008-10-31
发 贴: 8
Re: 怎么找出这个dmp出错模块?
Reply Quote
你这里的符号不正确,先加载正确的内核调试符号吧
IP 地址: 已记录   报告
   2010-05-18, 10:04 上午
DebuggingLife 离线,最后访问时间: 2010/5/4 3:13:25 DebuggingLife

发帖数前200位
注册: 2010-05-04
发 贴: 5
Re: 怎么找出这个dmp出错模块?
Reply Quote
先去MS的网站找到你OS对应的symbol然后再来进行windbg的操作,你现在显示的全是地址信息,16进制的.如果你有symbol windbg可以把这些翻译成modalname!classname::functionname这样的样字,你或许就更容易明白那里出错了!

希望有帮助!
IP 地址: 已记录   报告
   2010-05-18, 16:33 下午
lgq198660837 离线,最后访问时间: 2009/12/19 14:35:08 Oak

发帖数前100位
注册: 2009-10-19
发 贴: 14
Re: 怎么找出这个dmp出错模块?
Reply Quote

.symfix d:\symbol

!analyze -v

 

windows里应该有的都会下载下来,剩下的就是你自己的安装的了。

在方便点 下个Debugdialog , 会帮你把所有的事都办了。


IP 地址: 已记录   报告
高端调试 » 软件调试 » WinDbg » Re: 怎么找出这个dmp出错模块?

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.