求助:OA服务器蓝屏
WinDbg
求助:OA服务器蓝屏
静默
2012-09-03, 21:21 下午
老师您好:
刚才在
转储分析
区发过帖子,怕发错版区,所以在此再发一次。如有不对,还请原谅。
小弟新人,因为公司OA服务器最近三个月一直间歇蓝屏,一直未找原因。后得知使用windbg可以分析dump文件,查找故障原因。
因小弟从未使用过windbg。所以特此求助各位大神帮助。故障描述中,有描述不对的,还望大神指出。
通过windbg 自动分析结果,显示是windows taskmgr.exe 强制结束了smss.exe,导致了系统蓝屏,但小弟一直不明白,是什么原因导致的?
dump文件内容如下:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, fffffa800282a200, fffffa800282a4e0, fffff80001986db0}
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
Probably caused by : smss.exe
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800282a200, Terminating object
Arg3: fffffa800282a4e0, Process image file name
Arg4: fffff80001986db0, Explanatory message (ascii)
Debugging Details:
------------------
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018). Type ".hh dbgerr001" for details
PROCESS_OBJECT: fffffa800282a200
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: smss
FAULTING_MODULE: 0000000000000000
PROCESS_NAME: taskmgr.exe
BUGCHECK_STR: 0xF4_taskmgr.exe
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001a0b982 to fffff80001683640
STACK_TEXT:
fffff880`05012ac8 fffff800`01a0b982 : 00000000`000000f4 00000000`00000003 fffffa80`0282a200 fffffa80`0282a4e0 : nt!KeBugCheckEx
fffff880`05012ad0 fffff800`019b90ab : ffffffff`ffffffff fffffa80`03115060 fffffa80`0282a200 fffff800`0193bda0 : nt!PspCatchCriticalBreak+0x92
fffff880`05012b10 fffff800`0193c698 : ffffffff`ffffffff 00000000`00000001 fffffa80`0282a200 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17ad6
fffff880`05012b60 fffff800`016828d3 : fffffa80`0282a200 fffff880`00000001 fffffa80`03115060 00000000`00000000 :
nt!NtTerminateProcess+0xf4
fffff880`05012be0 00000000`76e115da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001dece8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e115da
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: smss.exe
FAILURE_BUCKET_ID: X64_0xF4_taskmgr.exe_VRF_IMAGE_smss.exe
BUCKET_ID: X64_0xF4_taskmgr.exe_VRF_IMAGE_smss.exe
Followup: MachineOwner
---------
上网查找得知,可以有通过!locks查看当前死锁程序,发现system,svchost.exe,java.exe....等程序都有死锁,但不知道是否是因为这些程序的死锁造成系统蓝屏?
如下:
1: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks.
Resource @ nt!CmpRegistryLock (0xfffff800017ff000) Shared 1 owning threads
Contention Count = 7
Threads: fffffa800226d680-01<*>
KD: Scanning for held locks...
Resource @ 0xfffffa8002802880 Shared 1 owning threads
Contention Count = 11
Threads: fffffa8003a915a0-01<*>
KD: Scanning for held locks.
Resource @ 0xfffff980029bef50 Shared 1 owning threads
Contention Count = 11
Threads: fffffa8003a915a0-01<*>
KD: Scanning for held locks....
Resource @ 0xfffffa8002859880 Shared 29 owning threads
Threads: fffffa8003865810-01<*> fffffa80037d2660-01<*> fffffa8002fac060-01<*> fffffa8003881060-01<*>
fffffa8003c5bb60-01<*> fffffa800349eb60-01<*> fffffa8003a9ab60-01<*> fffffa8002f3e880-01<*>
fffffa8002ede060-01<*> fffffa800365b060-01<*> fffffa8003057410-01<*> fffffa8003c7fb60-01<*>
fffffa8003bb0060-01<*> fffffa80033ceb60-01<*> fffffa800389ea50-01<*> fffffa8003d4db60-01<*>
fffffa8002eb7840-01<*> fffffa8003c458c0-01<*> fffffa8003adeb60-01<*> fffffa8003cdb060-01<*>
fffffa80037327b0-01<*> fffffa8003639660-01<*> fffffa8003618950-01<*> fffffa800360eb60-01<*>
fffffa8003486350-01<*> fffffa8003713060-01<*> fffffa8002f4cb60-01<*> fffffa8003606660-01<*>
fffffa8003650b60-01<*>
KD: Scanning for held locks........................................................
Resource @ 0xfffffa8002e1d480 Shared 1 owning threads
Threads: fffffa8003881060-01<*>
KD: Scanning for held locks........
Resource @ 0xfffff9800f266f98 Shared 1 owning threads
Threads: fffffa80035f2290-01<*>
KD: Scanning for held locks.................
Resource @ 0xfffff9801052af50 Shared 1 owning threads
Contention Count = 1
Threads: fffffa800365b060-01<*>
KD: Scanning for held locks................................................................................
Resource @ 0xfffff9801e9d4ef0 Exclusively owned
Contention Count = 26
NumberOfExclusiveWaiters = 3
Threads: fffffa8003716060-01<*>
Threads Waiting On Exclusive Access:
fffffa8003057410 fffffa800349eb60 fffffa800389ea50
Resource @ 0xfffff9801e9d4f98 Exclusively owned
Contention Count = 35
NumberOfExclusiveWaiters = 16
Threads: fffffa800349eb60-01<*>
Threads Waiting On Exclusive Access:
fffffa80037327b0 fffffa80033ceb60 fffffa800360eb60 fffffa8003639660
fffffa8003486350 fffffa8003713060 fffffa80037d2660 fffffa8002fac060
fffffa8003cdb060 fffffa8003618950 fffffa8003bb0060 fffffa8003d4db60
fffffa8003606660 fffffa8003650b60 fffffa8003a9ab60 fffffa8003adeb60
Resource @ 0xfffff98024d2cef0 Exclusively owned
Contention Count = 47
NumberOfExclusiveWaiters = 4
Threads: fffffa8003865810-01<*>
Threads Waiting On Exclusive Access:
fffffa8003c7fb60 fffffa8003c5bb60 fffffa8002f3e880 fffffa8003c458c0
Resource @ 0xfffff98024d2cf98 Exclusively owned
Contention Count = 10
NumberOfExclusiveWaiters = 1
Threads: fffffa8003c7fb60-01<*>
Threads Waiting On Exclusive Access:
fffffa8002f4cb60
KD: Scanning for held locks.
Resource @ 0xfffff980254c2ef0 Exclusively owned
Contention Count = 2
NumberOfSharedWaiters = 1
Threads: fffffa8002eb7840-01<*> fffffa8003652660-01
KD: Scanning for held locks........
Resource @ 0xfffff98016e58ef0 Exclusively owned
Threads: fffffa8003881060-01<*>
KD: Scanning for held locks......
5737 total locks, 13 locks currently held
1: kd> !thread fffffa800226d680
THREAD fffffa800226d680 Cid 0004.0044 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff98024c58fe0 SynchronizationEvent
IRP List:
fffff9801e89ab40: (0006,04c0) Flags: 40060004 Mdl: 00000000
Not impersonating
DeviceMap fffff8a000007010
Owning Process fffffa8002205b30 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 190442 Ticks: 1 (0:00:00:00.015)
Context Switch Count 10327
UserTime 00:00:00.000
KernelTime 00:00:03.416
Win32 Start Address nt!ExpWorkerThread (0xfffff8000168d910)
Stack Init fffff88001fd1d70 Current fffff88001fd15d0
Base fffff88001fd2000 Limit fffff88001fcc000 Call 0
Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff880`01fd1610 fffff800`01688992 : 00000000`00000103 fffffa80`0226d680 fffff980`24c58fe0 fffff980`00000009 : nt!KiSwapContext+0x7a
fffff880`01fd1750 fffff800`0168b1af : 00000000`00000000 00000000`00000000 fffff800`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`01fd17e0 fffff800`01921368 : 00000000`00000000 fffff800`00000000 00000000`00000000 00000000`00010200 : nt!KeWaitForSingleObject+0x19f
fffff880`01fd1880 fffff800`01922895 : fffff980`1e89ab40 fffff980`24c58fe0 fffff980`24c58fe0 00000000`00000000 : nt!IopSynchronousApiServiceTail+0x74
fffff880`01fd18c0 fffff800`016828d3 : fffffa80`0226d680 fffff8a0`01794000 fffffa80`02801c20 fffffa80`0340c220 : nt!NtFlushBuffersFile+0x195
fffff880`01fd1950 fffff800`0167ee70 : fffff800`01923627 fffff880`01fd1b00 fffff8a0`017935e8 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`01fd1950)
fffff880`01fd1ae8 fffff800`01923627 : fffff880`01fd1b00 fffff8a0`017935e8 00000000`00000000 fffff800`019233e5 : nt!KiServiceLinkage
fffff880`01fd1af0 fffff800`019233e8 : fffff880`01fd1ba0 00000000`00000020 fffff8a0`00003400 fffff8a0`0760f000 : nt!CmpFileFlush+0x3f
fffff880`01fd1b30 fffff800`01923672 : 00000000`00000200 00000000`00000000 00000000`00000000 00000000`00000001 : nt!HvWriteDirtyDataToHive+0xe0
fffff880`01fd1ba0 fffff800`019136f7 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff8a0`016b48b0 : nt!HvOptimizedSyncHive+0x32
fffff880`01fd1bd0 fffff800`01913859 : fffff980`1e5d4f00 fffff880`01fd1c78 fffff800`01913700 00000000`00000001 : nt!CmpDoFlushNextHive+0x197
fffff880`01fd1c30 fffff800`0168da21 : fffff800`019137b4 fffff800`01979f00 fffffa80`00000000 fffff800`01820658 : nt!CmpLazyFlushWorker+0xa5
fffff880`01fd1c70 fffff800`01920cce : ffffffff`ffffffff fffffa80`0226d680 00000000`00000080 fffffa80`02205b30 : nt!ExpWorkerThread+0x111
fffff880`01fd1d00 fffff800`01674fe6 : fffff880`009bf180 fffffa80`0226d680 fffff880`009c9f40 ffffffff`ffffffff : nt!PspSystemThreadStartup+0x5a
fffff880`01fd1d40 00000000`00000000 : fffff880`01fd2000 fffff880`01fcc000 fffff880`05511450 00000000`00000000 : nt!KxStartSystemThread+0x16
1: kd> !thread fffffa8003a915a0
THREAD fffffa8003a915a0 Cid 0b60.13d0 Teb: 000007fffff9a000 Win32Thread: 0000000000000000 ????
IRP List:
fffff9802525ab40: (0006,04c0) Flags: 40000884 Mdl: 00000000
Not impersonating
DeviceMap fffff8a000007010
Owning Process fffffa8002e02330 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 190383 Ticks: 60 (0:00:00:00.936)
Context Switch Count 12275
UserTime 00:00:00.140
KernelTime 00:00:03.510
Win32 Start Address 0x000007feebf8bc10
Stack Init fffff880066c0d70 Current fffff880066c03f0
Base fffff880066c1000 Limit fffff880066bb000 Call 0
Priority 5 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 3
Child-SP RetAddr : Args to Child : Call Site
fffff880`066c0430 fffff800`01688992 : 00000000`00000008 fffffa80`03a915a0 00000000`00000000 00000000`00000005 : nt!KiSwapContext+0x7a
fffff880`066c0570 fffff800`0168b1af : fffff6fc`c010b478 00000000`00000000 ffff0800`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`066c0600 fffff800`01675443 : 00000000`00000000 00000000`0000001c 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x19f
fffff880`066c06a0 fffff800`0169208a : 00000000`00000055 00000000`00000040 0b800000`1e406860 00000000`00000008 : nt!ExfAcquirePushLockExclusive+0x188
fffff880`066c0720 fffff800`0168176e : 00000000`00000008 fffff880`015b9ae9 fffff880`066c0800 00000000`00000000 : nt!MmAccessFault+0x1a6a
fffff880`066c0880 fffff880`015b9ae9 : fffff980`1e8a6e40 fffffa80`02802180 fffff880`066c0b28 00000000`0028f000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`066c0880)
fffff880`066c0a10 fffff880`014ef252 : fffff980`1e8a6e40 fffff980`2525ab40 00000000`00000000 00010000`00000a3c : Ntfs!NtfsOpenFcbById+0x1e9
fffff880`066c0b10 fffff880`01456a3d : fffff980`1e8a6e40 fffff980`2525ab40 fffff880`068ea3a0 fffffa80`0310d500 : Ntfs!NtfsCommonCreate+0x1d20
fffff880`066c0cf0 fffff800`0167b157 : fffff880`068ea310 45454545`45454545 45454545`45454545 45454545`45454545 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`066c0d20 fffff800`0167b111 : 00000000`00000000 00000000`00000000 fffff880`066c1000 fffff800`01690242 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ fffff880`066c0be0)
fffff880`068ea1e0 fffff800`01690242 : fffffa80`02077480 00000000`00000002 fffff880`068e5000 fffff880`068eb000 : nt!KiSwitchKernelStackContinue
fffff880`068ea200 fffff880`014571bf : fffff880`01456a20 fffff880`01456020 fffffa80`0288c900 fffff880`014f7f00 : nt!KeExpandKernelStackAndCalloutEx+0x2a2
fffff880`068ea2e0 fffff880`014f099c : 00000000`00000000 00000000`00000000 00000000`00000002 fffff980`2525ab40 : Ntfs!NtfsCommonCreateOnNewStack+0x4f
fffff880`068ea340 fffff800`01b26c16 : fffffa80`02802030 fffff980`2525ab40 00000000`00000000 00000000`00000000 : Ntfs!NtfsFsdCreate+0x1ac
fffff880`068ea4f0 fffff880`01303bcf : fffff980`2525afb8 fffff880`068ea5a0 fffff980`22694e30 fffffa80`0288c970 : nt!IovCallDriver+0x566
fffff880`068ea550 fffff880`013232b9 : fffff980`2525ab40 fffff980`0296c800 fffff980`2525ab00 fffffa80`02801c20 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`068ea5e0 fffff800`01b26c16 : fffff980`2525ab40 00000000`00000002 00000000`00000040 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`068ea690 fffff800`01981495 : 00000000`00000004 fffffa80`03c911c8 fffffa80`038f7610 fffffa80`03213ab0 : nt!IovCallDriver+0x566
fffff880`068ea6f0 fffff800`0197dac2 : fffffa80`02801c20 fffffa80`00000000 fffffa80`03c91010 fffffa80`00000001 : nt!IopParseDevice+0x5a5
fffff880`068ea880 fffff800`0197ef56 : 00000000`00000190 fffffa80`03c91010 00000000`00000000 fffffa80`02271210 : nt!ObpLookupObjectName+0x312
fffff880`068ea970 fffff800`0198085c : fffffa80`02f5a200 00000000`00000000 fffff800`01808c01 fffff880`068eaa58 : nt!ObOpenObjectByName+0x306
fffff880`068eaa40 fffff800`0196c134 : 00000000`0127e9b0 fffff8a0`00100080 00000000`0127ea18 00000000`0127e9d0 : nt!IopCreateFile+0x2bc
fffff880`068eaae0 fffff800`016828d3 : fffffa80`02e02330 00000000`00000001 fffffa80`03a915a0 fffff800`0197aa34 : nt!NtOpenFile+0x58
fffff880`068eab70 00000000`76e1164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`068eabe0)
00000000`0127e978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e1164a
1: kd> !thread fffffa8003a915a0
THREAD fffffa8003a915a0 Cid 0b60.13d0 Teb: 000007fffff9a000 Win32Thread: 0000000000000000 ????
IRP List:
fffff9802525ab40: (0006,04c0) Flags: 40000884 Mdl: 00000000
Not impersonating
DeviceMap fffff8a000007010
Owning Process fffffa8002e02330 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 190383 Ticks: 60 (0:00:00:00.936)
Context Switch Count 12275
UserTime 00:00:00.140
KernelTime 00:00:03.510
Win32 Start Address 0x000007feebf8bc10
Stack Init fffff880066c0d70 Current fffff880066c03f0
Base fffff880066c1000 Limit fffff880066bb000 Call 0
Priority 5 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 3
Child-SP RetAddr : Args to Child : Call Site
fffff880`066c0430 fffff800`01688992 : 00000000`00000008 fffffa80`03a915a0 00000000`00000000 00000000`00000005 : nt!KiSwapContext+0x7a
fffff880`066c0570 fffff800`0168b1af : fffff6fc`c010b478 00000000`00000000 ffff0800`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`066c0600 fffff800`01675443 : 00000000`00000000 00000000`0000001c 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x19f
fffff880`066c06a0 fffff800`0169208a : 00000000`00000055 00000000`00000040 0b800000`1e406860 00000000`00000008 : nt!ExfAcquirePushLockExclusive+0x188
fffff880`066c0720 fffff800`0168176e : 00000000`00000008 fffff880`015b9ae9 fffff880`066c0800 00000000`00000000 : nt!MmAccessFault+0x1a6a
fffff880`066c0880 fffff880`015b9ae9 : fffff980`1e8a6e40 fffffa80`02802180 fffff880`066c0b28 00000000`0028f000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`066c0880)
fffff880`066c0a10 fffff880`014ef252 : fffff980`1e8a6e40 fffff980`2525ab40 00000000`00000000 00010000`00000a3c : Ntfs!NtfsOpenFcbById+0x1e9
fffff880`066c0b10 fffff880`01456a3d : fffff980`1e8a6e40 fffff980`2525ab40 fffff880`068ea3a0 fffffa80`0310d500 : Ntfs!NtfsCommonCreate+0x1d20
fffff880`066c0cf0 fffff800`0167b157 : fffff880`068ea310 45454545`45454545 45454545`45454545 45454545`45454545 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`066c0d20 fffff800`0167b111 : 00000000`00000000 00000000`00000000 fffff880`066c1000 fffff800`01690242 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ fffff880`066c0be0)
fffff880`068ea1e0 fffff800`01690242 : fffffa80`02077480 00000000`00000002 fffff880`068e5000 fffff880`068eb000 : nt!KiSwitchKernelStackContinue
fffff880`068ea200 fffff880`014571bf : fffff880`01456a20 fffff880`01456020 fffffa80`0288c900 fffff880`014f7f00 : nt!KeExpandKernelStackAndCalloutEx+0x2a2
fffff880`068ea2e0 fffff880`014f099c : 00000000`00000000 00000000`00000000 00000000`00000002 fffff980`2525ab40 : Ntfs!NtfsCommonCreateOnNewStack+0x4f
fffff880`068ea340 fffff800`01b26c16 : fffffa80`02802030 fffff980`2525ab40 00000000`00000000 00000000`00000000 : Ntfs!NtfsFsdCreate+0x1ac
fffff880`068ea4f0 fffff880`01303bcf : fffff980`2525afb8 fffff880`068ea5a0 fffff980`22694e30 fffffa80`0288c970 : nt!IovCallDriver+0x566
fffff880`068ea550 fffff880`013232b9 : fffff980`2525ab40 fffff980`0296c800 fffff980`2525ab00 fffffa80`02801c20 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`068ea5e0 fffff800`01b26c16 : fffff980`2525ab40 00000000`00000002 00000000`00000040 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`068ea690 fffff800`01981495 : 00000000`00000004 fffffa80`03c911c8 fffffa80`038f7610 fffffa80`03213ab0 : nt!IovCallDriver+0x566
fffff880`068ea6f0 fffff800`0197dac2 : fffffa80`02801c20 fffffa80`00000000 fffffa80`03c91010 fffffa80`00000001 : nt!IopParseDevice+0x5a5
fffff880`068ea880 fffff800`0197ef56 : 00000000`00000190 fffffa80`03c91010 00000000`00000000 fffffa80`02271210 : nt!ObpLookupObjectName+0x312
fffff880`068ea970 fffff800`0198085c : fffffa80`02f5a200 00000000`00000000 fffff800`01808c01 fffff880`068eaa58 : nt!ObOpenObjectByName+0x306
fffff880`068eaa40 fffff800`0196c134 : 00000000`0127e9b0 fffff8a0`00100080 00000000`0127ea18 00000000`0127e9d0 : nt!IopCreateFile+0x2bc
fffff880`068eaae0 fffff800`016828d3 : fffffa80`02e02330 00000000`00000001 fffffa80`03a915a0 fffff800`0197aa34 : nt!NtOpenFile+0x58
fffff880`068eab70 00000000`76e1164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`068eabe0)
00000000`0127e978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e1164a
1: kd> !thread fffffa8003865810
THREAD fffffa8003865810 Cid 070c.10a8 Teb: 000007ffffee4000 Win32Thread: 0000000000000000 ????
Not impersonating
DeviceMap fffff8a000007010
Owning Process fffffa8003092500 Image: java.exe
Attached Process N/A Image: N/A
Wait Start TickCount 190443 Ticks: 0
Context Switch Count 1030
UserTime 00:00:00.046
KernelTime 00:00:01.435
Win32 Start Address 0x000007fefd2573fc
Stack Init fffff88005de9d70 Current fffff88005de7fa0
Base fffff88005dea000 Limit fffff88005de4000 Call 0
Priority 10 BasePriority 8 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff880`05de7fe0 fffff800`016cf453 : fffff800`0167f4b6 fffff800`0167f522 00000000`00098fe5 fffffa80`023f8c01 : nt!KxDispatchInterrupt+0x12f
fffff880`05de8120 fffff800`0167f522 : 00000000`00098fe5 fffffa80`023f8c01 fffffa80`023f8c00 00000000`00000000 : nt!KiDpcInterruptBypass+0x13
fffff880`05de8130 fffff800`0165c43b : fffffa80`017d30e8 fffff880`05de8470 fffff880`05de8330 fffffa80`00000000 : nt!KiInterruptDispatch+0x212 (TrapFrame @ fffff880`05de8130)
fffff880`05de82c0 fffff800`0173b6f6 : 00000000`00009678 00000000`00000000 fffff880`05de8450 00000000`00098fe5 : nt!RtlpLookupFunctionEntryForStackWalks+0xbc
fffff880`05de8330 fffff800`0173cac3 : fffffa80`017d30e8 fffff880`00000008 fffff880`00000000 fffff880`00000003 : nt!RtlpWalkFrameChain+0x2e6
fffff880`05de89d0 fffff800`0173d94b : 00000000`00000002 fffffa80`017d30e8 00000000`00000000 fffff980`1cd54b70 : nt!RtlWalkFrameChain+0x63
fffff880`05de8a00 fffff800`01b1724c : fffffa80`017d30d8 00000000`00000000 fffff980`1cd54b40 00000000`1cd54b40 : nt!RtlCaptureStackBackTrace+0x4b
fffff880`05de8a30 fffff880`014ecc54 : fffff980`1cd54c70 fffff980`1cd54b40 fffff980`0467ee00 fffffa80`03b7e010 : nt!VfKeIrqlLogLower+0x3c
fffff880`05de8a60 fffff880`014f20ec : fffff880`05de9300 fffff980`1cd54b40 00000000`00000000 fffff980`25522fb8 : Ntfs!NtfsCreateScb+0xe4
fffff880`05de8b20 fffff880`014e0fe5 : fffff880`05de9300 fffff980`25522fb8 fffffa80`02859180 fffff980`1cd54ed8 : Ntfs!NtfsOpenAttribute+0xac
fffff880`05de8c30 fffff880`014dce3b : fffff880`05de9250 fffff880`05de9300 fffff980`1cd54ed8 fffff980`00000050 : Ntfs!NtfsOpenExistingAttr+0x145
fffff880`05de8cf0 fffff880`014e009f : fffff880`05de9300 fffff980`25522b40 fffff980`1cd54ed8 fffff880`00000050 : Ntfs!NtfsOpenAttributeInExistingFile+0x5ab
fffff880`05de8e80 fffff880`014f0166 : fffff880`05de9300 fffff980`25522b40 fffff980`1cd54ed8 00000000`ffffff01 : Ntfs!NtfsOpenExistingPrefixFcb+0x1ef
fffff880`05de8f70 fffff880`014ed911 : fffff880`05de9300 fffff980`25522b40 fffff880`05de9140 fffff880`05de9190 : Ntfs!NtfsFindStartingNode+0x5e6
fffff880`05de9040 fffff880`014cf441 : fffff880`05de9300 fffff980`25522b40 fffff880`05de9250 fffff980`25522b00 : Ntfs!NtfsCommonCreate+0x3e1
fffff880`05de9220 fffff880`01302367 : fffff980`25522b40 fffff980`25522fb8 fffff880`05de9590 fffff800`01b0c900 : Ntfs!NtfsNetworkOpenCreate+0x115
fffff880`05de9500 fffff880`01323aed : 00000000`00000000 fffff980`25522fb8 fffff980`25522b40 fffff800`01b254f3 : fltmgr!FltpPerformFastIoCall+0x357
fffff880`05de9560 fffff800`019819c8 : 00000000`00000045 fffff880`05de99a0 fffff880`00000080 00000000`000007ff : fltmgr!FltpFastIoQueryOpen+0x15d
fffff880`05de9600 fffff800`0197dd38 : fffffa80`027d9cd0 fffff800`00000000 fffffa80`03c1d630 fffff800`00000001 : nt!IopParseDevice+0xad8
fffff880`05de9790 fffff800`0197ef56 : 00000000`00000000 fffffa80`03c1d630 00000000`00000000 fffffa80`02271210 : nt!ObpLookupObjectName+0x588
fffff880`05de9880 fffff800`01915224 : 00000000`00000001 00000000`00000007 fffffa80`0352e401 00000000`00000170 : nt!ObOpenObjectByName+0x306
fffff880`05de9950 fffff800`016828d3 : 00000000`b059e168 fffff880`05de9c60 fffffa80`03865810 00000000`cea4d340 : nt!NtQueryFullAttributesFile+0x14f
fffff880`05de9be0 00000000`76e1247a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`05de9be0)
00000000`10fff248 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e1247a
为了便于,各位大神分析,我把系统当时运行的应用程序全部列出来,如下:
1: kd> !apc
*** Enumerating APCs in all processes
Process fffffa8002205b30 System
Process fffffa800282a200 smss.exe
Process fffffa8002adeb30 csrss.exe
Process fffffa8002ae32c0 csrss.exe
Process fffffa8002ae4620 wininit.exe
Process fffffa8002c40b30 winlogon.exe
Process fffffa8002bedb30 services.exe
Process fffffa8002c3eb30 lsass.exe
Process fffffa8002c473d0 lsm.exe
Process fffffa8002cb9250 svchost.exe
Process fffffa8002ca3b30 svchost.exe
Process fffffa8002cf6b30 svchost.exe
Process fffffa8002cc6b30 svchost.exe
Process fffffa8002cdab30 svchost.exe
Process fffffa8002d3b390 svchost.exe
Process fffffa8002d61060 svchost.exe
Process fffffa8002cec710 svchost.exe
Process fffffa8002dc4240 spoolsv.exe
Process fffffa8002ddd660 svchost.exe
Process fffffa8002dccb30 MsDtsSrvr.exe
Process fffffa8002e7bb30 sqlservr.exe
Thread fffffa800321d060 ApcStateIndex 0 ApcListHead fffffa800321d0b0 [KERNEL]
KAPC @ fffff9801ff6cbb8
Type 12
KernelRoutine fffff80001698530 nt!IopCompleteRequest+0
RundownRoutine fffff80001a4c860 nt!IopAbortRequest+0
Process fffffa8002f6cb30 msmdsrv.exe
Process fffffa8002f6bb30 SMSvcHost.exe
Process fffffa8002fe5b30 svchost.exe
Process fffffa8002e6db30 ReportingServi
Process fffffa800300ab30 httpd.exe
Process fffffa8003002920 conhost.exe
Process fffffa8003097b30 sqlwriter.exe
Process fffffa8002ffcb30 svchost.exe
Process fffffa8003092500 java.exe
Process fffffa8003132b30 fdlauncher.exe
Process fffffa800317cb30 svchost.exe
Process fffffa800318bb30 svchost.exe
Process fffffa8003152b30 fdhost.exe
Process fffffa8003192b30 conhost.exe
Process fffffa80033fd220 WMIC.exe
Process fffffa8002e8e060 svchost.exe
Process fffffa8002df2a30 msdtc.exe
Process fffffa80033f5b30 sppsvc.exe
Process fffffa80034b8590 taskhost.exe
Process fffffa8003553440 dwm.exe
Process fffffa80034ce910 explorer.exe
Process fffffa8002cc1b30 WMIC.exe
Process fffffa80035beb30 mmc.exe
Process fffffa8002d05460 WMIC.exe
Process fffffa80035d5b30 TrustedInstall
Process fffffa800229e740 taskmgr.exe
Process fffffa8002294130 WMIC.exe
Process fffffa800353a590 WMIC.exe
Process fffffa800379fb30 ipconfig.exe
Process fffffa80038e6b30 ipconfig.exe
Process fffffa80038de060 WMIC.exe
Process fffffa800387c1c0 WMIC.exe
Process fffffa80037cb060 WMIC.exe
Process fffffa8003622060 WMIC.exe
Process fffffa8003755060 WMIC.exe
Process fffffa800388f060 WMIC.exe
Process fffffa8003c870f0 WMIC.exe
Process fffffa8003bc7b30 WmiPrvSE.exe
Process fffffa8002f12540 WMIC.exe
Process fffffa8002f5e570 Ssms.exe
Process fffffa8003be1060 WMIC.exe
Process fffffa8003bf7060 WMIC.exe
Process fffffa8003832620 WMIC.exe
Process fffffa8003714940 WMIC.exe
Process fffffa8002ee2060 WMIC.exe
Process fffffa80037456d0 WMIC.exe
Process fffffa80037a34c0 dfrgui.exe
Process fffffa8002e02330 svchost.exe
Process fffffa8003495060 WMIC.exe
Process fffffa8003b1e430 WMIC.exe
Process fffffa8003251420 WMIC.exe
Process fffffa8002f17060 WMIC.exe
Process fffffa8003cf9970 WMIC.exe
Process fffffa8003b3d060 WMIC.exe
Process fffffa8003c8e060 WMIC.exe
Process fffffa8003c42060 WMIC.exe
Process fffffa8003ba5140 svchost.exe
Process fffffa80036aeb30 WMIC.exe
Process fffffa80038b5520 WMIC.exe
以上,请各位大神帮忙分析,小弟想知道是什么原因导致taskmgr.exe去结束了smss.exe.
或者恳请大神,指点一下,如何去排错,给个方向。
另外,各位大神能否帮忙,给下在STACK_TEXT中出现几个函数的原码,我想了解一下各函数中的参数代表的含义。想从这些参数中找到一些头绪。
小弟在此先谢谢了。