Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
  内核调试
  ACPI调试
Linux内核调试
Windows内核调试
  调试方法学
  调试战役
调试原理
新工具观察
  操作系统
  Linux
Windows Vista
Windows
  驱动开发
  Linux驱动
WDF
WDM
  总线
  PCI Express
PCI/PCI-X
USB
无线通信协议
  中央处理器
  64位CPU
ARM
IA-32
  CPU Info Center
  计算机机系统
  ACPI标准
系统认证
Desktop
服务器
  嵌入式系统
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
  特别链接
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

转储分析

帖子发起人: 静默   发起时间: 2012-09-03 21:09 下午   回复: 7
高端调试 » 软件调试 » 转储分析 » Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析

Print Search
帖子排序:    
   2012-09-03, 21:09 下午
yxg8211468 离线,最后访问时间: 2012/9/4 1:54:27 静默

发帖数前200位
注册: 2012-09-03
发 贴: 5
Smile [:)] 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote
小弟新人,因为公司OA服务器最近三个月一直间歇蓝屏,一直未找原因。后得知使用windbg可以分析dump文件,查找故障原因。
因小弟从未使用过windbg。所以特此求助各位大神帮助。故障描述中,有描述不对的,还望大神指出。
通过windbg 自动分析结果,显示是windows taskmgr.exe 强制结束了smss.exe,导致了系统蓝屏,但小弟一直不明白,是什么原因导致的?
dump文件内容如下:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa800282a200, fffffa800282a4e0, fffff80001986db0}

PEB is paged out (Peb.Ldr = 000007ff`fffdb018).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018).  Type ".hh dbgerr001" for details
Probably caused by : smss.exe

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800282a200, Terminating object
Arg3: fffffa800282a4e0, Process image file name
Arg4: fffff80001986db0, Explanatory message (ascii)

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 000007ff`fffdb018).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffdb018).  Type ".hh dbgerr001" for details

PROCESS_OBJECT: fffffa800282a200

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: smss

FAULTING_MODULE: 0000000000000000 

PROCESS_NAME:  taskmgr.exe

BUGCHECK_STR:  0xF4_taskmgr.exe

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80001a0b982 to fffff80001683640

STACK_TEXT:  
fffff880`05012ac8 fffff800`01a0b982 : 00000000`000000f4 00000000`00000003 fffffa80`0282a200 fffffa80`0282a4e0 : nt!KeBugCheckEx
fffff880`05012ad0 fffff800`019b90ab : ffffffff`ffffffff fffffa80`03115060 fffffa80`0282a200 fffff800`0193bda0 : nt!PspCatchCriticalBreak+0x92
fffff880`05012b10 fffff800`0193c698 : ffffffff`ffffffff 00000000`00000001 fffffa80`0282a200 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17ad6
fffff880`05012b60 fffff800`016828d3 : fffffa80`0282a200 fffff880`00000001 fffffa80`03115060 00000000`00000000 : nt!NtTerminateProcess+0xf4
fffff880`05012be0 00000000`76e115da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001dece8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e115da


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  smss.exe

FAILURE_BUCKET_ID:  X64_0xF4_taskmgr.exe_VRF_IMAGE_smss.exe

BUCKET_ID:  X64_0xF4_taskmgr.exe_VRF_IMAGE_smss.exe

Followup: MachineOwner
---------

上网查找得知,可以有通过!locks查看当前死锁程序,发现system,svchost.exe,java.exe....等程序都有死锁,但不知道是否是因为这些程序的死锁造成系统蓝屏?
 如下:
1: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks.

Resource @ nt!CmpRegistryLock (0xfffff800017ff000)    Shared 1 owning threads
    Contention Count = 7
     Threads: fffffa800226d680-01<*> 
KD: Scanning for held locks...

Resource @ 0xfffffa8002802880    Shared 1 owning threads
    Contention Count = 11
     Threads: fffffa8003a915a0-01<*> 
KD: Scanning for held locks.

Resource @ 0xfffff980029bef50    Shared 1 owning threads
    Contention Count = 11
     Threads: fffffa8003a915a0-01<*> 
KD: Scanning for held locks....

Resource @ 0xfffffa8002859880    Shared 29 owning threads
     Threads: fffffa8003865810-01<*> fffffa80037d2660-01<*> fffffa8002fac060-01<*> fffffa8003881060-01<*> 
              fffffa8003c5bb60-01<*> fffffa800349eb60-01<*> fffffa8003a9ab60-01<*> fffffa8002f3e880-01<*> 
              fffffa8002ede060-01<*> fffffa800365b060-01<*> fffffa8003057410-01<*> fffffa8003c7fb60-01<*> 
              fffffa8003bb0060-01<*> fffffa80033ceb60-01<*> fffffa800389ea50-01<*> fffffa8003d4db60-01<*> 
              fffffa8002eb7840-01<*> fffffa8003c458c0-01<*> fffffa8003adeb60-01<*> fffffa8003cdb060-01<*> 
              fffffa80037327b0-01<*> fffffa8003639660-01<*> fffffa8003618950-01<*> fffffa800360eb60-01<*> 
              fffffa8003486350-01<*> fffffa8003713060-01<*> fffffa8002f4cb60-01<*> fffffa8003606660-01<*> 
              fffffa8003650b60-01<*> 
KD: Scanning for held locks........................................................

Resource @ 0xfffffa8002e1d480    Shared 1 owning threads
     Threads: fffffa8003881060-01<*> 
KD: Scanning for held locks........

Resource @ 0xfffff9800f266f98    Shared 1 owning threads
     Threads: fffffa80035f2290-01<*> 
KD: Scanning for held locks.................

Resource @ 0xfffff9801052af50    Shared 1 owning threads
    Contention Count = 1
     Threads: fffffa800365b060-01<*> 
KD: Scanning for held locks................................................................................

Resource @ 0xfffff9801e9d4ef0    Exclusively owned
    Contention Count = 26
    NumberOfExclusiveWaiters = 3
     Threads: fffffa8003716060-01<*> 
     Threads Waiting On Exclusive Access:
              fffffa8003057410       fffffa800349eb60       fffffa800389ea50       


Resource @ 0xfffff9801e9d4f98    Exclusively owned
    Contention Count = 35
    NumberOfExclusiveWaiters = 16
     Threads: fffffa800349eb60-01<*> 
     Threads Waiting On Exclusive Access:
              fffffa80037327b0       fffffa80033ceb60       fffffa800360eb60       fffffa8003639660       
              fffffa8003486350       fffffa8003713060       fffffa80037d2660       fffffa8002fac060       
              fffffa8003cdb060       fffffa8003618950       fffffa8003bb0060       fffffa8003d4db60       
              fffffa8003606660       fffffa8003650b60       fffffa8003a9ab60       fffffa8003adeb60       


Resource @ 0xfffff98024d2cef0    Exclusively owned
    Contention Count = 47
    NumberOfExclusiveWaiters = 4
     Threads: fffffa8003865810-01<*> 
     Threads Waiting On Exclusive Access:
              fffffa8003c7fb60       fffffa8003c5bb60       fffffa8002f3e880       fffffa8003c458c0       


Resource @ 0xfffff98024d2cf98    Exclusively owned
    Contention Count = 10
    NumberOfExclusiveWaiters = 1
     Threads: fffffa8003c7fb60-01<*> 
     Threads Waiting On Exclusive Access:
              fffffa8002f4cb60       

KD: Scanning for held locks.

Resource @ 0xfffff980254c2ef0    Exclusively owned
    Contention Count = 2
    NumberOfSharedWaiters = 1
     Threads: fffffa8002eb7840-01<*> fffffa8003652660-01    
KD: Scanning for held locks........

Resource @ 0xfffff98016e58ef0    Exclusively owned
     Threads: fffffa8003881060-01<*> 
KD: Scanning for held locks......
5737 total locks, 13 locks currently held
1: kd> !thread fffffa800226d680
THREAD fffffa800226d680  Cid 0004.0044  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
    fffff98024c58fe0  SynchronizationEvent
IRP List:
    fffff9801e89ab40: (0006,04c0) Flags: 40060004  Mdl: 00000000
Not impersonating
DeviceMap                 fffff8a000007010
Owning Process            fffffa8002205b30       Image:         System
Attached Process          N/A            Image:         N/A
Wait Start TickCount      190442         Ticks: 1 (0:00:00:00.015)
Context Switch Count      10327             
UserTime                  00:00:00.000
KernelTime                00:00:03.416
Win32 Start Address nt!ExpWorkerThread (0xfffff8000168d910)
Stack Init fffff88001fd1d70 Current fffff88001fd15d0
Base fffff88001fd2000 Limit fffff88001fcc000 Call 0
Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`01fd1610 fffff800`01688992 : 00000000`00000103 fffffa80`0226d680 fffff980`24c58fe0 fffff980`00000009 : nt!KiSwapContext+0x7a
fffff880`01fd1750 fffff800`0168b1af : 00000000`00000000 00000000`00000000 fffff800`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`01fd17e0 fffff800`01921368 : 00000000`00000000 fffff800`00000000 00000000`00000000 00000000`00010200 : nt!KeWaitForSingleObject+0x19f
fffff880`01fd1880 fffff800`01922895 : fffff980`1e89ab40 fffff980`24c58fe0 fffff980`24c58fe0 00000000`00000000 : nt!IopSynchronousApiServiceTail+0x74
fffff880`01fd18c0 fffff800`016828d3 : fffffa80`0226d680 fffff8a0`01794000 fffffa80`02801c20 fffffa80`0340c220 : nt!NtFlushBuffersFile+0x195
fffff880`01fd1950 fffff800`0167ee70 : fffff800`01923627 fffff880`01fd1b00 fffff8a0`017935e8 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`01fd1950)
fffff880`01fd1ae8 fffff800`01923627 : fffff880`01fd1b00 fffff8a0`017935e8 00000000`00000000 fffff800`019233e5 : nt!KiServiceLinkage
fffff880`01fd1af0 fffff800`019233e8 : fffff880`01fd1ba0 00000000`00000020 fffff8a0`00003400 fffff8a0`0760f000 : nt!CmpFileFlush+0x3f
fffff880`01fd1b30 fffff800`01923672 : 00000000`00000200 00000000`00000000 00000000`00000000 00000000`00000001 : nt!HvWriteDirtyDataToHive+0xe0
fffff880`01fd1ba0 fffff800`019136f7 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff8a0`016b48b0 : nt!HvOptimizedSyncHive+0x32
fffff880`01fd1bd0 fffff800`01913859 : fffff980`1e5d4f00 fffff880`01fd1c78 fffff800`01913700 00000000`00000001 : nt!CmpDoFlushNextHive+0x197
fffff880`01fd1c30 fffff800`0168da21 : fffff800`019137b4 fffff800`01979f00 fffffa80`00000000 fffff800`01820658 : nt!CmpLazyFlushWorker+0xa5
fffff880`01fd1c70 fffff800`01920cce : ffffffff`ffffffff fffffa80`0226d680 00000000`00000080 fffffa80`02205b30 : nt!ExpWorkerThread+0x111
fffff880`01fd1d00 fffff800`01674fe6 : fffff880`009bf180 fffffa80`0226d680 fffff880`009c9f40 ffffffff`ffffffff : nt!PspSystemThreadStartup+0x5a
fffff880`01fd1d40 00000000`00000000 : fffff880`01fd2000 fffff880`01fcc000 fffff880`05511450 00000000`00000000 : nt!KxStartSystemThread+0x16

1: kd> !thread fffffa8003a915a0
THREAD fffffa8003a915a0  Cid 0b60.13d0  Teb: 000007fffff9a000 Win32Thread: 0000000000000000 ????
IRP List:
    fffff9802525ab40: (0006,04c0) Flags: 40000884  Mdl: 00000000
Not impersonating
DeviceMap                 fffff8a000007010
Owning Process            fffffa8002e02330       Image:         svchost.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      190383         Ticks: 60 (0:00:00:00.936)
Context Switch Count      12275             
UserTime                  00:00:00.140
KernelTime                00:00:03.510
Win32 Start Address 0x000007feebf8bc10
Stack Init fffff880066c0d70 Current fffff880066c03f0
Base fffff880066c1000 Limit fffff880066bb000 Call 0
Priority 5 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 3
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`066c0430 fffff800`01688992 : 00000000`00000008 fffffa80`03a915a0 00000000`00000000 00000000`00000005 : nt!KiSwapContext+0x7a
fffff880`066c0570 fffff800`0168b1af : fffff6fc`c010b478 00000000`00000000 ffff0800`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`066c0600 fffff800`01675443 : 00000000`00000000 00000000`0000001c 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x19f
fffff880`066c06a0 fffff800`0169208a : 00000000`00000055 00000000`00000040 0b800000`1e406860 00000000`00000008 : nt!ExfAcquirePushLockExclusive+0x188
fffff880`066c0720 fffff800`0168176e : 00000000`00000008 fffff880`015b9ae9 fffff880`066c0800 00000000`00000000 : nt!MmAccessFault+0x1a6a
fffff880`066c0880 fffff880`015b9ae9 : fffff980`1e8a6e40 fffffa80`02802180 fffff880`066c0b28 00000000`0028f000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`066c0880)
fffff880`066c0a10 fffff880`014ef252 : fffff980`1e8a6e40 fffff980`2525ab40 00000000`00000000 00010000`00000a3c : Ntfs!NtfsOpenFcbById+0x1e9
fffff880`066c0b10 fffff880`01456a3d : fffff980`1e8a6e40 fffff980`2525ab40 fffff880`068ea3a0 fffffa80`0310d500 : Ntfs!NtfsCommonCreate+0x1d20
fffff880`066c0cf0 fffff800`0167b157 : fffff880`068ea310 45454545`45454545 45454545`45454545 45454545`45454545 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`066c0d20 fffff800`0167b111 : 00000000`00000000 00000000`00000000 fffff880`066c1000 fffff800`01690242 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ fffff880`066c0be0)
fffff880`068ea1e0 fffff800`01690242 : fffffa80`02077480 00000000`00000002 fffff880`068e5000 fffff880`068eb000 : nt!KiSwitchKernelStackContinue
fffff880`068ea200 fffff880`014571bf : fffff880`01456a20 fffff880`01456020 fffffa80`0288c900 fffff880`014f7f00 : nt!KeExpandKernelStackAndCalloutEx+0x2a2
fffff880`068ea2e0 fffff880`014f099c : 00000000`00000000 00000000`00000000 00000000`00000002 fffff980`2525ab40 : Ntfs!NtfsCommonCreateOnNewStack+0x4f
fffff880`068ea340 fffff800`01b26c16 : fffffa80`02802030 fffff980`2525ab40 00000000`00000000 00000000`00000000 : Ntfs!NtfsFsdCreate+0x1ac
fffff880`068ea4f0 fffff880`01303bcf : fffff980`2525afb8 fffff880`068ea5a0 fffff980`22694e30 fffffa80`0288c970 : nt!IovCallDriver+0x566
fffff880`068ea550 fffff880`013232b9 : fffff980`2525ab40 fffff980`0296c800 fffff980`2525ab00 fffffa80`02801c20 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`068ea5e0 fffff800`01b26c16 : fffff980`2525ab40 00000000`00000002 00000000`00000040 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`068ea690 fffff800`01981495 : 00000000`00000004 fffffa80`03c911c8 fffffa80`038f7610 fffffa80`03213ab0 : nt!IovCallDriver+0x566
fffff880`068ea6f0 fffff800`0197dac2 : fffffa80`02801c20 fffffa80`00000000 fffffa80`03c91010 fffffa80`00000001 : nt!IopParseDevice+0x5a5
fffff880`068ea880 fffff800`0197ef56 : 00000000`00000190 fffffa80`03c91010 00000000`00000000 fffffa80`02271210 : nt!ObpLookupObjectName+0x312
fffff880`068ea970 fffff800`0198085c : fffffa80`02f5a200 00000000`00000000 fffff800`01808c01 fffff880`068eaa58 : nt!ObOpenObjectByName+0x306
fffff880`068eaa40 fffff800`0196c134 : 00000000`0127e9b0 fffff8a0`00100080 00000000`0127ea18 00000000`0127e9d0 : nt!IopCreateFile+0x2bc
fffff880`068eaae0 fffff800`016828d3 : fffffa80`02e02330 00000000`00000001 fffffa80`03a915a0 fffff800`0197aa34 : nt!NtOpenFile+0x58
fffff880`068eab70 00000000`76e1164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`068eabe0)
00000000`0127e978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e1164a

1: kd> !thread fffffa8003a915a0
THREAD fffffa8003a915a0  Cid 0b60.13d0  Teb: 000007fffff9a000 Win32Thread: 0000000000000000 ????
IRP List:
    fffff9802525ab40: (0006,04c0) Flags: 40000884  Mdl: 00000000
Not impersonating
DeviceMap                 fffff8a000007010
Owning Process            fffffa8002e02330       Image:         svchost.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      190383         Ticks: 60 (0:00:00:00.936)
Context Switch Count      12275             
UserTime                  00:00:00.140
KernelTime                00:00:03.510
Win32 Start Address 0x000007feebf8bc10
Stack Init fffff880066c0d70 Current fffff880066c03f0
Base fffff880066c1000 Limit fffff880066bb000 Call 0
Priority 5 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 3
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`066c0430 fffff800`01688992 : 00000000`00000008 fffffa80`03a915a0 00000000`00000000 00000000`00000005 : nt!KiSwapContext+0x7a
fffff880`066c0570 fffff800`0168b1af : fffff6fc`c010b478 00000000`00000000 ffff0800`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`066c0600 fffff800`01675443 : 00000000`00000000 00000000`0000001c 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x19f
fffff880`066c06a0 fffff800`0169208a : 00000000`00000055 00000000`00000040 0b800000`1e406860 00000000`00000008 : nt!ExfAcquirePushLockExclusive+0x188
fffff880`066c0720 fffff800`0168176e : 00000000`00000008 fffff880`015b9ae9 fffff880`066c0800 00000000`00000000 : nt!MmAccessFault+0x1a6a
fffff880`066c0880 fffff880`015b9ae9 : fffff980`1e8a6e40 fffffa80`02802180 fffff880`066c0b28 00000000`0028f000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`066c0880)
fffff880`066c0a10 fffff880`014ef252 : fffff980`1e8a6e40 fffff980`2525ab40 00000000`00000000 00010000`00000a3c : Ntfs!NtfsOpenFcbById+0x1e9
fffff880`066c0b10 fffff880`01456a3d : fffff980`1e8a6e40 fffff980`2525ab40 fffff880`068ea3a0 fffffa80`0310d500 : Ntfs!NtfsCommonCreate+0x1d20
fffff880`066c0cf0 fffff800`0167b157 : fffff880`068ea310 45454545`45454545 45454545`45454545 45454545`45454545 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`066c0d20 fffff800`0167b111 : 00000000`00000000 00000000`00000000 fffff880`066c1000 fffff800`01690242 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ fffff880`066c0be0)
fffff880`068ea1e0 fffff800`01690242 : fffffa80`02077480 00000000`00000002 fffff880`068e5000 fffff880`068eb000 : nt!KiSwitchKernelStackContinue
fffff880`068ea200 fffff880`014571bf : fffff880`01456a20 fffff880`01456020 fffffa80`0288c900 fffff880`014f7f00 : nt!KeExpandKernelStackAndCalloutEx+0x2a2
fffff880`068ea2e0 fffff880`014f099c : 00000000`00000000 00000000`00000000 00000000`00000002 fffff980`2525ab40 : Ntfs!NtfsCommonCreateOnNewStack+0x4f
fffff880`068ea340 fffff800`01b26c16 : fffffa80`02802030 fffff980`2525ab40 00000000`00000000 00000000`00000000 : Ntfs!NtfsFsdCreate+0x1ac
fffff880`068ea4f0 fffff880`01303bcf : fffff980`2525afb8 fffff880`068ea5a0 fffff980`22694e30 fffffa80`0288c970 : nt!IovCallDriver+0x566
fffff880`068ea550 fffff880`013232b9 : fffff980`2525ab40 fffff980`0296c800 fffff980`2525ab00 fffffa80`02801c20 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`068ea5e0 fffff800`01b26c16 : fffff980`2525ab40 00000000`00000002 00000000`00000040 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`068ea690 fffff800`01981495 : 00000000`00000004 fffffa80`03c911c8 fffffa80`038f7610 fffffa80`03213ab0 : nt!IovCallDriver+0x566
fffff880`068ea6f0 fffff800`0197dac2 : fffffa80`02801c20 fffffa80`00000000 fffffa80`03c91010 fffffa80`00000001 : nt!IopParseDevice+0x5a5
fffff880`068ea880 fffff800`0197ef56 : 00000000`00000190 fffffa80`03c91010 00000000`00000000 fffffa80`02271210 : nt!ObpLookupObjectName+0x312
fffff880`068ea970 fffff800`0198085c : fffffa80`02f5a200 00000000`00000000 fffff800`01808c01 fffff880`068eaa58 : nt!ObOpenObjectByName+0x306
fffff880`068eaa40 fffff800`0196c134 : 00000000`0127e9b0 fffff8a0`00100080 00000000`0127ea18 00000000`0127e9d0 : nt!IopCreateFile+0x2bc
fffff880`068eaae0 fffff800`016828d3 : fffffa80`02e02330 00000000`00000001 fffffa80`03a915a0 fffff800`0197aa34 : nt!NtOpenFile+0x58
fffff880`068eab70 00000000`76e1164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`068eabe0)
00000000`0127e978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e1164a

1: kd> !thread fffffa8003865810
THREAD fffffa8003865810  Cid 070c.10a8  Teb: 000007ffffee4000 Win32Thread: 0000000000000000 ????
Not impersonating
DeviceMap                 fffff8a000007010
Owning Process            fffffa8003092500       Image:         java.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      190443         Ticks: 0
Context Switch Count      1030             
UserTime                  00:00:00.046
KernelTime                00:00:01.435
Win32 Start Address 0x000007fefd2573fc
Stack Init fffff88005de9d70 Current fffff88005de7fa0
Base fffff88005dea000 Limit fffff88005de4000 Call 0
Priority 10 BasePriority 8 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`05de7fe0 fffff800`016cf453 : fffff800`0167f4b6 fffff800`0167f522 00000000`00098fe5 fffffa80`023f8c01 : nt!KxDispatchInterrupt+0x12f
fffff880`05de8120 fffff800`0167f522 : 00000000`00098fe5 fffffa80`023f8c01 fffffa80`023f8c00 00000000`00000000 : nt!KiDpcInterruptBypass+0x13
fffff880`05de8130 fffff800`0165c43b : fffffa80`017d30e8 fffff880`05de8470 fffff880`05de8330 fffffa80`00000000 : nt!KiInterruptDispatch+0x212 (TrapFrame @ fffff880`05de8130)
fffff880`05de82c0 fffff800`0173b6f6 : 00000000`00009678 00000000`00000000 fffff880`05de8450 00000000`00098fe5 : nt!RtlpLookupFunctionEntryForStackWalks+0xbc
fffff880`05de8330 fffff800`0173cac3 : fffffa80`017d30e8 fffff880`00000008 fffff880`00000000 fffff880`00000003 : nt!RtlpWalkFrameChain+0x2e6
fffff880`05de89d0 fffff800`0173d94b : 00000000`00000002 fffffa80`017d30e8 00000000`00000000 fffff980`1cd54b70 : nt!RtlWalkFrameChain+0x63
fffff880`05de8a00 fffff800`01b1724c : fffffa80`017d30d8 00000000`00000000 fffff980`1cd54b40 00000000`1cd54b40 : nt!RtlCaptureStackBackTrace+0x4b
fffff880`05de8a30 fffff880`014ecc54 : fffff980`1cd54c70 fffff980`1cd54b40 fffff980`0467ee00 fffffa80`03b7e010 : nt!VfKeIrqlLogLower+0x3c
fffff880`05de8a60 fffff880`014f20ec : fffff880`05de9300 fffff980`1cd54b40 00000000`00000000 fffff980`25522fb8 : Ntfs!NtfsCreateScb+0xe4
fffff880`05de8b20 fffff880`014e0fe5 : fffff880`05de9300 fffff980`25522fb8 fffffa80`02859180 fffff980`1cd54ed8 : Ntfs!NtfsOpenAttribute+0xac
fffff880`05de8c30 fffff880`014dce3b : fffff880`05de9250 fffff880`05de9300 fffff980`1cd54ed8 fffff980`00000050 : Ntfs!NtfsOpenExistingAttr+0x145
fffff880`05de8cf0 fffff880`014e009f : fffff880`05de9300 fffff980`25522b40 fffff980`1cd54ed8 fffff880`00000050 : Ntfs!NtfsOpenAttributeInExistingFile+0x5ab
fffff880`05de8e80 fffff880`014f0166 : fffff880`05de9300 fffff980`25522b40 fffff980`1cd54ed8 00000000`ffffff01 : Ntfs!NtfsOpenExistingPrefixFcb+0x1ef
fffff880`05de8f70 fffff880`014ed911 : fffff880`05de9300 fffff980`25522b40 fffff880`05de9140 fffff880`05de9190 : Ntfs!NtfsFindStartingNode+0x5e6
fffff880`05de9040 fffff880`014cf441 : fffff880`05de9300 fffff980`25522b40 fffff880`05de9250 fffff980`25522b00 : Ntfs!NtfsCommonCreate+0x3e1
fffff880`05de9220 fffff880`01302367 : fffff980`25522b40 fffff980`25522fb8 fffff880`05de9590 fffff800`01b0c900 : Ntfs!NtfsNetworkOpenCreate+0x115
fffff880`05de9500 fffff880`01323aed : 00000000`00000000 fffff980`25522fb8 fffff980`25522b40 fffff800`01b254f3 : fltmgr!FltpPerformFastIoCall+0x357
fffff880`05de9560 fffff800`019819c8 : 00000000`00000045 fffff880`05de99a0 fffff880`00000080 00000000`000007ff : fltmgr!FltpFastIoQueryOpen+0x15d
fffff880`05de9600 fffff800`0197dd38 : fffffa80`027d9cd0 fffff800`00000000 fffffa80`03c1d630 fffff800`00000001 : nt!IopParseDevice+0xad8
fffff880`05de9790 fffff800`0197ef56 : 00000000`00000000 fffffa80`03c1d630 00000000`00000000 fffffa80`02271210 : nt!ObpLookupObjectName+0x588
fffff880`05de9880 fffff800`01915224 : 00000000`00000001 00000000`00000007 fffffa80`0352e401 00000000`00000170 : nt!ObOpenObjectByName+0x306
fffff880`05de9950 fffff800`016828d3 : 00000000`b059e168 fffff880`05de9c60 fffffa80`03865810 00000000`cea4d340 : nt!NtQueryFullAttributesFile+0x14f
fffff880`05de9be0 00000000`76e1247a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`05de9be0)
00000000`10fff248 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e1247a

为了便于,各位大神分析,我把系统当时运行的应用程序全部列出来,如下:
1: kd> !apc
*** Enumerating APCs in all processes
Process fffffa8002205b30 System
Process fffffa800282a200 smss.exe
Process fffffa8002adeb30 csrss.exe
Process fffffa8002ae32c0 csrss.exe
Process fffffa8002ae4620 wininit.exe
Process fffffa8002c40b30 winlogon.exe
Process fffffa8002bedb30 services.exe
Process fffffa8002c3eb30 lsass.exe
Process fffffa8002c473d0 lsm.exe
Process fffffa8002cb9250 svchost.exe
Process fffffa8002ca3b30 svchost.exe
Process fffffa8002cf6b30 svchost.exe
Process fffffa8002cc6b30 svchost.exe
Process fffffa8002cdab30 svchost.exe
Process fffffa8002d3b390 svchost.exe
Process fffffa8002d61060 svchost.exe
Process fffffa8002cec710 svchost.exe
Process fffffa8002dc4240 spoolsv.exe
Process fffffa8002ddd660 svchost.exe
Process fffffa8002dccb30 MsDtsSrvr.exe
Process fffffa8002e7bb30 sqlservr.exe
    Thread fffffa800321d060 ApcStateIndex 0 ApcListHead fffffa800321d0b0 [KERNEL]
        KAPC @ fffff9801ff6cbb8
          Type           12
          KernelRoutine  fffff80001698530 nt!IopCompleteRequest+0
          RundownRoutine fffff80001a4c860 nt!IopAbortRequest+0
Process fffffa8002f6cb30 msmdsrv.exe
Process fffffa8002f6bb30 SMSvcHost.exe
Process fffffa8002fe5b30 svchost.exe
Process fffffa8002e6db30 ReportingServi
Process fffffa800300ab30 httpd.exe
Process fffffa8003002920 conhost.exe
Process fffffa8003097b30 sqlwriter.exe
Process fffffa8002ffcb30 svchost.exe
Process fffffa8003092500 java.exe
Process fffffa8003132b30 fdlauncher.exe
Process fffffa800317cb30 svchost.exe
Process fffffa800318bb30 svchost.exe
Process fffffa8003152b30 fdhost.exe
Process fffffa8003192b30 conhost.exe
Process fffffa80033fd220 WMIC.exe
Process fffffa8002e8e060 svchost.exe
Process fffffa8002df2a30 msdtc.exe
Process fffffa80033f5b30 sppsvc.exe
Process fffffa80034b8590 taskhost.exe
Process fffffa8003553440 dwm.exe
Process fffffa80034ce910 explorer.exe
Process fffffa8002cc1b30 WMIC.exe
Process fffffa80035beb30 mmc.exe
Process fffffa8002d05460 WMIC.exe
Process fffffa80035d5b30 TrustedInstall
Process fffffa800229e740 taskmgr.exe
Process fffffa8002294130 WMIC.exe
Process fffffa800353a590 WMIC.exe
Process fffffa800379fb30 ipconfig.exe
Process fffffa80038e6b30 ipconfig.exe
Process fffffa80038de060 WMIC.exe
Process fffffa800387c1c0 WMIC.exe
Process fffffa80037cb060 WMIC.exe
Process fffffa8003622060 WMIC.exe
Process fffffa8003755060 WMIC.exe
Process fffffa800388f060 WMIC.exe
Process fffffa8003c870f0 WMIC.exe
Process fffffa8003bc7b30 WmiPrvSE.exe
Process fffffa8002f12540 WMIC.exe
Process fffffa8002f5e570 Ssms.exe
Process fffffa8003be1060 WMIC.exe
Process fffffa8003bf7060 WMIC.exe
Process fffffa8003832620 WMIC.exe
Process fffffa8003714940 WMIC.exe
Process fffffa8002ee2060 WMIC.exe
Process fffffa80037456d0 WMIC.exe
Process fffffa80037a34c0 dfrgui.exe
Process fffffa8002e02330 svchost.exe
Process fffffa8003495060 WMIC.exe
Process fffffa8003b1e430 WMIC.exe
Process fffffa8003251420 WMIC.exe
Process fffffa8002f17060 WMIC.exe
Process fffffa8003cf9970 WMIC.exe
Process fffffa8003b3d060 WMIC.exe
Process fffffa8003c8e060 WMIC.exe
Process fffffa8003c42060 WMIC.exe
Process fffffa8003ba5140 svchost.exe
Process fffffa80036aeb30 WMIC.exe
Process fffffa80038b5520 WMIC.exe

以上,请各位大神帮忙分析,小弟想知道是什么原因导致taskmgr.exe去结束了smss.exe.
或者恳请大神,指点一下,如何去排错,给个方向。
另外,各位大神能否帮忙,给下在STACK_TEXT中出现几个函数的原码,我想了解一下各函数中的参数代表的含义。想从这些参数中找到一些头绪。
小弟在此先谢谢了。
IP 地址: 已记录   报告
   2012-09-03, 22:29 下午
Raymond 离线,最后访问时间: 2020/7/3 3:40:25 格蠹老雷

发帖数前10位
注册: 2005-12-19
发 贴: 1,303
Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote

很有意思的问题

何种类型的dump?如果是完全转储,那么可以切换到taskmgr进程,观察用户态的栈回溯,看是如何发起系统调用来杀SMSS的...

 
IP 地址: 已记录   报告
   2012-09-04, 10:01 上午
yxg8211468 离线,最后访问时间: 2012/9/4 1:54:27 静默

发帖数前200位
注册: 2012-09-03
发 贴: 5
Wink [;)] Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote
大神:
     dump应是完整内存dump文件(不知道这样说对不对,约280M),另外切换到taskmgr进程,我不知道是不使用!process命令,所以现把内容贴上来,请帮忙查阅.

     1: kd> !process fffffa800229e740 taskmgr.exe
PROCESS fffffa800229e740
    SessionId: 1  Cid: 0e40    Peb: 7fffffdb000  ParentCid: 026c
    DirBase: 09766000  ObjectTable: fffff8a001a1f2b0  HandleCount: 131.
    Image: taskmgr.exe
    VadRoot fffffa80035bbb10 Vads 100 Clone 0 Private 817. Modified 110380. Locked 0.
    DeviceMap fffff8a00171fd70
    Token                             fffff8a0018625b0
    ElapsedTime                       00:41:38.473
    UserTime                          00:00:00.046
    KernelTime                        00:00:01.653
    QuotaPoolUsage[PagedPool]         165992
    QuotaPoolUsage[NonPagedPool]      11944
    Working Set Sizes (now,min,max)  (2872, 50, 345) (11488KB, 200KB, 1380KB)
    PeakWorkingSetSize                2872
    VirtualSize                       86 Mb
    PeakVirtualSize                   151 Mb
    PageFaultCount                    5922
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      973

        THREAD fffffa8003115060  Cid 0e40.0e44  Teb: 000007fffffde000 Win32Thread: fffff900c4dc8c30 RUNNING on processor 1
        Impersonation token:  fffff8a001536a90 (Level Impersonation)
        DeviceMap                 fffff8a00171fd70
        Owning Process            fffffa800229e740       Image:         taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      190441         Ticks: 2 (0:00:00:00.031)
        Context Switch Count      165510         IdealProcessor: 0                 LargeStack
        UserTime                  00:00:08.954
        KernelTime                00:18:25.703
        Win32 Start Address 0x00000000ffd62b9c
        Stack Init fffff88005012d70 Current fffff880050123f0
        Base fffff88005013000 Limit fffff88005008000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`05012ac8 fffff800`01a0b982 nt!KeBugCheckEx
        fffff880`05012ad0 fffff800`019b90ab nt!PspCatchCriticalBreak+0x92
        fffff880`05012b10 fffff800`0193c698 nt! ?? ::NNGAKEGL::`string'+0x17ad6
        fffff880`05012b60 fffff800`016828d3 nt!NtTerminateProcess+0xf4
        fffff880`05012be0 00000000`76e115da nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`05012be0)
        00000000`001dece8 00000000`00000000 0x76e115da

        THREAD fffffa80032ad270  Cid 0e40.0e48  Teb: 000007fffffdc000 Win32Thread: fffff900c462ec30 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa800337fd10  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00171fd70
        Owning Process            fffffa800229e740       Image:         taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      190432         Ticks: 11 (0:00:00:00.171)
        Context Switch Count      22545          IdealProcessor: 0                 LargeStack
        UserTime                  00:00:00.031
        KernelTime                00:00:00.624
        Win32 Start Address 0x00000000ffd5df20
        Stack Init fffff8800504fd70 Current fffff8800504f630
        Base fffff88005050000 Limit fffff88005049000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 1 IoPriority 2 PagePriority 5
Page 6edd3 not present in the dump file. Type ".hh dbgerr004" for details
        Child-SP          RetAddr           Call Site
        fffff880`0504f670 fffff800`01688992 nt!KiSwapContext+0x7a
        fffff880`0504f7b0 fffff800`0168b1af nt!KiCommitThreadWait+0x1d2
        fffff880`0504f840 fffff800`01b1d5b1 nt!KeWaitForSingleObject+0x19f
        fffff880`0504f8e0 fffff960`0015b837 nt!VerifierKeWaitForSingleObject+0x151
        fffff880`0504f960 fffff960`0015b8d1 win32k!xxxRealSleepThread+0x257
        fffff880`0504fa00 fffff960`00159f20 win32k!xxxSleepThread+0x59
        fffff880`0504fa30 fffff960`0015a025 win32k!xxxRealInternalGetMessage+0x7dc
        fffff880`0504fb10 fffff960`0015ba05 win32k!xxxInternalGetMessage+0x35
        fffff880`0504fb50 fffff800`016828d3 win32k!NtUserGetMessage+0x75
        fffff880`0504fbe0 00000000`76bb9e6a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0504fbe0)
        00000000`024eedc8 00000000`00000000 0x76bb9e6a

        THREAD fffffa8002e4bb60  Cid 0e40.0e4c  Teb: 000007fffffd9000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80034c22c0  SynchronizationTimer
            fffffa8002eae350  SynchronizationTimer
            fffffa8003517ef0  SynchronizationTimer
            fffffa800321bb00  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00171fd70
        Owning Process            fffffa800229e740       Image:         taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      185867         Ticks: 4576 (0:00:01:11.386)
        Context Switch Count      47             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address 0x0000000076ddaec0
        Stack Init fffff880053f0d70 Current fffff880053eff80
        Base fffff880053f1000 Limit fffff880053eb000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.
        Child-SP          RetAddr           Call Site
        fffff880`053effc0 fffff800`01688992 nt!KiSwapContext+0x7a
        fffff880`053f0100 fffff800`01687eaa nt!KiCommitThreadWait+0x1d2
        fffff880`053f0190 fffff800`01979ccf nt!KeWaitForMultipleObjects+0x272
        fffff880`053f0450 fffff800`0197a03e nt!ObpWaitForMultipleObjects+0x294
        fffff880`053f0920 fffff800`016828d3 nt!NtWaitForMultipleObjects+0xe5
        fffff880`053f0b70 00000000`76e118ca nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`053f0be0)
        00000000`0307f5d8 00000000`00000000 0x76e118ca

        THREAD fffffa800340f060  Cid 0e40.0e54  Teb: 000007fffffd5000 Win32Thread: fffff900c4c54c30 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003432fe0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00171fd70
        Owning Process            fffffa800229e740       Image:         taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      190387         Ticks: 56 (0:00:00:00.873)
        Context Switch Count      58408          IdealProcessor: 0                 LargeStack
        UserTime                  00:00:00.218
        KernelTime                00:00:00.826
        Win32 Start Address 0x00000000ffd5ba7c
        Stack Init fffff88005102d70 Current fffff880051028c0
        Base fffff88005103000 Limit fffff880050fc000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`05102900 fffff800`01688992 nt!KiSwapContext+0x7a
        fffff880`05102a40 fffff800`0168b1af nt!KiCommitThreadWait+0x1d2
        fffff880`05102ad0 fffff800`0197999e nt!KeWaitForSingleObject+0x19f
        fffff880`05102b70 fffff800`016828d3 nt!NtWaitForSingleObject+0xde
        fffff880`05102be0 00000000`76e1135a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`05102be0)
        00000000`0238f9a8 00000000`00000000 0x76e1135a

        THREAD fffffa8003875b60  Cid 0e40.133c  Teb: 000007fffffd7000 Win32Thread: fffff900c64a2c30 WAIT: (WrQueue) UserMode Alertable
            fffffa800327b910  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00171fd70
        Owning Process            fffffa800229e740       Image:         taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      189673         Ticks: 770 (0:00:00:12.012)
        Context Switch Count      978            IdealProcessor: 0                 LargeStack
        UserTime                  00:00:00.000
        KernelTime                00:00:00.093
        Win32 Start Address 0x0000000076ddfbc0
        Stack Init fffff88006af8d70 Current fffff88006af8780
        Base fffff88006af9000 Limit fffff88006af0000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`06af87c0 fffff800`01688992 nt!KiSwapContext+0x7a
        fffff880`06af8900 fffff800`0168b9f3 nt!KiCommitThreadWait+0x1d2
        fffff880`06af8990 fffff800`0196bb97 nt!KeRemoveQueueEx+0x323
        fffff880`06af8a50 fffff800`0166f526 nt!IoRemoveIoCompletion+0x47
        fffff880`06af8ae0 fffff800`016828d3 nt!NtWaitForWorkViaWorkerFactory+0x285
        fffff880`06af8be0 00000000`76e12c1a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`06af8be0)
        00000000`0381f6c8 00000000`00000000 0x76e12c1a

        THREAD fffffa8003d98b60  Cid 0e40.127c  Teb: 000007fffffd3000 Win32Thread: fffff900c6440c30 WAIT: (WrQueue) UserMode Alertable
            fffffa800327b910  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00171fd70
        Owning Process            fffffa800229e740       Image:         taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      189673         Ticks: 770 (0:00:00:12.012)
        Context Switch Count      69             IdealProcessor: 0                 LargeStack
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address 0x0000000076ddfbc0
        Stack Init fffff88005c9ed70 Current fffff88005c9e780
        Base fffff88005c9f000 Limit fffff88005c98000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`05c9e7c0 fffff800`01688992 nt!KiSwapContext+0x7a
        fffff880`05c9e900 fffff800`0168b9f3 nt!KiCommitThreadWait+0x1d2
        fffff880`05c9e990 fffff800`0196bb97 nt!KeRemoveQueueEx+0x323
        fffff880`05c9ea50 fffff800`0166f526 nt!IoRemoveIoCompletion+0x47
        fffff880`05c9eae0 fffff800`016828d3 nt!NtWaitForWorkViaWorkerFactory+0x285
        fffff880`05c9ebe0 00000000`76e12c1a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`05c9ebe0)
        00000000`036bfad8 00000000`00000000 0x76e12c1a

感谢!
IP 地址: 已记录   报告
   2012-09-04, 21:31 下午
Raymond 离线,最后访问时间: 2020/7/3 3:40:25 格蠹老雷

发帖数前10位
注册: 2005-12-19
发 贴: 1,303
Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote

280MB,多半是Kernel dump,不是Complete dump

可以参考下面这个KB来产生complete dump

http://support.microsoft.com/kb/969028/en-us
IP 地址: 已记录   报告
   2012-09-05, 08:56 上午
yxg8211468 离线,最后访问时间: 2012/9/4 1:54:27 静默

发帖数前200位
注册: 2012-09-03
发 贴: 5
Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote
收到.感谢大神指点...
谢谢
IP 地址: 已记录   报告
   2012-09-05, 19:21 下午
yxg8211468 离线,最后访问时间: 2012/9/4 1:54:27 静默

发帖数前200位
注册: 2012-09-03
发 贴: 5
Smile [:)] Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote
师傅:
依照您昨天说的,今天到公司设置了一下。得到的新dump文件有3.9G(物理内存4G)应该是完整的转存文件了。
        重新运行windbg,发现堆栈中多了很多函数调用记录,只是不知道这些函数的参数都代表什么含义,不知道师傅能否告知一下,在哪里能查到这些函数的说明。
以下为windbg显示内容:
0: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`05eb7ac8 fffff800`01a57892 : 00000000`000000f4 00000000`00000003 fffffa80`0473b040 fffffa80`0473b320 : nt!KeBugCheckEx
fffff880`05eb7ad0 fffff800`01a03e8b : ffffffff`ffffffff fffffa80`05aa5b50 fffffa80`0473b040 fffffa80`057b4060 : nt!PspCatchCriticalBreak+0x92
fffff880`05eb7b10 fffff800`01982f74 : ffffffff`ffffffff 00000000`00000001 fffffa80`0473b040 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x176d6
fffff880`05eb7b60 fffff800`016cf453 : fffffa80`0473b040 fffff880`00000001 fffffa80`05aa5b50 00000000`00000000 : nt!NtTerminateProcess+0xf4
fffff880`05eb7be0 00000000`774915da : 000007fe`fd7234ff 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`05eb7be0)
00000000`0025ebe8 000007fe`fd7234ff : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`005d68b0 : ntdll!NtTerminateProcess+0xa
00000000`0025ebf0 00000000`ffea6904 : 00000000`00000000 00000000`00000000 00000000`005d68b0 00000000`00000200 : KERNELBASE!TerminateProcess+0x2f
00000000`0025ec20 00000000`ffea8d08 : 00000000`035607f0 00000000`0000010c 00000000`00000001 00000000`00000001 : taskmgr!CProcPage::KillProcess+0x12c
00000000`0025ec80 00000000`ffea8efc : 00000000`005d68b0 00000000`00000c2c 00000000`00000004 00000000`0355e970 : taskmgr!CProcPage::KillAllChildren+0x98
00000000`0025ed00 00000000`ffea7c58 : 00000000`00000001 00000000`000003f1 00000000`00000001 00000000`00009ca6 : taskmgr!CProcPage::RecursiveKill+0x170
00000000`0025f1b0 00000000`ffea81d8 : 00000000`00000020 00000000`00009ca6 00000000`00000000 00000000`00000000 : taskmgr!CProcPage::HandleWMCOMMAND+0x318
00000000`0025f230 00000000`773679b7 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000001 : taskmgr!ProcPageProc+0x47c
00000000`0025f300 00000000`77367792 : 00000000`00000111 00000000`ffea7d5c 00000000`009e7ee0 00000000`00009ca6 : USER32!UserCallDlgProcCheckWow+0x1b6
00000000`0025f3c0 00000000`773676c2 : 00000000`00000000 00000000`00000000 00000000`0025f6a8 00000000`00000111 : USER32!DefDlgProcWorker+0xf1
00000000`0025f440 00000000`77359bd1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`003b6200 : USER32!DefDlgProcW+0x36
00000000`0025f480 00000000`773598da : 00000000`0025f6a8 00000000`77464684 00000000`00af4a60 00000000`009e7ee0 : USER32!UserCallWinProcCheckWow+0x1ad
00000000`0025f540 00000000`773567c2 : 00000000`00000000 00000000`00000000 00000000`77464684 00000000`00000001 : USER32!DispatchMessageWorker+0x3b5
00000000`0025f5c0 00000000`ffe9ab0d : 00000000`005d6d60 00000000`00000098 00000000`ffe90000 00000000`ffe90000 : USER32!IsDialogMessageW+0x153
00000000`0025f650 00000000`ffeb2a2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!wWinMain+0x921
00000000`0025fca0 00000000`7723652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!DelayLoadFailureHook+0x206

0: kd> !apc
*** Enumerating APCs in all processes
Process fffffa800368c740 System
Process fffffa800473b040 smss.exe
Process fffffa8004a5db30 csrss.exe
Process fffffa8004a58b30 csrss.exe
Process fffffa8004a5c730 wininit.exe
Process fffffa8004b10b30 winlogon.exe
Process fffffa8004a9bb30 services.exe
Process fffffa8004b31b30 lsass.exe
Process fffffa8004b372e0 lsm.exe
Process fffffa8004ba9b30 svchost.exe
Process fffffa80046f4b30 svchost.exe
Process fffffa8004bf1b30 svchost.exe
Process fffffa8004c524b0 svchost.exe
Process fffffa8004c47b30 svchost.exe
Process fffffa8004c2db30 svchost.exe
Process fffffa8004c2ab30 svchost.exe
Process fffffa8004c93b30 svchost.exe
Process fffffa8004d14b30 spoolsv.exe
Process fffffa8004d49b30 svchost.exe
Process fffffa8004d2db30 MsDtsSrvr.exe
Process fffffa8004d01a20 sqlservr.exe
    Thread fffffa80059fa5e0 ApcStateIndex 0 ApcListHead fffffa80059fa630 [KERNEL]
        KAPC @ fffff980274cebb8
          Type           12
          KernelRoutine  fffff800016e4510 nt!IopCompleteRequest+0
          RundownRoutine fffff80001a98720 nt!IopAbortRequest+0
Process fffffa8004dbbb30 msmdsrv.exe
Process fffffa8004ddfb30 SMSvcHost.exe
Process fffffa8004e47b30 svchost.exe
Process fffffa8004e18b30 ReportingServi
Process fffffa8004e76b30 httpd.exe
Process fffffa8004e9fb30 conhost.exe
Process fffffa8004e78b30 sqlwriter.exe
Process fffffa8004f19b30 svchost.exe
Process fffffa8004ec7380 java.exe
Process fffffa8004f7fb30 taskhost.exe
Process fffffa8005001b30 dwm.exe
Process fffffa8004fbfb30 explorer.exe
Process fffffa80050d6b30 fdlauncher.exe
Process fffffa8004c01940 svchost.exe
Process fffffa80050f8b30 svchost.exe
Process fffffa8005104b30 fdhost.exe
Process fffffa80050e7b30 conhost.exe
Process fffffa80051a3b30 mmc.exe
Process fffffa800528eb30 TrustedInstall
Process fffffa800497cb30 sppsvc.exe
Process fffffa80049e6b30 WMIC.exe
Process fffffa8004f80060 svchost.exe
Process fffffa800504e4d0 msdtc.exe
Process fffffa8004f6fb30 wuauclt.exe
Process fffffa80055c3060 WMIC.exe
Process fffffa8005667b30 WMIC.exe
Process fffffa80057d55e0 WMIC.exe
Process fffffa800585a060 WMIC.exe
Process fffffa800578b570 WMIC.exe
Process fffffa80053a0060 WMIC.exe
Process fffffa8005af5060 WMIC.exe
Process fffffa8005aebb30 WMIC.exe
Process fffffa8004e0d1f0 WMIC.exe
Process fffffa8005999710 WMIC.exe
Process fffffa80058646a0 WMIC.exe
Process fffffa8005aad060 WMIC.exe
Process fffffa8005aa3060 WMIC.exe
Process fffffa8005b7b060 WMIC.exe
Process fffffa80056d5060 WMIC.exe
Process fffffa8005af2060 WMIC.exe
Process fffffa80057b4060 taskmgr.exe
Process fffffa8005b3b060 WMIC.exe
Process fffffa8005a2e060 WMIC.exe
Process fffffa8005373570 WMIC.exe
Process fffffa8005ba30f0 WMIC.exe
Process fffffa80059c5060 WMIC.exe
Process fffffa800575b060 WMIC.exe
Process fffffa8005b950f0 WMIC.exe
Process fffffa8005dfb0f0 WMIC.exe
Process fffffa8005badb30 WMIC.exe
Process fffffa8005d03630 WMIC.exe
Process fffffa8005afe620 WMIC.exe
Process fffffa8005a71970 WMIC.exe
Process fffffa80059b6570 WMIC.exe
Process fffffa8005b3d590 WMIC.exe
Process fffffa8005a1e060 WMIC.exe
Process fffffa8005bdd0f0 WMIC.exe
Process fffffa8005b820f0 WMIC.exe
Process fffffa8005b75060 WMIC.exe
Process fffffa8005b3d060 WMIC.exe
Process fffffa8005a661b0 WMIC.exe
Process fffffa8005bc2af0 WMIC.exe
Process fffffa8005a51b30 WMIC.exe
Process fffffa8005b0b660 WMIC.exe
Process fffffa8005bc8b30 WMIC.exe
Process fffffa8005217940 WMIC.exe
Process fffffa8005752060 WMIC.exe
Process fffffa8005b790a0 WMIC.exe
Process fffffa8005b64640 WMIC.exe
Process fffffa800599d620 WMIC.exe
Process fffffa80058da5c0 WMIC.exe
Process fffffa8005c03b30 WMIC.exe
Process fffffa8005ad5b30 WMIC.exe
Process fffffa8005c100f0 WMIC.exe
Process fffffa8005d1fb30 WMIC.exe
Process fffffa8005398360 WMIC.exe
Process fffffa8005925060 WMIC.exe
Process fffffa8005e705a0 WMIC.exe
Process fffffa8005377060 WMIC.exe
Process fffffa80059a15e0 Ssms.exe
Process fffffa80059a6b30 WmiPrvSE.exe
Process fffffa8005a95060 WMIC.exe
Process fffffa800527d2f0 WMIC.exe
Process fffffa8005cf6b30 WMIC.exe
Process fffffa8005df7430 WMIC.exe
Process fffffa8005c12620 WMIC.exe
Process fffffa80058d71b0 WMIC.exe
Process fffffa8005a93060 WMIC.exe
Process fffffa8005c5e620 WMIC.exe
Process fffffa8005b20620 WMIC.exe
Process fffffa8005c2a060 WMIC.exe
Process fffffa8005be3b30 iexplore.exe
Process fffffa8005c56b30 iexplore.exe
Process fffffa8005e50060 WMIC.exe
Process fffffa8005d86060 WMIC.exe
Process fffffa8005c3e570 WMIC.exe
Process fffffa8005ddb060 WMIC.exe
                                     
感谢!
IP 地址: 已记录   报告
   2012-09-05, 21:18 下午
Raymond 离线,最后访问时间: 2020/7/3 3:40:25 格蠹老雷

发帖数前10位
注册: 2005-12-19
发 贴: 1,303
Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote

很完美的栈回溯,很有意思的问题。这样论坛上交流效率太低了,可以通过下面网页中的邮件地址联系我

http://advdbg.org/books/swdbg/feedback.aspx
IP 地址: 已记录   报告
   2012-09-07, 09:29 上午
yarpee 离线,最后访问时间: 2013/3/25 11:32:00 yarpee

发帖数前150位
注册: 2012-02-20
发 贴: 6
Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析
Reply Quote

若分析有结果,也希望能看看分析过程。
IP 地址: 已记录   报告
高端调试 » 软件调试 » 转储分析 » Re: 工作中遇一OA服务器间歇蓝屏,恳请各位大神帮忙分析

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.