搜索论坛 帖子排序:  Oldest to newest Newest to oldest

2014-11-02, 11:51 上午 泡泡 注册: 2014-11-02 发 贴: 3 求助分析一个DUMP文件，找不出原因来 这是其中的一个DUMP文件，电脑新装的系统，开机以后长时间不动电脑，多长时间我也不知道，反正至少在六个小时以上，电脑突然间就会蓝屏，我分析出来的是个ETFILEMON.SYS文件出错，查看详细的好像是所有的驱动都加载失败，我用安全模式进去，几天也不会蓝屏，正常模式，晚上的开电脑，早上来看肯定已经蓝屏了，早上打开电脑，到晚上来看肯定也蓝屏了，试过换了一个显卡的驱动，还是蓝屏，实在找不出来是哪个驱动的问题了，求大神指导   Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\新建文件夹 (2)\Minidump\Mini102714-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path.           * * Use .symfix to have the debugger choose a symbol path.                   * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * *                                                                   * * The Symbol Path can be set by:                                    * *   using the _NT_SYMBOL_PATH environment variable.                 * *   using the -y <symbol_path> argument when starting the debugger. * *   using .sympath and .sympath+                                    * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720 Debug session time: Mon Oct 27 13:34:49.171 2014 (UTC + 8:00) System Uptime: 0 days 4:34:07.703 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * *                                                                   * * The Symbol Path can be set by:                                    * *   using the _NT_SYMBOL_PATH environment variable.                 * *   using the -y <symbol_path> argument when starting the debugger. * *   using .sympath and .sympath+                                    * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... .................................................... Loading User Symbols Loading unloaded module list .............. Unable to load image EtFilemon.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for EtFilemon.sys *** ERROR: Module load completed but symbols could not be loaded for EtFilemon.sys ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000008E, {c0000005, 8053b658, a76c8194, 0} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!KPRCB                                      *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!KPRCB                                      *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* Probably caused by : EtFilemon.sys ( EtFilemon+1ba0 ) Followup: MachineOwner --------- 2: kd> ANALYZE -V *** WARNING: Unable to verify timestamp for hal.dll *** ERROR: Module load completed but symbols could not be loaded for hal.dll *** WARNING: Unable to verify timestamp for HTTP.sys *** ERROR: Module load completed but symbols could not be loaded for HTTP.sys *** WARNING: Unable to verify timestamp for wdmaud.sys *** ERROR: Module load completed but symbols could not be loaded for wdmaud.sys *** WARNING: Unable to verify timestamp for srv.sys *** ERROR: Module load completed but symbols could not be loaded for srv.sys *** WARNING: Unable to verify timestamp for mrxdav.sys *** ERROR: Module load completed but symbols could not be loaded for mrxdav.sys *** WARNING: Unable to verify timestamp for protreg.sys *** ERROR: Module load completed but symbols could not be loaded for protreg.sys *** WARNING: Unable to verify timestamp for rsfwdrv.sys *** ERROR: Module load completed but symbols could not be loaded for rsfwdrv.sys *** WARNING: Unable to verify timestamp for ndisuio.sys *** ERROR: Module load completed but symbols could not be loaded for ndisuio.sys *** WARNING: Unable to verify timestamp for dump_iastor.sys *** ERROR: Module load completed but symbols could not be loaded for dump_iastor.sys *** WARNING: Unable to verify timestamp for ISODrive.sys *** ERROR: Module load completed but symbols could not be loaded for ISODrive.sys *** WARNING: Unable to verify timestamp for mrxsmb.sys *** ERROR: Module load completed but symbols could not be loaded for mrxsmb.sys *** WARNING: Unable to verify timestamp for rdbss.sys *** ERROR: Module load completed but symbols could not be loaded for rdbss.sys *** WARNING: Unable to verify timestamp for afd.sys *** ERROR: Module load completed but symbols could not be loaded for afd.sys *** WARNING: Unable to verify timestamp for ipnat.sys *** ERROR: Module load completed but symbols could not be loaded for ipnat.sys *** WARNING: Unable to verify timestamp for netbt.sys *** ERROR: Module load completed but symbols could not be loaded for netbt.sys *** WARNING: Unable to verify timestamp for tcpip.sys *** ERROR: Module load completed but symbols could not be loaded for tcpip.sys *** WARNING: Unable to verify timestamp for ipsec.sys *** ERROR: Module load completed but symbols could not be loaded for ipsec.sys *** WARNING: Unable to verify timestamp for mouhid.sys *** ERROR: Module load completed but symbols could not be loaded for mouhid.sys *** WARNING: Unable to verify timestamp for kbdhid.sys *** ERROR: Module load completed but symbols could not be loaded for kbdhid.sys *** WARNING: Unable to verify timestamp for Cdfs.SYS *** ERROR: Module load completed but symbols could not be loaded for Cdfs.SYS *** WARNING: Unable to verify timestamp for HIDCLASS.SYS *** ERROR: Module load completed but symbols could not be loaded for HIDCLASS.SYS *** WARNING: Unable to verify timestamp for IntcDAud.sys *** ERROR: Module load completed but symbols could not be loaded for IntcDAud.sys *** WARNING: Unable to verify timestamp for portcls.sys *** ERROR: Module load completed but symbols could not be loaded for portcls.sys *** WARNING: Unable to verify timestamp for CHDRT32.sys *** ERROR: Module load completed but symbols could not be loaded for CHDRT32.sys *** WARNING: Unable to verify timestamp for Dxapi.sys *** ERROR: Module load completed but symbols could not be loaded for Dxapi.sys *** WARNING: Unable to verify timestamp for update.sys *** ERROR: Module load completed but symbols could not be loaded for update.sys *** WARNING: Unable to verify timestamp for rdpdr.sys *** ERROR: Module load completed but symbols could not be loaded for rdpdr.sys *** WARNING: Unable to verify timestamp for psched.sys *** ERROR: Module load completed but symbols could not be loaded for psched.sys *** WARNING: Unable to verify timestamp for ndiswan.sys *** ERROR: Module load completed but symbols could not be loaded for ndiswan.sys *** WARNING: Unable to verify timestamp for ks.sys *** ERROR: Module load completed but symbols could not be loaded for ks.sys *** WARNING: Unable to verify timestamp for Rtenicxp.sys *** ERROR: Module load completed but symbols could not be loaded for Rtenicxp.sys *** WARNING: Unable to verify timestamp for HDAudBus.sys *** ERROR: Module load completed but symbols could not be loaded for HDAudBus.sys *** WARNING: Unable to verify timestamp for USBPORT.SYS *** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS *** WARNING: Unable to verify timestamp for VIDEOPRT.SYS *** ERROR: Module load completed but symbols could not be loaded for VIDEOPRT.SYS *** WARNING: Unable to verify timestamp for igxpmp32.sys *** ERROR: Module load completed but symbols could not be loaded for igxpmp32.sys *** WARNING: Unable to verify timestamp for mssmbios.sys *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys *** WARNING: Unable to verify timestamp for rfwndis.sys *** ERROR: Module load completed but symbols could not be loaded for rfwndis.sys *** WARNING: Unable to verify timestamp for ndistapi.sys *** ERROR: Module load completed but symbols could not be loaded for ndistapi.sys *** WARNING: Unable to verify timestamp for fsvga.sys *** ERROR: Module load completed but symbols could not be loaded for fsvga.sys *** WARNING: Unable to verify timestamp for rasacd.sys *** ERROR: Module load completed but symbols could not be loaded for rasacd.sys *** WARNING: Unable to verify timestamp for DeepFrz.sys *** ERROR: Module load completed but symbols could not be loaded for DeepFrz.sys *** WARNING: Unable to verify timestamp for etfilter.SYS *** ERROR: Module load completed but symbols could not be loaded for etfilter.SYS *** WARNING: Unable to verify timestamp for Mup.sys *** ERROR: Module load completed but symbols could not be loaded for Mup.sys *** WARNING: Unable to verify timestamp for NDIS.sys *** ERROR: Module load completed but symbols could not be loaded for NDIS.sys *** WARNING: Unable to verify timestamp for Ntfs.sys *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys *** WARNING: Unable to verify timestamp for KSecDD.sys *** ERROR: Module load completed but symbols could not be loaded for KSecDD.sys *** WARNING: Unable to verify timestamp for sr.sys *** ERROR: Module load completed but symbols could not be loaded for sr.sys *** WARNING: Unable to verify timestamp for fltMgr.sys *** ERROR: Module load completed but symbols could not be loaded for fltMgr.sys *** WARNING: Unable to verify timestamp for atapi.sys *** ERROR: Module load completed but symbols could not be loaded for atapi.sys *** WARNING: Unable to verify timestamp for iaStor.sys *** ERROR: Module load completed but symbols could not be loaded for iaStor.sys *** WARNING: Unable to verify timestamp for dmio.sys *** ERROR: Module load completed but symbols could not be loaded for dmio.sys *** WARNING: Unable to verify timestamp for ftdisk.sys *** ERROR: Module load completed but symbols could not be loaded for ftdisk.sys *** WARNING: Unable to verify timestamp for pci.sys *** ERROR: Module load completed but symbols could not be loaded for pci.sys *** WARNING: Unable to verify timestamp for ACPI.sys *** ERROR: Module load completed but symbols could not be loaded for ACPI.sys *** WARNING: Unable to verify timestamp for isapnp.sys *** ERROR: Module load completed but symbols could not be loaded for isapnp.sys *** WARNING: Unable to verify timestamp for MountMgr.sys *** ERROR: Module load completed but symbols could not be loaded for MountMgr.sys *** WARNING: Unable to verify timestamp for VolSnap.sys *** ERROR: Module load completed but symbols could not be loaded for VolSnap.sys *** WARNING: Unable to verify timestamp for disk.sys *** ERROR: Module load completed but symbols could not be loaded for disk.sys *** WARNING: Unable to verify timestamp for CLASSPNP.SYS *** ERROR: Module load completed but symbols could not be loaded for CLASSPNP.SYS *** WARNING: Unable to verify timestamp for netbios.sys *** ERROR: Module load completed but symbols could not be loaded for netbios.sys *** WARNING: Unable to verify timestamp for NDProxy.SYS *** ERROR: Module load completed but symbols could not be loaded for NDProxy.SYS *** WARNING: Unable to verify timestamp for wanarp.sys *** ERROR: Module load completed but symbols could not be loaded for wanarp.sys *** WARNING: Unable to verify timestamp for HECI.sys *** ERROR: Module load completed but symbols could not be loaded for HECI.sys *** WARNING: Unable to verify timestamp for cdrom.sys *** ERROR: Module load completed but symbols could not be loaded for cdrom.sys *** WARNING: Unable to verify timestamp for raspppoe.sys *** ERROR: Module load completed but symbols could not be loaded for raspppoe.sys *** WARNING: Unable to verify timestamp for redbook.sys *** ERROR: Module load completed but symbols could not be loaded for redbook.sys *** WARNING: Unable to verify timestamp for raspptp.sys *** ERROR: Module load completed but symbols could not be loaded for raspptp.sys *** WARNING: Unable to verify timestamp for intelppm.sys *** ERROR: Module load completed but symbols could not be loaded for intelppm.sys *** WARNING: Unable to verify timestamp for msgpc.sys *** ERROR: Module load completed but symbols could not be loaded for msgpc.sys *** WARNING: Unable to verify timestamp for Enet.sys *** ERROR: Module load completed but symbols could not be loaded for Enet.sys *** WARNING: Unable to verify timestamp for termdd.sys *** ERROR: Module load completed but symbols could not be loaded for termdd.sys *** WARNING: Unable to verify timestamp for rasl2tp.sys *** ERROR: Module load completed but symbols could not be loaded for rasl2tp.sys *** WARNING: Unable to verify timestamp for usbhub.sys *** ERROR: Module load completed but symbols could not be loaded for usbhub.sys *** WARNING: Unable to verify timestamp for Fips.SYS *** ERROR: Module load completed but symbols could not be loaded for Fips.SYS *** WARNING: Unable to verify timestamp for sysaudio.sys *** ERROR: Module load completed but symbols could not be loaded for sysaudio.sys *** WARNING: Unable to verify timestamp for drmk.sys *** ERROR: Module load completed but symbols could not be loaded for drmk.sys *** WARNING: Unable to verify timestamp for PCIIDEX.SYS *** ERROR: Module load completed but symbols could not be loaded for PCIIDEX.SYS *** WARNING: Unable to verify timestamp for PartMgr.sys *** ERROR: Module load completed but symbols could not be loaded for PartMgr.sys *** WARNING: Unable to verify timestamp for ptilink.sys *** ERROR: Module load completed but symbols could not be loaded for ptilink.sys *** WARNING: Unable to verify timestamp for raspti.sys *** ERROR: Module load completed but symbols could not be loaded for raspti.sys *** WARNING: Unable to verify timestamp for kbdclass.sys *** ERROR: Module load completed but symbols could not be loaded for kbdclass.sys *** WARNING: Unable to verify timestamp for mouclass.sys *** ERROR: Module load completed but symbols could not be loaded for mouclass.sys *** WARNING: Unable to verify timestamp for Npfs.SYS *** ERROR: Module load completed but symbols could not be loaded for Npfs.SYS *** WARNING: Unable to verify timestamp for rfwarp.sys *** ERROR: Module load completed but symbols could not be loaded for rfwarp.sys *** WARNING: Unable to verify timestamp for rfwaf.sys *** ERROR: Module load completed but symbols could not be loaded for rfwaf.sys *** WARNING: Unable to verify timestamp for rfwtdi.sys *** ERROR: Module load completed but symbols could not be loaded for rfwtdi.sys *** WARNING: Unable to verify timestamp for watchdog.sys *** ERROR: Module load completed but symbols could not be loaded for watchdog.sys *** WARNING: Unable to verify timestamp for HIDPARSE.SYS *** ERROR: Module load completed but symbols could not be loaded for HIDPARSE.SYS *** WARNING: Unable to verify timestamp for vga.sys *** ERROR: Module load completed but symbols could not be loaded for vga.sys *** WARNING: Unable to verify timestamp for Msfs.SYS *** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS *** WARNING: Unable to verify timestamp for usbehci.sys *** ERROR: Module load completed but symbols could not be loaded for usbehci.sys *** WARNING: Unable to verify timestamp for TDI.SYS *** ERROR: Module load completed but symbols could not be loaded for TDI.SYS *** WARNING: Unable to verify timestamp for BOOTVID.dll *** ERROR: Module load completed but symbols could not be loaded for BOOTVID.dll *** WARNING: Unable to verify timestamp for hidusb.sys *** ERROR: Module load completed but symbols could not be loaded for hidusb.sys *** WARNING: Unable to verify timestamp for kdcom.dll *** ERROR: Module load completed but symbols could not be loaded for kdcom.dll *** WARNING: Unable to verify timestamp for WMILIB.SYS *** ERROR: Module load completed but symbols could not be loaded for WMILIB.SYS *** WARNING: Unable to verify timestamp for intelide.sys *** ERROR: Module load completed but symbols could not be loaded for intelide.sys *** WARNING: Unable to verify timestamp for dmload.sys *** ERROR: Module load completed but symbols could not be loaded for dmload.sys *** WARNING: Unable to verify timestamp for swenum.sys *** ERROR: Module load completed but symbols could not be loaded for swenum.sys *** WARNING: Unable to verify timestamp for USBD.SYS *** ERROR: Module load completed but symbols could not be loaded for USBD.SYS *** WARNING: Unable to verify timestamp for Fs_Rec.SYS *** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS *** WARNING: Unable to verify timestamp for Beep.SYS *** ERROR: Module load completed but symbols could not be loaded for Beep.SYS *** WARNING: Unable to verify timestamp for mnmdd.SYS *** ERROR: Module load completed but symbols could not be loaded for mnmdd.SYS *** WARNING: Unable to verify timestamp for RDPCDD.sys *** ERROR: Module load completed but symbols could not be loaded for RDPCDD.sys *** WARNING: Unable to verify timestamp for pciide.sys *** ERROR: Module load completed but symbols could not be loaded for pciide.sys *** WARNING: Unable to verify timestamp for audstub.sys *** ERROR: Module load completed but symbols could not be loaded for audstub.sys *** WARNING: Unable to verify timestamp for Null.SYS *** ERROR: Module load completed but symbols could not be loaded for Null.SYS *** WARNING: Unable to verify timestamp for dxgthk.sys *** ERROR: Module load completed but symbols could not be loaded for dxgthk.sys *** WARNING: Unable to verify timestamp for dxg.sys *** ERROR: Module load completed but symbols could not be loaded for dxg.sys *** WARNING: Unable to verify timestamp for igxprd32.dll *** ERROR: Module load completed but symbols could not be loaded for igxprd32.dll *** WARNING: Unable to verify timestamp for igxpgd32.dll *** ERROR: Module load completed but symbols could not be loaded for igxpgd32.dll *** WARNING: Unable to verify timestamp for igxpdv32.DLL *** ERROR: Module load completed but symbols could not be loaded for igxpdv32.DLL *** WARNING: Unable to verify timestamp for igxpdx32.DLL *** ERROR: Module load completed but symbols could not be loaded for igxpdx32.DLL *** WARNING: Unable to verify timestamp for win32k.sys *** ERROR: Module load completed but symbols could not be loaded for win32k.sys Couldn't resolve error at 'NALYZE -V' IP 地址: 已记录   报告

2014-11-03, 13:40 下午 格蠹老雷 注册: 2005-12-19 发 贴: 1,303 Re: 求助分析一个DUMP文件，找不出原因来 !analyze -v 少了个感叹号，WinDBG评估表达式时找了一大圈，把所有模块都找了个遍 那把dump文件传到某个云盘最好 最etfilemon这个名字来看，估计是与文件系统的过滤驱动有关，搜索注册表，尝试禁止这个驱动，注意先备份数据 IP 地址: 已记录   报告

2014-11-04, 14:49 下午 泡泡 注册: 2014-11-02 发 贴: 3 Re: 求助分析一个DUMP文件，找不出原因来 谢谢，目测我已经找到问题原因了，开始的时候就一直怀疑是ACHI驱动导致的，但是我无论如何也卸载不了ACHI驱动，因为驱动是后装的，也就是说装系统的时候我用的是ATA模式，装完系统以后我在装的INTEL C216的SATA ACHI驱动，然后重启的时候改为ACHI模式，可惜的是一旦安装了无论怎么弄都回不到未安装前的状态，最后我只好重装了系统，把除了ACHI驱动以外的驱动全装了，放了几天几夜也没蓝屏，刚开始我还怀疑过是显卡驱动的问题，装了好几个版本的都是一样，现在找到问题所在了，但是我一直不明白，为什么一定要等十几个小时才蓝屏，这十几个小时电脑是没有操作的，我曾怀疑是休眼导致的，但是直接启用休眠过段时间再唤醒，结果是不蓝屏的，那到底是ACHI驱动干了什么事情导致的十几个小时会自已蓝屏，如果有人在使用，机器是不会蓝屏的，求指教 附上更正命令后的内容，我试过发附件，但是发不出来 2: kd> !analyze -v ******************************************************************************* *                                                                             * *                        Bugcheck Analysis                                    * *                                                                             * ******************************************************************************* KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck.  Usually the exception address pinpoints the driver/function that caused the problem.  Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003.  This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG.  This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG.  This will let us see why this breakpoint is happening. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 8053b658, The address that the exception occurred at Arg3: a76c8194, Trap Frame Arg4: 00000000 Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!KPRCB                                      *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!KPRCB                                      *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ************************************************************************* ***                                                                   *** ***                                                                   *** ***    Your debugger is not using the correct symbols                 *** ***                                                                   *** ***    In order for this command to work properly, your symbol path   *** ***    must point to .pdb files that have full type information.      *** ***                                                                   *** ***    Certain .pdb files (such as the public OS symbols) do not      *** ***    contain the required information.  Contact the group that      *** ***    provided you with these symbols if you need this command to    *** ***    work.                                                          *** ***                                                                   *** ***    Type referenced: nt!_KPRCB                                     *** ***                                                                   *** ************************************************************************* ADDITIONAL_DEBUG_TEXT:  Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. FAULTING_MODULE: 804d8000 nt DEBUG_FLR_IMAGE_TIMESTAMP:  52302721 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx FAULTING_IP: nt+63658 8053b658 89448fe8        mov     dword ptr [edi+ecx*4-18h],eax TRAP_FRAME:  a76c8194 -- (.trap 0xffffffffa76c8194) ErrCode = 00000002 eax=575c3a43 ebx=00000000 ecx=00000006 edx=00000001 esi=f67f20e0 edi=00000000 eip=8053b658 esp=a76c8208 ebp=a76c8210 iopl=0         nv up ei ng nz ac po cy cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010293 nt+0x63658: 8053b658 89448fe8        mov     dword ptr [edi+ecx*4-18h],eax ds:0023:00000000=???????? Resetting default scope CUSTOMER_CRASH_COUNT:  2 DEFAULT_BUCKET_ID:  DRIVER_FAULT BUGCHECK_STR:  0x8E LAST_CONTROL_TRANSFER:  from a7493ba0 to 8053b658 STACK_TEXT:  WARNING: Stack unwind information not available. Following frames may be wrong. a76c8210 a7493ba0 00000000 f67f20e0 00000019 nt+0x63658 a76c8a5c 804f018f 85c23880 85c969a0 85c969a0 EtFilemon+0x1ba0 a76c8b4c 805c0444 8ab47600 00000000 86b61328 nt+0x1818f a76c8bc4 805bc9d0 00000000 a76c8c04 00000040 nt+0xe8444 a76c8c18 80577033 00000000 00000000 00000001 nt+0xe49d0 a76c8c94 805779aa 0108fac8 80100080 0108fa68 nt+0x9f033 a76c8cf0 8057a0b4 0108fac8 80100080 0108fa68 nt+0x9f9aa a76c8d30 8054261c 0108fac8 80100080 0108fa68 nt+0xa20b4 a76c8d64 7c92e4f4 badb0d00 0108fa30 a736dd98 nt+0x6a61c a76c8d68 badb0d00 0108fa30 a736dd98 a736ddcc 0x7c92e4f4 a76c8d6c 0108fa30 a736dd98 a736ddcc 00000000 0xbadb0d00 a76c8d70 a736dd98 a736ddcc 00000000 00000000 0x108fa30 a76c8d74 a736ddcc 00000000 00000000 00000000 0xa736dd98 a76c8d78 00000000 00000000 00000000 00000000 0xa736ddcc STACK_COMMAND:  kb FOLLOWUP_IP: EtFilemon+1ba0 a7493ba0 ??              ??? SYMBOL_STACK_INDEX:  1 SYMBOL_NAME:  EtFilemon+1ba0 FOLLOWUP_NAME:  MachineOwner MODULE_NAME: EtFilemon IMAGE_NAME:  EtFilemon.sys BUCKET_ID:  WRONG_SYMBOLS Followup: MachineOwner ---------   IP 地址: 已记录   报告

2014-11-04, 16:12 下午 泡泡 注册: 2014-11-02 发 贴: 3 Re: 求助分析一个DUMP文件，找不出原因来 再补充一个新发现，今天处理这台电脑的另一个问题，插入移动硬盘死机的问题，偶尔间发现导致崩溃的那个ETFILEMON.SYS驱动竟然是我装的一个USB控制软件的驱动，通过软件的开发商那边获得了另一版，重装软件后移动硬盘插入死机关题已解决，于是乎又把ACHI驱动装上了，这次看一下会不会过十几个小时又蓝屏，如果不蓝屏了，那问题就是那个软件的问题，如果依旧蓝屏，那就可能是ACHI驱动的关系，上面的分析结果依旧请大神帮忙分析一下原因 IP 地址: 已记录   报告

高端调试 » 软件调试 » WinDbg » Re: 求助分析一个DUMP文件，找不出原因来

请选择 论坛首页 |- 论坛搜索 |- 热门主题 |- 未回复的主题 用户选项 |- 登录 |- 注册 |- 找回密码 软件调试 |- Windows内核调试 |- C/C++本地代码调试 |- .Net程序调试 |- 脚本程序调试 |- Java程序调试 |- Linux内核调试 |- 《程序员》杂志调试专栏 |- WinDbg |- GDB |- 远程调试 |- 调试ACPI和BIOS |- 特殊的调试任务 |- 转储分析 |- GDK7 内核探秘 |- Windows内核 |- Linux内核 系统架构 |- CPU架构 |- PCI/PCI Express架构 程序人生 |- 软件物语 |- 社区活动 |- 名人逸事 联盟论坛 |- 欢迎使用CnForums 没有银弹 |- BUG也精彩 |- 豆腐工程 |- 软件圈里十大怪 Windows Vista |- 用调试利剑剖析VISTA内幕 |- 老专家如何破解新问题 |- 我的电脑谁说了算？ |- 资源 Office开发 |- Visio 驱动程序开发 |- Windows驱动开发 |- Linux驱动开发 |- Windows CE驱动开发 用户态开发 |- Windows本地代码（native）高级开发 |- Web应用开发 |- WinFX和.Net |- Office开发 本站建设 |- 高端调试团队 |- 版面布局 |- 活动建议 |- 网站维护 64位计算 |- 64-bit Windows |- 64-bit CPU 图书 |- 《软件调试》的示例程序 |- 《软件调试》的工具 |- 《软件调试》书友 |- 《软件调试》答疑 |- 《软件调试》勘误和意见 |- 《格蠹汇编》 |- 《软件调试》第二版卷1 |- 《软件调试》第二版卷2 云计算 |- IaaS |- 云存储 |- 大数据 |- PaaS和SaaS GPU |- CUDA |- OpenCL |- HSA |- 游戏开发与调试