none
帮忙分析下windbg报告 RRS feed

  • 问题

  • 昨天晚上挂机用迅雷下载程序,今天上午起床一看,电脑竟然蓝屏了

    于是用windbg分析了下DMP文件,可惜本人电脑只懂个皮毛,实在是看不懂

    麻烦各位了

    Microsoft (R) Windows Debugger  Version 6.7.0005.1
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\072311-17628-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path.           *
    * Use .symfix to have the debugger choose a symbol path.                   *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Windows Kernel Version 7600 MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Kernel base = 0x84440000 PsLoadedModuleList = 0x84588810
    Debug session time: Sat Jul 23 05:05:17.103 2011 (GMT+8)
    System Uptime: 0 days 19:33:57.149
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Loading Kernel Symbols
    ....................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    .....
    Unable to load image \SystemRoot\system32\drivers\ndis.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ndis.sys
    *** ERROR: Module load completed but symbols could not be loaded for ndis.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {1000006, 2, 0, 8a44e77d}

    *** WARNING: Unable to verify timestamp for pacer.sys
    *** ERROR: Module load completed but symbols could not be loaded for pacer.sys
    *** WARNING: Unable to verify timestamp for wanarp.sys
    *** ERROR: Module load completed but symbols could not be loaded for wanarp.sys
    *** WARNING: Unable to verify timestamp for tcpip.sys
    *** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
    *** WARNING: Unable to verify timestamp for tdx.sys
    *** ERROR: Module load completed but symbols could not be loaded for tdx.sys
    *** WARNING: Unable to verify timestamp for 360netmon.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360netmon.sys
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : pacer.sys ( pacer+5c20 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v

     

    2011年7月23日 2:55

答案

  • QoS Scheduler 驱动程序引起的问题。
     
    建议首先通过 SFC 确认一下 Windows\system32\drivers 里的驱动文件有没有损坏。如果问题依然存在,请尝试在网络连接协议中关闭“QoS 数据包计划程序”。
     
    --
    Alexis Zhang
     
    http://mvp.support.microsoft.com/profile/jie
    http://blogs.itecn.net/blogs/alexis
     
    推荐以 NNTP Bridge 桥接新闻组方式访问论坛以获取最佳用户体验。
     
    本帖是回复帖,原帖作者是楼上的 "安徽芜湖夏X"
     
    昨天晚上挂机用迅雷下载程序,今天上午起床一看,电脑竟然蓝屏了
    于是用windbg分析了下DMP文件,可惜本人电?灾欢銎っ翟谑强床欢?
     
     
    2011年7月23日 5:07

全部回复

  • 接上

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 01000006, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8a44e77d, address which referenced memory

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************

    MODULE_NAME: pacer

    FAULTING_MODULE: 84440000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc916

    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     01000006

    CURRENT_IRQL:  2

    FAULTING_IP:
    ndis+2b77d
    8a44e77d f6470605        test    byte ptr [edi+6],5

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

    BUGCHECK_STR:  0xD1

    LAST_CONTROL_TRANSFER:  from 8a44e77d to 844867eb

    STACK_TEXT: 
    WARNING: Stack unwind information not available. Following frames may be wrong.
    9e980388 8a44e77d badb0d00 00000000 86b420a4 nt+0x467eb
    9e980434 8a48f2f4 00980478 00000001 88d247c0 ndis+0x2b77d
    9e980498 8a42759d 87e720e0 88d247c0 00000000 ndis+0x6c2f4
    9e9804b8 8a427623 88d247c0 88d247c0 00000000 ndis+0x459d
    9e9804d0 9255cc20 8868d6a0 88d247c0 00000000 ndis+0x4623
    9e98054c 8a427474 86b40bf0 01d247c0 00000000 pacer+0x5c20
    9e980578 8a48bd8c 87e720e0 88d247c0 00000000 ndis+0x4474
    9e9805a8 925abbf8 88693a60 88d247c0 00000000 ndis+0x68d8c
    9e980604 8a6a37c1 02e88490 00000000 87620002 wanarp+0xdbf8
    9e980658 8a6a34d3 8a723d98 00000000 00000000 tcpip+0x697c1
    9e980690 8a6ab273 8a723d98 8762e54c 8762e5e8 tcpip+0x694d3
    9e980730 8a6b130e 0062e54c 9e980810 88cbad18 tcpip+0x71273
    9e9807b0 8a6b1595 00000000 00000004 8a723d98 tcpip+0x7730e
    9e9807d0 8a69130c 8762b7c8 9e9807e8 9e980a00 tcpip+0x77595
    9e98085c 8a69129d 8762b7c8 9e980a00 00000000 tcpip+0x5730c
    9e9808bc 8a6acd3c 8762b7c8 00000000 9e980a00 tcpip+0x5729d
    9e980a9c 8a6aeb31 00000000 00000000 88dcf3a8 tcpip+0x72d3c
    9e980ba0 8a6ae37a 8763a410 00980c78 00000000 tcpip+0x74b31
    9e980bb4 844cff8a 9e980c44 bb303240 00000000 tcpip+0x7437a
    9e980c1c 8a6ae170 8a6ae367 9e980c44 00000000 nt+0x8ff8a
    9e980c5c 924b0d9e 88dcf3a8 9e980c78 86e35780 tcpip+0x74170
    9e980ca8 924b922a 87554b68 86e35700 87742f48 tdx+0x3d9e
    9e980cc4 8447c4bc 879fda18 86e35780 86e35854 tdx+0xc22a
    9e980cdc 9247f29a 0cd02ca9 00000000 89009c80 nt+0x3c4bc
    9e980d50 8464e66d 00000000 bb3033cc 00000000 360netmon+0x629a
    9e980d90 845000d9 9247eeca 00000000 00000000 nt+0x20e66d
    00000000 00000000 00000000 00000000 00000000 nt+0xc00d9


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    pacer+5c20
    9255cc20 ??              ???

    SYMBOL_STACK_INDEX:  5

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  pacer.sys

    SYMBOL_NAME:  pacer+5c20

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    2011年7月23日 2:57
  • QoS Scheduler 驱动程序引起的问题。
     
    建议首先通过 SFC 确认一下 Windows\system32\drivers 里的驱动文件有没有损坏。如果问题依然存在,请尝试在网络连接协议中关闭“QoS 数据包计划程序”。
     
    --
    Alexis Zhang
     
    http://mvp.support.microsoft.com/profile/jie
    http://blogs.itecn.net/blogs/alexis
     
    推荐以 NNTP Bridge 桥接新闻组方式访问论坛以获取最佳用户体验。
     
    本帖是回复帖,原帖作者是楼上的 "安徽芜湖夏X"
     
    昨天晚上挂机用迅雷下载程序,今天上午起床一看,电脑竟然蓝屏了
    于是用windbg分析了下DMP文件,可惜本人电?灾欢銎っ翟谑强床欢?
     
     
    2011年7月23日 5:07