有台WIN2008 ENT 32位的服务器最近在关机时出现了蓝屏,DUMP文件我用DEBUG分析完后出现以下结果,麻烦高人分析一下原因所在
Symbol search path is: C:\Windows\symbols;SRV*c:/WINDOWS/Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (24 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 6002.18484.x86fre.vistasp2_gdr.110617-0336
Machine Name:
Kernel base = 0x81c14000 PsLoadedModuleList = 0x81d2bc70
Debug session time: Sun Nov 18 05:05:09.525 2012 (UTC + 8:00)
System Uptime: 33 days 8:56:23.435
Loading Kernel Symbols
...............................................................
..........................................Page bae61 not present in the dump file. Type ".hh dbgerr004" for details
......................
............
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdc00c). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {13281fc, 2, 1, 81d028b3}
Page bae61 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+29c )
Followup: Pool_corruption
---------
17: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 013281fc, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 81d028b3, address which referenced memory
Debugging Details:
------------------
Page bae61 not present in the dump file. Type ".hh dbgerr004" for details
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+29c
81d028b3 894604 mov dword ptr [esi+4],eax
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: services.exe
TRAP_FRAME: a950eb54 -- (.trap 0xffffffffa950eb54)
ErrCode = 00000002
eax=88e2cba0 ebx=00000000 ecx=000001ff edx=8041002c esi=013281f8 edi=80410000
eip=81d028b3 esp=a950ebc8 ebp=a950ec00 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
nt!ExDeferredFreePool+0x29c:
81d028b3 894604 mov dword ptr [esi+4],eax ds:0023:013281fc=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81d028b3 to 81c61fd9
STACK_TEXT:
a950eb54 81d028b3 badb0d00 8041002c 85e93878 nt!KiTrap0E+0x2e1
a950ec00 81d01858 80410000 00000000 81d21840 nt!ExDeferredFreePool+0x29c
a950ec68 81e425f5 87a145b0 ee657645 00000000 nt!ExFreePoolWithTag+0x852
a950ec90 81e42457 81fd526c 87a145b0 00000000 nt!ObpFreeObject+0x192
a950eca8 81c58dcc 87a145c8 00000000 8786db70 nt!ObpRemoveObjectRoutine+0x145
a950ecd0 81e4e954 8d8e54c8 8786db70 000004b0 nt!ObfDereferenceObject+0xa1
a950ed14 81e4e64d 8d8e54c8 8d90c960 85e93878 nt!ObpCloseHandleTableEntry+0x24e
a950ed44 81e4ed31 85e93878 8786db01 8786db01 nt!ObpCloseHandle+0x73
a950ed58 81c5ec7a 000004b0 0222fb38 77b45ca4 nt!NtClose+0x20
a950ed58 77b45ca4 000004b0 0222fb38 77b45ca4 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0222fb38 00000000 00000000 00000000 00000000 0x77b45ca4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+29c
81d028b3 894604 mov dword ptr [esi+4],eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+29c
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+29c
BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+29c
Followup: Pool_corruption
Win2008 Ent 32bit SP2 蓝屏
立刻免费下载 TechNet 论坛好帮手
