none
今天又蓝屏了,帮忙分析分析. RRS feed

  • 问题

  • 啥也没干,正打开腾迅TM,点登录,就蓝屏了。
    下面是C:\Windows\Minidump\123009-19328-01.DMP文件

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [D:\123009-19328-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    WARNING: Non-directory path: 'D:\122809-31621-01.dmp'
    Symbol search path is: SRV*D:\debug*http://msdl.microsoft.com/download/symbols
    Executable search path is: D:\;D:\122809-31621-01.dmp
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x83e4b000 PsLoadedModuleList = 0x83f93810
    Debug session time: Wed Dec 30 09:29:51.071 2009 (GMT+8)
    System Uptime: 0 days 0:15:24.709
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C5, {4, 2, 1, 83f6b943}

    Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+2e3 )

    Followup: Pool_corruption
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 00000004, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 83f6b943, address which referenced memory

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0xC5_2

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt!ExDeferredFreePool+2e3
    83f6b943 894604          mov     dword ptr [esi+4],eax

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  TXPlatform.exe

    TRAP_FRAME:  b073e674 -- (.trap 0xffffffffb073e674)
    ErrCode = 00000002
    eax=8634dda0 ebx=000001ff ecx=000001ff edx=83f809f8 esi=00000000 edi=83f808c0
    eip=83f6b943 esp=b073e6e8 ebp=b073e720 iopl=0         nv up ei ng nz ac pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
    nt!ExDeferredFreePool+0x2e3:
    83f6b943 894604          mov     dword ptr [esi+4],eax ds:0023:00000004=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 83f6b943 to 83e917eb

    STACK_TEXT: 
    b073e674 83f6b943 badb0d00 83f809f8 00040012 nt!KiTrap0E+0x2cf
    b073e720 83f6a8aa 83f808c0 00000000 b073e838 nt!ExDeferredFreePool+0x2e3
    b073e788 83f6ba76 8b3e7538 00000000 b073e7ac nt!ExFreePoolWithTag+0x8a4
    b073e798 83e87415 8b3e7538 840c1e0b 8b3e756c nt!ExFreePool+0xf
    b073e7a0 840c1e0b 8b3e756c b073e7c4 89b83023 nt!ExFreeToNPagedLookasideList+0x14
    b073e7ac 89b83023 8b3e756c b073e838 8b3e756c nt!FsRtlFreeExtraCreateParameter+0x42
    b073e7c4 89b83526 8b3e756c 00000000 8b3e756c fltmgr!FreeTargetedIoCtrl+0xbb
    b073e7dc 89b6b762 86f0e008 8b3e756c 862d59c4 fltmgr!FltpCleanupFileObjectContextForClose+0x76
    b073e7f8 89b66ed2 86298350 86f0e008 00000002 fltmgr!FltpGetStartingCallbackNode+0x110
    b073e820 89b673ba 0273e838 87a73020 86298350 fltmgr!FltpPassThrough+0x1d4
    b073e850 83e874bc 87a73020 862d5780 87984024 fltmgr!FltpDispatch+0xb4
    b073e868 8408cdc7 86223698 86298338 00000000 nt!IofCallDriver+0x63
    b073e8ac 8406c6f4 86298350 86298350 86298338 nt!IopDeleteFile+0x10c
    b073e8c4 83eb3f60 00000000 86320d48 86298338 nt!ObpRemoveObjectRoutine+0x59
    b073e8d8 83eb3ed0 86298350 8409078c 8aa01b00 nt!ObfDereferenceObjectWithTag+0x88
    b073e8e0 8409078c 8aa01b00 86320d48 00001898 nt!ObfDereferenceObject+0xd
    b073e920 84091f72 8aa01b00 b0147130 8618ed20 nt!ObpCloseHandleTableEntry+0x21d
    b073e950 840920ea 8618ed20 00000000 b073e9f4 nt!ObpCloseHandle+0x7f
    b073e96c 83e8e42a 80001898 b073ea04 83e8bd8d nt!NtClose+0x4e
    b073e96c 83e8bd8d 80001898 b073ea04 83e8bd8d nt!KiFastCallEntry+0x12a
    b073e9e8 89b9f5c8 80001898 b073ea28 866089a0 nt!ZwClose+0x11
    b073ea04 8406184c 00000000 b073ead4 00000000 fileinfo!FIPfInterfaceClose+0x44
    b073ea28 84061db8 ffffff94 86608b1c 866089a0 nt!PfpOpenHandleClose+0x38
    b073ea3c 84062b6f 00000001 00000005 00000000 nt!PfSnCleanupPrefetchSectionInfo+0x4c
    b073eab4 840d553d 00000000 00000001 00000003 nt!PfSnPrefetchSections+0x3b6
    b073ec34 840a3ac8 86630000 b073ec64 b073ec70 nt!PfSnPrefetchScenario+0x1a9
    b073ecc8 840d01d6 840ae9bd 86305da0 b073ed20 nt!PfSnBeginAppLaunch+0x382
    b073ecd8 840ca6dd 96816f4a 00000000 00000000 nt!PfProcessCreateNotification+0x65
    b073ed20 83f0b0d9 00000000 777e64d8 00000001 nt!PspUserThreadStartup+0x113
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!ExDeferredFreePool+2e3
    83f6b943 894604          mov     dword ptr [esi+4],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!ExDeferredFreePool+2e3

    FOLLOWUP_NAME:  Pool_corruption

    IMAGE_NAME:  Pool_Corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MODULE_NAME: Pool_Corruption

    FAILURE_BUCKET_ID:  0xC5_2_nt!ExDeferredFreePool+2e3

    BUCKET_ID:  0xC5_2_nt!ExDeferredFreePool+2e3

    Followup: Pool_corruption
    ---------

     

    2009年12月30日 1:40

答案

  • 您好,您这个问题很难调试,上面这种普通的方法是不能解决问题的,因为这是一个驱动程序造成的内存池破坏错误。内存池破坏错误通常发生于一个驱动程序遭受了缓冲区溢出,大多为下溢,也有可能是上溢。内存池破坏引起的崩溃原则上是不可调试的,因为系统崩溃发生于破坏的数据被引用之时,而不是数据被破坏之时。所以就像您看见的上面的内容,根本不能指出错误的根源。

    鉴于您是使用TM引起的,我建议您尝试以下措施:
    1、正确卸载腾讯的所有产品,然后再次尝试检验系统的稳定性;
    如果再发生同样的DRIVER_CORRUPTED_EXPOOL (c5)蓝屏:
    2、检查自己最近是否安装或更新了驱动,并复原最近对驱动所做的任何更改,然后再次尝试检验系统的稳定性;

    或者,如果您不嫌麻烦并且愿意深入研究这个错误case,请跟我进行以下步骤:(请务必确保您能重现该崩溃)
    1、运行“verifier.exe”,您会看见“驱动程序验证程序管理器”向导;
    2、选择第二项——“创建自定义设置(供程序开发人员使用)”,然后点击“下一步”;
    3、选择第二项——“从一个完整的列表选择单个设置”,并点击“下一步”;
    4、仅选中第一项——“特殊池”前面的复选框,进入下一步;
    5、选择第三项——“自动选择这台计算机上安装的所有驱动程序”,点击“完成”;
    6、重新启动系统;
    7、尝试再次引发同样的崩溃;
    8、再次分析内存转储文件。

    以上步骤的原理我简单解释一下:通过这些步骤将启用特殊内存池,被检验的所有驱动程序对于略小于一个页面大小的缓冲区申请都将使用特殊内存池,不而是使用一般情形下的换页或非换页内存池。从特殊内存池中分配的缓冲区被夹在两个无效页面之间。因此,对于小于一个页面大小的缓冲区的溢出,系统在溢出发生时就会检测到,因为它导致了在缓冲区之后的无效页面发生了页面错误,也就是pagefault。那么,再次崩溃时,得到的错误应该是DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION(d6),这样就将不可调试的转为可调试的了,而且运气好的话能够看见Windbg直接指出引起崩溃的驱动。

    我还是希望您能通过这种方法深入跟进这个case的,希望早日得到您的feedback。

    谢谢!
    Microsoft MVP for Windows Desktop Experience https://mvp.support.microsoft.com/profile/Huayu
    2009年12月30日 4:56
    版主

全部回复

  • 下面是C:\Windows\MEMORY.DMP文件的分析结果

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [D:\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    WARNING: Non-directory path: 'D:\122809-31621-01.dmp'
    Symbol search path is: SRV*D:\debug*http://msdl.microsoft.com/download/symbols
    Executable search path is: D:\;D:\122809-31621-01.dmp
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x83e4b000 PsLoadedModuleList = 0x83f93810
    Debug session time: Wed Dec 30 09:29:51.071 2009 (GMT+8)
    System Uptime: 0 days 0:15:24.709
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C5, {4, 2, 1, 83f6b943}

    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details
    Probably caused by : memory_corruption

    Followup: memory_corruption
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 00000004, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 83f6b943, address which referenced memory

    Debugging Details:
    ------------------

    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details

    BUGCHECK_STR:  0xC5_2

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt!ExDeferredFreePool+2e3
    83f6b943 894604          mov     dword ptr [esi+4],eax

    DEFAULT_BUCKET_ID:  CODE_CORRUPTION

    PROCESS_NAME:  TXPlatform.exe

    TRAP_FRAME:  b073e674 -- (.trap 0xffffffffb073e674)
    ErrCode = 00000002
    eax=8634dda0 ebx=000001ff ecx=000001ff edx=83f809f8 esi=00000000 edi=83f808c0
    eip=83f6b943 esp=b073e6e8 ebp=b073e720 iopl=0         nv up ei ng nz ac pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
    nt!ExDeferredFreePool+0x2e3:
    83f6b943 894604          mov     dword ptr [esi+4],eax ds:0023:00000004=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 83f6b943 to 83e917eb

    STACK_TEXT: 
    b073e674 83f6b943 badb0d00 83f809f8 00040012 nt!KiTrap0E+0x2cf
    b073e720 83f6a8aa 83f808c0 00000000 b073e838 nt!ExDeferredFreePool+0x2e3
    b073e788 83f6ba76 8b3e7538 00000000 b073e7ac nt!ExFreePoolWithTag+0x8a4
    b073e798 83e87415 8b3e7538 840c1e0b 8b3e756c nt!ExFreePool+0xf
    b073e7a0 840c1e0b 8b3e756c b073e7c4 89b83023 nt!ExFreeToNPagedLookasideList+0x14
    b073e7ac 89b83023 8b3e756c b073e838 8b3e756c nt!FsRtlFreeExtraCreateParameter+0x42
    b073e7c4 89b83526 8b3e756c 00000000 8b3e756c fltmgr!FreeTargetedIoCtrl+0xbb
    b073e7dc 89b6b762 86f0e008 8b3e756c 862d59c4 fltmgr!FltpCleanupFileObjectContextForClose+0x76
    b073e7f8 89b66ed2 86298350 86f0e008 00000002 fltmgr!FltpGetStartingCallbackNode+0x110
    b073e820 89b673ba 0273e838 87a73020 86298350 fltmgr!FltpPassThrough+0x1d4
    b073e850 83e874bc 87a73020 862d5780 87984024 fltmgr!FltpDispatch+0xb4
    b073e868 8408cdc7 86223698 86298338 00000000 nt!IofCallDriver+0x63
    b073e8ac 8406c6f4 86298350 86298350 86298338 nt!IopDeleteFile+0x10c
    b073e8c4 83eb3f60 00000000 86320d48 86298338 nt!ObpRemoveObjectRoutine+0x59
    b073e8d8 83eb3ed0 86298350 8409078c 8aa01b00 nt!ObfDereferenceObjectWithTag+0x88
    b073e8e0 8409078c 8aa01b00 86320d48 00001898 nt!ObfDereferenceObject+0xd
    b073e920 84091f72 8aa01b00 b0147130 8618ed20 nt!ObpCloseHandleTableEntry+0x21d
    b073e950 840920ea 8618ed20 00000000 b073e9f4 nt!ObpCloseHandle+0x7f
    b073e96c 83e8e42a 80001898 b073ea04 83e8bd8d nt!NtClose+0x4e
    b073e96c 83e8bd8d 80001898 b073ea04 83e8bd8d nt!KiFastCallEntry+0x12a
    b073e9e8 89b9f5c8 80001898 b073ea28 866089a0 nt!ZwClose+0x11
    b073ea04 8406184c 00000000 b073ead4 00000000 fileinfo!FIPfInterfaceClose+0x44
    b073ea28 84061db8 ffffff94 86608b1c 866089a0 nt!PfpOpenHandleClose+0x38
    b073ea3c 84062b6f 00000001 00000005 00000000 nt!PfSnCleanupPrefetchSectionInfo+0x4c
    b073eab4 840d553d 00000000 00000001 00000003 nt!PfSnPrefetchSections+0x3b6
    b073ec34 840a3ac8 86630000 b073ec64 b073ec70 nt!PfSnPrefetchScenario+0x1a9
    b073ecc8 840d01d6 840ae9bd 86305da0 b073ed20 nt!PfSnBeginAppLaunch+0x382
    b073ecd8 840ca6dd 96816f4a 00000000 00000000 nt!PfProcessCreateNotification+0x65
    b073ed20 83f0b0d9 00000000 777e64d8 00000001 nt!PspUserThreadStartup+0x113
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
        83e8e3e4-83e8e3e7  4 bytes - nt!KiFastCallEntry+e4
     [ 2b e1 c1 e9:e9 77 bf 37 ]
        83eba84c-83eba84f  4 bytes - nt!KiServiceTable+15c (+0x2c468)
     [ 0e 5c 12 84:ac 9d 51 8c ]
        83eba9e8-83eba9eb  4 bytes - nt!KiServiceTable+2f8 (+0x19c)
     [ 31 c5 0c 84:98 9d 51 8c ]
        83ebaa08-83ebaa0b  4 bytes - nt!KiServiceTable+318 (+0x20)
     [ 88 ae 0c 84:9d 9d 51 8c ]
        83ebacb8-83ebacbb  4 bytes - nt!KiServiceTable+5c8 (+0x2b0)
     [ 3d cb 0a 84:a7 9d 51 8c ]
    20 errors : !nt (83e8e3e4-83ebacbb)

    MODULE_NAME: memory_corruption

    IMAGE_NAME:  memory_corruption

    FOLLOWUP_NAME:  memory_corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MEMORY_CORRUPTOR:  LARGE

    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

    BUCKET_ID:  MEMORY_CORRUPTION_LARGE

    Followup: memory_corruption
    ---------

     

    2009年12月30日 1:47
  • 您好,您这个问题很难调试,上面这种普通的方法是不能解决问题的,因为这是一个驱动程序造成的内存池破坏错误。内存池破坏错误通常发生于一个驱动程序遭受了缓冲区溢出,大多为下溢,也有可能是上溢。内存池破坏引起的崩溃原则上是不可调试的,因为系统崩溃发生于破坏的数据被引用之时,而不是数据被破坏之时。所以就像您看见的上面的内容,根本不能指出错误的根源。

    鉴于您是使用TM引起的,我建议您尝试以下措施:
    1、正确卸载腾讯的所有产品,然后再次尝试检验系统的稳定性;
    如果再发生同样的DRIVER_CORRUPTED_EXPOOL (c5)蓝屏:
    2、检查自己最近是否安装或更新了驱动,并复原最近对驱动所做的任何更改,然后再次尝试检验系统的稳定性;

    或者,如果您不嫌麻烦并且愿意深入研究这个错误case,请跟我进行以下步骤:(请务必确保您能重现该崩溃)
    1、运行“verifier.exe”,您会看见“驱动程序验证程序管理器”向导;
    2、选择第二项——“创建自定义设置(供程序开发人员使用)”,然后点击“下一步”;
    3、选择第二项——“从一个完整的列表选择单个设置”,并点击“下一步”;
    4、仅选中第一项——“特殊池”前面的复选框,进入下一步;
    5、选择第三项——“自动选择这台计算机上安装的所有驱动程序”,点击“完成”;
    6、重新启动系统;
    7、尝试再次引发同样的崩溃;
    8、再次分析内存转储文件。

    以上步骤的原理我简单解释一下:通过这些步骤将启用特殊内存池,被检验的所有驱动程序对于略小于一个页面大小的缓冲区申请都将使用特殊内存池,不而是使用一般情形下的换页或非换页内存池。从特殊内存池中分配的缓冲区被夹在两个无效页面之间。因此,对于小于一个页面大小的缓冲区的溢出,系统在溢出发生时就会检测到,因为它导致了在缓冲区之后的无效页面发生了页面错误,也就是pagefault。那么,再次崩溃时,得到的错误应该是DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION(d6),这样就将不可调试的转为可调试的了,而且运气好的话能够看见Windbg直接指出引起崩溃的驱动。

    我还是希望您能通过这种方法深入跟进这个case的,希望早日得到您的feedback。

    谢谢!
    Microsoft MVP for Windows Desktop Experience https://mvp.support.microsoft.com/profile/Huayu
    2009年12月30日 4:56
    版主
  • 哈哈,非常感谢。
    其实我现在急着想知道的是这个问题有没有可能是内存条的质量问题引起的。因为我刚换的一根新的三星金条。
    但我用DOS版MEMTEST测试了12个小时,用WIN版的MEMTEST测试了一个上午,都没测到一个错误。
    所以如果这个问题确定是驱动造成的,那我就按你的步骤来排除是哪个驱动,
    但如果是内存问题我要尽快更换,哈哈
    2009年12月30日 5:06