sever 2008 无故重启，正文为windbg读取MEMORY.DMP文件信息，请协助~！！

• 问题

• 

  

  0

  登录进行投票

  
  Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
  Copyright (c) Microsoft Corporation. All rights reserved.
  
  
  Loading Dump File [C:\Users\Black\Desktop\MEMORY.DMP]
  Kernel Summary Dump File: Only kernel address space is available
  
  WARNING: Inaccessible path: 'C:\MyCodesSymbols'
  WARNING: Whitespace at start of path element
  Symbol search path is: C:\MyCodesSymbols; SRV*C:\MyLocalSymbols*http://msdl.microsoft.com/download/symbols
  Executable search path is: 
  Windows 7 Kernel Version 7601 (Service Pack 1) MP (16 procs) Free x64
  Product: Server, suite: Enterprise TerminalServer SingleUserTS
  Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
  Machine Name:
  Kernel base = 0xfffff800`01666000 PsLoadedModuleList = 0xfffff800`018abe90
  Debug session time: Wed Aug  1 04:33:22.036 2018 (UTC + 8:00)
  System Uptime: 7 days 1:51:12.088
  Loading Kernel Symbols
  ...............................................................
  ................................................................
  ....................
  Loading User Symbols
  
  Loading unloaded module list
  ..................................................
  The context is partially valid. Only x86 user-mode context is available.
  The wow64exts extension must be loaded to access 32-bit state.
  .load wow64exts will do this if you haven't loaded it already.
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  Use !analyze -v to get detailed debugging information.
  
  BugCheck 50, {fffffab02aa26000, 1, fffff88006b88585, 0}
  
  Probably caused by : Unknown_Image ( srv!SrvOs2FeaToNt+45 )
  
  Followup: MachineOwner
  ---------
  
  16.0: kd:x86> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  PAGE_FAULT_IN_NONPAGED_AREA (50)
  Invalid system memory was referenced.  This cannot be protected by try-except,
  it must be protected by a Probe.  Typically the address is just plain bad or it
  is pointing at freed memory.
  Arguments:
  Arg1: fffffab02aa26000, memory referenced.
  Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
  Arg3: fffff88006b88585, If non-zero, the instruction address which referenced the bad memory
  address.
  Arg4: 0000000000000000, (reserved)
  
  Debugging Details:
  ------------------
  
  
  WRITE_ADDRESS:  fffffab02aa26000 Nonpaged pool
  
  FAULTING_IP: 
  srv!SrvOs2FeaToNt+45
  fffff880`06b88585 c60300          mov     byte ptr [ebx],0
  
  MM_INTERNAL_CODE:  0
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  0
  
  FAULTING_MODULE: fffff88006b1b000 srv
  
  DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
  
  BUGCHECK_STR:  0x50
  
  CURRENT_IRQL:  0
  
  LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000
  
  STACK_TEXT:  
  00000000 00000000 00000000 00000000 00000000 0x0
  
  
  STACK_COMMAND:  .bugcheck ; kb
  
  FOLLOWUP_IP: 
  srv!SrvOs2FeaToNt+45
  fffff880`06b88585 c60300          mov     byte ptr [ebx],0
  
  SYMBOL_NAME:  srv!SrvOs2FeaToNt+45
  
  FOLLOWUP_NAME:  MachineOwner
  
  BUCKET_ID:  INVALID_KERNEL_CONTEXT
  
  MODULE_NAME: Unknown_Module
  
  IMAGE_NAME:  Unknown_Image
  
  Followup: MachineOwner
  ---------
  

  2018年8月1日 6:24

  回复

  |

  引用