none
sever 2008 无故重启,正文为windbg读取MEMORY.DMP文件信息,请协助~!! RRS feed

  • 问题


  • Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Black\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    WARNING: Inaccessible path: 'C:\MyCodesSymbols'
    WARNING: Whitespace at start of path element
    Symbol search path is: C:\MyCodesSymbols; SRV*C:\MyLocalSymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (16 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`01666000 PsLoadedModuleList = 0xfffff800`018abe90
    Debug session time: Wed Aug  1 04:33:22.036 2018 (UTC + 8:00)
    System Uptime: 7 days 1:51:12.088
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................
    Loading User Symbols

    Loading unloaded module list
    ..................................................
    The context is partially valid. Only x86 user-mode context is available.
    The wow64exts extension must be loaded to access 32-bit state.
    .load wow64exts will do this if you haven't loaded it already.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 50, {fffffab02aa26000, 1, fffff88006b88585, 0}

    Probably caused by : Unknown_Image ( srv!SrvOs2FeaToNt+45 )

    Followup: MachineOwner
    ---------

    16.0: kd:x86> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: fffffab02aa26000, memory referenced.
    Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
    Arg3: fffff88006b88585, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 0000000000000000, (reserved)

    Debugging Details:
    ------------------


    WRITE_ADDRESS:  fffffab02aa26000 Nonpaged pool

    FAULTING_IP: 
    srv!SrvOs2FeaToNt+45
    fffff880`06b88585 c60300          mov     byte ptr [ebx],0

    MM_INTERNAL_CODE:  0

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    FAULTING_MODULE: fffff88006b1b000 srv

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0x50

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000

    STACK_TEXT:  
    00000000 00000000 00000000 00000000 00000000 0x0


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP: 
    srv!SrvOs2FeaToNt+45
    fffff880`06b88585 c60300          mov     byte ptr [ebx],0

    SYMBOL_NAME:  srv!SrvOs2FeaToNt+45

    FOLLOWUP_NAME:  MachineOwner

    BUCKET_ID:  INVALID_KERNEL_CONTEXT

    MODULE_NAME: Unknown_Module

    IMAGE_NAME:  Unknown_Image

    Followup: MachineOwner
    ---------
    2018年8月1日 6:24

全部回复

  • Hi ,

    通常,大多异常重启问题是由以下原因造成的:

    不稳定的硬件设备、设备驱动过期、三方程序干扰、系统异常。

    建议先在安全模式下时,观察异常重启是否出现,如果未出现异常重启,我们就可以推断事件原因为驱动软件过期、三方程序干扰。

    请检查最近是否有做过什么特殊的操作,比如说更新了驱动或者是安装了补丁/软件,请撤销之前的更改,再检查是否有相同的问题。

    若异常重启仍旧在安全模式下出现, 问题就可能是由于硬件不稳定导致的或者是系统异常导致的。建议联系电脑厂商对硬件进行排查。

    同时请尝试运行sfc/scannow进行一个系统文件检测和修复。

    以下是一些硬件的排错常规步骤,你可以尝试一下:

    1.如果最近有更换硬件,请您将新硬件更换回之前的硬件或是其他新硬件
    2.如果您有多根内存条,请您只保留一根,将其余的拔除
    3.确认接线等是否疏松,机箱内的灰尘是否过多,进行固定和清理
    4.更换其他的电源

    由于分析dump文件超出了论坛的支持范围,如果以上的常规排错没有解决问题同时问题比较紧急的话,建议您选用微软电话技术支持服务:800-820-3800。

    此致

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2018年8月1日 8:39
    版主