Linger007
新手上路
积分 34
发帖 34
注册 2008-8-3
|
#1 关于Memory.dmp的分析报告
以下内容是我用WinDebug对Memory.dmp 的分析报告(安装微点后重启蓝屏),大家来看看。
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G:\memory.dmp\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055c1c0
Debug session time: Mon Sep 29 09:54:42.144 2008 (GMT+8)
System Uptime: 0 days 0:00:51.714
Loading Kernel Symbols
..................................................................................................................
Loading User Symbols
..............
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 81ca8ae8, 81ca8c5c, 805fc02e}
Probably caused by : csrss.exe
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 81ca8ae8, Terminating object
Arg3: 81ca8c5c, Process image file name
Arg4: 805fc02e, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: 81ca8ae8
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 48025221
MODULE_NAME: csrss
FAULTING_MODULE: 4a680000 csrss
PROCESS_NAME: csrss.exe
EXCEPTION_RECORD: f7ef79d8 -- (.exr fffffffff7ef79d8)
ExceptionAddress: 765100d1 (winsrv!strstr)
ExceptionCode: c0000006 (In-page I/O error)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 765100d1
Parameter[2]: c000009a
Inpage operation failed at 765100d1, due to I/O error c000009a
EXCEPTION_CODE: (NTSTATUS) 0xc000009a - <Unable to get error code text>
DEFAULT_BUCKET_ID: DRIVER_FAULT
ERROR_CODE: (NTSTATUS) 0xc0000006 - "0x%08lx"
IO_ERROR: (NTSTATUS) 0xc000009a - <Unable to get error code text>
EXCEPTION_STR: 0xc0000006_c000009a
FAULTING_IP:
winsrv!strstr+0
765100d1 ?? ???
BUGCHECK_STR: 0xF4_IOERR_C000009A
STACK_TEXT:
f7ef7520 8062ef01 000000f4 00000003 81ca8ae8 nt!KeBugCheckEx+0x1b
f7ef7544 805fbfec 805fc02e 81ca8ae8 81ca8c5c nt!PspCatchCriticalBreak+0x75
f7ef7574 804df7ec 81ca8d30 c0000006 f7ef79b0 nt!NtTerminateProcess+0x7d
f7ef7574 804deae1 81ca8d30 c0000006 f7ef79b0 nt!KiFastCallEntry+0xf8
f7ef75f4 8051e89c ffffffff c0000006 f7ef79f8 nt!ZwTerminateProcess+0x11
f7ef79b0 805043fc f7ef79d8 00000000 f7ef7d64 nt!KiDispatchException+0x3a0
f7ef7d34 804e306b 0070f28c 0070f2ac 00000000 nt!KiRaiseException+0x175
f7ef7d50 804df7ec 0070f28c 0070f2ac 00000000 nt!NtRaiseException+0x31
f7ef7d50 765100d1 0070f28c 0070f2ac 00000000 nt!KiFastCallEntry+0xf8
0070f574 764fa363 00185818 764fb100 00170e78 winsrv!strstr
0070fe9c 764fb1ff 0018f8c8 0000000c 00000001 winsrv!GetHardErrorText+0x282
0070febc 764fb3cb 00000000 0070feec 00000000 winsrv!UserHardErrorEx+0xf2
0070fed0 75aa47a0 00000000 0070feec 00000005 winsrv!UserHardError+0x12
0070fff4 00000000 00000000 00000000 00000000 CSRSRV!CsrApiRequestThread+0x18a
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_csrss.exe_DATE_2008_04_14
BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_csrss.exe_DATE_2008_04_14
Followup: MachineOwner
---------
kd> !analyze ?f4 show
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 81ca8ae8, 81ca8c5c, 805fc02e}
Probably caused by : csrss.exe
Followup: MachineOwner
---------
| |
※ ※ ※ 本文纯属【Linger007】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2008-10-3 15:33 |
|
Linger007
新手上路
积分 34
发帖 34
注册 2008-8-3
|
|
|
2008-10-3 16:38 |
|
Linger007
新手上路
积分 34
发帖 34
注册 2008-8-3
|
#3 第二份分析报告
Sample Text
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055c1c0
Debug session time: Fri Oct 3 16:40:25.709 2008 (GMT+8)
System Uptime: 0 days 0:10:53.280
Loading Kernel Symbols
...............................................................................................................................
Loading User Symbols
.....................
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 81c762a0, 81c76414, 805fc02e}
Probably caused by : csrss.exe
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 81c762a0, Terminating object
Arg3: 81c76414, Process image file name
Arg4: 805fc02e, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: 81c762a0
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 48025221
MODULE_NAME: csrss
FAULTING_MODULE: 4a680000 csrss
PROCESS_NAME: csrss.exe
EXCEPTION_RECORD: f86999d8 -- (.exr fffffffff86999d8)
ExceptionAddress: 764fb3b9 (winsrv!UserHardError)
ExceptionCode: c0000006 (In-page I/O error)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 764fb3b9
Parameter[2]: c000009a
Inpage operation failed at 764fb3b9, due to I/O error c000009a
EXCEPTION_CODE: (NTSTATUS) 0xc000009a - <Unable to get error code text>
DEFAULT_BUCKET_ID: DRIVER_FAULT
ERROR_CODE: (NTSTATUS) 0xc0000006 - "0x%08lx"
IO_ERROR: (NTSTATUS) 0xc000009a - <Unable to get error code text>
EXCEPTION_STR: 0xc0000006_c000009a
FAULTING_IP:
winsrv!UserHardError+0
764fb3b9 ?? ???
BUGCHECK_STR: 0xF4_IOERR_C000009A
STACK_TEXT:
f8699520 8062ef01 000000f4 00000003 81c762a0 nt!KeBugCheckEx+0x1b
f8699544 805fbfec 805fc02e 81c762a0 81c76414 nt!PspCatchCriticalBreak+0x75
f8699574 804df7ec 81c764e8 c0000006 f86999b0 nt!NtTerminateProcess+0x7d
f8699574 804deae1 81c764e8 c0000006 f86999b0 nt!KiFastCallEntry+0xf8
f86995f4 8051e89c ffffffff c0000006 f86999f8 nt!ZwTerminateProcess+0x11
f86999b0 805043fc f86999d8 00000000 f8699d64 nt!KiDispatchException+0x3a0
f8699d34 804e306b 0356fbe8 0356fc08 00000000 nt!KiRaiseException+0x175
f8699d50 804df7ec 0356fbe8 0356fc08 00000000 nt!NtRaiseException+0x31
f8699d50 764fb3b9 0356fbe8 0356fc08 00000000 nt!KiFastCallEntry+0xf8
0356fed0 75aa47a0 00000000 0356feec 00000005 winsrv!UserHardError
0356fff4 00000000 00000000 000000c8 000001a4 CSRSRV!CsrApiRequestThread+0x18a
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_csrss.exe_DATE_2008_04_14
BUCKET_ID: 0xF4_IOERR_C000009A_IMAGE_csrss.exe_DATE_2008_04_14
Followup: MachineOwner
---------
kd> !analyze ?f4 show
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 81c762a0, 81c76414, 805fc02e}
Probably caused by : csrss.exe
Followup: MachineOwner
---------
| |
※ ※ ※ 本文纯属【Linger007】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-10-3 16:56 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
|
|
2008-10-4 10:26 |
|
Linger007
新手上路
积分 34
发帖 34
注册 2008-8-3
|
#5
| Quote: | Originally posted by Linger007 at 2008-10-3 16:56:
Sample Text
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Co ... |
|
该分析报告连同memory.dmp一并上传至222.77.185.15.
请斑竹确认并具体分析。
| |
※ ※ ※ 本文纯属【Linger007】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-10-4 12:32 |
|
|
