คอมพิวเตอร์ Windows 7 ของฉันประสบกับ bluescreens ที่เกิดขึ้นไม่นานหลังจากการบูท
ฉันใช้ Windbg เพื่อวิเคราะห์ไฟล์ดัมพ์ของเหตุการณ์ แต่ฉันไม่แน่ใจว่าฉันเข้าใจสิ่งที่บอกฉันหรือไม่
บรรทัดเหล่านี้น่าสนใจ:
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: fsgk32.exe
นั่นแสดงว่าปัญหาเกิดขึ้นในไดรเวอร์หรือใน fsgk32.exe (ซึ่งเป็นส่วนหนึ่งของ F-secure) หรือทั้งสองอย่าง?
ผลเต็ม:
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002ed05ce, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f7100
GetUlongFromAddress: unable to read from fffff800030f71c0
0000000000000000 Nonpaged pool
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiUnlinkPageFromLockedList+36e
fffff800`02ed05ce 49890cc0 mov qword ptr [r8+rax*8],rcx
BUGCHECK_STR: 0x1E_c0000005_R
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: fsgk32.exe
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff80002f0a738 to fffff80002ebfbc0
STACK_TEXT:
fffff880`060eed48 fffff800`02f0a738 : 00000000`0000001e ffffffff`c0000005 fffff800`02ed05ce 00000000`00000000 : nt!KeBugCheckEx
fffff880`060eed50 fffff800`02ebf242 : fffff880`060ef528 fffffa80`0aeff270 fffff880`060ef5d0 fffffa80`0aeff270 : nt! ?? ::FNODOBFM::`string'+0x487ed
fffff880`060ef3f0 fffff800`02ebdb4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`060ef5d0 fffff800`02ed05ce : fffff700`01080000 fffffa80`0aeff270 fffff800`030fa2c0 fffff680`00394f28 : nt!KiGeneralProtectionFault+0x10a
fffff880`060ef760 fffff800`02ef006b : fffffa80`0aeff270 fffffa80`0efb1578 00000000`00000000 00000000`00000000 : nt!MiUnlinkPageFromLockedList+0x36e
fffff880`060ef7e0 fffff800`02edcc8f : 00000000`00000000 00000000`00000000 fffff680`003b5818 fffffa80`0efb1578 : nt!MiResolveTransitionFault+0x16b
fffff880`060ef870 fffff800`02ecc179 : 00000000`00000000 ffffffff`ffffffff fffffa80`0f946060 00000000`00000000 : nt!MiDispatchFault+0x95f
fffff880`060ef980 fffff800`02ebdcee : 00000000`00000000 00000000`001dedf8 fffff880`060efa01 00000000`00000007 : nt!MmAccessFault+0x359
fffff880`060efae0 00000000`772fe2be : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0328fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772fe2be
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiUnlinkPageFromLockedList+36e
fffff800`02ed05ce 49890cc0 mov qword ptr [r8+rax*8],rcx
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MiUnlinkPageFromLockedList+36e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 531590fb
IMAGE_VERSION: 6.1.7601.18409
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1E_c0000005_R_nt!MiUnlinkPageFromLockedList+36e
BUCKET_ID: X64_0x1E_c0000005_R_nt!MiUnlinkPageFromLockedList+36e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1e_c0000005_r_nt!miunlinkpagefromlockedlist+36e
FAILURE_ID_HASH: {3264b3ba-cf19-fae1-16b7-0f69c15b38b9}
Followup: MachineOwner