求助 有没有大佬会看蓝屏文件的。 奥创导致的吗?
[流汗] 看不到只看到一行PROCESS_NAME: ArmouryCrate.Service.exeFor analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`29816b00 48894c2408 mov qword ptr ,rcx ss:ffffbf06`da4c73a0=000000000000000a
21: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000000d8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80129a6a3b3, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key: Analysis.CPU.mSec
Value: 671
Key: Analysis.Elapsed.mSec
Value: 1960
Key: Analysis.IO.Other.Mb
Value: 0
Key: Analysis.IO.Read.Mb
Value: 0
Key: Analysis.IO.Write.Mb
Value: 0
Key: Analysis.Init.CPU.mSec
Value: 93
Key: Analysis.Init.Elapsed.mSec
Value: 4934
Key: Analysis.Memory.CommitPeak.Mb
Value: 97
Key: Bugcheck.Code.LegacyAPI
Value: 0xa
Key: Failure.Bucket
Value: AV_nt!MiResolvePageFileFault
Key: Failure.Hash
Value: {792a0b16-e499-d3be-c970-fb2f83008d00}
Key: WER.OS.Branch
Value: ni_release
Key: WER.OS.Version
Value: 10.0.22621.1
BUGCHECK_CODE:a
BUGCHECK_P1: d8
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80129a6a3b3
FILE_IN_CAB:012124-9531-01.dmp
READ_ADDRESS: fffff8012a11d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
00000000000000d8
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT:1
PROCESS_NAME:ArmouryCrate.Service.exe
TRAP_FRAME:ffffbf06da4c74e0 -- (.trap 0xffffbf06da4c74e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000001000043000 rbx=0000000000000000 rcx=0000000000284a00
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80129a6a3b3 rsp=ffffbf06da4c7670 rbp=ffffbf06da4c7770
r8=0000000000000000r9=000000000011867f r10=00007ffdd7d366a0
r11=ffff8a0000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MiResolvePageFileFault+0x13d7:
fffff801`29a6a3b3 4983b8d800000000 cmp qword ptr ,0 ds:00000000`000000d8=????????????????
Resetting default scope
STACK_TEXT:
ffffbf06`da4c7398 fffff801`2982c4e9 : 00000000`0000000a 00000000`000000d8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffbf06`da4c73a0 fffff801`29827a34 : 00000000`00000000 ffff9781`52b13740 00000000`00000001 ffffbf06`da4c76f8 : nt!KiBugCheckDispatch+0x69
ffffbf06`da4c74e0 fffff801`29a6a3b3 : 01000043`3495803e ffffbf06`00000001 fffffd3f`feebe900 01000043`3495803e : nt!KiPageFault+0x474
ffffbf06`da4c7670 fffff801`29886cd2 : ffffbf06`00000001 fffffd3f`feebe9b0 00000000`00000000 ffffbf06`da4c77f8 : nt!MiResolvePageFileFault+0x13d7
ffffbf06`da4c77c0 fffff801`29661fd2 : 00000000`00000000 00000000`00000000 00000000`c0000016 00000000`00000000 : nt!MiDispatchFault+0x222292
ffffbf06`da4c7900 fffff801`29827929 : ffffbf06`da4c7aa0 000002b0`dda1cc30 000002b0`f75d3240 000002b0`dda06c70 : nt!MmAccessFault+0x152
ffffbf06`da4c7a20 00007ffd`d7d366a0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x369
000000f9`948ff638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`d7d366a0
SYMBOL_NAME:nt!MiResolvePageFileFault+13d7
MODULE_NAME: nt
IMAGE_VERSION:10.0.22621.3007
STACK_COMMAND:.cxr; .ecxr ; kb
IMAGE_NAME:ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET:13d7
FAILURE_BUCKET_ID:AV_nt!MiResolvePageFileFault
OS_VERSION:10.0.22621.1
BUILDLAB_STR:ni_release
OSPLATFORM_TYPE:x64
OSNAME:Windows 10
FAILURE_ID_HASH:{792a0b16-e499-d3be-c970-fb2f83008d00}
Followup: MachineOwner
--------- 蓝屏会有指向文件或者蓝屏代码,除了这个,我还真不会看,如果是蓝屏指向文件,搜搜文件看看目录名啥的,差不多能知道什么程序 gaoyi124 发表于 2024-1-21 23:56
蓝屏会有指向文件或者蓝屏代码,除了这个,我还真不会看,如果是蓝屏指向文件,搜搜文件看看目录名啥的,差不多 ...
少了一段 点 MODULE_NAME: nt
21: kd> lmvm nt
Browse full module list
start end module name
fffff801`29400000 fffff801`2a447000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\FCB9AFC6A352F97B17CF5F981382C7821\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntkrnlmp.exe\16B960371047000\ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbolsfunctionsdata
Image was built with /Brepro flag.
Timestamp: 16B96037 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00B91B6E
ImageSize: 01047000
File version: 10.0.22621.3007
Product version:10.0.22621.3007
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.22621.3007
FileVersion: 10.0.22621.3007 (WinBuild.160101.0800)
FileDescription:NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
页:
[1]