设为首页收藏本站

 找回密码
 加入我们
搜索
      
Chiphell - 分享与交流用户体验»社区 讨论区-生活与技术的讨论 电脑讨论(新) 求助 有没有大佬会看蓝屏文件的。 奥创导致的吗? ...
返回列表 发新帖
查看: 3281|回复: 2

[软件] 求助 有没有大佬会看蓝屏文件的。 奥创导致的吗?

[复制链接]
zhoualive
发表于 2024-1-21 23:51 | 显示全部楼层 |阅读模式
看不到只看到一行  PROCESS_NAME: ArmouryCrate.Service.exe

  1. For analysis of this file, run !analyze -v
  2. nt!KeBugCheckEx:
  3. fffff801`29816b00 48894c2408      mov     qword ptr [rsp+8],rcx ss:ffffbf06`da4c73a0=000000000000000a
  4. 21: kd> !analyze -v
  5. *******************************************************************************
  6. *                                                                             *
  7. *                        Bugcheck Analysis                                    *
  8. *                                                                             *
  9. *******************************************************************************

  11. IRQL_NOT_LESS_OR_EQUAL (a)
  12. An attempt was made to access a pageable (or completely invalid) address at an
  13. interrupt request level (IRQL) that is too high.  This is usually
  14. caused by drivers using improper addresses.
  15. If a kernel debugger is available get the stack backtrace.
  16. Arguments:
  17. Arg1: 00000000000000d8, memory referenced
  18. Arg2: 0000000000000002, IRQL
  19. Arg3: 0000000000000000, bitfield :
  20.         bit 0 : value 0 = read operation, 1 = write operation
  21.         bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
  22. Arg4: fffff80129a6a3b3, address which referenced memory

  24. Debugging Details:
  25. ------------------


  28. KEY_VALUES_STRING: 1

  30.     Key  : Analysis.CPU.mSec
  31.     Value: 671

  33.     Key  : Analysis.Elapsed.mSec
  34.     Value: 1960

  36.     Key  : Analysis.IO.Other.Mb
  37.     Value: 0

  39.     Key  : Analysis.IO.Read.Mb
  40.     Value: 0

  42.     Key  : Analysis.IO.Write.Mb
  43.     Value: 0

  45.     Key  : Analysis.Init.CPU.mSec
  46.     Value: 93

  48.     Key  : Analysis.Init.Elapsed.mSec
  49.     Value: 4934

  51.     Key  : Analysis.Memory.CommitPeak.Mb
  52.     Value: 97

  54.     Key  : Bugcheck.Code.LegacyAPI
  55.     Value: 0xa

  57.     Key  : Failure.Bucket
  58.     Value: AV_nt!MiResolvePageFileFault

  60.     Key  : Failure.Hash
  61.     Value: {792a0b16-e499-d3be-c970-fb2f83008d00}

  63.     Key  : WER.OS.Branch
  64.     Value: ni_release

  66.     Key  : WER.OS.Version
  67.     Value: 10.0.22621.1


  70. BUGCHECK_CODE:  a

  72. BUGCHECK_P1: d8

  74. BUGCHECK_P2: 2

  76. BUGCHECK_P3: 0

  78. BUGCHECK_P4: fffff80129a6a3b3

  80. FILE_IN_CAB:  012124-9531-01.dmp

  82. READ_ADDRESS: fffff8012a11d470: Unable to get MiVisibleState
  83. Unable to get NonPagedPoolStart
  84. Unable to get NonPagedPoolEnd
  85. Unable to get PagedPoolStart
  86. Unable to get PagedPoolEnd
  87. unable to get nt!MmSpecialPagesInUse
  88. 00000000000000d8

  90. BLACKBOXBSD: 1 (!blackboxbsd)


  93. BLACKBOXNTFS: 1 (!blackboxntfs)


  96. BLACKBOXPNP: 1 (!blackboxpnp)


  99. BLACKBOXWINLOGON: 1

  101. CUSTOMER_CRASH_COUNT:  1

  103. PROCESS_NAME:  ArmouryCrate.Service.exe

  105. TRAP_FRAME:  ffffbf06da4c74e0 -- (.trap 0xffffbf06da4c74e0)
  106. NOTE: The trap frame does not contain all registers.
  107. Some register values may be zeroed or incorrect.
  108. rax=0000001000043000 rbx=0000000000000000 rcx=0000000000284a00
  109. rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
  110. rip=fffff80129a6a3b3 rsp=ffffbf06da4c7670 rbp=ffffbf06da4c7770
  111. r8=0000000000000000  r9=000000000011867f r10=00007ffdd7d366a0
  112. r11=ffff8a0000000000 r12=0000000000000000 r13=0000000000000000
  113. r14=0000000000000000 r15=0000000000000000
  114. iopl=0         nv up ei pl nz na po nc
  115. nt!MiResolvePageFileFault+0x13d7:
  116. fffff801`29a6a3b3 4983b8d800000000 cmp     qword ptr [r8+0D8h],0 ds:00000000`000000d8=????????????????
  117. Resetting default scope

  119. STACK_TEXT:  
  120. ffffbf06`da4c7398 fffff801`2982c4e9     : 00000000`0000000a 00000000`000000d8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
  121. ffffbf06`da4c73a0 fffff801`29827a34     : 00000000`00000000 ffff9781`52b13740 00000000`00000001 ffffbf06`da4c76f8 : nt!KiBugCheckDispatch+0x69
  122. ffffbf06`da4c74e0 fffff801`29a6a3b3     : 01000043`3495803e ffffbf06`00000001 fffffd3f`feebe900 01000043`3495803e : nt!KiPageFault+0x474
  123. ffffbf06`da4c7670 fffff801`29886cd2     : ffffbf06`00000001 fffffd3f`feebe9b0 00000000`00000000 ffffbf06`da4c77f8 : nt!MiResolvePageFileFault+0x13d7
  124. ffffbf06`da4c77c0 fffff801`29661fd2     : 00000000`00000000 00000000`00000000 00000000`c0000016 00000000`00000000 : nt!MiDispatchFault+0x222292
  125. ffffbf06`da4c7900 fffff801`29827929     : ffffbf06`da4c7aa0 000002b0`dda1cc30 000002b0`f75d3240 000002b0`dda06c70 : nt!MmAccessFault+0x152
  126. ffffbf06`da4c7a20 00007ffd`d7d366a0     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x369
  127. 000000f9`948ff638 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`d7d366a0


  130. SYMBOL_NAME:  nt!MiResolvePageFileFault+13d7

  132. MODULE_NAME: nt

  134. IMAGE_VERSION:  10.0.22621.3007

  136. STACK_COMMAND:  .cxr; .ecxr ; kb

  138. IMAGE_NAME:  ntkrnlmp.exe

  140. BUCKET_ID_FUNC_OFFSET:  13d7

  142. FAILURE_BUCKET_ID:  AV_nt!MiResolvePageFileFault

  144. OS_VERSION:  10.0.22621.1

  146. BUILDLAB_STR:  ni_release

  148. OSPLATFORM_TYPE:  x64

  150. OSNAME:  Windows 10

  152. FAILURE_ID_HASH:  {792a0b16-e499-d3be-c970-fb2f83008d00}

  154. Followup:     MachineOwner
  155. ---------
复制代码
回复

举报

gaoyi124
发表于 2024-1-21 23:56 | 显示全部楼层
蓝屏会有指向文件或者蓝屏代码,除了这个,我还真不会看,如果是蓝屏指向文件,搜搜文件看看目录名啥的,差不多能知道什么程序
回复

举报

zhoualive
 楼主| 发表于 2024-1-21 23:59 | 显示全部楼层
gaoyi124 发表于 2024-1-21 23:56
蓝屏会有指向文件或者蓝屏代码,除了这个,我还真不会看,如果是蓝屏指向文件,搜搜文件看看目录名啥的,差不多 ...

少了一段 点 MODULE_NAME: nt

  1. 21: kd> lmvm nt
  2. Browse full module list
  3. start             end                 module name
  4. fffff801`29400000 fffff801`2a447000   nt         (pdb symbols)          C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\FCB9AFC6A352F97B17CF5F981382C7821\ntkrnlmp.pdb
  5.     Loaded symbol image file: ntkrnlmp.exe
  6.     Mapped memory image file: C:\ProgramData\Dbg\sym\ntkrnlmp.exe\16B960371047000\ntkrnlmp.exe
  7.     Image path: ntkrnlmp.exe
  8.     Image name: ntkrnlmp.exe
  9.     Browse all global symbols  functions  data
  10.     Image was built with /Brepro flag.
  11.     Timestamp:        16B96037 (This is a reproducible build file hash, not a timestamp)
  12.     CheckSum:         00B91B6E
  13.     ImageSize:        01047000
  14.     File version:     10.0.22621.3007
  15.     Product version:  10.0.22621.3007
  16.     File flags:       0 (Mask 3F)
  17.     File OS:          40004 NT Win32
  18.     File type:        1.0 App
  19.     File date:        00000000.00000000
  20.     Translations:     0409.04b0
  21.     Information from resource tables:
  22.         CompanyName:      Microsoft Corporation
  23.         ProductName:      Microsoft® Windows® Operating System
  24.         InternalName:     ntkrnlmp.exe
  25.         OriginalFilename: ntkrnlmp.exe
  26.         ProductVersion:   10.0.22621.3007
  27.         FileVersion:      10.0.22621.3007 (WinBuild.160101.0800)
  28.         FileDescription:  NT Kernel & System
  29.         LegalCopyright:   © Microsoft Corporation. All rights reserved.
复制代码
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 加入我们

本版积分规则

Archiver|手机版|小黑屋|Chiphell ( 沪ICP备12027953号-5 )沪公网备310112100042806 上海市互联网违法与不良信息举报中心

GMT+8, 2025-4-26 17:39 , Processed in 0.008582 second(s), 5 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2007-2024 Chiphell.com All rights reserved.

快速回复 返回顶部 返回列表