以下为WINDBG日志,附件为DMP文件,求大佬帮助
Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\minidump\041523-113765-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff800`0a200000 PsLoadedModuleList = 0xfffff800`0a6461b0
Debug session time: Sat Apr 15 13:49:51.559 2023 (UTC + 8:00)
System Uptime: 0 days 7:39:56.440
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
...............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`0a3c3b20 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb801`2830ed00=000000000000000a
15: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffbf01b0fa7f20, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000aafee6e, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4937
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 243713
Key : Analysis.IO.Other.Mb
Value: 4
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 6
Key : Analysis.Init.CPU.mSec
Value: 1171
Key : Analysis.Init.Elapsed.mSec
Value: 4227
Key : Analysis.Memory.CommitPeak.Mb
Value: 94
Key : Bugcheck.Code.DumpHeader
Value: 0xa
Key : Bugcheck.Code.Register
Value: 0xa
Key : WER.OS.Branch
Value: 19h1_release
Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z
Key : WER.OS.Version
Value: 10.0.18362.1
FILE_IN_CAB: 041523-113765-01.dmp
BUGCHECK_CODE: a
BUGCHECK_P1: ffffbf01b0fa7f20
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8000aafee6e
READ_ADDRESS: fffff8000a7713b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffbf01b0fa7f20
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: ffffb8012830ee40 -- (.trap 0xffffb8012830ee40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9481cc51f5a0 rbx=0000000000000000 rcx=ffff9481ba7b5ba0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000aafee6e rsp=ffffb8012830efd8 rbp=ffffb8012830f030
r8=0000000000000004 r9=8000000000002000 r10=ffffbf01b0fa7f10
r11=ffff9481ba7b5ba0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!EtwpApplyLevelKwFilter+0x1a:
fffff800`0aafee6e 418a4210 mov al,byte ptr [r10+10h] ds:ffffbf01`b0fa7f20=04
Resetting default scope
STACK_TEXT:
ffffb801`2830ecf8 fffff800`0a3d5929 : 00000000`0000000a ffffbf01`b0fa7f20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb801`2830ed00 fffff800`0a3d1c69 : ffff9481`c98a010e ffff9481`dbab2080 00000000`00000010 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffb801`2830ee40 fffff800`0aafee6e : fffff800`0a2c084e 00000000`00000000 00000000`00000004 00000000`00000050 : nt!KiPageFault+0x469
ffffb801`2830efd8 fffff800`0a2c084e : 00000000`00000000 00000000`00000004 00000000`00000050 ffffb801`2830f118 : nt!EtwpApplyLevelKwFilter+0x1a
ffffb801`2830efe0 fffff800`0a23644e : ffff9481`b9802000 ffffb801`2830f480 ffffffff`ffffffff fffff800`00000000 : nt!EtwpEventWriteFull+0x6ae
ffffb801`2830f360 fffff800`0a531162 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb801`2830f500 : nt!EtwWriteEx+0x14e
ffffb801`2830f470 fffff800`0a531205 : 00000000`0000001b ffffb801`2830f590 ffff9481`db46dd00 fffff800`0a78c9c0 : nt!EtwpTiFillVadEventWrite+0x116
ffffb801`2830f4c0 fffff800`0a530d77 : 01d96f5e`18aace96 ffffb801`2830f590 fffff800`0a595c90 fffff800`00000000 : nt!EtwpTiVadQueryEventWrite+0x81
ffffb801`2830f510 fffff800`0a422afa : ffffd500`7fedf101 ffff9481`cc3e52c8 ffffd500`7fedf101 00000000`00000000 : nt!EtwTiLogInsertQueueUserApc+0x2a7
ffffb801`2830f5d0 fffff800`0a2fec95 : ffff9481`cc3e5301 ffff9481`cc3e5280 00000000`00000000 00000000`00000000 : nt!KeInsertQueueApc+0x173e4a
ffffb801`2830f670 fffff800`0a2c3559 : ffff9481`cc3e5320 ffff9481`cc3e5280 00000000`00000004 00000000`0000000e : nt!ExpTimerDpcRoutine+0xa5
ffffb801`2830f840 fffff800`0a2c22b9 : 00000000`0000001c 00000000`00989680 00000000`00101030 00000000`00000048 : nt!KiProcessExpiredTimerList+0x169
ffffb801`2830f930 fffff800`0a3c764e : ffffffff`00000000 ffffd500`7fedf180 ffffd500`7fef0440 ffff9481`d2c68080 : nt!KiRetireDpcList+0x4e9
ffffb801`2830fb60 00000000`00000000 : ffffb801`28310000 ffffb801`28309000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x7e
SYMBOL_NAME: nt!EtwpApplyLevelKwFilter+1a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.1316
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1a
FAILURE_BUCKET_ID: AV_nt!EtwpApplyLevelKwFilter
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {eff2311f-a9a4-3fce-ed28-093872f0a168}
Followup: MachineOwner
---------
15: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffbf01b0fa7f20, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000aafee6e, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4296
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8450
Key : Analysis.IO.Other.Mb
Value: 4
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 6
Key : Analysis.Init.CPU.mSec
Value: 7827
Key : Analysis.Init.Elapsed.mSec
Value: 249659
Key : Analysis.Memory.CommitPeak.Mb
Value: 99
Key : Bugcheck.Code.DumpHeader
Value: 0xa
Key : Bugcheck.Code.Register
Value: 0xa
Key : WER.OS.Branch
Value: 19h1_release
Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z
Key : WER.OS.Version
Value: 10.0.18362.1
FILE_IN_CAB: 041523-113765-01.dmp
BUGCHECK_CODE: a
BUGCHECK_P1: ffffbf01b0fa7f20
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8000aafee6e
READ_ADDRESS: Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffbf01b0fa7f20
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: ffffb8012830ee40 -- (.trap 0xffffb8012830ee40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9481cc51f5a0 rbx=0000000000000000 rcx=ffff9481ba7b5ba0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000aafee6e rsp=ffffb8012830efd8 rbp=ffffb8012830f030
r8=0000000000000004 r9=8000000000002000 r10=ffffbf01b0fa7f10
r11=ffff9481ba7b5ba0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!EtwpApplyLevelKwFilter+0x1a:
fffff800`0aafee6e 418a4210 mov al,byte ptr [r10+10h] ds:ffffbf01`b0fa7f20=04
Resetting default scope
STACK_TEXT:
ffffb801`2830ecf8 fffff800`0a3d5929 : 00000000`0000000a ffffbf01`b0fa7f20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb801`2830ed00 fffff800`0a3d1c69 : ffff9481`c98a010e ffff9481`dbab2080 00000000`00000010 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffb801`2830ee40 fffff800`0aafee6e : fffff800`0a2c084e 00000000`00000000 00000000`00000004 00000000`00000050 : nt!KiPageFault+0x469
ffffb801`2830efd8 fffff800`0a2c084e : 00000000`00000000 00000000`00000004 00000000`00000050 ffffb801`2830f118 : nt!EtwpApplyLevelKwFilter+0x1a
ffffb801`2830efe0 fffff800`0a23644e : ffff9481`b9802000 ffffb801`2830f480 ffffffff`ffffffff fffff800`00000000 : nt!EtwpEventWriteFull+0x6ae
ffffb801`2830f360 fffff800`0a531162 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb801`2830f500 : nt!EtwWriteEx+0x14e
ffffb801`2830f470 fffff800`0a531205 : 00000000`0000001b ffffb801`2830f590 ffff9481`db46dd00 fffff800`0a78c9c0 : nt!EtwpTiFillVadEventWrite+0x116
ffffb801`2830f4c0 fffff800`0a530d77 : 01d96f5e`18aace96 ffffb801`2830f590 fffff800`0a595c90 fffff800`00000000 : nt!EtwpTiVadQueryEventWrite+0x81
ffffb801`2830f510 fffff800`0a422afa : ffffd500`7fedf101 ffff9481`cc3e52c8 ffffd500`7fedf101 00000000`00000000 : nt!EtwTiLogInsertQueueUserApc+0x2a7
ffffb801`2830f5d0 fffff800`0a2fec95 : ffff9481`cc3e5301 ffff9481`cc3e5280 00000000`00000000 00000000`00000000 : nt!KeInsertQueueApc+0x173e4a
ffffb801`2830f670 fffff800`0a2c3559 : ffff9481`cc3e5320 ffff9481`cc3e5280 00000000`00000004 00000000`0000000e : nt!ExpTimerDpcRoutine+0xa5
ffffb801`2830f840 fffff800`0a2c22b9 : 00000000`0000001c 00000000`00989680 00000000`00101030 00000000`00000048 : nt!KiProcessExpiredTimerList+0x169
ffffb801`2830f930 fffff800`0a3c764e : ffffffff`00000000 ffffd500`7fedf180 ffffd500`7fef0440 ffff9481`d2c68080 : nt!KiRetireDpcList+0x4e9
ffffb801`2830fb60 00000000`00000000 : ffffb801`28310000 ffffb801`28309000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x7e
SYMBOL_NAME: nt!EtwpApplyLevelKwFilter+1a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.1316
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1a
FAILURE_BUCKET_ID: AV_nt!EtwpApplyLevelKwFilter
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {eff2311f-a9a4-3fce-ed28-093872f0a168}
Followup: MachineOwner
---------
8355
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
