以下为WINDBG日志,附件为DMP文件,求大佬帮助
Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\minidump\041523-113765-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 18362 MP (16 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202 Machine Name: Kernel base = 0xfffff800`0a200000 PsLoadedModuleList = 0xfffff800`0a6461b0 Debug session time: Sat Apr 15 13:49:51.559 2023 (UTC + 8:00) System Uptime: 0 days 7:39:56.440 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ ....................... Loading User Symbols Loading unloaded module list ............... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff800`0a3c3b20 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb801`2830ed00=000000000000000a 15: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: ffffbf01b0fa7f20, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8000aafee6e, address which referenced memory Debugging Details: ------------------ *** WARNING: Unable to verify checksum for win32k.sys KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 4937 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 243713 Key : Analysis.IO.Other.Mb Value: 4 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 6 Key : Analysis.Init.CPU.mSec Value: 1171 Key : Analysis.Init.Elapsed.mSec Value: 4227 Key : Analysis.Memory.CommitPeak.Mb Value: 94 Key : Bugcheck.Code.DumpHeader Value: 0xa Key : Bugcheck.Code.Register Value: 0xa Key : WER.OS.Branch Value: 19h1_release Key : WER.OS.Timestamp Value: 2019-03-18T12:02:00Z Key : WER.OS.Version Value: 10.0.18362.1 FILE_IN_CAB: 041523-113765-01.dmp BUGCHECK_CODE: a BUGCHECK_P1: ffffbf01b0fa7f20 BUGCHECK_P2: 2 BUGCHECK_P3: 0 BUGCHECK_P4: fffff8000aafee6e READ_ADDRESS: fffff8000a7713b8: Unable to get MiVisibleState Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd unable to get nt!MmSpecialPagesInUse ffffbf01b0fa7f20 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System TRAP_FRAME: ffffb8012830ee40 -- (.trap 0xffffb8012830ee40) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffff9481cc51f5a0 rbx=0000000000000000 rcx=ffff9481ba7b5ba0 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8000aafee6e rsp=ffffb8012830efd8 rbp=ffffb8012830f030 r8=0000000000000004 r9=8000000000002000 r10=ffffbf01b0fa7f10 r11=ffff9481ba7b5ba0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc nt!EtwpApplyLevelKwFilter+0x1a: fffff800`0aafee6e 418a4210 mov al,byte ptr [r10+10h] ds:ffffbf01`b0fa7f20=04 Resetting default scope STACK_TEXT: ffffb801`2830ecf8 fffff800`0a3d5929 : 00000000`0000000a ffffbf01`b0fa7f20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx ffffb801`2830ed00 fffff800`0a3d1c69 : ffff9481`c98a010e ffff9481`dbab2080 00000000`00000010 00000000`00000000 : nt!KiBugCheckDispatch+0x69 ffffb801`2830ee40 fffff800`0aafee6e : fffff800`0a2c084e 00000000`00000000 00000000`00000004 00000000`00000050 : nt!KiPageFault+0x469 ffffb801`2830efd8 fffff800`0a2c084e : 00000000`00000000 00000000`00000004 00000000`00000050 ffffb801`2830f118 : nt!EtwpApplyLevelKwFilter+0x1a ffffb801`2830efe0 fffff800`0a23644e : ffff9481`b9802000 ffffb801`2830f480 ffffffff`ffffffff fffff800`00000000 : nt!EtwpEventWriteFull+0x6ae ffffb801`2830f360 fffff800`0a531162 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb801`2830f500 : nt!EtwWriteEx+0x14e ffffb801`2830f470 fffff800`0a531205 : 00000000`0000001b ffffb801`2830f590 ffff9481`db46dd00 fffff800`0a78c9c0 : nt!EtwpTiFillVadEventWrite+0x116 ffffb801`2830f4c0 fffff800`0a530d77 : 01d96f5e`18aace96 ffffb801`2830f590 fffff800`0a595c90 fffff800`00000000 : nt!EtwpTiVadQueryEventWrite+0x81 ffffb801`2830f510 fffff800`0a422afa : ffffd500`7fedf101 ffff9481`cc3e52c8 ffffd500`7fedf101 00000000`00000000 : nt!EtwTiLogInsertQueueUserApc+0x2a7 ffffb801`2830f5d0 fffff800`0a2fec95 : ffff9481`cc3e5301 ffff9481`cc3e5280 00000000`00000000 00000000`00000000 : nt!KeInsertQueueApc+0x173e4a ffffb801`2830f670 fffff800`0a2c3559 : ffff9481`cc3e5320 ffff9481`cc3e5280 00000000`00000004 00000000`0000000e : nt!ExpTimerDpcRoutine+0xa5 ffffb801`2830f840 fffff800`0a2c22b9 : 00000000`0000001c 00000000`00989680 00000000`00101030 00000000`00000048 : nt!KiProcessExpiredTimerList+0x169 ffffb801`2830f930 fffff800`0a3c764e : ffffffff`00000000 ffffd500`7fedf180 ffffd500`7fef0440 ffff9481`d2c68080 : nt!KiRetireDpcList+0x4e9 ffffb801`2830fb60 00000000`00000000 : ffffb801`28310000 ffffb801`28309000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x7e SYMBOL_NAME: nt!EtwpApplyLevelKwFilter+1a MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.18362.1316 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 1a FAILURE_BUCKET_ID: AV_nt!EtwpApplyLevelKwFilter OS_VERSION: 10.0.18362.1 BUILDLAB_STR: 19h1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {eff2311f-a9a4-3fce-ed28-093872f0a168} Followup: MachineOwner --------- 15: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: ffffbf01b0fa7f20, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8000aafee6e, address which referenced memory Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 4296 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 8450 Key : Analysis.IO.Other.Mb Value: 4 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 6 Key : Analysis.Init.CPU.mSec Value: 7827 Key : Analysis.Init.Elapsed.mSec Value: 249659 Key : Analysis.Memory.CommitPeak.Mb Value: 99 Key : Bugcheck.Code.DumpHeader Value: 0xa Key : Bugcheck.Code.Register Value: 0xa Key : WER.OS.Branch Value: 19h1_release Key : WER.OS.Timestamp Value: 2019-03-18T12:02:00Z Key : WER.OS.Version Value: 10.0.18362.1 FILE_IN_CAB: 041523-113765-01.dmp BUGCHECK_CODE: a BUGCHECK_P1: ffffbf01b0fa7f20 BUGCHECK_P2: 2 BUGCHECK_P3: 0 BUGCHECK_P4: fffff8000aafee6e READ_ADDRESS: Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd ffffbf01b0fa7f20 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System TRAP_FRAME: ffffb8012830ee40 -- (.trap 0xffffb8012830ee40) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffff9481cc51f5a0 rbx=0000000000000000 rcx=ffff9481ba7b5ba0 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8000aafee6e rsp=ffffb8012830efd8 rbp=ffffb8012830f030 r8=0000000000000004 r9=8000000000002000 r10=ffffbf01b0fa7f10 r11=ffff9481ba7b5ba0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc nt!EtwpApplyLevelKwFilter+0x1a: fffff800`0aafee6e 418a4210 mov al,byte ptr [r10+10h] ds:ffffbf01`b0fa7f20=04 Resetting default scope STACK_TEXT: ffffb801`2830ecf8 fffff800`0a3d5929 : 00000000`0000000a ffffbf01`b0fa7f20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx ffffb801`2830ed00 fffff800`0a3d1c69 : ffff9481`c98a010e ffff9481`dbab2080 00000000`00000010 00000000`00000000 : nt!KiBugCheckDispatch+0x69 ffffb801`2830ee40 fffff800`0aafee6e : fffff800`0a2c084e 00000000`00000000 00000000`00000004 00000000`00000050 : nt!KiPageFault+0x469 ffffb801`2830efd8 fffff800`0a2c084e : 00000000`00000000 00000000`00000004 00000000`00000050 ffffb801`2830f118 : nt!EtwpApplyLevelKwFilter+0x1a ffffb801`2830efe0 fffff800`0a23644e : ffff9481`b9802000 ffffb801`2830f480 ffffffff`ffffffff fffff800`00000000 : nt!EtwpEventWriteFull+0x6ae ffffb801`2830f360 fffff800`0a531162 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb801`2830f500 : nt!EtwWriteEx+0x14e ffffb801`2830f470 fffff800`0a531205 : 00000000`0000001b ffffb801`2830f590 ffff9481`db46dd00 fffff800`0a78c9c0 : nt!EtwpTiFillVadEventWrite+0x116 ffffb801`2830f4c0 fffff800`0a530d77 : 01d96f5e`18aace96 ffffb801`2830f590 fffff800`0a595c90 fffff800`00000000 : nt!EtwpTiVadQueryEventWrite+0x81 ffffb801`2830f510 fffff800`0a422afa : ffffd500`7fedf101 ffff9481`cc3e52c8 ffffd500`7fedf101 00000000`00000000 : nt!EtwTiLogInsertQueueUserApc+0x2a7 ffffb801`2830f5d0 fffff800`0a2fec95 : ffff9481`cc3e5301 ffff9481`cc3e5280 00000000`00000000 00000000`00000000 : nt!KeInsertQueueApc+0x173e4a ffffb801`2830f670 fffff800`0a2c3559 : ffff9481`cc3e5320 ffff9481`cc3e5280 00000000`00000004 00000000`0000000e : nt!ExpTimerDpcRoutine+0xa5 ffffb801`2830f840 fffff800`0a2c22b9 : 00000000`0000001c 00000000`00989680 00000000`00101030 00000000`00000048 : nt!KiProcessExpiredTimerList+0x169 ffffb801`2830f930 fffff800`0a3c764e : ffffffff`00000000 ffffd500`7fedf180 ffffd500`7fef0440 ffff9481`d2c68080 : nt!KiRetireDpcList+0x4e9 ffffb801`2830fb60 00000000`00000000 : ffffb801`28310000 ffffb801`28309000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x7e SYMBOL_NAME: nt!EtwpApplyLevelKwFilter+1a MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.18362.1316 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 1a FAILURE_BUCKET_ID: AV_nt!EtwpApplyLevelKwFilter OS_VERSION: 10.0.18362.1 BUILDLAB_STR: 19h1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {eff2311f-a9a4-3fce-ed28-093872f0a168} Followup: MachineOwner ---------