服务器文件剪切后蓝屏,帮忙分析一下蓝屏文件已上传 - 综合技术讨论大区 - 死性不改BBS - 网维行业自由、中立的技术与信息交流平台 - Powered by Discuz!...

Loading Dump File [C:\Users\Administrator\AppData\Local\Temp\HZ$D.585.4128\192.168.1.84_2016.5.16.23.27.20.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 7601.19160.amd64fre.win7sp1_gdr.160211-0600

Machine Name:

Kernel base = 0xfffff800`0525b000 PsLoadedModuleList = 0xfffff800`054a2730

Debug session time: Mon May 16 23:27:08.168 2016 (UTC + 8:00)

System Uptime: 0 days 1:56:24.358

Loading Kernel Symbols

...............................................................

................................................................

........................

Loading User Symbols

Loading unloaded module list

.......

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff800056499a8, fffff88008b30c10, 0}

Probably caused by : memory_corruption

Followup: memory_corruption

---------

3: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 00000000c0000005, Exception code that caused the bugcheck

Arg2: fffff800056499a8, Address of the instruction which caused the bugcheck

Arg3: fffff88008b30c10, Address of the context record for the exception that caused the bugcheck

Arg4: 0000000000000000, zero.

Debugging Details:

------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

FAULTING_IP:

nt!ObpCaptureHandleInformation+68

fffff800`056499a8 8a4128          mov     al,byte ptr [rcx+28h]

CONTEXT:  fffff88008b30c10 -- (.cxr 0xfffff88008b30c10)

rax=00000000000000ec rbx=0000000000000024 rcx=0000000000000000

rdx=fffff880096d5870 rsi=fffff8a00b19d090 rdi=0000000000077ffc

rip=fffff800056499a8 rsp=fffff88008b315f8 rbp=fffff8a003fb1d30

r8=fffff8a00b19d090  r9=fffffa8004583040 r10=000000000006e7f8

r11=fffff88008b31688 r12=fffff8000525b000 r13=0000000000000000

r14=fffff88009667090 r15=fffff88008b316b8

iopl=0         nv up ei pl zr na po nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246

nt!ObpCaptureHandleInformation+0x68:

fffff800`056499a8 8a4128          mov     al,byte ptr [rcx+28h] ds:002b:00000000`00000028=??

Resetting default scope

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

BUGCHECK_STR:  0x3B

PROCESS_NAME:  BarClientView.

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800056c50e9 to fffff800056499a8

STACK_TEXT:

fffff880`08b315f8 fffff800`056c50e9 : 00000000`00000024 00000980`00000000 ccf00000`145e1867 00000000`00000000 : nt!ObpCaptureHandleInformation+0x68

fffff880`08b31600 fffff800`056c57c7 : fffff880`08b31730 fffff880`096d5870 00000000`00077ffc 00000000`1222e568 : nt!ExSnapShotHandleTables+0xe9

fffff880`08b31680 fffff800`0573a0f5 : fffff880`08b31730 00000000`0006e7f8 00000000`00077ffc fffff800`0525b000 : nt!ObGetHandleInformation+0x37

fffff880`08b316b0 fffff800`0563b643 : 00000000`00000000 fffff680`000423b8 fffff880`09667090 fffffa80`069035d0 : nt!ExpGetHandleInformation+0x55

fffff880`08b316f0 fffff800`055de349 : 00000000`27ef0090 00000000`00008000 00000000`0004fffc 00000000`030e5fc0 : nt! ?? ::NNGAKEGL::`string'+0x4ac92

fffff880`08b31aa0 fffff800`052ce313 : ffffffff`ffffffff 00000000`1222e610 00000000`1222e608 00000000`00008000 : nt!NtQuerySystemInformation+0x4d

fffff880`08b31ae0 00000000`772fd71a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13

00000000`1222e518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772fd71a

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt

fffff800052cf711-fffff800052cf71b  11 bytes - nt!RtlCaptureContext+1

[ 9c 8c 49 38 8c 59 3a 8c:b8 88 35 e6 06 80 fa ff ]

11 errors : !nt (fffff800052cf711-fffff800052cf71b)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

STACK_COMMAND:  .cxr 0xfffff88008b30c10 ; kb

FAILURE_BUCKET_ID:  X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID:  X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption

---------