Win7 又蓝屏了 附上分析报告,高手帮我看看!
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\无心圆\Desktop\090910-34039-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`04a55000 PsLoadedModuleList = 0xfffff800`04c92e50
Debug session time: Thu Sep 9 19:03:45.167 2010 (GMT+8)
System Uptime: 0 days 6:12:09.774
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa0000000002, 0, fffff80004d9910a, 7}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!SeCaptureSecurityDescriptor+705 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa0000000002, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80004d9910a, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000007, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80004cfd0e0
fffffa0000000002
FAULTING_IP:
nt!SeCaptureSecurityDescriptor+705
fffff800`04d9910a 440fb76e02 movzx r13d,word ptr [rsi+2]
MM_INTERNAL_CODE: 7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff880047b23a0 -- (.trap 0xfffff880047b23a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a0018af598
rdx=000007ffffff0000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80004d9910a rsp=fffff880047b2530 rbp=ffffffff80005b3c
r8=0000000000000000 r9=0000000000000000 r10=7d35443600000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!SeCaptureSecurityDescriptor+0x705:
fffff800`04d9910a 440fb76e02 movzx r13d,word ptr [rsi+2] ds:0002:00000000`00000002=????
Resetting default scope
LOCK_ADDRESS: fffff80004cc9400 -- (!locks fffff80004cc9400)
Resource @ nt!PiEngineLock (0xfffff80004cc9400) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0xfffff80004cc9400
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from fffff80004b44849 to fffff80004ac5740
STACK_TEXT:
fffff880`047b2238 fffff800`04b44849 : 00000000`00000050 fffffa00`00000002 00000000`00000000 fffff880`047b23a0 : nt!KeBugCheckEx
fffff880`047b2240 fffff800`04ac382e : 00000000`00000000 00000000`00000000 fffff880`00000000 fffff8a0`018af570 : nt! ?? ::FNODOBFM::`string'+0x40e0b
fffff880`047b23a0 fffff800`04d9910a : 00000000`00000000 00000000`20206f49 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`047b2530 fffff800`04e70228 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000100 : nt!SeCaptureSecurityDescriptor+0x705
fffff880`047b2610 fffff800`04ea6ce1 : fffff880`047b2708 fffff880`00000002 fffffa80`00000001 fffff8a0`018af570 : nt!PipGetRegistrySecurityWithFallback+0xd8
fffff880`047b26b0 fffff800`04eb0ea3 : fffffa80`047ff250 fffffa80`047ff250 fffff8a0`01862d30 fffffa80`0217ca30 : nt!PipChangeDeviceObjectFromRegistryProperties+0x161
fffff880`047b27a0 fffff800`04eb2362 : fffffa80`0217ca30 fffffa80`0217ca30 00000000`00000000 fffffa80`01f20290 : nt!PipCallDriverAddDevice+0x733
fffff880`047b2950 fffff800`04eb28d8 : fffffa80`01a26770 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PipProcessDevNodeTree+0x2b2
fffff880`047b2bc0 fffff800`04bc73a7 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000084 : nt!PiProcessReenumeration+0x98
fffff880`047b2c10 fffff800`04ad2961 : fffff800`04bc7080 fffff800`04dc1c01 fffffa80`017bab00 fffffa80`017bab60 : nt!PnpDeviceActionWorker+0x327
fffff880`047b2cb0 fffff800`04d69c06 : 9000612e`322e7376 fffffa80`017bab60 00000000`00000080 fffffa80`0179d040 : nt!ExpWorkerThread+0x111
fffff880`047b2d40 fffff800`04aa3c26 : fffff880`009ea180 fffffa80`017bab60 fffff880`009f4f40 315f7370`9000345f : nt!PspSystemThreadStartup+0x5a
fffff880`047b2d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!SeCaptureSecurityDescriptor+705
fffff800`04d9910a 440fb76e02 movzx r13d,word ptr [rsi+2]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!SeCaptureSecurityDescriptor+705
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x50_nt!SeCaptureSecurityDescriptor+705
BUCKET_ID: X64_0x50_nt!SeCaptureSecurityDescriptor+705
Followup: MachineOwner
---------
0: kd> .trap 0xfffff880047b23a0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a0018af598
rdx=000007ffffff0000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80004d9910a rsp=fffff880047b2530 rbp=ffffffff80005b3c
r8=0000000000000000 r9=0000000000000000 r10=7d35443600000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!SeCaptureSecurityDescriptor+0x705:
fffff800`04d9910a 440fb76e02 movzx r13d,word ptr [rsi+2] ds:0002:00000000`00000002=????
看来半天也不知道是什么问题,高手帮我看看!