我用winDbg分析出来的,哪位大神能帮下忙,我用了xmp就每天蓝屏一次
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* WAIting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42
Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MinidumPS\120724-6796-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff805`06c00000 PsLoadedModuleList = 0xfffff805`078298a0
Debug session time: Sat Dec 7 10:58:29.207 2024 (UTC + 8:00)
System Uptime: 0 days 1:19:26.951
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000015`a60d8018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`0701d780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff107`ed39ea60=000000000000000a
2: kd> !analyze -v
******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffe8051c0ce0b0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8051c0b5c31, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1171
Key : Analysis.Elapsed.mSec
Value: 4314
Key : Analysis.IO.Other.Mb
Value: 2
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 25
Key : Analysis.Init.CPU.mSec
Value: 390
Key : Analysis.Init.Elapsed.mSec
Value: 302233
Key : Analysis.Memory.CommitPeak.Mb
Value: 90
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0xd1
Key : Bugcheck.Code.TargetModel
Value: 0xd1
Key : Dump.Attributes.AsUlong
Value: 1008
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: AV_TFsFltX64_ev!unknown_function
Key : Failure.Hash
Value: {b011a7bb-1bcd-1a30-6dda-3791a8b76372}
BUGCHECK_CODE: d1
BUGCHECK_P1: ffffe8051c0ce0b0
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8051c0b5c31
FILE_IN_CAB: 120724-6796-01.dmp
DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump
FAULTING_THREAD: ffffa781e511d080
READ_ADDRESS: fffff80507905450: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffe8051c0ce0b0
BLACKBOXntfs: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: provtool.exe
TRAP_FRAME: fffff107ed39eba0 -- (.trap 0xfffff107ed39eba0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0005000000058a4e
rdx=ffffe8051c0ce0d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8051c0b5c31 rsp=fffff107ed39ed30 rbp=fffff107ed39ee00
r8=fffff8051c0ce0d0 r9=fffff8051c0b0000 r10=fffff80506e5d1e0
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
TFsFltX64_ev+0x5c31:
fffff805`1c0b5c31 397308 cmp dword ptr [rbx+8],esi ds:00000000`00000008=????????
Resetting default scope
STACK_TEXT:
fffff107`ed39ea58 fffff805`07032a69 : 00000000`0000000a ffffe805`1c0ce0b0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff107`ed39ea60 fffff805`0702e24c : ffffa781`d97ff280 ffffa781`e7954aa0 fffff805`02f4d550 ffffa781`e6eddaa0 : nt!KiBugCheckDispatch+0x69
fffff107`ed39eba0 fffff805`1c0b5c31 : 00000000`cc600fbc 00000000`00000109 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x44c
fffff107`ed39ed30 00000000`cc600fbc : 00000000`00000109 00000000`00000000 00000000`00000000 00000000`00000000 : TFsFltX64_ev+0x5c31
fffff107`ed39ed38 00000000`00000109 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff800f`31754c80 : 0xcc600fbc
fffff107`ed39ed40 00000000`00000000 : 00000000`00000000 00000000`00000000 ffff800f`31754c80 ffffa781`e7954b88 : 0x109
SYMBOL_NAME: TFsFltX64_ev+5c31
MODULE_NAME: TFsFltX64_ev
IMAGE_NAME: TFsFltX64_ev.sys
STACK_COMMAND: .process /r /p 0xffffa781ec8d7180; .thread 0xffffa781e511d080 ; kb
BUCKET_ID_FUNC_OFFSET: 5c31
FAILURE_BUCKET_ID: AV_TFsFltX64_ev!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {b011a7bb-1bcd-1a30-6dda-3791a8b76372}
Followup: MachineOwner |
微信扫一扫
