none
블루스크린 발생, windbg 분석 요청 부탁드립니다.

    질문

  • 데이터 수집용 PC가 블루스크린 발생 후 종료되는 증상이  계속 발생하여 덤프 분석 요청드립니다.

    확인 부탁드려요 

    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 3B, {c0000005, fffff88001084485, fffff8800a5446e0, 0}

    Probably caused by : kcdev.sys ( kcdev+8485 )

    Followup:     MachineOwner
    ---------


    ************* Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*c:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff88001084485, Address of the instruction which caused the bugcheck
    Arg3: fffff8800a5446e0, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1


    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  7601.24260.amd64fre.win7sp1_ldr.180908-0600

    SYSTEM_MANUFACTURER:  ASUS

    SYSTEM_PRODUCT_NAME:  All Series

    SYSTEM_SKU:  All

    SYSTEM_VERSION:  System Version

    BIOS_VENDOR:  American Megatrends Inc.

    BIOS_VERSION:  1105

    BIOS_DATE:  01/02/2014

    BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

    BASEBOARD_PRODUCT:  B85-PLUS

    BASEBOARD_VERSION:  Rev X.0x

    DUMP_TYPE:  2

    BUGCHECK_P1: c0000005

    BUGCHECK_P2: fffff88001084485

    BUGCHECK_P3: fffff8800a5446e0

    BUGCHECK_P4: 0

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

    FAULTING_IP: 
    kcdev+8485
    fffff880`01084485 483900          cmp     qword ptr [rax],rax

    CONTEXT:  fffff8800a5446e0 -- (.cxr 0xfffff8800a5446e0)
    rax=00000080000000c5 rbx=fffffa8096290bf0 rcx=000000000e951010
    rdx=fffffa80962139c0 rsi=fffffa80076c7980 rdi=fffff8a00e951010
    rip=fffff88001084485 rsp=fffff8800a5450b8 rbp=fffffa80962139c0
     r8=fffff88001092800  r9=ffffffffffffffff r10=fffffa80075e9c80
    r11=fffff8800a5451d8 r12=fffffa8096213900 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po cy
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010287
    kcdev+0x8485:
    fffff880`01084485 483900          cmp     qword ptr [rax],rax ds:002b:00000080`000000c5=????????????????
    Resetting default scope

    CPU_COUNT: 4

    CPU_MHZ: da3

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3c

    CPU_STEPPING: 3

    CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 12'00000000 (cache) 12'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    BUGCHECK_STR:  0x3B

    PROCESS_NAME:  DataCatch.exe

    CURRENT_IRQL:  0

    ANALYSIS_SESSION_HOST:  DESKTOP-B1HLPJS

    ANALYSIS_SESSION_TIME:  11-01-2018 14:42:41.0413

    ANALYSIS_VERSION: 10.0.17134.12 x86fre

    LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff88001084485

    STACK_TEXT:  
    fffff880`0a5450b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kcdev+0x8485


    THREAD_SHA1_HASH_MOD_FUNC:  fc3a88e6b73d6f81c803b72c9e8fe1e1bf99c313

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  4d1b23abbbd61a0d9a7685323497984370c0c019

    THREAD_SHA1_HASH_MOD:  fc3a88e6b73d6f81c803b72c9e8fe1e1bf99c313

    FOLLOWUP_IP: 
    kcdev+8485
    fffff880`01084485 483900          cmp     qword ptr [rax],rax

    FAULT_INSTR_CODE:  74003948

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  kcdev+8485

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: kcdev

    IMAGE_NAME:  kcdev.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  571723cd

    STACK_COMMAND:  .cxr 0xfffff8800a5446e0 ; kb

    FAILURE_BUCKET_ID:  X64_0x3B_kcdev+8485

    BUCKET_ID:  X64_0x3B_kcdev+8485

    PRIMARY_PROBLEM_CLASS:  X64_0x3B_kcdev+8485

    TARGET_TIME:  2018-10-31T07:41:18.000Z

    OSBUILD:  7601

    OSSERVICEPACK:  1000

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  1

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 7

    OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2018-09-09 09:17:35

    BUILDDATESTAMP_STR:  180908-0600

    BUILDLAB_STR:  win7sp1_ldr

    BUILDOSVER_STR:  6.1.7601.24260.amd64fre.win7sp1_ldr.180908-0600

    ANALYSIS_SESSION_ELAPSED_TIME:  a7b

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0x3b_kcdev+8485

    FAILURE_ID_HASH:  {1be0b486-410d-b9a0-41e8-55eece437ca7}

    Followup:     MachineOwner
    ---------

    2018년 11월 1일 목요일 오전 6:00

모든 응답

  • 안녕하세요,

    올려주신 정보만으로 보았을 때, Kings Information & Network Co., Ltd.에서 배포한 프로그램의 일부인 kcdev.sys 드라이버에서 문제가 있는 것으로 보여집니다.

    포럼에서는 덤프 분석에 대한 도움을 드리기는 어려우며, 위 내용을 기반으로 해당 프로그램을 업데이트하거나 제거 후 증상 발생여부 확인해 보시는 것이 좋을 것 같습니다.

    감사합니다.


    ※ 응답이 문제 해결에 도움이 되었다면 [답변으로 표시] 버튼을 눌러 주시기 바랍니다. 이는 유사한 증상을 겪는 다른 사용자들에게 도움이 될 수 있습니다. 만약 TechNet 구독자 지원에 대한 의견이 있다면, tnsf@microsoft.com으로 문의할 수 있습니다.

    2018년 11월 5일 월요일 오전 2:46
  • 안녕하세요?

    BugCheck 3B, {c0000005는 하기 원인들에 위하여 발생되며 문제가 계속 발생되시면 정확한 분석을 위하여 1577-9700번으로 전화하셔서 유료지원 고려해 보시기 바랍니다.

    [참고 절]
    Cause
    The stop code indicates that executing code had an exception and the thread that was below it, is a system thread.
    The exception information returned in paramter one is listed in  NTSTATUS Values and is also available in the ntstatus.h file located in the inc directory of the Windows Driver Kit.
    One possible exception value is 0xC0000005: STATUS_ACCESS_VIOLATION
    This means that a memory access violation occurred.
    The !analyze debug extension displays information about the bug check and can be very helpful in determining the root cause.
    For more information see the following topics:
    Crash dump analysis using the Windows debuggers (WinDbg)
    Analyzing a Kernel-Mode Dump File with WinDbg
    Using the !analyze Extension and  !analyze
    In the past, this error has been linked to excessive paged pool usage
     and may occur due to user-mode graphics drivers crossing over and
     passing bad data to the kernel code. If you suspect this is the case,
     use the pool options in driver verifier to gather additional
     information.

    Resolution
    To debug this problem: Use the .cxr (Display Context Record) command with Parameter 3, and then use kb (Display Stack Backtrace).
     You can also set a breakpoint in the code leading up to this stop code
     and attempt to single step forward into the faulting code.
    For general troubleshooting of Windows bug check codes, follow these suggestions:

    •If you recently added hardware to the system, try removing or replacing it. Or check with the manufacturer to see if any patches are available.
    •If new device drivers or system services have been added recently, try removing or updating them. Try to determine what changed in the system that caused the new bug check code to appear.
    •Look in Device Manager to see if any devices are marked with the exclamation point (!). Review the events log displayed in driver properties for any faulting driver. Try updating the related
     driver.
    •Check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing the error. For more information, see  Open Event Viewer. Look for critical errors in the system log that occurred in the same time window as the blue screen.
    •For additional general troubleshooting information, see Blue Screen Data.

    [참고자료]
    Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION
    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x3b--system-service-exception

    감사합니다.


    2018년 11월 19일 월요일 오전 4:34
    중재자