none
USB 메모리 사용중(파일 복사 등) 블루스크린 발생 RRS feed

  • 질문

  • 안녕하세요.

    윈도우 10 프로 환경에서 usb 사용중(파일 복사 등) 블루스크린 증상이 간헐적으로 발생하고 있습니다.

    WinDbg 프로그램을 이용하여 아래와 같은 분석 결과를 얻었습니다.

    아래 내용의 경우 윈도우 문제라기 보다는 특정 응용 프로그램의 문제라고 판단해도 되는지 궁금합니다.


    Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\sypark\Desktop\110316-8156-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available


    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 10 Kernel Version 14393 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 14393.321.amd64fre.rs1_release_inmarket.161004-2338
    Machine Name:
    Kernel base = 0xfffff801`3dc8c000 PsLoadedModuleList = 0xfffff801`3df90080
    Debug session time: Thu Nov  3 00:16:46.453 2016 (UTC + 9:00)
    System Uptime: 0 days 8:16:29.202
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................................................
    Loading User Symbols
    Loading unloaded module list
    ..................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {fffff8006184a38c, 2, 0, fffff8013e214416}

    *** WARNING: Unable to verify timestamp for SecuDrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for SecuDrv.sys
    Probably caused by : SecuDrv.sys ( SecuDrv+3344 )

    Followup:     MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff8006184a38c, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
     bit 0 : value 0 = read operation, 1 = write operation
     bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff8013e214416, address which referenced memory

    Debugging Details:
    ------------------


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  14393.321.amd64fre.rs1_release_inmarket.161004-2338

    SYSTEM_MANUFACTURER:  JOOYONTECH

    SYSTEM_PRODUCT_NAME:  JYTC

    SYSTEM_SKU:  JOOYN_100_KO_KR

    SYSTEM_VERSION:  System Version

    BIOS_VENDOR:  American Megatrends Inc.

    BIOS_VERSION:  11410H

    BIOS_DATE:  04/06/2016

    BASEBOARD_MANUFACTURER:  JOOYON

    BASEBOARD_PRODUCT:  H110M-C/HDMI Jooyon Ver2.1 (Win10)

    BASEBOARD_VERSION:  Rev X.0x

    DUMP_TYPE:  2

    BUGCHECK_P1: fffff8006184a38c

    BUGCHECK_P2: 2

    BUGCHECK_P3: 0

    BUGCHECK_P4: fffff8013e214416

    READ_ADDRESS: fffff8013e032338: Unable to get MiVisibleState
     fffff8006184a38c

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt! ?? ::NNGAKEGL::`string'+102c6
    fffff801`3e214416 0fb73c46        movzx   edi,word ptr [rsi+rax*2]

    CPU_COUNT: 4

    CPU_MHZ: c78

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 5e

    CPU_STEPPING: 3

    CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: 74'00000000 (cache) 74'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  AV

    PROCESS_NAME:  MssAgntS.exe

    ANALYSIS_SESSION_HOST:  SYPARK-PC

    ANALYSIS_SESSION_TIME:  12-07-2016 12:38:14.0446

    ANALYSIS_VERSION: 10.0.14321.1024 x86fre

    TRAP_FRAME:  ffff800083442570 -- (.trap 0xffff800083442570)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=000000000000d1b5 rbx=0000000000000000 rcx=00000000030621f7
    rdx=0000000000000034 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8013e214416 rsp=ffff800083442700 rbp=ffff8000834428e0
     r8=0000000000000000  r9=00000000000000b0 r10=00000000030621ef
    r11=00000000000001f8 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    nt! ?? ::NNGAKEGL::`string'+0x102c6:
    fffff801`3e214416 0fb73c46        movzx   edi,word ptr [rsi+rax*2] ds:00000000`0001a36a=????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff8013dde1429 to fffff8013ddd62c0

    STACK_TEXT: 
    ffff8000`83442428 fffff801`3dde1429 : 00000000`0000000a fffff800`6184a38c 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    ffff8000`83442430 fffff801`3dddfa07 : 00000000`00000002 00000000`00000103 00000000`01955da0 00000000`00000038 : nt!KiBugCheckDispatch+0x69
    ffff8000`83442570 fffff801`3e214416 : ffffcb06`ddd38d60 fffff800`650e3344 00000000`00002d8c 00000000`030621ea : nt!KiPageFault+0x247
    ffff8000`83442700 fffff800`650e3344 : 00000000`00002d8c 00000000`030621ea 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x102c6
    ffff8000`83442710 00000000`00002d8c : 00000000`030621ea 00000000`00000000 00000000`00000000 00000000`00000076 : SecuDrv+0x3344
    ffff8000`83442718 00000000`030621ea : 00000000`00000000 00000000`00000000 00000000`00000076 00000000`00000000 : 0x2d8c
    ffff8000`83442720 00000000`00000000 : 00000000`00000000 00000000`00000076 00000000`00000000 ffffcb06`de05d440 : 0x30621ea


    STACK_COMMAND:  kb

    THREAD_SHA1_HASH_MOD_FUNC:  9fc55344bcaa1f0411bf30a176b45922f8099b46

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  f35976adb1ded9fc048846f168e312fe8d9a3cc1

    THREAD_SHA1_HASH_MOD:  36554dd82385a672b9190b5cd24e22f03ae20ec9

    FOLLOWUP_IP:
    SecuDrv+3344
    fffff800`650e3344 488d5340        lea     rdx,[rbx+40h]

    FAULT_INSTR_CODE:  40538d48

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  SecuDrv+3344

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: SecuDrv

    IMAGE_NAME:  SecuDrv.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  57713dec

    BUCKET_ID_FUNC_OFFSET:  3344

    FAILURE_BUCKET_ID:  AV_SecuDrv!unknown_function

    BUCKET_ID:  AV_SecuDrv!unknown_function

    PRIMARY_PROBLEM_CLASS:  AV_SecuDrv!unknown_function

    TARGET_TIME:  2016-11-02T15:16:46.000Z

    OSBUILD:  14393

    OSSERVICEPACK:  321

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  1

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 10

    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

    OS_LOCALE: 

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2016-10-05 18:17:53

    BUILDDATESTAMP_STR:  161004-2338

    BUILDLAB_STR:  rs1_release_inmarket

    BUILDOSVER_STR:  10.0.14393.321.amd64fre.rs1_release_inmarket.161004-2338

    ANALYSIS_SESSION_ELAPSED_TIME: 1fcd

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:av_secudrv!unknown_function

    FAILURE_ID_HASH:  {c27d728d-5400-9fa2-de29-3225f05602f1}

    Followup:     MachineOwner
    ---------


    • 편집됨 주연테크 2016년 12월 7일 수요일 오전 6:55
    2016년 12월 7일 수요일 오전 6:54

답변

  • 안녕하세요,

    덤프 파일을 보니 문제가 되는 mssagnts.exe, secudrv.sys 둘 다 세이퍼존이라는 의 보안 프로그램 관련 파일로 보입니다. USB 보안 프로그램을 확인해보시는 것이 좋을 것 같습니다. (혹은 제작사 문의)

    감사합니다.


    Regards, Jason

    2016년 12월 7일 수요일 오전 7:42