none
电脑蓝屏,求助帮忙分析dump文件 RRS feed

  • 问题

  • 电脑蓝屏,dump文件链接如下

    链接: https://pan.baidu.com/s/1o8ID5ge 密码: whu5

    求帮忙分析原因,谢谢~~

    2017年11月1日 11:45

全部回复

  • 你好,

    通过你的dump文件分析如下:

    BugCheck 139, {3, ffffb485641f0120, ffffb485641f0078, 0}
    
    *** WARNING: Unable to verify timestamp for topsecpf.sys
    *** ERROR: Module load completed but symbols could not be loaded for topsecpf.sys
    Probably caused by : memory_corruption
    
    Followup:     memory_corruption
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: ffffb485641f0120, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffb485641f0078, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved
    
    Debugging Details:
    ------------------
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  10.0.16299.19 (WinBuild.160101.0800)
    
    SYSTEM_MANUFACTURER:  ASUS
    
    SYSTEM_PRODUCT_NAME:  All Series
    
    SYSTEM_SKU:  All
    
    SYSTEM_VERSION:  System Version
    
    BIOS_VENDOR:  American Megatrends Inc.
    
    BIOS_VERSION:  2001
    
    BIOS_DATE:  06/20/2014
    
    BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.
    
    BASEBOARD_PRODUCT:  B85-PRO GAMER
    
    BASEBOARD_VERSION:  Rev 1.xx
    
    DUMP_TYPE:  2
    
    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump
    
    BUGCHECK_P1: 3
    
    BUGCHECK_P2: ffffb485641f0120
    
    BUGCHECK_P3: ffffb485641f0078
    
    BUGCHECK_P4: 0
    
    TRAP_FRAME:  ffffb485641f0120 -- (.trap 0xffffb485641f0120)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffb806bba9d2c0 rbx=0000000000000000 rcx=0000000000000003
    rdx=ffffb806bba99920 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8014d846b6f rsp=ffffb485641f02b0 rbp=ffffb485641f0410
     r8=fffff8024ec07348  r9=0000000000000000 r10=0000000000000000
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di ng nz na po cy
    nt!RtlFailFast+0x5:
    fffff801`4d846b6f cd29            int     29h
    Resetting default scope
    
    EXCEPTION_RECORD:  ffffb485641f0078 -- (.exr 0xffffb485641f0078)
    ExceptionAddress: fffff8014d846b6f (nt!RtlFailFast+0x0000000000000005)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000003
    Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
    
    CPU_COUNT: 8
    
    CPU_MHZ: ce4
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3c
    
    CPU_STEPPING: 3
    
    CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 1E'00000000 (cache) 1E'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    BUGCHECK_STR:  0x139
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE_STR:  c0000409
    
    EXCEPTION_PARAMETER1:  0000000000000003
    
    DEFAULT_BUCKET_ID:  CODE_CORRUPTION
    
    ANALYSIS_SESSION_HOST:  VDI-V-PIHU
    
    ANALYSIS_SESSION_TIME:  11-07-2017 17:22:07.0244
    
    ANALYSIS_VERSION: 10.0.15063.468 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff8014d7f21e9 to fffff8014d7e6960
    
    STACK_TEXT:  
    ffffb485`641efdf8 fffff801`4d7f21e9 : 00000000`00000139 00000000`00000003 ffffb485`641f0120 ffffb485`641f0078 : nt!KeBugCheckEx [minkernel\ntos\ke\amd64\procstat.asm @ 134] 
    ffffb485`641efe00 fffff801`4d7f2550 : 000047f9`3f1e27a8 ffffb806`c52d6140 00000000`00000000 ffffb485`641effc0 : nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 2998] 
    ffffb485`641eff40 fffff801`4d7f1537 : ffffb806`ca606cc0 fffff801`4d6d00cc ffffb806`bd515b00 fffff802`4d6892cb : nt!KiFastFailDispatch+0xd0 [minkernel\ntos\ke\amd64\trap.asm @ 3148] 
    ffffb485`641f0120 fffff801`4d846b6f : fffff802`4ec07370 ffffb485`00000000 ffffb806`bba99920 ffffb806`be611068 : nt!KiRaiseSecurityCheckFailure+0xf7 [minkernel\ntos\ke\amd64\trap.asm @ 1907] 
    ffffb485`641f02b0 fffff802`4ec02f6a : ffffb806`cae9b010 ffffb806`bad401b0 00000000`00000000 00000000`00000000 : nt!ExInterlockedInsertTailList+0xc6f4f [minkernel\ntos\ex\intrlcks.c @ 288] 
    ffffb485`641f02e0 ffffb806`cae9b010 : ffffb806`bad401b0 00000000`00000000 00000000`00000000 ffffb806`cae9b12b : topsecpf+0x2f6a
    ffffb485`641f02e8 ffffb806`bad401b0 : 00000000`00000000 00000000`00000000 ffffb806`cae9b12b fffff801`4d706bc7 : 0xffffb806`cae9b010
    ffffb485`641f02f0 00000000`00000000 : 00000000`00000000 ffffb806`cae9b12b fffff801`4d706bc7 ffffb806`cae9b010 : 0xffffb806`bad401b0
    
    
    STACK_COMMAND:  kb
    
    CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
        fffff8014d7e693a-fffff8014d7e693b  2 bytes - nt!ZwWaitLowEventPair+2a
    	[ 84 00:4c 87 ]
        fffff8014d7e693d-fffff8014d7e693f  3 bytes - nt!ZwWaitLowEventPair+2d (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e695a-fffff8014d7e695b  2 bytes - nt!KiBugCheckReturn+16 (+0x1d)
    	[ 84 00:4c 87 ]
        fffff8014d7e695d-fffff8014d7e695f  3 bytes - nt!KiBugCheckReturn+19 (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e6a8a-fffff8014d7e6a8b  2 bytes - nt!KeBugCheckEx+12a (+0x12d)
    	[ 84 00:4c 87 ]
        fffff8014d7e6a8d-fffff8014d7e6a8f  3 bytes - nt!KeBugCheckEx+12d (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e6b8a-fffff8014d7e6b8b  2 bytes - nt!KeContextToKframes+fa (+0xfd)
    	[ 84 00:4c 87 ]
        fffff8014d7e6b8d-fffff8014d7e6b8f  3 bytes - nt!KeContextToKframes+fd (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e6bda-fffff8014d7e6bdb  2 bytes - nt!KiSaveInitialProcessorControlState+4a (+0x4d)
    	[ 84 00:4c 87 ]
        fffff8014d7e6bdd-fffff8014d7e6bdf  3 bytes - nt!KiSaveInitialProcessorControlState+4d (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e6caa-fffff8014d7e6cab  2 bytes - nt!KiRestoreProcessorControlState+ca (+0xcd)
    	[ 84 00:4c 87 ]
        fffff8014d7e6cad-fffff8014d7e6caf  3 bytes - nt!KiRestoreProcessorControlState+cd (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e6e2a-fffff8014d7e6e2b  2 bytes - nt!KiSaveProcessorControlState+17a (+0x17d)
    	[ 84 00:4c 87 ]
        fffff8014d7e6e2d-fffff8014d7e6e2f  3 bytes - nt!KiSaveProcessorControlState+17d (+0x03)
    	[ 00 00 00:98 c3 90 ]
        fffff8014d7e6eaa-fffff8014d7e6eab  2 bytes - nt!KiRestoreDebugRegisterState+7a (+0x7d)
    	[ 84 00:4c 87 ]
        fffff8014d7e6ead-fffff8014d7e6eaf  3 bytes - nt!KiRestoreDebugRegisterState+7d (+0x03)
    	[ 00 00 00:98 c3 90 ]
    40 errors : !nt (fffff8014d7e693a-fffff8014d7e6eaf)
    
    MODULE_NAME: memory_corruption
    
    IMAGE_NAME:  memory_corruption
    
    FOLLOWUP_NAME:  memory_corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    MEMORY_CORRUPTOR:  LARGE
    
    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE
    
    BUCKET_ID:  MEMORY_CORRUPTION_LARGE
    
    PRIMARY_PROBLEM_CLASS:  MEMORY_CORRUPTION_LARGE
    
    TARGET_TIME:  2017-11-01T11:21:04.000Z
    
    OSBUILD:  16299
    
    OSSERVICEPACK:  19
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2017-10-10 13:23:07
    
    BUILDDATESTAMP_STR:  160101.0800
    
    BUILDLAB_STR:  WinBuild
    
    BUILDOSVER_STR:  10.0.16299.19
    
    ANALYSIS_SESSION_ELAPSED_TIME:  192b
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:memory_corruption_large
    
    FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
    
    Followup:     memory_corruption
    

    可以看到是memory corruption,建议你更新所有的硬件驱动程序,然后运行自带的工具mdsched.exe 检查memory问题。


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2017年11月7日 9:27
    版主