电脑蓝屏，求助帮忙分析dump文件

全部回复

• 

  

  0

  登录进行投票

  你好，

  通过你的dump文件分析如下：

  BugCheck 139, {3, ffffb485641f0120, ffffb485641f0078, 0}
  
  *** WARNING: Unable to verify timestamp for topsecpf.sys
  *** ERROR: Module load completed but symbols could not be loaded for topsecpf.sys
  Probably caused by : memory_corruption
  
  Followup:     memory_corruption
  ---------
  
  3: kd> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  KERNEL_SECURITY_CHECK_FAILURE (139)
  A kernel component has corrupted a critical data structure.  The corruption
  could potentially allow a malicious user to gain control of this machine.
  Arguments:
  Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  Arg2: ffffb485641f0120, Address of the trap frame for the exception that caused the bugcheck
  Arg3: ffffb485641f0078, Address of the exception record for the exception that caused the bugcheck
  Arg4: 0000000000000000, Reserved
  
  Debugging Details:
  ------------------
  
  
  DUMP_CLASS: 1
  
  DUMP_QUALIFIER: 400
  
  BUILD_VERSION_STRING:  10.0.16299.19 (WinBuild.160101.0800)
  
  SYSTEM_MANUFACTURER:  ASUS
  
  SYSTEM_PRODUCT_NAME:  All Series
  
  SYSTEM_SKU:  All
  
  SYSTEM_VERSION:  System Version
  
  BIOS_VENDOR:  American Megatrends Inc.
  
  BIOS_VERSION:  2001
  
  BIOS_DATE:  06/20/2014
  
  BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.
  
  BASEBOARD_PRODUCT:  B85-PRO GAMER
  
  BASEBOARD_VERSION:  Rev 1.xx
  
  DUMP_TYPE:  2
  
  DUMP_FILE_ATTRIBUTES: 0x8
    Kernel Generated Triage Dump
  
  BUGCHECK_P1: 3
  
  BUGCHECK_P2: ffffb485641f0120
  
  BUGCHECK_P3: ffffb485641f0078
  
  BUGCHECK_P4: 0
  
  TRAP_FRAME:  ffffb485641f0120 -- (.trap 0xffffb485641f0120)
  NOTE: The trap frame does not contain all registers.
  Some register values may be zeroed or incorrect.
  rax=ffffb806bba9d2c0 rbx=0000000000000000 rcx=0000000000000003
  rdx=ffffb806bba99920 rsi=0000000000000000 rdi=0000000000000000
  rip=fffff8014d846b6f rsp=ffffb485641f02b0 rbp=ffffb485641f0410
   r8=fffff8024ec07348  r9=0000000000000000 r10=0000000000000000
  r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000
  iopl=0         nv up di ng nz na po cy
  nt!RtlFailFast+0x5:
  fffff801`4d846b6f cd29            int     29h
  Resetting default scope
  
  EXCEPTION_RECORD:  ffffb485641f0078 -- (.exr 0xffffb485641f0078)
  ExceptionAddress: fffff8014d846b6f (nt!RtlFailFast+0x0000000000000005)
     ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
    ExceptionFlags: 00000001
  NumberParameters: 1
     Parameter[0]: 0000000000000003
  Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
  
  CPU_COUNT: 8
  
  CPU_MHZ: ce4
  
  CPU_VENDOR:  GenuineIntel
  
  CPU_FAMILY: 6
  
  CPU_MODEL: 3c
  
  CPU_STEPPING: 3
  
  CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 1E'00000000 (cache) 1E'00000000 (init)
  
  CUSTOMER_CRASH_COUNT:  1
  
  BUGCHECK_STR:  0x139
  
  PROCESS_NAME:  System
  
  CURRENT_IRQL:  0
  
  ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  
  EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  
  EXCEPTION_CODE_STR:  c0000409
  
  EXCEPTION_PARAMETER1:  0000000000000003
  
  DEFAULT_BUCKET_ID:  CODE_CORRUPTION
  
  ANALYSIS_SESSION_HOST:  VDI-V-PIHU
  
  ANALYSIS_SESSION_TIME:  11-07-2017 17:22:07.0244
  
  ANALYSIS_VERSION: 10.0.15063.468 amd64fre
  
  LAST_CONTROL_TRANSFER:  from fffff8014d7f21e9 to fffff8014d7e6960
  
  STACK_TEXT:  
  ffffb485`641efdf8 fffff801`4d7f21e9 : 00000000`00000139 00000000`00000003 ffffb485`641f0120 ffffb485`641f0078 : nt!KeBugCheckEx [minkernel\ntos\ke\amd64\procstat.asm @ 134] 
  ffffb485`641efe00 fffff801`4d7f2550 : 000047f9`3f1e27a8 ffffb806`c52d6140 00000000`00000000 ffffb485`641effc0 : nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 2998] 
  ffffb485`641eff40 fffff801`4d7f1537 : ffffb806`ca606cc0 fffff801`4d6d00cc ffffb806`bd515b00 fffff802`4d6892cb : nt!KiFastFailDispatch+0xd0 [minkernel\ntos\ke\amd64\trap.asm @ 3148] 
  ffffb485`641f0120 fffff801`4d846b6f : fffff802`4ec07370 ffffb485`00000000 ffffb806`bba99920 ffffb806`be611068 : nt!KiRaiseSecurityCheckFailure+0xf7 [minkernel\ntos\ke\amd64\trap.asm @ 1907] 
  ffffb485`641f02b0 fffff802`4ec02f6a : ffffb806`cae9b010 ffffb806`bad401b0 00000000`00000000 00000000`00000000 : nt!ExInterlockedInsertTailList+0xc6f4f [minkernel\ntos\ex\intrlcks.c @ 288] 
  ffffb485`641f02e0 ffffb806`cae9b010 : ffffb806`bad401b0 00000000`00000000 00000000`00000000 ffffb806`cae9b12b : topsecpf+0x2f6a
  ffffb485`641f02e8 ffffb806`bad401b0 : 00000000`00000000 00000000`00000000 ffffb806`cae9b12b fffff801`4d706bc7 : 0xffffb806`cae9b010
  ffffb485`641f02f0 00000000`00000000 : 00000000`00000000 ffffb806`cae9b12b fffff801`4d706bc7 ffffb806`cae9b010 : 0xffffb806`bad401b0
  
  
  STACK_COMMAND:  kb
  
  CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
      fffff8014d7e693a-fffff8014d7e693b  2 bytes - nt!ZwWaitLowEventPair+2a
  	[ 84 00:4c 87 ]
      fffff8014d7e693d-fffff8014d7e693f  3 bytes - nt!ZwWaitLowEventPair+2d (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e695a-fffff8014d7e695b  2 bytes - nt!KiBugCheckReturn+16 (+0x1d)
  	[ 84 00:4c 87 ]
      fffff8014d7e695d-fffff8014d7e695f  3 bytes - nt!KiBugCheckReturn+19 (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e6a8a-fffff8014d7e6a8b  2 bytes - nt!KeBugCheckEx+12a (+0x12d)
  	[ 84 00:4c 87 ]
      fffff8014d7e6a8d-fffff8014d7e6a8f  3 bytes - nt!KeBugCheckEx+12d (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e6b8a-fffff8014d7e6b8b  2 bytes - nt!KeContextToKframes+fa (+0xfd)
  	[ 84 00:4c 87 ]
      fffff8014d7e6b8d-fffff8014d7e6b8f  3 bytes - nt!KeContextToKframes+fd (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e6bda-fffff8014d7e6bdb  2 bytes - nt!KiSaveInitialProcessorControlState+4a (+0x4d)
  	[ 84 00:4c 87 ]
      fffff8014d7e6bdd-fffff8014d7e6bdf  3 bytes - nt!KiSaveInitialProcessorControlState+4d (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e6caa-fffff8014d7e6cab  2 bytes - nt!KiRestoreProcessorControlState+ca (+0xcd)
  	[ 84 00:4c 87 ]
      fffff8014d7e6cad-fffff8014d7e6caf  3 bytes - nt!KiRestoreProcessorControlState+cd (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e6e2a-fffff8014d7e6e2b  2 bytes - nt!KiSaveProcessorControlState+17a (+0x17d)
  	[ 84 00:4c 87 ]
      fffff8014d7e6e2d-fffff8014d7e6e2f  3 bytes - nt!KiSaveProcessorControlState+17d (+0x03)
  	[ 00 00 00:98 c3 90 ]
      fffff8014d7e6eaa-fffff8014d7e6eab  2 bytes - nt!KiRestoreDebugRegisterState+7a (+0x7d)
  	[ 84 00:4c 87 ]
      fffff8014d7e6ead-fffff8014d7e6eaf  3 bytes - nt!KiRestoreDebugRegisterState+7d (+0x03)
  	[ 00 00 00:98 c3 90 ]
  40 errors : !nt (fffff8014d7e693a-fffff8014d7e6eaf)
  
  MODULE_NAME: memory_corruption
  
  IMAGE_NAME:  memory_corruption
  
  FOLLOWUP_NAME:  memory_corruption
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  0
  
  MEMORY_CORRUPTOR:  LARGE
  
  FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE
  
  BUCKET_ID:  MEMORY_CORRUPTION_LARGE
  
  PRIMARY_PROBLEM_CLASS:  MEMORY_CORRUPTION_LARGE
  
  TARGET_TIME:  2017-11-01T11:21:04.000Z
  
  OSBUILD:  16299
  
  OSSERVICEPACK:  19
  
  SERVICEPACK_NUMBER: 0
  
  OS_REVISION: 0
  
  SUITE_MASK:  272
  
  PRODUCT_TYPE:  1
  
  OSPLATFORM_TYPE:  x64
  
  OSNAME:  Windows 10
  
  OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
  
  OS_LOCALE:  
  
  USER_LCID:  0
  
  OSBUILD_TIMESTAMP:  2017-10-10 13:23:07
  
  BUILDDATESTAMP_STR:  160101.0800
  
  BUILDLAB_STR:  WinBuild
  
  BUILDOSVER_STR:  10.0.16299.19
  
  ANALYSIS_SESSION_ELAPSED_TIME:  192b
  
  ANALYSIS_SOURCE:  KM
  
  FAILURE_ID_HASH_STRING:  km:memory_corruption_large
  
  FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  
  Followup:     memory_corruption
  

  可以看到是memory corruption，建议你更新所有的硬件驱动程序，然后运行自带的工具mdsched.exe 检查memory问题。

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • 已建议为答案 Karen_HuMicrosoft contingent staff, Moderator 2017年11月10日 8:29

  2017年11月7日 9:27

  回复

  |

  引用

  版主