积极答复者
windows 7 运行一段时间后突然蓝屏重启
问题
-
您好,版主!
如题,请帮我分析一下原因,谢谢!以下是memeroy.dump文件信息。
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x84644000 PsLoadedModuleList = 0x8478e850
Debug session time: Wed Dec 14 10:30:22.425 2016 (UTC + 8:00)
System Uptime: 0 days 3:18:49.377
WARNING: Process directory table base 00010200 doesn't match CR3 DDD99160
WARNING: Unable to reset page directories
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
WARNING: Process directory table base 00010200 doesn't match CR3 DDD99160
Unable to get PEB pointer
Loading unloaded module list
.............
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 8, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : ntkrpamp.exe ( nt!Kei386EoiHelper+29d3 )
Followup: MachineOwner
田辉
答案
-
你好 tianskyyou,
根据你的dump文件分析,只可以看到是由ntkrpamp.exe引起。它是系统内核的组件,可能会由于驱动或者是你的硬件内存有问题。我们可以在安全模式下启动,查看是否会有这样的情况,如果有,建议更新驱动程序,包括主板。如果这个问题是最近出现的,也可以使用系统还原的功能。
希望对你有帮助,谢谢。
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- 已标记为答案 tianskyyou 2016年12月21日 3:01
全部回复
-
你的分析结果因为 WinDBG 没有正确设置 Symbol 所以没有得出有价值的参考信息,只能从蓝屏代码 0x000000D1 大致看出与驱动程序有关,其中一个驱动程序已经影响到了 Windows Kernel 的运行。
如果最近新更改过驱动程序设置,请先尝试恢复到以前可以稳定运行的版本。
Alexis Zhang
http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
http://blogs.itecn.net/blogs/alexis推荐以 NNTP Bridge 桥接新闻组方式访问论坛。
本帖是回复帖,原帖作者是楼上的 <tianskyyou>;
| 您好,版主!
| 如题,请帮我分析一下原因,谢谢!以下是memeroy.dump文件信息 -
你好 tianskyyou,
根据你的dump文件分析,只可以看到是由ntkrpamp.exe引起。它是系统内核的组件,可能会由于驱动或者是你的硬件内存有问题。我们可以在安全模式下启动,查看是否会有这样的情况,如果有,建议更新驱动程序,包括主板。如果这个问题是最近出现的,也可以使用系统还原的功能。
希望对你有帮助,谢谢。
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- 已标记为答案 tianskyyou 2016年12月21日 3:01
