我的笔记本是lenovo T400,系统是xp sp2(听网上说升级到sp3会涉及到与这款笔记本兼容性的问题,所以我就没升级)。
以前机器没什么问题,就是最近才总是出现的蓝屏现象,无论干什么就是突然就蓝屏,蓝屏的信息如下:
"A problem has been detected and windows has been shut down to prevent
damage to your computer.
If this is the first time you've seen this stop error screen,restart your
computer. If this screen appears again, follow these steps:
Check to be sure you have adequate disk space. If a driver is identified in
the stop message, disable the driver or check with the manufacture for driver
update.Try changing video adapters.
Check with your hardware vendor for any bios updates. Disable BIOS memory
options such as caching or shadowing. If you need to use safe mode to remove
or disable components, restart your, press f8 to select advance options, and
then select safe mode.
Technical Information:
*** STOP: 0x0000008e (0xc0000005, 0x804f4c26, 0x856e509c, 0x00000000).
然后在事件查看器里面的日志是这样写的:
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 8/4/2009
Time: 10:29:31 PM
User: N/A
Computer: TERWU-WXP
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x804f4c26, 0x856e509c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
按照上面的提示我也上网搜索了一下,BIOS不可能出错,因为我检查到BIOS的版本是2009/04/22的,病毒没可能,我已经用杀毒软件杀过了没有毒(分别用mcafee,AVG,pctools,nod32等等杀毒工具一一查杀),有可能是驱动的问题,但是至于哪个驱动出问题了,小弟不得而知:(
我通过windbg工具已经把dump文件分析了,但是只抓到一些错误的代码,小弟也不太会看,请各位专家帮帮忙:)
在这里我贴两个memory dump文件的分析结果:
******************************************************
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.090206-1233
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Aug 4 03:00:14.625 2009 (GMT+8)
System Uptime: 0 days 2:47:30.341
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 804f4c26, 8578f0b4, 0}
*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
Probably caused by : iaStor.sys ( iaStor+4b30 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804f4c26, The address that the exception occurred at
Arg3: 8578f0b4, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!IopCompleteRequest+1e6
804f4c26 894804 mov dword ptr [eax+4],ecx
TRAP_FRAME: 8578f0b4 -- (.trap 0xffffffff8578f0b4)
ErrCode = 00000002
eax=00000000 ebx=843e6560 ecx=00000051 edx=00000000 esi=00000000 edi=00000000
eip=804f4c26 esp=8578f128 ebp=8578f170 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IopCompleteRequest+0x1e6:
804f4c26 894804 mov dword ptr [eax+4],ecx ds:0023:00000004=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 804fe6db to 804f9e0b
STACK_TEXT:
8578ec7c 804fe6db 0000008e c0000005 804f4c26 nt!KeBugCheckEx+0x1b
8578f044 805412f5 8578f060 00000000 8578f0b4 nt!KiDispatchException+0x3b1
8578f0ac 805412a6 8578f170 804f4c26 badb0d00 nt!CommonDispatchException+0x4d
8578f0d4 b9dfdb30 00000000 8ac4cb40 00000000 nt!Kei386EoiHelper+0x18a
WARNING: Stack unwind information not available. Following frames may be wrong.
8578f170 804fed89 843e65a0 8578f1bc 8578f1b0 iaStor+0x4b30
8578f1c0 806e4ef2 00000000 00000000 8578f1d8 nt!KiDeliverApc+0xb3
8578f1c0 85549c4d 00000000 00000000 8578f1d8 hal!HalpApcInterrupt+0xc6
8578f248 00000000 855c4720 8554a26d 855f8179 0x85549c4d
STACK_COMMAND: kb
FOLLOWUP_IP:
iaStor+4b30
b9dfdb30 83c40c add esp,0Ch
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: iaStor+4b30
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: iaStor
IMAGE_NAME: iaStor.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48224206
FAILURE_BUCKET_ID: 0x8E_iaStor+4b30
BUCKET_ID: 0x8E_iaStor+4b30
Followup: MachineOwner
---------
*******************************************************
还有一个dump:
*******************************************************
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.090206-1233
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Aug 4 22:24:22.078 2009 (GMT+8)
System Uptime: 0 days 0:24:31.853
Loading Kernel Symbols
...............................................................
................................................................
................................................................
........
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 804f4c26, 856e509c, 0}
*** ERROR: Module load completed but symbols could not be loaded for NETw5x32.sys
Probably caused by : NETw5x32.sys ( NETw5x32+14c98 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804f4c26, The address that the exception occurred at
Arg3: 856e509c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!IopCompleteRequest+1e6
804f4c26 894804 mov dword ptr [eax+4],ecx
TRAP_FRAME: 856e509c -- (.trap 0xffffffff856e509c)
ErrCode = 00000002
eax=00000000 ebx=84e73de0 ecx=00000053 edx=00000000 esi=00000000 edi=00000000
eip=804f4c26 esp=856e5110 ebp=856e5158 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IopCompleteRequest+0x1e6:
804f4c26 894804 mov dword ptr [eax+4],ecx ds:0023:00000004=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 804fe6db to 804f9e0b
STACK_TEXT:
856e4c64 804fe6db 0000008e c0000005 804f4c26 nt!KeBugCheckEx+0x1b
856e502c 805412f5 856e5048 00000000 856e509c nt!KiDispatchException+0x3b1
856e5094 805412a6 856e5158 804f4c26 badb0d00 nt!CommonDispatchException+0x4d
856e5124 b905fc98 00000000 7a80000a 84e73de0 nt!Kei386EoiHelper+0x18a
WARNING: Stack unwind information not available. Following frames may be wrong.
856e5158 804fed89 84e73e20 856e51a4 856e5198 NETw5x32+0x14c98
856e51a8 806e4ef2 00000000 00000000 856e51c0 nt!KiDeliverApc+0xb3
856e51a8 854a024a 00000000 00000000 856e51c0 hal!HalpApcInterrupt+0xc6
856e5230 00000000 854a3bf5 8554328b 0000018d 0x854a024a
STACK_COMMAND: kb
FOLLOWUP_IP:
NETw5x32+14c98
b905fc98 5b pop ebx
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: NETw5x32+14c98
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETw5x32
IMAGE_NAME: NETw5x32.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a1f7147
FAILURE_BUCKET_ID: 0x8E_NETw5x32+14c98
BUCKET_ID: 0x8E_NETw5x32+14c98
Followup: MachineOwner
---------
**********************************************
反正每次出问题的都不是一个驱动程序的问题,比如这次是无线网卡,那次就是硬盘,在下一次就是显卡驱动等等。。。。
Rejoicing in hope;Patient in tribulation.
