Remove From My Forums

蓝屏，贴出代码，望高手分析解答一下

问题
0

登录进行投票

.............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {54, 1c, 1, 80503cc0}

Probably caused by : win32k.sys ( win32k!GreReleaseSemaphore+a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000054, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80503cc0, address which referenced memory

Debugging Details:
------------------

WRITE_ADDRESS: 00000054

CURRENT_IRQL: 1c

FAULTING_IP:
nt!KiUnlinkThread+0
80503cc0 095154          or      dword ptr [ecx+54h],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from 80503d2e to 80503cc0

STACK_TEXT:
aba0aacc 80503d2e 884965c0 884965c8 00000100 nt!KiUnlinkThread
aba0aae0 80503f25 00000001 aba0aafc 88950da8 nt!KiUnwaitThread+0x12
aba0ab0c 804fb307 8a65f780 00000000 aba0ab44 nt!KiWaitTest+0xab
aba0ab1c 8053688a 884965c0 8a65f780 aba0b143 nt!KeSetEventBoostPriority+0x3f
aba0ab44 bf80196f bf9588ce 0000000d 033b12c0 nt!ExReleaseResourceLite+0x10a
aba0ab48 bf9588ce 0000000d 033b12c0 00000003 win32k!GreReleaseSemaphore+0xa
aba0ab98 bf86fcff aba0b143 00000000 00000018 win32k!vSrcTranCopyS8D32+0xc6
aba0ad18 bf8704a0 e2edcc68 e4900d08 aba0b834 win32k!vExpandAndCopyText+0x38b
aba0b40c bf8ba527 e2edcc78 aba0b548 e4900d08 win32k!EngTextOut+0x848
aba0b458 bf8ba6ba bf87015c aba0b4dc e2edcc78 win32k!OffTextOut+0x71
aba0b4ec bf811aff e2edcc78 aba0b548 e4900d08 win32k!SpTextOut+0x9d
aba0b774 bf828b0a aba0b7c0 e59fc4dc e59fc538 win32k!GreExtTextOutWLocked+0xfbf
aba0b7b8 bf8292db e59fc008 0000001d 00000005 win32k!GreExtTextOutWInternal+0x6e
aba0b908 8054262c e10143a8 0000001d 00000005 win32k!NtGdiExtTextOutW+0x2b6
aba0b908 7c92e514 e10143a8 0000001d 00000005 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0007ebf0 00000000 00000000 00000000 00000000 0x7c92e514

STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!GreReleaseSemaphore+a
bf80196f ff25b8cf98bf    jmp     dword ptr [win32k!_imp__KeLeaveCriticalRegion (bf98cfb8)]

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: win32k!GreReleaseSemaphore+a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572

FAILURE_BUCKET_ID: 0xA_win32k!GreReleaseSemaphore+a

BUCKET_ID: 0xA_win32k!GreReleaseSemaphore+a

Followup: MachineOwner
---------

附：
硬件配置
CPU：Q8200
主板：华硕 P5Q
内存：金士顿 DDR2 800 2G X 2 窄板
显卡：GTX260+ 公版
硬盘：ST 7200.12 320G (固件版本：CC34)，ST 7200.10 320G(固件版本：3.AAE) 都是串口，组RAID 0
声卡：Creative Sound Blaster Audigy 2 ZS
光驱：DVD刻录机三星TS-H652M
打印机：Cannon i560
USB 手柄：北通震动三

软件配置
Windows XP SP3 + IE8 + Windows media player 11 + 所有硬件驱动 + 所有补丁程序

McAfee + [360安全卫士(未开启实时保护，不随系统启动，关闭所有自动更新，关闭任何提示，简单说就是不双击运行它，它就不会自动运行)]

QQ2009SP1 + 迅雷

未安装除此之外任何程序

所有硬件均使用在标准频率，未进行任何超频，系统是按照传统方式安装，非GHOST

2009年6月24日 12:13

回复

|

引用

全部回复

0

登录进行投票

10分钟，再度蓝屏，错误代码改变了，晕，再次贴出分析

..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf83616b, a7250ccc, 0}

Probably caused by : win32k.sys ( win32k!UnlinkSendListSms+2b )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf83616b, The address that the exception occurred at
Arg3: a7250ccc, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
win32k!UnlinkSendListSms+2b
bf83616b 8908            mov     dword ptr [eax],ecx

TRAP_FRAME: a7250ccc -- (.trap 0xffffffffa7250ccc)
ErrCode = 00000002
eax=00000001 ebx=bf836521 ecx=0185f520 edx=a7250d48 esi=0185f514 edi=a7250d64
eip=bf83616b esp=a7250d40 ebp=a7250d54 iopl=0         nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000             efl=00250202
win32k!UnlinkSendListSms+0x2b:
bf83616b 8908            mov     dword ptr [eax],ecx ds:0023:00000001=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 8054262c to bf83616b

STACK_TEXT:
a7250d54 8054262c 00030804 0000005e 0185f514 win32k!UnlinkSendListSms+0x2b
a7250d54 7c92e514 00030804 0000005e 0185f514 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0185f500 77d2aef1 77d2aedc 00030804 0000005e 0x7c92e514
0185f514 3e60cea2 00030804 0185f540 3e60ce88 0x77d2aef1
0185f520 3e60ce88 00030804 3e60ce67 00000770 0x3e60cea2
0185f540 3e60ce30 0256cc18 00000000 00000002 0x3e60ce88
0185f554 3e5e0204 00000001 0185f5d0 00000000 0x3e60ce30
0185f594 3e60acdc 0256cbd8 0185f5c0 00000001 0x3e5e0204
0185f5d0 3e60ac30 0256cbd8 0185f5ec 00000001 0x3e60acdc
0185f630 3e60abcc 0256cbd8 e0040b1d 00000001 0x3e60ac30
0185f6c4 3e60aa68 0256cbd8 0185f810 0185f6f0 0x3e60abcc
0185f6d4 3e609c37 0185f810 0185f854 00176368 0x3e60aa68
0185f6f0 3e60a577 0185f810 0185f854 00176368 0x3e609c37
0185f874 3e60a1ca 00000000 02584538 00000001 0x3e60a577
0185f8c4 3e60a05d 00000001 00000006 025d8740 0x3e60a1ca
0185f900 3e609f4f 0185f928 0000007d 0185f9b0 0x3e60a05d
0185f940 3e8c8c08 025d8740 0185f954 0000007d 0x3e609f4f
0185f95c 3e8bc726 00000000 00000096 0000007d 0x3e8c8c08
0185f994 3e7964fd 00000000 0185faf8 032dc108 0x3e8bc726
0185f9b8 3e599136 025d8740 0185faf8 025d8218 0x3e7964fd
0185fa18 3e58bb0f 025a8318 0185faf8 032be6d8 0x3e599136
0185faa4 3e70eca2 0185faf8 025d8218 00000000 0x3e58bb0f
0185fc1c 3e562788 0000020a ff880000 011e0162 0x3e70eca2
0185fd4c 3e609421 0256c9e8 0000020a ff880000 0x3e562788
0185fd78 77d18734 00030804 0000020a ff880000 0x3e609421
0185fda4 77d18816 3e6093d5 00030804 0000020a 0x77d18734
0185fe0c 77d189cd 00000000 3e6093d5 00030804 0x77d18816
0185fe6c 77d18a10 0185fe94 00000000 0185feec 0x77d189cd
0185fe7c 3edcb910 0185fe94 00000000 003d67a0 0x77d18a10
0185feec 3ed72dc8 03160060 0014f8b0 0014fdd8 0x3edcb910
0185ffa4 3ec14071 003d67a0 00000020 0185ffec 0x3ed72dc8
0185ffb4 7c80b729 0014fdd8 0014f8b0 00000020 0x3ec14071
0185ffec 00000000 3ec14063 0014fdd8 00000000 0x7c80b729

STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!UnlinkSendListSms+2b
bf83616b 8908            mov     dword ptr [eax],ecx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!UnlinkSendListSms+2b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572

FAILURE_BUCKET_ID: 0x8E_win32k!UnlinkSendListSms+2b

BUCKET_ID: 0x8E_win32k!UnlinkSendListSms+2b

Followup: MachineOwner
---------

2009年6月24日 12:31

回复

|

引用
0

登录进行投票

再次都是win32k.sys导致的，我发现你最近多次反映蓝屏问题，建议检查你的WIN XP SP3是否官方版本，而非修改版本，下载安装通过WHQL认证的硬件驱动进行看问题是否依旧。

2009年6月24日 12:51

回复

|

引用
0

登录进行投票

就是偶发性的蓝屏，不是经常，我上次发了以后，一直都没出现，几乎每天都要开机18个小时以上，晚上睡觉时开着下东西，一直到今天都没再蓝过屏，今天突然出现，而且是连续两次，第一次连续两次蓝屏，现在又不蓝了，从上次发贴后一个多星期了，今天突然又来了蓝屏了
XP SP3是官方版本，而且是按照正常安装方式安装的，所有驱动都是WHQL官方正式版

2009年6月24日 13:20

回复

|

引用
0

登录进行投票

那次后，使用了微软出的检测内存的工具，刻录成光盘启动，检测了1晚上，全部成功，全部PASS，我都晕了，都不知道了。。。所以，这次是遇见难题了

2009年6月24日 13:25

回复

|

引用
0

登录进行投票

具体我也不是很清楚，不过给你提点建议：查找到win32k.sys，上报到http://virscan.org/进行分析是否被病毒感染了，如果感染了，更新病毒库进行全盘病毒查杀，再进行系统恢复操作即可。

2009年6月24日 13:36

回复

|

引用