none
Win8.1 蓝屏 RRS feed

  • 问题

  • 最近系统老是蓝屏,win8.1

    用windbg打开minidump文件看了下,也不知道具体是什么问题

    下面是分析的结果,隐约感觉是跟NETwew00.sys(好像是intel的无线网卡驱动)有关系,但是不确定

    而且更新无线网卡的驱动发现已经是最新的了

    *** WARNING: Unable to verify timestamp for NETwew00.sys
    *** ERROR: Module load completed but symbols could not be loaded for NETwew00.sys
    Probably caused by : NETwew00.sys ( NETwew00+e3ad )

    详细的结果如下:

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [D:\Minidump\051014-7765-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*c:\sytemp*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\sytemp*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Machine Name:
    Kernel base = 0xfffff801`68674000 PsLoadedModuleList = 0xfffff801`68938990
    Debug session time: Sat May 10 20:30:13.405 2014 (UTC + 8:00)
    System Uptime: 0 days 1:37:33.090
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    .........................................................
    Loading User Symbols
    Loading unloaded module list
    ..........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 139, {2, ffffd000227ad190, ffffd000227ad0e8, 0}
    
    *** WARNING: Unable to verify timestamp for NETwew00.sys
    *** ERROR: Module load completed but symbols could not be loaded for NETwew00.sys
    Probably caused by : NETwew00.sys ( NETwew00+e3ad )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
    	buffer overrun.
    Arg2: ffffd000227ad190, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd000227ad0e8, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved
    
    Debugging Details:
    ------------------
    
    
    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump
    
    TRAP_FRAME:  ffffd000227ad190 -- (.trap 0xffffd000227ad190)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000002
    rdx=000000000411ed32 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002a2d3ad rsp=ffffd000227ad328 rbp=ffffd000268cc0a4
     r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
    r11=ffffd000227ad374 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz ac po nc
    NETwew00+0xe3ad:
    fffff800`02a2d3ad ??              ???
    Resetting default scope
    
    EXCEPTION_RECORD:  ffffd000227ad0e8 -- (.exr 0xffffd000227ad0e8)
    ExceptionAddress: fffff80002a2d3ad (NETwew00+0x000000000000e3ad)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000002
    
    CUSTOMER_CRASH_COUNT:  1
    
    BUGCHECK_STR:  0x139
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_PARAMETER1:  0000000000000002
    
    DEFAULT_BUCKET_ID:  STACK_COOKIE_CHECK_FAILURE
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff801687cd7e9 to fffff801687c1ca0
    
    STACK_TEXT:  
    ffffd000`227ace68 fffff801`687cd7e9 : 00000000`00000139 00000000`00000002 ffffd000`227ad190 ffffd000`227ad0e8 : nt!KeBugCheckEx
    ffffd000`227ace70 fffff801`687cdb10 : ffffe000`021b1980 fffff800`02a2f247 ffffd000`227ad000 ffffe000`0175fcf0 : nt!KiBugCheckDispatch+0x69
    ffffd000`227acfb0 fffff801`687ccd34 : ffffe000`021d4f00 00000000`00000000 00000000`00000000 ffffe000`01e355a8 : nt!KiFastFailDispatch+0xd0
    ffffd000`227ad190 fffff800`02a2d3ad : fffff800`02b2ca39 ffffe000`021d4ef0 ffffd000`227ad400 ffffe000`021d75c0 : nt!KiRaiseSecurityCheckFailure+0xf4
    ffffd000`227ad328 fffff800`02b2ca39 : ffffe000`021d4ef0 ffffd000`227ad400 ffffe000`021d75c0 ffffd000`227ad3c9 : NETwew00+0xe3ad
    ffffd000`227ad330 ffffe000`021d4ef0 : ffffd000`227ad400 ffffe000`021d75c0 ffffd000`227ad3c9 ffffe000`0175ce10 : NETwew00+0x10da39
    ffffd000`227ad338 ffffd000`227ad400 : ffffe000`021d75c0 ffffd000`227ad3c9 ffffe000`0175ce10 fffff800`02bd9c00 : 0xffffe000`021d4ef0
    ffffd000`227ad340 ffffe000`021d75c0 : ffffd000`227ad3c9 ffffe000`0175ce10 fffff800`02bd9c00 00000000`00000000 : 0xffffd000`227ad400
    ffffd000`227ad348 ffffd000`227ad3c9 : ffffe000`0175ce10 fffff800`02bd9c00 00000000`00000000 00000000`00000000 : 0xffffe000`021d75c0
    ffffd000`227ad350 ffffe000`0175ce10 : fffff800`02bd9c00 00000000`00000000 00000000`00000000 676e6168`00000053 : 0xffffd000`227ad3c9
    ffffd000`227ad358 fffff800`02bd9c00 : 00000000`00000000 00000000`00000000 676e6168`00000053 00000000`00696168 : 0xffffe000`0175ce10
    ffffd000`227ad360 00000000`00000000 : 00000000`00000000 676e6168`00000053 00000000`00696168 00000000`00000000 : NETwew00+0x1bac00
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    NETwew00+e3ad
    fffff800`02a2d3ad ??              ???
    
    SYMBOL_STACK_INDEX:  4
    
    SYMBOL_NAME:  NETwew00+e3ad
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NETwew00
    
    IMAGE_NAME:  NETwew00.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  51c9f0ae
    
    FAILURE_BUCKET_ID:  0x139_2_NETwew00+e3ad
    
    BUCKET_ID:  0x139_2_NETwew00+e3ad
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x139_2_netwew00+e3ad
    
    FAILURE_ID_HASH:  {3a8bcebc-b629-57de-3ff9-020d5f3d499f}
    
    Followup: MachineOwner
    ---------
    

    请高人指点

    2014年5月20日 14:48