Win8.1 蓝屏

• 问题

• 

  

  0

  登录进行投票

  最近系统老是蓝屏，win8.1

  用windbg打开minidump文件看了下，也不知道具体是什么问题

  下面是分析的结果，隐约感觉是跟NETwew00.sys（好像是intel的无线网卡驱动）有关系，但是不确定

  而且更新无线网卡的驱动发现已经是最新的了

  *** WARNING: Unable to verify timestamp for NETwew00.sys
  *** ERROR: Module load completed but symbols could not be loaded for NETwew00.sys
  Probably caused by : NETwew00.sys ( NETwew00+e3ad )

  详细的结果如下：

  Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
  Copyright (c) Microsoft Corporation. All rights reserved.
  
  
  Loading Dump File [D:\Minidump\051014-7765-01.dmp]
  Mini Kernel Dump File: Only registers and stack trace are available
  
  
  ************* Symbol Path validation summary **************
  Response                         Time (ms)     Location
  Deferred                                       SRV*c:\sytemp*http://msdl.microsoft.com/download/symbols
  Symbol search path is: SRV*c:\sytemp*http://msdl.microsoft.com/download/symbols
  Executable search path is: 
  Windows 8 Kernel Version 9600 MP (4 procs) Free x64
  Product: WinNt, suite: TerminalServer SingleUserTS
  Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
  Machine Name:
  Kernel base = 0xfffff801`68674000 PsLoadedModuleList = 0xfffff801`68938990
  Debug session time: Sat May 10 20:30:13.405 2014 (UTC + 8:00)
  System Uptime: 0 days 1:37:33.090
  Loading Kernel Symbols
  .
  
  Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
  Run !sym noisy before .reload to track down problems loading symbols.
  
  ..............................................................
  ................................................................
  .........................................................
  Loading User Symbols
  Loading unloaded module list
  ..........
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  Use !analyze -v to get detailed debugging information.
  
  BugCheck 139, {2, ffffd000227ad190, ffffd000227ad0e8, 0}
  
  *** WARNING: Unable to verify timestamp for NETwew00.sys
  *** ERROR: Module load completed but symbols could not be loaded for NETwew00.sys
  Probably caused by : NETwew00.sys ( NETwew00+e3ad )
  
  Followup: MachineOwner
  ---------
  
  1: kd> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  KERNEL_SECURITY_CHECK_FAILURE (139)
  A kernel component has corrupted a critical data structure.  The corruption
  could potentially allow a malicious user to gain control of this machine.
  Arguments:
  Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
  	buffer overrun.
  Arg2: ffffd000227ad190, Address of the trap frame for the exception that caused the bugcheck
  Arg3: ffffd000227ad0e8, Address of the exception record for the exception that caused the bugcheck
  Arg4: 0000000000000000, Reserved
  
  Debugging Details:
  ------------------
  
  
  DUMP_FILE_ATTRIBUTES: 0x8
    Kernel Generated Triage Dump
  
  TRAP_FRAME:  ffffd000227ad190 -- (.trap 0xffffd000227ad190)
  NOTE: The trap frame does not contain all registers.
  Some register values may be zeroed or incorrect.
  rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000002
  rdx=000000000411ed32 rsi=0000000000000000 rdi=0000000000000000
  rip=fffff80002a2d3ad rsp=ffffd000227ad328 rbp=ffffd000268cc0a4
   r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
  r11=ffffd000227ad374 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000
  iopl=0         nv up ei ng nz ac po nc
  NETwew00+0xe3ad:
  fffff800`02a2d3ad ??              ???
  Resetting default scope
  
  EXCEPTION_RECORD:  ffffd000227ad0e8 -- (.exr 0xffffd000227ad0e8)
  ExceptionAddress: fffff80002a2d3ad (NETwew00+0x000000000000e3ad)
     ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
    ExceptionFlags: 00000001
  NumberParameters: 1
     Parameter[0]: 0000000000000002
  
  CUSTOMER_CRASH_COUNT:  1
  
  BUGCHECK_STR:  0x139
  
  PROCESS_NAME:  System
  
  CURRENT_IRQL:  2
  
  ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  
  EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  
  EXCEPTION_PARAMETER1:  0000000000000002
  
  DEFAULT_BUCKET_ID:  STACK_COOKIE_CHECK_FAILURE
  
  ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
  
  LAST_CONTROL_TRANSFER:  from fffff801687cd7e9 to fffff801687c1ca0
  
  STACK_TEXT:  
  ffffd000`227ace68 fffff801`687cd7e9 : 00000000`00000139 00000000`00000002 ffffd000`227ad190 ffffd000`227ad0e8 : nt!KeBugCheckEx
  ffffd000`227ace70 fffff801`687cdb10 : ffffe000`021b1980 fffff800`02a2f247 ffffd000`227ad000 ffffe000`0175fcf0 : nt!KiBugCheckDispatch+0x69
  ffffd000`227acfb0 fffff801`687ccd34 : ffffe000`021d4f00 00000000`00000000 00000000`00000000 ffffe000`01e355a8 : nt!KiFastFailDispatch+0xd0
  ffffd000`227ad190 fffff800`02a2d3ad : fffff800`02b2ca39 ffffe000`021d4ef0 ffffd000`227ad400 ffffe000`021d75c0 : nt!KiRaiseSecurityCheckFailure+0xf4
  ffffd000`227ad328 fffff800`02b2ca39 : ffffe000`021d4ef0 ffffd000`227ad400 ffffe000`021d75c0 ffffd000`227ad3c9 : NETwew00+0xe3ad
  ffffd000`227ad330 ffffe000`021d4ef0 : ffffd000`227ad400 ffffe000`021d75c0 ffffd000`227ad3c9 ffffe000`0175ce10 : NETwew00+0x10da39
  ffffd000`227ad338 ffffd000`227ad400 : ffffe000`021d75c0 ffffd000`227ad3c9 ffffe000`0175ce10 fffff800`02bd9c00 : 0xffffe000`021d4ef0
  ffffd000`227ad340 ffffe000`021d75c0 : ffffd000`227ad3c9 ffffe000`0175ce10 fffff800`02bd9c00 00000000`00000000 : 0xffffd000`227ad400
  ffffd000`227ad348 ffffd000`227ad3c9 : ffffe000`0175ce10 fffff800`02bd9c00 00000000`00000000 00000000`00000000 : 0xffffe000`021d75c0
  ffffd000`227ad350 ffffe000`0175ce10 : fffff800`02bd9c00 00000000`00000000 00000000`00000000 676e6168`00000053 : 0xffffd000`227ad3c9
  ffffd000`227ad358 fffff800`02bd9c00 : 00000000`00000000 00000000`00000000 676e6168`00000053 00000000`00696168 : 0xffffe000`0175ce10
  ffffd000`227ad360 00000000`00000000 : 00000000`00000000 676e6168`00000053 00000000`00696168 00000000`00000000 : NETwew00+0x1bac00
  
  
  STACK_COMMAND:  kb
  
  FOLLOWUP_IP: 
  NETwew00+e3ad
  fffff800`02a2d3ad ??              ???
  
  SYMBOL_STACK_INDEX:  4
  
  SYMBOL_NAME:  NETwew00+e3ad
  
  FOLLOWUP_NAME:  MachineOwner
  
  MODULE_NAME: NETwew00
  
  IMAGE_NAME:  NETwew00.sys
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  51c9f0ae
  
  FAILURE_BUCKET_ID:  0x139_2_NETwew00+e3ad
  
  BUCKET_ID:  0x139_2_NETwew00+e3ad
  
  ANALYSIS_SOURCE:  KM
  
  FAILURE_ID_HASH_STRING:  km:0x139_2_netwew00+e3ad
  
  FAILURE_ID_HASH:  {3a8bcebc-b629-57de-3ff9-020d5f3d499f}
  
  Followup: MachineOwner
  ---------
  

  
  

  请高人指点

  2014年5月20日 14:48

  回复

  |

  引用