none
Vista 不定时蓝屏 RRS feed

  • 问题

  • 最今不知道怎么回事,有时机器会蓝屏。下面是收集的一些数据,麻烦各位高手帮忙看下。谢谢。

     

     

    问题签名:
      问题事件名称:        BlueScreen
      OS 版本:        6.0.6001.2.1.0.768.2
      区域设置 ID:        2052

    有关该问题的其他信息:
      BCCode:        1000007f
      BCP1:        00000008
      BCP2:        80154000
      BCP3:        00000000
      BCP4:        00000000
      OS Version:        6_0_6001
      Service Pack:        1_0
      Product:        768_1

    有助于描述该问题的文件:
      C:\Windows\Minidump\Mini122308-01.dmp
      C:\Users\Cuibty\AppData\Local\Temp\WER-27409-0.sysdata.xml
      C:\Users\Cuibty\AppData\Local\Temp\WERC6B7.tmp.version.txt

     

     

    以下是使用Debugging Tools分析的。

     

     

    Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path. *
    * Use .symfix to have the debugger choose a symbol path. *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
    Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
    Machine Name:
    Kernel base = 0x81c40000 PsLoadedModuleList = 0x81d57c70
    Debug session time: Tue Dec 23 13:10:19.802 2008 (GMT+8)
    System Uptime: 0 days 2:08:18.965
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols

    Loading unloaded module list
    .....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, 80154000, 0, 0}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    * *
    * The Symbol Path can be set by: *
    * using the _NT_SYMBOL_PATH environment variable. *
    * using the -y argument when starting the debugger. *
    * using .sympath and .sympath+ *
    *********************************************************************
    Probably caused by : ntkrpamp.exe ( nt!Kei386EoiHelper+1736 )

    Followup: MachineOwner
    ---------
    2008年12月24日 7:57

答案

  • 另外你debug没有导入正确的symbol

    请按照以下步骤:

    首先下载windebug

     

    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

    说下debug方法
    1.
    我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
    2.
    蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
    3.
    重启后,windows目录会多出 MEMORY.DMP, 如果1步骤选完全调试,那么这个文件和你的内存一样大
    4.
    下载安装windwos debug tools, 我这有下载地址,或微软网站
    http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
    5.
    安装后创建一个临时目录,例如 c:\temp
    6.
    启动 windbg
    7. windbg
    界面: file->symbol file path (ctrl+s) 输入:
    SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    然后确定
    8. windbg
    界面: file->open crash dump(ctrl+d),打开windows目录下面的 memory.dmp
    9.
    打开后,等待提示
    当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
    !analyze -v
    10.
    等待分析完毕,可以知道什么导致的出错
    11. windbg
    使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。

    -----------------------------------------------------------------------

    你把敲!analyze -v的信息发上来也可以!

     

     

    2008年12月24日 9:00

全部回复

  •  

      进程文件: ntkrpamp.exe
      进程名称: NT Kernel & System
      英文描述: ntkrpamp.exe is a process associated with Microsoft庐 Windows庐 Operating System from Microsoft Corporation.
      进程分析:

    保护性进程,在计算机反复启动失败时出现,在正常情况下不会出现该进程,如果在正常情况下出现了该进程,则可能是W32.Bolzano病毒。

     

     

     

    2008年12月24日 8:58
  • 另外你debug没有导入正确的symbol

    请按照以下步骤:

    首先下载windebug

     

    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

    说下debug方法
    1.
    我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
    2.
    蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
    3.
    重启后,windows目录会多出 MEMORY.DMP, 如果1步骤选完全调试,那么这个文件和你的内存一样大
    4.
    下载安装windwos debug tools, 我这有下载地址,或微软网站
    http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
    5.
    安装后创建一个临时目录,例如 c:\temp
    6.
    启动 windbg
    7. windbg
    界面: file->symbol file path (ctrl+s) 输入:
    SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    然后确定
    8. windbg
    界面: file->open crash dump(ctrl+d),打开windows目录下面的 memory.dmp
    9.
    打开后,等待提示
    当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
    !analyze -v
    10.
    等待分析完毕,可以知道什么导致的出错
    11. windbg
    使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。

    -----------------------------------------------------------------------

    你把敲!analyze -v的信息发上来也可以!

     

     

    2008年12月24日 9:00
  •  


    Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
    Machine Name:
    Kernel base = 0x81c40000 PsLoadedModuleList = 0x81d57c70
    Debug session time: Tue Dec 23 13:10:19.802 2008 (GMT+8)
    System Uptime: 0 days 2:08:18.965
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols

    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, 80154000, 0, 0}

    *** ERROR: Module load completed but symbols could not be loaded for SynTP.sys
    *** ERROR: Module load completed but symbols could not be loaded for SafeBoxKrnl.sys
    Probably caused by : SynTP.sys ( SynTP+497 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 80154000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x7f_8

    TSS:  00000028 -- (.tss 0x28)
    eax=a4060008 ebx=85a7b520 ecx=85ace080 edx=00000000 esi=85ace080 edi=a4060096
    eip=81c19f24 esp=a4060000 ebp=a4060010 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    hal!KeQueryPerformanceCounter+0x2:
    81c19f24 55              push    ebp
    Resetting default scope

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  System

    CURRENT_IRQL:  8

    LAST_CONTROL_TRANSFER:  from 8bdd1497 to 81c19f24

    STACK_TEXT: 
    a405fffc 8bdd1497 a4060008 85ace080 85ace080 hal!KeQueryPerformanceCounter+0x2
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a4060010 8bdde9d1 a4060096 85ace080 85a7b520 SynTP+0x497
    a4060028 8bddd8e7 85a7b504 85a7b404 00000035 SynTP+0xd9d1
    a4060054 8bdca371 85ace080 85a7b504 85a7b404 SynTP+0xc8e7
    a4060098 81c93941 85fe7c80 85a7b230 00000000 i8042prt!I8042MouseInterruptService+0xeb
    a4060098 81c6dbfb 85fe7c80 85a7b230 00000000 nt!KiInterruptDispatch+0x51
    a406013c 81c6d3b6 0000005c a4060654 00000000 nt!_ValidateEH3RN+0x3a
    a40605a8 81c6db40 a40605cc 8232e926 00000000 nt!_woutput_l+0x30b
    a40605ec 81c6dba0 a4060654 00000063 8232e924 nt!_vsnwprintf_l+0x7b
    a4060608 82325038 a4060654 00000063 8232e924 nt!_vsnwprintf+0x18
    a406062c 8232b056 a4060654 000000c8 8232e924 volmgr!StringCbPrintfW+0x3a
    a4060720 8232dc95 855977d0 84855e28 84855f70 volmgr!VmpQueryDeviceName+0x46
    a4060758 81cfbfd3 85597718 84855f70 00000000 volmgr!VmDeviceControl+0x237
    a4060770 87f6a81f a40607d4 87f77d58 859f3020 nt!IofCallDriver+0x63
    a4060778 87f77d58 859f3020 84855e28 84855e28 ecache!EcDispatchPassthrough+0x43
    a40607d4 81cfbfd3 859f3020 84855e28 84855f94 ecache!EcDispatchDeviceControl+0x3e
    a40607ec 87f45470 00000000 859f4020 00000000 nt!IofCallDriver+0x63
    a4060810 81cfbfd3 84855f70 84855e28 aa14d380 volsnap!VolSnapDeviceControl+0x42
    a4060828 8239c472 00000000 84e10ef0 00000000 nt!IofCallDriver+0x63
    a4060904 8239c7a4 00e10ef0 a406096c a4060938 mountmgr!QueryDeviceInformation+0x2a2
    a4060944 823a02e0 84e10ef0 a406096c 00000000 mountmgr!FindDeviceInfo+0x3a
    a406098c 823a4858 84e10ef0 84206a28 00000103 mountmgr!MountMgrQueryDosVolumePath+0x6c
    a40609a8 81cfbfd3 84e10f0c 84206a98 00000200 mountmgr!MountMgrDeviceControl+0x8c
    a40609c0 81e00038 a4061510 a40615a4 8c2bb246 nt!IofCallDriver+0x63
    a4061220 8c2bb4c5 85597718 a40614c4 a4061510 nt!IoVolumeDeviceToDosName+0x145
    a40614ec 81c97a1a a40615d0 00000004 a40615b0 SafeBoxKrnl+0x74c5
    a40614ec 81c95635 a40615d0 00000004 a40615b0 nt!KiFastCallEntry+0x12a
    a4061580 80793f61 a40615d0 00000004 a40615b0 nt!ZwCreateSection+0x11
    a40615d4 80795bcd a4061614 a4061620 a4061624 CI!I_MapAndSizeDataFile+0x83
    a4061648 80795f0a 000033e2 aa0cf0c0 00000000 CI!I_MapCatalog+0xf2
    a4061700 80796045 a406175c a40663d5 a406189c CI!I_ReloadCatalogs+0x208
    a406174c 807962e8 a40618c4 00000000 00000001 CI!I_FindFileOrHeaderHashInCatalogs+0xc1
    a4061774 80792e95 a40618c4 00000001 00000001 CI!MinCrypK_FindPageHashesInCatalog+0x21
    a40617d4 807932a5 84883560 a40618c4 a4061824 CI!CipGetPageHashesForFile+0x9b
    a406186c 807938e9 84883560 ae84a000 00001000 CI!CipValidatePageHash+0xeb
    a40618dc 81ddc0f1 84883560 ae84a000 00001000 CI!CiValidateImageHeader+0x143
    a40618f8 81ddc24d 84883560 ae84a000 00001000 nt!SeValidateImageHeader+0x4d
    a406196c 81e851fd 84883560 8461dc90 00000002 nt!MiValidateImageHeader+0x149
    a4061a88 81e892d8 a4061adc 000f001f a4061f74 nt!MmCreateSection+0x554
    a4061afc 8c2bb39e a4061f24 000f001f a4061f74 nt!NtCreateSection+0x177
    a4061ddc 81c97a1a a4061f24 000f001f a4061f74 SafeBoxKrnl+0x739e
    a4061ddc 81c95635 a4061f24 000f001f a4061f74 nt!KiFastCallEntry+0x12a
    a4061e70 81e0915f a4061f24 000f001f a4061f74 nt!ZwCreateSection+0x11
    a406242c 8c2bcbdc 0dcdef78 0dcdef58 02000000 nt!NtCreateUserProcess+0x394
    a4062d30 81c97a1a 0dcdef78 0dcdef58 02000000 SafeBoxKrnl+0x8bdc
    a4062d30 77249a94 0dcdef78 0dcdef58 02000000 nt!KiFastCallEntry+0x12a
    0dcdf15c 00000000 00000000 00000000 00000000 0x77249a94


    STACK_COMMAND:  .tss 0x28 ; kb

    FOLLOWUP_IP:
    SynTP+497
    8bdd1497 6a00            push    0

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  SynTP+497

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: SynTP

    IMAGE_NAME:  SynTP.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  46327b78

    FAILURE_BUCKET_ID:  0x7f_8_SynTP+497

    BUCKET_ID:  0x7f_8_SynTP+497

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 80154000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x7f_8

    TSS:  00000028 -- (.tss 0x28)
    eax=a4060008 ebx=85a7b520 ecx=85ace080 edx=00000000 esi=85ace080 edi=a4060096
    eip=81c19f24 esp=a4060000 ebp=a4060010 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    hal!KeQueryPerformanceCounter+0x2:
    81c19f24 55              push    ebp
    Resetting default scope

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  System

    CURRENT_IRQL:  8

    LAST_CONTROL_TRANSFER:  from 8bdd1497 to 81c19f24

    STACK_TEXT: 
    a405fffc 8bdd1497 a4060008 85ace080 85ace080 hal!KeQueryPerformanceCounter+0x2
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a4060010 8bdde9d1 a4060096 85ace080 85a7b520 SynTP+0x497
    a4060028 8bddd8e7 85a7b504 85a7b404 00000035 SynTP+0xd9d1
    a4060054 8bdca371 85ace080 85a7b504 85a7b404 SynTP+0xc8e7
    a4060098 81c93941 85fe7c80 85a7b230 00000000 i8042prt!I8042MouseInterruptService+0xeb
    a4060098 81c6dbfb 85fe7c80 85a7b230 00000000 nt!KiInterruptDispatch+0x51
    a406013c 81c6d3b6 0000005c a4060654 00000000 nt!_ValidateEH3RN+0x3a
    a40605a8 81c6db40 a40605cc 8232e926 00000000 nt!_woutput_l+0x30b
    a40605ec 81c6dba0 a4060654 00000063 8232e924 nt!_vsnwprintf_l+0x7b
    a4060608 82325038 a4060654 00000063 8232e924 nt!_vsnwprintf+0x18
    a406062c 8232b056 a4060654 000000c8 8232e924 volmgr!StringCbPrintfW+0x3a
    a4060720 8232dc95 855977d0 84855e28 84855f70 volmgr!VmpQueryDeviceName+0x46
    a4060758 81cfbfd3 85597718 84855f70 00000000 volmgr!VmDeviceControl+0x237
    a4060770 87f6a81f a40607d4 87f77d58 859f3020 nt!IofCallDriver+0x63
    a4060778 87f77d58 859f3020 84855e28 84855e28 ecache!EcDispatchPassthrough+0x43
    a40607d4 81cfbfd3 859f3020 84855e28 84855f94 ecache!EcDispatchDeviceControl+0x3e
    a40607ec 87f45470 00000000 859f4020 00000000 nt!IofCallDriver+0x63
    a4060810 81cfbfd3 84855f70 84855e28 aa14d380 volsnap!VolSnapDeviceControl+0x42
    a4060828 8239c472 00000000 84e10ef0 00000000 nt!IofCallDriver+0x63
    a4060904 8239c7a4 00e10ef0 a406096c a4060938 mountmgr!QueryDeviceInformation+0x2a2
    a4060944 823a02e0 84e10ef0 a406096c 00000000 mountmgr!FindDeviceInfo+0x3a
    a406098c 823a4858 84e10ef0 84206a28 00000103 mountmgr!MountMgrQueryDosVolumePath+0x6c
    a40609a8 81cfbfd3 84e10f0c 84206a98 00000200 mountmgr!MountMgrDeviceControl+0x8c
    a40609c0 81e00038 a4061510 a40615a4 8c2bb246 nt!IofCallDriver+0x63
    a4061220 8c2bb4c5 85597718 a40614c4 a4061510 nt!IoVolumeDeviceToDosName+0x145
    a40614ec 81c97a1a a40615d0 00000004 a40615b0 SafeBoxKrnl+0x74c5
    a40614ec 81c95635 a40615d0 00000004 a40615b0 nt!KiFastCallEntry+0x12a
    a4061580 80793f61 a40615d0 00000004 a40615b0 nt!ZwCreateSection+0x11
    a40615d4 80795bcd a4061614 a4061620 a4061624 CI!I_MapAndSizeDataFile+0x83
    a4061648 80795f0a 000033e2 aa0cf0c0 00000000 CI!I_MapCatalog+0xf2
    a4061700 80796045 a406175c a40663d5 a406189c CI!I_ReloadCatalogs+0x208
    a406174c 807962e8 a40618c4 00000000 00000001 CI!I_FindFileOrHeaderHashInCatalogs+0xc1
    a4061774 80792e95 a40618c4 00000001 00000001 CI!MinCrypK_FindPageHashesInCatalog+0x21
    a40617d4 807932a5 84883560 a40618c4 a4061824 CI!CipGetPageHashesForFile+0x9b
    a406186c 807938e9 84883560 ae84a000 00001000 CI!CipValidatePageHash+0xeb
    a40618dc 81ddc0f1 84883560 ae84a000 00001000 CI!CiValidateImageHeader+0x143
    a40618f8 81ddc24d 84883560 ae84a000 00001000 nt!SeValidateImageHeader+0x4d
    a406196c 81e851fd 84883560 8461dc90 00000002 nt!MiValidateImageHeader+0x149
    a4061a88 81e892d8 a4061adc 000f001f a4061f74 nt!MmCreateSection+0x554
    a4061afc 8c2bb39e a4061f24 000f001f a4061f74 nt!NtCreateSection+0x177
    a4061ddc 81c97a1a a4061f24 000f001f a4061f74 SafeBoxKrnl+0x739e
    a4061ddc 81c95635 a4061f24 000f001f a4061f74 nt!KiFastCallEntry+0x12a
    a4061e70 81e0915f a4061f24 000f001f a4061f74 nt!ZwCreateSection+0x11
    a406242c 8c2bcbdc 0dcdef78 0dcdef58 02000000 nt!NtCreateUserProcess+0x394
    a4062d30 81c97a1a 0dcdef78 0dcdef58 02000000 SafeBoxKrnl+0x8bdc
    a4062d30 77249a94 0dcdef78 0dcdef58 02000000 nt!KiFastCallEntry+0x12a
    0dcdf15c 00000000 00000000 00000000 00000000 0x77249a94


    STACK_COMMAND:  .tss 0x28 ; kb

    FOLLOWUP_IP:
    SynTP+497
    8bdd1497 6a00            push    0

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  SynTP+497

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: SynTP

    IMAGE_NAME:  SynTP.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  46327b78

    FAILURE_BUCKET_ID:  0x7f_8_SynTP+497

    BUCKET_ID:  0x7f_8_SynTP+497

    Followup: MachineOwner
    ---------

    2008年12月24日 15:46
  •  

    谁能帮我解答下啊!谢谢
    2008年12月25日 4:09
  • SYNTP.SYS是驱动错误

    下载特定于计算机制造商的 Synaptics Touchpad Driver (SYNTP.SYS) 更新。如果没有列出您的计算机制造商,请单击“所有其他计算机制造商”链接以联机识别您的计算机制造商。

    * Dell 计算机
    * IBM 计算机
    * 所有其他计算机制造商

    如果已安装了最新的产品更新,但仍然出现问题,请联机转到 Synaptics。

     

    SafeBoxKrnl.sys是360保险箱的文件,你删除360试试,机器是否恢复正常。

    2008年12月25日 4:22
    版主
  • 不同意楼上观点!可能是误导!因为symbols file不能识别 syntp.sys和safeboxkrnl.sys所以才傻傻的报他们两的错!

    作者可以具体看看http://support.microsoft.com/kb/842465/zh-cn

    2008年12月29日 8:41