积极答复者
Vista 不定时蓝屏
问题
-
最今不知道怎么回事,有时机器会蓝屏。下面是收集的一些数据,麻烦各位高手帮忙看下。谢谢。
问题签名:
问题事件名称: BlueScreen
OS 版本: 6.0.6001.2.1.0.768.2
区域设置 ID: 2052
有关该问题的其他信息:
BCCode: 1000007f
BCP1: 00000008
BCP2: 80154000
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
有助于描述该问题的文件:
C:\Windows\Minidump\Mini122308-01.dmp
C:\Users\Cuibty\AppData\Local\Temp\WER-27409-0.sysdata.xml
C:\Users\Cuibty\AppData\Local\Temp\WERC6B7.tmp.version.txt以下是使用Debugging Tools分析的。
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c40000 PsLoadedModuleList = 0x81d57c70
Debug session time: Tue Dec 23 13:10:19.802 2008 (GMT+8)
System Uptime: 0 days 2:08:18.965
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80154000, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntkrpamp.exe ( nt!Kei386EoiHelper+1736 )
Followup: MachineOwner
---------
答案
-
另外你debug没有导入正确的symbol
请按照以下步骤:
首先下载windebug
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
说下debug方法
1. 我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
2. 蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
3. 重启后,windows目录会多出 MEMORY.DMP, 如果1步骤选完全调试,那么这个文件和你的内存一样大
4. 下载安装windwos 的 debug tools, 我这有下载地址,或微软网站
http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
5. 安装后创建一个临时目录,例如 c:\temp
6. 启动 windbg
7. windbg界面: file->symbol file path (ctrl+s) 输入:
SRV*c:\temp*http://msdl.microsoft.com/download/symbols
然后确定
8. windbg界面: file->open crash dump(ctrl+d),打开windows目录下面的 memory.dmp
9. 打开后,等待提示
当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
!analyze -v
10. 等待分析完毕,可以知道什么导致的出错
11. windbg使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。-----------------------------------------------------------------------
你把敲!analyze -v的信息发上来也可以!
全部回复
-
另外你debug没有导入正确的symbol
请按照以下步骤:
首先下载windebug
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
说下debug方法
1. 我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
2. 蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
3. 重启后,windows目录会多出 MEMORY.DMP, 如果1步骤选完全调试,那么这个文件和你的内存一样大
4. 下载安装windwos 的 debug tools, 我这有下载地址,或微软网站
http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
5. 安装后创建一个临时目录,例如 c:\temp
6. 启动 windbg
7. windbg界面: file->symbol file path (ctrl+s) 输入:
SRV*c:\temp*http://msdl.microsoft.com/download/symbols
然后确定
8. windbg界面: file->open crash dump(ctrl+d),打开windows目录下面的 memory.dmp
9. 打开后,等待提示
当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
!analyze -v
10. 等待分析完毕,可以知道什么导致的出错
11. windbg使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。-----------------------------------------------------------------------
你把敲!analyze -v的信息发上来也可以!
-
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is availableSymbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c40000 PsLoadedModuleList = 0x81d57c70
Debug session time: Tue Dec 23 13:10:19.802 2008 (GMT+8)
System Uptime: 0 days 2:08:18.965
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User SymbolsLoading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80154000, 0, 0}
*** ERROR: Module load completed but symbols could not be loaded for SynTP.sys
*** ERROR: Module load completed but symbols could not be loaded for SafeBoxKrnl.sys
Probably caused by : SynTP.sys ( SynTP+497 )Followup: MachineOwner
---------0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80154000
Arg3: 00000000
Arg4: 00000000Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8TSS: 00000028 -- (.tss 0x28)
eax=a4060008 ebx=85a7b520 ecx=85ace080 edx=00000000 esi=85ace080 edi=a4060096
eip=81c19f24 esp=a4060000 ebp=a4060010 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
hal!KeQueryPerformanceCounter+0x2:
81c19f24 55 push ebp
Resetting default scopeDEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 8
LAST_CONTROL_TRANSFER: from 8bdd1497 to 81c19f24
STACK_TEXT:
a405fffc 8bdd1497 a4060008 85ace080 85ace080 hal!KeQueryPerformanceCounter+0x2
WARNING: Stack unwind information not available. Following frames may be wrong.
a4060010 8bdde9d1 a4060096 85ace080 85a7b520 SynTP+0x497
a4060028 8bddd8e7 85a7b504 85a7b404 00000035 SynTP+0xd9d1
a4060054 8bdca371 85ace080 85a7b504 85a7b404 SynTP+0xc8e7
a4060098 81c93941 85fe7c80 85a7b230 00000000 i8042prt!I8042MouseInterruptService+0xeb
a4060098 81c6dbfb 85fe7c80 85a7b230 00000000 nt!KiInterruptDispatch+0x51
a406013c 81c6d3b6 0000005c a4060654 00000000 nt!_ValidateEH3RN+0x3a
a40605a8 81c6db40 a40605cc 8232e926 00000000 nt!_woutput_l+0x30b
a40605ec 81c6dba0 a4060654 00000063 8232e924 nt!_vsnwprintf_l+0x7b
a4060608 82325038 a4060654 00000063 8232e924 nt!_vsnwprintf+0x18
a406062c 8232b056 a4060654 000000c8 8232e924 volmgr!StringCbPrintfW+0x3a
a4060720 8232dc95 855977d0 84855e28 84855f70 volmgr!VmpQueryDeviceName+0x46
a4060758 81cfbfd3 85597718 84855f70 00000000 volmgr!VmDeviceControl+0x237
a4060770 87f6a81f a40607d4 87f77d58 859f3020 nt!IofCallDriver+0x63
a4060778 87f77d58 859f3020 84855e28 84855e28 ecache!EcDispatchPassthrough+0x43
a40607d4 81cfbfd3 859f3020 84855e28 84855f94 ecache!EcDispatchDeviceControl+0x3e
a40607ec 87f45470 00000000 859f4020 00000000 nt!IofCallDriver+0x63
a4060810 81cfbfd3 84855f70 84855e28 aa14d380 volsnap!VolSnapDeviceControl+0x42
a4060828 8239c472 00000000 84e10ef0 00000000 nt!IofCallDriver+0x63
a4060904 8239c7a4 00e10ef0 a406096c a4060938 mountmgr!QueryDeviceInformation+0x2a2
a4060944 823a02e0 84e10ef0 a406096c 00000000 mountmgr!FindDeviceInfo+0x3a
a406098c 823a4858 84e10ef0 84206a28 00000103 mountmgr!MountMgrQueryDosVolumePath+0x6c
a40609a8 81cfbfd3 84e10f0c 84206a98 00000200 mountmgr!MountMgrDeviceControl+0x8c
a40609c0 81e00038 a4061510 a40615a4 8c2bb246 nt!IofCallDriver+0x63
a4061220 8c2bb4c5 85597718 a40614c4 a4061510 nt!IoVolumeDeviceToDosName+0x145
a40614ec 81c97a1a a40615d0 00000004 a40615b0 SafeBoxKrnl+0x74c5
a40614ec 81c95635 a40615d0 00000004 a40615b0 nt!KiFastCallEntry+0x12a
a4061580 80793f61 a40615d0 00000004 a40615b0 nt!ZwCreateSection+0x11
a40615d4 80795bcd a4061614 a4061620 a4061624 CI!I_MapAndSizeDataFile+0x83
a4061648 80795f0a 000033e2 aa0cf0c0 00000000 CI!I_MapCatalog+0xf2
a4061700 80796045 a406175c a40663d5 a406189c CI!I_ReloadCatalogs+0x208
a406174c 807962e8 a40618c4 00000000 00000001 CI!I_FindFileOrHeaderHashInCatalogs+0xc1
a4061774 80792e95 a40618c4 00000001 00000001 CI!MinCrypK_FindPageHashesInCatalog+0x21
a40617d4 807932a5 84883560 a40618c4 a4061824 CI!CipGetPageHashesForFile+0x9b
a406186c 807938e9 84883560 ae84a000 00001000 CI!CipValidatePageHash+0xeb
a40618dc 81ddc0f1 84883560 ae84a000 00001000 CI!CiValidateImageHeader+0x143
a40618f8 81ddc24d 84883560 ae84a000 00001000 nt!SeValidateImageHeader+0x4d
a406196c 81e851fd 84883560 8461dc90 00000002 nt!MiValidateImageHeader+0x149
a4061a88 81e892d8 a4061adc 000f001f a4061f74 nt!MmCreateSection+0x554
a4061afc 8c2bb39e a4061f24 000f001f a4061f74 nt!NtCreateSection+0x177
a4061ddc 81c97a1a a4061f24 000f001f a4061f74 SafeBoxKrnl+0x739e
a4061ddc 81c95635 a4061f24 000f001f a4061f74 nt!KiFastCallEntry+0x12a
a4061e70 81e0915f a4061f24 000f001f a4061f74 nt!ZwCreateSection+0x11
a406242c 8c2bcbdc 0dcdef78 0dcdef58 02000000 nt!NtCreateUserProcess+0x394
a4062d30 81c97a1a 0dcdef78 0dcdef58 02000000 SafeBoxKrnl+0x8bdc
a4062d30 77249a94 0dcdef78 0dcdef58 02000000 nt!KiFastCallEntry+0x12a
0dcdf15c 00000000 00000000 00000000 00000000 0x77249a94
STACK_COMMAND: .tss 0x28 ; kbFOLLOWUP_IP:
SynTP+497
8bdd1497 6a00 push 0SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: SynTP+497
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SynTP
IMAGE_NAME: SynTP.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 46327b78
FAILURE_BUCKET_ID: 0x7f_8_SynTP+497
BUCKET_ID: 0x7f_8_SynTP+497
Followup: MachineOwner
---------0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80154000
Arg3: 00000000
Arg4: 00000000Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8TSS: 00000028 -- (.tss 0x28)
eax=a4060008 ebx=85a7b520 ecx=85ace080 edx=00000000 esi=85ace080 edi=a4060096
eip=81c19f24 esp=a4060000 ebp=a4060010 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
hal!KeQueryPerformanceCounter+0x2:
81c19f24 55 push ebp
Resetting default scopeDEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 8
LAST_CONTROL_TRANSFER: from 8bdd1497 to 81c19f24
STACK_TEXT:
a405fffc 8bdd1497 a4060008 85ace080 85ace080 hal!KeQueryPerformanceCounter+0x2
WARNING: Stack unwind information not available. Following frames may be wrong.
a4060010 8bdde9d1 a4060096 85ace080 85a7b520 SynTP+0x497
a4060028 8bddd8e7 85a7b504 85a7b404 00000035 SynTP+0xd9d1
a4060054 8bdca371 85ace080 85a7b504 85a7b404 SynTP+0xc8e7
a4060098 81c93941 85fe7c80 85a7b230 00000000 i8042prt!I8042MouseInterruptService+0xeb
a4060098 81c6dbfb 85fe7c80 85a7b230 00000000 nt!KiInterruptDispatch+0x51
a406013c 81c6d3b6 0000005c a4060654 00000000 nt!_ValidateEH3RN+0x3a
a40605a8 81c6db40 a40605cc 8232e926 00000000 nt!_woutput_l+0x30b
a40605ec 81c6dba0 a4060654 00000063 8232e924 nt!_vsnwprintf_l+0x7b
a4060608 82325038 a4060654 00000063 8232e924 nt!_vsnwprintf+0x18
a406062c 8232b056 a4060654 000000c8 8232e924 volmgr!StringCbPrintfW+0x3a
a4060720 8232dc95 855977d0 84855e28 84855f70 volmgr!VmpQueryDeviceName+0x46
a4060758 81cfbfd3 85597718 84855f70 00000000 volmgr!VmDeviceControl+0x237
a4060770 87f6a81f a40607d4 87f77d58 859f3020 nt!IofCallDriver+0x63
a4060778 87f77d58 859f3020 84855e28 84855e28 ecache!EcDispatchPassthrough+0x43
a40607d4 81cfbfd3 859f3020 84855e28 84855f94 ecache!EcDispatchDeviceControl+0x3e
a40607ec 87f45470 00000000 859f4020 00000000 nt!IofCallDriver+0x63
a4060810 81cfbfd3 84855f70 84855e28 aa14d380 volsnap!VolSnapDeviceControl+0x42
a4060828 8239c472 00000000 84e10ef0 00000000 nt!IofCallDriver+0x63
a4060904 8239c7a4 00e10ef0 a406096c a4060938 mountmgr!QueryDeviceInformation+0x2a2
a4060944 823a02e0 84e10ef0 a406096c 00000000 mountmgr!FindDeviceInfo+0x3a
a406098c 823a4858 84e10ef0 84206a28 00000103 mountmgr!MountMgrQueryDosVolumePath+0x6c
a40609a8 81cfbfd3 84e10f0c 84206a98 00000200 mountmgr!MountMgrDeviceControl+0x8c
a40609c0 81e00038 a4061510 a40615a4 8c2bb246 nt!IofCallDriver+0x63
a4061220 8c2bb4c5 85597718 a40614c4 a4061510 nt!IoVolumeDeviceToDosName+0x145
a40614ec 81c97a1a a40615d0 00000004 a40615b0 SafeBoxKrnl+0x74c5
a40614ec 81c95635 a40615d0 00000004 a40615b0 nt!KiFastCallEntry+0x12a
a4061580 80793f61 a40615d0 00000004 a40615b0 nt!ZwCreateSection+0x11
a40615d4 80795bcd a4061614 a4061620 a4061624 CI!I_MapAndSizeDataFile+0x83
a4061648 80795f0a 000033e2 aa0cf0c0 00000000 CI!I_MapCatalog+0xf2
a4061700 80796045 a406175c a40663d5 a406189c CI!I_ReloadCatalogs+0x208
a406174c 807962e8 a40618c4 00000000 00000001 CI!I_FindFileOrHeaderHashInCatalogs+0xc1
a4061774 80792e95 a40618c4 00000001 00000001 CI!MinCrypK_FindPageHashesInCatalog+0x21
a40617d4 807932a5 84883560 a40618c4 a4061824 CI!CipGetPageHashesForFile+0x9b
a406186c 807938e9 84883560 ae84a000 00001000 CI!CipValidatePageHash+0xeb
a40618dc 81ddc0f1 84883560 ae84a000 00001000 CI!CiValidateImageHeader+0x143
a40618f8 81ddc24d 84883560 ae84a000 00001000 nt!SeValidateImageHeader+0x4d
a406196c 81e851fd 84883560 8461dc90 00000002 nt!MiValidateImageHeader+0x149
a4061a88 81e892d8 a4061adc 000f001f a4061f74 nt!MmCreateSection+0x554
a4061afc 8c2bb39e a4061f24 000f001f a4061f74 nt!NtCreateSection+0x177
a4061ddc 81c97a1a a4061f24 000f001f a4061f74 SafeBoxKrnl+0x739e
a4061ddc 81c95635 a4061f24 000f001f a4061f74 nt!KiFastCallEntry+0x12a
a4061e70 81e0915f a4061f24 000f001f a4061f74 nt!ZwCreateSection+0x11
a406242c 8c2bcbdc 0dcdef78 0dcdef58 02000000 nt!NtCreateUserProcess+0x394
a4062d30 81c97a1a 0dcdef78 0dcdef58 02000000 SafeBoxKrnl+0x8bdc
a4062d30 77249a94 0dcdef78 0dcdef58 02000000 nt!KiFastCallEntry+0x12a
0dcdf15c 00000000 00000000 00000000 00000000 0x77249a94
STACK_COMMAND: .tss 0x28 ; kbFOLLOWUP_IP:
SynTP+497
8bdd1497 6a00 push 0SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: SynTP+497
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SynTP
IMAGE_NAME: SynTP.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 46327b78
FAILURE_BUCKET_ID: 0x7f_8_SynTP+497
BUCKET_ID: 0x7f_8_SynTP+497
Followup: MachineOwner
--------- -
不同意楼上观点!可能是误导!因为symbols file不能识别 syntp.sys和safeboxkrnl.sys所以才傻傻的报他们两的错!
