none
求助!WIN7蓝屏!Probably caused by : ntkrnlpa.exe ( nt+120795 )。 RRS feed

  • 问题

  • 最近开机的时候总是蓝屏,在网上搜索了各种方法,仍然没有解决,希望各位帮忙分析下是什么原因引起?

    以下是dmp文件:

     

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

    Copyright (c) Microsoft Corporation. All rights reserved.

     

     

    Loading Dump File [C:\Windows\Minidump\091110-24234-01.dmp]

    Mini Kernel Dump File: Only registers and stack trace are available

     

    Symbol search path is: *** Invalid ***

    ****************************************************************************

    * Symbol loading may be unreliable without a symbol search path.           *

    * Use .symfix to have the debugger choose a symbol path.                   *

    * After setting your symbol path, use .reload to refresh symbol locations. *

    ****************************************************************************

    Executable search path is: 

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y <symbol_path> argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2

    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe

    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe

    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible

    Product: WinNt, suite: TerminalServer SingleUserTS

    Built by: 7600.16617.x86fre.win7_gdr.100618-1621

    Machine Name:

    Kernel base = 0x84602000 PsLoadedModuleList = 0x8474a810

    Debug session time: Sat Sep 11 08:40:10.203 2010 (GMT+8)

    System Uptime: 0 days 0:00:11.718

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y <symbol_path> argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2

    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe

    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe

    Loading Kernel Symbols

    ...............................................................

    ......................

    Loading User Symbols

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

     

    Use !analyze -v to get detailed debugging information.

     

    BugCheck C5, {e598, 2, 0, 84722795}

     

    *** WARNING: Unable to verify timestamp for mssmbios.sys

    *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

     

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y <symbol_path> argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y <symbol_path> argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Probably caused by : ntkrnlpa.exe ( nt+120795 )

     

    Followup: MachineOwner

    ---------

     

    0: kd> !analyze -v

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

     

    DRIVER_CORRUPTED_EXPOOL (c5)

    An attempt was made to access a pageable (or completely invalid) address at an

    interrupt request level (IRQL) that is too high.  This is

    caused by drivers that have corrupted the system pool.  Run the driver

    verifier against any new (or suspect) drivers, and if that doesn't turn up

    the culprit, then use gflags to enable special pool.

    Arguments:

    Arg1: 0000e598, memory referenced

    Arg2: 00000002, IRQL

    Arg3: 00000000, value 0 = read operation, 1 = write operation

    Arg4: 84722795, address which referenced memory

     

    Debugging Details:

    ------------------

     

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

     

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y <symbol_path> argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y <symbol_path> argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

     

    ADDITIONAL_DEBUG_TEXT:  

    Use '!findthebuild' command to search for the target build information.

    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

     

    MODULE_NAME: nt

     

    FAULTING_MODULE: 84602000 nt

     

    DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c3fac

     

    BUGCHECK_STR:  0xC5_2

     

    CURRENT_IRQL:  0

     

    FAULTING_IP: 

    nt+120795

    84722795 8b10            mov     edx,dword ptr [eax]

     

    CUSTOMER_CRASH_COUNT:  1

     

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

     

    LAST_CONTROL_TRANSFER:  from 84722795 to 8464882b

     

    STACK_TEXT:  

    WARNING: Stack unwind information not available. Following frames may be wrong.

    807867a4 84722795 badb0d00 84737a30 000008e1 nt+0x4682b

    80786850 847218aa 847378c0 00000000 8771de28 nt+0x120795

    807868bc 847c8960 874e7230 54496656 8460eefb nt+0x11f8aa

    80786904 847936b7 8771fe70 8520e000 40000000 nt+0x1c6960

    80786950 847945a5 8771fe70 ffffffff 00000000 nt+0x1916b7

    80786974 848bd5d7 8771fe70 867f0718 87738618 nt+0x1925a5

    8078698c 84823788 87738630 87738630 87738618 nt+0x2bb5d7

    807869a4 8466af60 00000000 8772d000 87738630 nt+0x221788

    80786b9c 849b3853 00000001 00000000 80786bd4 nt+0x68f60

    80786be8 849af87b 80811a28 8080b6c8 00000000 nt+0x3b1853

    80786c6c 849b4e78 0080b6c8 86761d10 867619a0 nt+0x3ad87b

    80786d48 8478d494 80786d90 848106d3 8080b6c8 nt+0x3b2e78

    80786d50 848106d3 8080b6c8 ade0fef0 00000000 nt+0x18b494

    80786d90 846c20f9 8478d487 8080b6c8 00000000 nt+0x20e6d3

    00000000 00000000 00000000 00000000 00000000 nt+0xc00f9

     

     

    STACK_COMMAND:  kb

     

    FOLLOWUP_IP: 

    nt+120795

    84722795 8b10            mov     edx,dword ptr [eax]

     

    SYMBOL_STACK_INDEX:  1

     

    SYMBOL_NAME:  nt+120795

     

    FOLLOWUP_NAME:  MachineOwner

     

    IMAGE_NAME:  ntkrnlpa.exe

     

    BUCKET_ID:  WRONG_SYMBOLS

     

    Followup: MachineOwner

    ---------

     

    2010年9月11日 1:15

答案

  • 你好,

    在使用Windbg工具分析DMP文件时需要设置symbol路径,否则将在分析时将出现错误导致结果错误。DRIVER_CORRUPTED_EXPOOL表示一个驱动程序错误,如有必要请开启特殊池来捕获存在问题的驱动程序。

    另外,也可以将DMP转储文件上传至SkyDrive网盘中提供下载地址,以便大家能够帮助分析和解决问题。


    请将已解决的问题标记为“答案”,以便更多的朋友能够方便的找到问题解决方案。 MVP | Windows Desktop Experience | Virtualization Sino
    • 已标记为答案 Linda Yan 2010年9月14日 6:54
    2010年9月11日 3:52
    版主
  • 这是 0x000000C5 错误,一般是硬件兼容性问题或者硬件设备驱动程序不正确引起,包括虚拟设备驱动。如果问题是最近发现的,请检查最近有没有更换过硬件或驱动程序。
     
    --
    Alexis Zhang
     
    https://mvp.support.microsoft.com/profile/jie
    http://blogs.itecn.net/blogs/alexis
     
    推荐以 NNTP Bridge 桥接新闻组方式访问论坛以获取最佳用户体验。
     
    本帖是回复帖,原帖作者是楼上的 "yanghuhan"
     
    最近开机的时候总是蓝屏,在网上搜索了各种方法,仍然没有解决,希望各位帮忙分析下是什么?蛞穑?
    以下是dmp文件:
     
     
    • 已标记为答案 Linda Yan 2010年9月14日 6:54
    2010年9月11日 9:26

全部回复

  • 你好,

    在使用Windbg工具分析DMP文件时需要设置symbol路径,否则将在分析时将出现错误导致结果错误。DRIVER_CORRUPTED_EXPOOL表示一个驱动程序错误,如有必要请开启特殊池来捕获存在问题的驱动程序。

    另外,也可以将DMP转储文件上传至SkyDrive网盘中提供下载地址,以便大家能够帮助分析和解决问题。


    请将已解决的问题标记为“答案”,以便更多的朋友能够方便的找到问题解决方案。 MVP | Windows Desktop Experience | Virtualization Sino
    • 已标记为答案 Linda Yan 2010年9月14日 6:54
    2010年9月11日 3:52
    版主
  • 这是 0x000000C5 错误,一般是硬件兼容性问题或者硬件设备驱动程序不正确引起,包括虚拟设备驱动。如果问题是最近发现的,请检查最近有没有更换过硬件或驱动程序。
     
    --
    Alexis Zhang
     
    https://mvp.support.microsoft.com/profile/jie
    http://blogs.itecn.net/blogs/alexis
     
    推荐以 NNTP Bridge 桥接新闻组方式访问论坛以获取最佳用户体验。
     
    本帖是回复帖,原帖作者是楼上的 "yanghuhan"
     
    最近开机的时候总是蓝屏,在网上搜索了各种方法,仍然没有解决,希望各位帮忙分析下是什么?蛞穑?
    以下是dmp文件:
     
     
    • 已标记为答案 Linda Yan 2010年9月14日 6:54
    2010年9月11日 9:26