none
使用windbg工具分析蓝屏时,提示如下该怎么办 RRS feed

  • 问题

  • Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\minidump\052720-26953-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*
    Executable search path is: 
    Windows 10 Kernel Version 18362 MP (8 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Machine Name:
    Kernel base = 0xfffff802`17600000 PsLoadedModuleList = 0xfffff802`17a48170
    Debug session time: Wed May 27 22:29:55.276 2020 (UTC + 8:00)
    System Uptime: 0 days 1:34:28.157
    Loading Kernel Symbols
    .

    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.

    ..............................................................
    ................................................................
    ................................................................
    ...........................
    Loading User Symbols
    Loading unloaded module list
    .................

    ************* Symbol Loading Error Summary **************
    Module name            Error
    ntkrnlmp               The system cannot find the file specified

    You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
    You should also verify that your symbol search path (.sympath) is correct.
    For analysis of this file, run !analyze -v
    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000095, The exception code that was not handled
    Arg2: fffff8021f7c979e, The address that the exception occurred at
    Arg3: 0000000100000034, Parameter 0 of the exception
    Arg4: ffffe6000119b180, Parameter 1 of the exception

    KEY_VALUES_STRING: 1

        Key  : Analysis.CPU.Sec
        Value: 0

        Key  : Analysis.DebugAnalysisProvider.CPP
        Value: Create: 8007007e on LAPTOP-262A85RE

        Key  : Analysis.DebugData
        Value: CreateObject

        Key  : Analysis.DebugModel
        Value: CreateObject

        Key  : Analysis.Elapsed.Sec
        Value: 2

        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 74

        Key  : Analysis.System
        Value: CreateObject


    ADDITIONAL_DEBUG_TEXT:  
    You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

    WRONG_SYMBOLS_TIMESTAMP: b785e389

    WRONG_SYMBOLS_SIZE: ab7000

    FAULTING_MODULE: fffff80217600000 nt

    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump

    BUGCHECK_CODE:  1e

    BUGCHECK_P1: ffffffffc0000095

    BUGCHECK_P2: fffff8021f7c979e

    BUGCHECK_P3: 100000034

    BUGCHECK_P4: ffffe6000119b180

    EXCEPTION_PARAMETER1:  0000000100000034

    EXCEPTION_PARAMETER2:  ffffe6000119b180

    BLACKBOXBSD: 1 (!blackboxbsd)


    BLACKBOXNTFS: 1 (!blackboxntfs)


    BLACKBOXPNP: 1 (!blackboxpnp)


    BLACKBOXWINLOGON: 1

    CUSTOMER_CRASH_COUNT:  1

    STACK_TEXT:  
    ffffe600`011ff8f8 fffff802`1785ad71 : 00000000`0000001e ffffffff`c0000095 fffff802`1f7c979e 00000001`00000034 : nt!KeBugCheckEx
    ffffe600`011ff900 fffff802`177c3202 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!memset+0x858f1
    ffffe600`011fffb0 fffff802`177c31d0 : fffff802`177d4316 00000000`00000000 ffff8581`1da2f470 00000000`0000000f : nt!KeSaveStateForHibernate+0x172
    ffff8581`1da2f268 fffff802`177d4316 : 00000000`00000000 ffff8581`1da2f470 00000000`0000000f 00000000`00000000 : nt!KeSaveStateForHibernate+0x140
    ffff8581`1da2f270 fffff802`177cd00a : fffff802`00000000 fffff802`180ba37b 00000000`00000000 00001f80`00000200 : nt!setjmpex+0x8306
    ffff8581`1da2f450 fffff802`1f7c979e : 000024ef`bd9bbfff 00000000`00000001 ffffe600`00000000 00000001`00000034 : nt!setjmpex+0xffa
    ffff8581`1da2f5e0 000024ef`bd9bbfff : 00000000`00000001 ffffe600`00000000 00000001`00000034 fffff802`18127000 : 0xfffff802`1f7c979e
    ffff8581`1da2f5e8 00000000`00000001 : ffffe600`00000000 00000001`00000034 fffff802`18127000 00000000`00000000 : 0x000024ef`bd9bbfff
    ffff8581`1da2f5f0 ffffe600`00000000 : 00000001`00000034 fffff802`18127000 00000000`00000000 00000000`00000000 : 0x1
    ffff8581`1da2f5f8 00000001`00000034 : fffff802`18127000 00000000`00000000 00000000`00000000 fffff802`177c90d6 : 0xffffe600`00000000
    ffff8581`1da2f600 fffff802`18127000 : 00000000`00000000 00000000`00000000 fffff802`177c90d6 ffffaf03`b0d2f080 : 0x00000001`00000034
    ffff8581`1da2f608 00000000`00000000 : 00000000`00000000 fffff802`177c90d6 ffffaf03`b0d2f080 00000000`00000000 : hal!HalHandleNMI+0x25150


    SYMBOL_NAME:  nt_wrong_symbols!B785E389AB7000

    IMAGE_VERSION:  10.0.18362.836

    STACK_COMMAND:  .thread ; .cxr ; kb

    EXCEPTION_CODE_STR:  B785E389

    EXCEPTION_STR:  WRONG_SYMBOLS

    PROCESS_NAME:  ntoskrnl.wrong.symbols.exe

    IMAGE_NAME:  ntoskrnl.wrong.symbols.exe

    MODULE_NAME: nt_wrong_symbols

    FAILURE_BUCKET_ID:  WRONG_SYMBOLS_X64_10.0.18362.836_(WinBuild.160101.0800)_TIMESTAMP_670727-151105_B785E389_nt_wrong_symbols!B785E389AB7000

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 10

    FAILURE_ID_HASH:  {be4b2927-632d-b0b2-3cbe-1e675d084af4}

    Followup:     MachineOwner
    ---------

    2020年5月27日 17:40

全部回复

  • 你好,

    KMODE_EXCEPTION_NOT_HANDLED (1e) 报错含义为内核模式程序产生异常,而该异常没有被错误处理程序捕获到。

    通常该问题由于硬件不兼容,驱动或者服务故障导致。建议先查看该问题是否在安全模式及干净启动模式下是否还会产生。然后再使用driver verifier工具进行查看。

    详细信息请参考链接:

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x1e--kmode-exception-not-handled

    我们发现你发了两个蓝屏问题,该问题是不同的机器产生的不同蓝屏问题吗?

    如果是同一个机器产生的不同蓝屏问题,建议使用driver verifier排查一下驱动问题。


    针对Windows 2008/2008R2的扩展支持已于2020年1月结束,微软不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。


    • 已编辑 Joy-Qiao 2020年5月28日 2:36
    2020年5月28日 2:35
  • 你好,

    该问题有什么更新吗?

    如果我的回复对你有帮助,请标记为答案。

    如果有其他问题,请随时跟帖。


    针对Windows 2008/2008R2的扩展支持已于2020年1月结束,微软不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。


    • 已编辑 Joy-Qiao 2020年6月2日 7:56
    2020年6月2日 7:56