locked
WinDbg分析DMP檔案的內容看不太懂 RRS feed

  • 一般討論

  • 有請各位高手指導,不知這是甚麼狀況

    Microsoft (R) Windows Debugger  Version 6.6.0007.5
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [J:\driver_IRQ0428\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols

    Executable search path is:
    Windows Vista Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Kernel base = 0x82a15000 PsLoadedModuleList = 0x82b5f850
    Debug session time: Thu Apr 28 15:21:46.475 2011 (GMT+8)
    System Uptime: 0 days 0:00:56.318
    Loading Kernel Symbols
    ......................................................................................................................................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 7ffd900c).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, 2, 0, 852a48f4}

    Probably caused by : Unknown_Image ( ACPI!ACPIVectorDisable+8 )

    Followup: MachineOwner
    ---------

    16.0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 852a48f4, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    ACPI!ACPIVectorDisable+8
    852a48f4 8b00            mov     eax,dword ptr [eax]

    DEFAULT_BUCKET_ID:  VISTA_RC

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  devpathexer.ex

    LAST_CONTROL_TRANSFER:  from 00000000 to 00000000

    STACK_TEXT: 
    00000000 00000000 00000000 00000000 00000000 0x0


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP:
    ACPI!ACPIVectorDisable+8
    852a48f4 8b00            mov     eax,dword ptr [eax]

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  Unknown_Image

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    SYMBOL_NAME:  ACPI!ACPIVectorDisable+8

    BUCKET_ID:  INVALID_KERNEL_CONTEXT

    MODULE_NAME: Unknown_Module

    Followup: MachineOwner
    ---------

    16.0: kd> lmvm Unknown_Module
    start    end        module name

    • 已移動 AChange 2011年4月29日 上午 03:07 (從:Windows Server (Windows Server 2008 的問題請移駕Windows Server 2008專區))
    • 已變更類型 AChange 2011年5月3日 上午 03:54 Please contact the Microsoft Support Customer Service
    2011年4月28日 上午 11:52

所有回覆

  • update the dmp file.

    WARNING: Whitespace at end of path element

    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [J:\driver_IRQ0428\MEMORY0429.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    WARNING: Whitespace at end of path element
    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols

    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x82a1c000 PsLoadedModuleList = 0x82b66850
    Debug session time: Fri Apr 29 10:21:02.954 2011 (UTC + 8:00)
    System Uptime: 0 days 0:00:59.686
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .......
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, 2, 0, 852328f4}

    *** ERROR: Module load completed but symbols could not be loaded for EXT_ACPI.sys
    Page 5dcbe not present in the dump file. Type ".hh dbgerr004" for details
    Probably caused by : EXT_ACPI.sys ( EXT_ACPI+1c3f )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 852328f4, address which referenced memory

    Debugging Details:
    ------------------

    Page 5dcbe not present in the dump file. Type ".hh dbgerr004" for details

    READ_ADDRESS:  00000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    ACPI!ACPIVectorDisable+8
    852328f4 8b00            mov     eax,dword ptr [eax]

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  devpathexer.ex

    TRAP_FRAME:  97c6ba64 -- (.trap 0xffffffff97c6ba64)
    ErrCode = 00000000
    eax=00000000 ebx=00000100 ecx=8a4cfe18 edx=00000000 esi=8a4cfda8 edi=82e31700
    eip=852328f4 esp=97c6bad8 ebp=97c6bad8 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    ACPI!ACPIVectorDisable+0x8:
    852328f4 8b00            mov     eax,dword ptr [eax]  ds:0023:00000000=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 852328f4 to 82a5d5cb

    STACK_TEXT: 
    97c6ba64 852328f4 badb0d00 00000000 ffffffff nt!KiTrap0E+0x2cf
    97c6bad8 85319c3f 8a4ec030 00000000 8a4cfda8 ACPI!ACPIVectorDisable+0x8
    WARNING: Stack unwind information not available. Following frames may be wrong.
    97c6baf8 8531910f 004cfda8 869aae38 96750f48 EXT_ACPI+0x1c3f
    97c6bb14 82d4d6c3 014cfcf0 00000103 93955048 EXT_ACPI+0x110f
    97c6bb38 82a5354a 00000000 96750f48 8a4cfcf0 nt!IovCallDriver+0x258
    97c6bb4c 82c4799f 93955048 96750f48 96750fdc nt!IofCallDriver+0x1b
    97c6bb6c 82c8d619 8a4cfcf0 93955048 00000001 nt!IopSynchronousServiceTail+0x1f8
    97c6bc08 82a5a1ea 8a4cfcf0 00000000 00000000 nt!NtWriteFile+0x6e8
    97c6bc08 77db70b4 8a4cfcf0 00000000 00000000 nt!KiFastCallEntry+0x12a
    0188facc 00000000 00000000 00000000 00000000 0x77db70b4


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    EXT_ACPI+1c3f
    85319c3f eb20            jmp     EXT_ACPI+0x1c61 (85319c61)

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  EXT_ACPI+1c3f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: EXT_ACPI

    IMAGE_NAME:  EXT_ACPI.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4dad5a64

    FAILURE_BUCKET_ID:  0xD1_VRF_EXT_ACPI+1c3f

    BUCKET_ID:  0xD1_VRF_EXT_ACPI+1c3f

    Followup: MachineOwner
    ---------

     

    2011年4月29日 上午 02:31
  • 假如你真的有不了解的話

    建議你可以直接打電話給微軟工程師

    開一個問題給他們進行處理

    請他們告訴你問題出問題的點在哪裡

    我相信這樣子會比較快的

     

    2011年4月29日 上午 03:35