none
WIN2000 SP4 重開機會發生藍色死亡畫面 RRS feed

  • 問題

  • 大家好:
    最近遇到WINDOWS 2000 SERVER SP4主機在重開機有時會遇到藍色死亡畫面,其錯誤訊息如下:
    *** STOP: 0x000000C5 (0x00000000,0x00000002,0x00000001,0x8046E0F6)

    希望有經驗的高手可以指點迷津一下告訴我可能的原因是什麼,感激不盡,謝謝!
    memory.dmp檔案內容如下:
    Microsoft (R) Windows Debugger  Version 6.6.0007.5
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINNT\MEMORY.DMP]
    Kernel Complete Dump File: Full address space is available

    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
    Product: Server
    Kernel base = 0x80400000 PsLoadedModuleList = 0x80485b80
    Debug session time: Sun May 24 01:02:26.328 2009 (GMT+8)
    System Uptime: 0 days 0:00:46.156
    Loading Kernel Symbols
    .....................................................................................
    Loading User Symbols
    ............................................
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C5, {1440000, 2, 1, 8046e0f6}

    *** ERROR: Module load completed but symbols could not be loaded for WinVNC4.exe
    Probably caused by : afd.sys ( afd!AfdCreateConnection+153 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 01440000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 8046e0f6, address which referenced memory

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0xC5_2

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt!ExAllocatePoolWithTag+536
    8046e0f6 8913            mov     dword ptr [ebx],edx

    DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

    PROCESS_NAME:  winvnc4.exe

    TRAP_FRAME:  f6be6438 -- (.trap fffffffff6be6438)
    ErrCode = 00000002
    eax=ff6d47a0 ebx=01440000 ecx=80479a40 edx=ff6d47a8 esi=ff6d6740 edi=80479240
    eip=8046e0f6 esp=f6be64ac ebp=f6be64d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
    nt!ExAllocatePoolWithTag+0x536:
    8046e0f6 8913            mov     dword ptr [ebx],edx  ds:0023:01440000=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8046e0f6 to 8046b1ac

    STACK_TEXT: 
    f6be6438 8046e0f6 e21acd00 e21ee640 e21ee618 nt!KiTrap0E+0x210
    f6be64d0 804dc543 00000000 00000000 e56c6946 nt!ExAllocatePoolWithTag+0x536
    f6be64f8 804dc0df 81043588 00000000 00000000 nt!ObpAllocateObject+0xe1
    f6be6530 804c40d0 00000000 82a9ba40 f6be6610 nt!ObCreateObject+0xb3
    f6be66dc 804535ce 828bcab0 00000000 f6be6794 nt!IopParseDevice+0x730
    f6be6754 804da4d8 00000000 82a79c00 00000240 nt!ObpLookupObjectName+0x504
    f6be6864 804a4495 00000000 00000000 f6be6900 nt!ObOpenObjectByName+0xc8
    f6be6940 804a403a ff6d4868 c0100000 f6be69fc nt!IopCreateFile+0x407
    f6be6988 f6dfa269 ff6d4868 c0100000 f6be69fc nt!IoCreateFile+0x36
    f6be6a60 f6dfa05a 827cc5b8 80000188 00000300 afd!AfdCreateConnection+0x153
    f6be6a88 f6dfc5d1 ff6cbd48 ff6d51e8 f6be6cc4 afd!AfdAddFreeConnection+0x36
    f6be6ae0 f6dfbb94 ff6d51e8 0001200b ff6ddb01 afd!AfdStartListen+0x177
    f6be6c20 804b3e2f ff6d51e8 00000001 00a2fc74 afd!AfdFastIoDeviceControl+0xcc
    f6be6d00 804abd50 000000d0 000000cc 00000000 nt!IopXxxControlFile+0x2e1
    f6be6d34 80468389 000000d0 000000cc 00000000 nt!NtDeviceIoControlFile+0x28
    f6be6d34 77f88403 000000d0 000000cc 00000000 nt!KiSystemService+0xc9
    00a2fc38 74f56081 000000d0 000000cc 00000000 ntdll!ZwDeviceIoControlFile+0xb
    00a2fc8c 74fbc5b6 000000d0 00000005 00a2fca8 msafd!WSPListen+0x104
    00a2fcac 0042643f 000000d0 00000005 0012fe60 WS2_32!listen+0x60
    WARNING: Stack unwind information not available. Following frames may be wrong.
    00a2fdec 004019ee 0000170c 00000000 ffffffff WinVNC4+0x2643f
    00a2fe2c 00401b01 0040324c 0012f9fc 00000000 WinVNC4+0x19ee
    00a2ff8c 00402b53 00000000 001379c8 0040a4e9 WinVNC4+0x1b01
    00a2ffec 00000000 796dcf33 001379c8 00000000 WinVNC4+0x2b53


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    afd!AfdCreateConnection+153
    f6dfa269 8bf8            mov     edi,eax

    SYMBOL_STACK_INDEX:  9

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: afd

    IMAGE_NAME:  afd.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4822bbed

    SYMBOL_NAME:  afd!AfdCreateConnection+153

    FAILURE_BUCKET_ID:  0xC5_2_afd!AfdCreateConnection+153

    BUCKET_ID:  0xC5_2_afd!AfdCreateConnection+153

    Followup: MachineOwner
    ---------

    2009年5月26日 上午 06:35

所有回覆

  • vnc (winvnc4.exe) 是你自己安裝的嗎?不是的話表示你電腦已經有木馬,被人開後門遠端遙控了。


    論壇是網友平等互助 保證解答請至 微軟技術支援服務
    2009年5月26日 上午 09:10
  • 有安裝REALVNC的軟體..版本為4.1.3
    2009年5月26日 上午 09:19
  • 看起來好像是Winvnc4.exe造成afd.sys(與Windows 通訊相關)掛掉。
    請問是否連安全模式都進不去。若可進去,先停止WinVNC服務啟動,看看能否正常開機。
    再做更新與掃毒動作。

    2009年5月27日 上午 02:25
  • 安全模式進的去,而且很奇怪的是這個情形是重開機偶爾會發生,發生時只要到主機前面按下reset就會正常運作。
    之前有在想是否是VNC(4.1.2)問題,所以更新成VNC(4.1.3)的版本,更新後還是會出現,所以完全不知道該往哪個方向去尋找,不知道大大是否有遇過這樣的奇怪問題

    藍色死亡畫面的最後一段有寫到
    *** Address 8046E0F6 base at 80400000, DataStamp 45ec3c8f - ntoskenl.exe
    Beginning dump of physical memory
    Physical memory dump complete. Contact  system administrator or technical support group.



    2009年5月27日 上午 02:37
  • 如果冷開機會出問題,暖開機就正常,可能檢查一下主機板是不是爆電容了...


    論壇是網友平等互助 保證解答請至 微軟技術支援服務
    2009年5月27日 上午 02:59
  • 我的是正常情況下重開機,所以是暖開機有可能會異常,冷開機是正常會開啟來
    2009年5月27日 上午 03:20
  • 主機上有設定排程每日自動重起,發生機率約一週發生ㄧ次,請問大大們還有其它方式可以處理這個問題嗎?

    2009年6月1日 上午 02:41