蓝屏代码如下:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\062617-6156-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 15063 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff800`8fe12000 PsLoadedModuleList = 0xfffff800`9015e5a0
Debug session time: Mon Jun 26 06:12:05.699 2017 (GMT+8)
System Uptime: 0 days 0:03:57.565
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
............
Cannot read PEB32 from WOW64 TEB32 0000d407 - Win32 error 0n30
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {28, 2, 1, fffff80480aaf0ff}
Unable to load image ndis.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ndis.sys
*** ERROR: Module load completed but symbols could not be loaded for ndis.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : hardware_ram ( PAGE_NOT_ZERO )
Followup: MachineOwner
---------
*** Memory manager detected 54279 instance(s) of page corruption, target is likely to have memory corruption.
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80480aaf0ff, address which referenced memory
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: fffff8008fe12000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0000000000000028
CURRENT_IRQL: 0
FAULTING_IP:
ndis+4f0ff
fffff804`80aaf0ff 894128 mov dword ptr [rcx+28h],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
BAD_PAGES_DETECTED: d407
LAST_CONTROL_TRANSFER: from fffff8008ff893a9 to fffff8008ff7dfd0
STACK_TEXT:
ffffdc01`d3dbcc38 fffff800`8ff893a9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000001 : nt+0x16bfd0
ffffdc01`d3dbcc40 00000000`0000000a : 00000000`00000028 00000000`00000002 00000000`00000001 fffff804`80aaf0ff : nt+0x1773a9
ffffdc01`d3dbcc48 00000000`00000028 : 00000000`00000002 00000000`00000001 fffff804`80aaf0ff ffff838e`e22da650 : 0xa
ffffdc01`d3dbcc50 00000000`00000002 : 00000000`00000001 fffff804`80aaf0ff ffff838e`e22da650 00000000`00000000 : 0x28
ffffdc01`d3dbcc58 00000000`00000001 : fffff804`80aaf0ff ffff838e`e22da650 00000000`00000000 00000000`00000000 : 0x2
ffffdc01`d3dbcc60 fffff804`80aaf0ff : ffff838e`e22da650 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
ffffdc01`d3dbcc68 ffff838e`e22da650 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis+0x4f0ff
ffffdc01`d3dbcc70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffff838e`e22da650
STACK_COMMAND: kb
SYMBOL_NAME: PAGE_NOT_ZERO
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware
IMAGE_NAME: hardware_ram
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
*** Memory manager detected 54279 instance(s) of page corruption, target is likely to have memory corruption.
-----获取symbols后的debug结果
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80480aaf0ff, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 0000000000000028
CURRENT_IRQL: 2
FAULTING_IP:
ndis!ndisFreeConvertedPacket+1f
fffff804`80aaf0ff 894128 mov dword ptr [rcx+28h],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
BAD_PAGES_DETECTED: d407
LAST_CONTROL_TRANSFER: from fffff8008ff893a9 to fffff8008ff7dfd0
STACK_TEXT:
ffffdc01`d3dbcc38 fffff800`8ff893a9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffdc01`d3dbcc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
STACK_COMMAND: kb
SYMBOL_NAME: PAGE_NOT_ZERO
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: PAGE_NOT_ZERO
Followup: MachineOwner
---------
*** Memory manager detected 54279 instance(s) of page corruption, target is likely to have memory corruption.
该问题仅出现于与网络有连接或通信的条件下,断开网络时的使用不会出现此问题。
尝试过更新网卡驱动,无效。删除驱动后重启,系统自动安装的驱动也会有这个问题。
