Compreendendo a falha na unidade do arquivo Memory.dmp

Question

Compreendendo a falha na unidade do arquivo Memory.dmp

0

Eu tenho um PC com Windows 7 para área de trabalho que é mantido reinicializado aleatoriamente, então eu observei no log de eventos que havia muitos eventos Critical kernel-power seguidos por eventos bugcheck .

O evento bugcheck apontou para o arquivo C:\windows\MEMORY.dmp . Abrir isso em WinDbg e executar o comando !analyze -v no arquivo me deu a seguinte saída:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffffffffffffd8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002c6d25b, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  ffffffffffffffd8 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExpScanGeneralLookasideList+a0
fffff800'02c6d25b 418b40d8        mov     eax,dword ptr [r8-28h]

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

TRAP_FRAME:  fffff880035169b0 -- (.trap 0xfffff880035169b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000014ca rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c6d25b rsp=fffff88003516b40 rbp=0000000000000001
 r8=0000000000000000  r9=0000000000000004 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po cy
nt!ExpScanGeneralLookasideList+0xa0:
fffff800'02c6d25b 418b40d8        mov     eax,dword ptr [r8-28h] ds:ffffffff'ffffffd8=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002c78169 to fffff80002c78bc0

STACK_TEXT:  
fffff880'03516868 fffff800'02c78169 : 00000000'0000000a ffffffff'ffffffd8 00000000'00000002 00000000'00000000 : nt!KeBugCheckEx
fffff880'03516870 fffff800'02c76de0 : fffff880'00000000 fffff800'02c7d2e0 00000000'00000000 fffff800'02e1e440 : nt!KiBugCheckDispatch+0x69
fffff880'035169b0 fffff800'02c6d25b : 00000000'00000000 fffff800'02eb0c40 00000000'00000000 00000000'00000003 : nt!KiPageFault+0x260
fffff880'03516b40 fffff800'02c62a60 : 00000000'00000001 00000000'00000008 00000000'00000001 fffff800'02eb0c40 : nt!ExpScanGeneralLookasideList+0xa0
fffff880'03516ba0 fffff800'02c62fae : 00000000'00000008 fffff880'03516c10 00000000'00000001 fffffa80'00000000 : nt!ExAdjustLookasideDepth+0x40
fffff880'03516bd0 fffff800'02f1473a : fffffa80'03579530 00000000'00000080 fffffa80'0355b890 00000000'00000001 : nt!KeBalanceSetManager+0x1be
fffff880'03516d40 fffff800'02c698e6 : fffff880'03100180 fffffa80'03579530 fffff880'0310afc0 00000000'00000000 : nt!PspSystemThreadStartup+0x5a
fffff880'03516d80 00000000'00000000 : fffff880'03517000 fffff880'03511000 fffff880'03516700 00000000'00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpScanGeneralLookasideList+a0
fffff800'02c6d25b 418b40d8        mov     eax,dword ptr [r8-28h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ExpScanGeneralLookasideList+a0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  531590fb

IMAGE_VERSION:  6.1.7601.18409

FAILURE_BUCKET_ID:  X64_0xA_nt!ExpScanGeneralLookasideList+a0

BUCKET_ID:  X64_0xA_nt!ExpScanGeneralLookasideList+a0

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xa_nt!expscangenerallookasidelist+a0

FAILURE_ID_HASH:  {2d4aa3ce-d2f6-a1c2-6e10-dc77b60dfba4}

Followup: MachineOwner
---------

Como você pode ver, há uma falha em um dos meus drivers ( DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT ), mas ele não me diz qual deles?

Como faço para encontrar o driver defeituoso?

Atualizar

Após outra tela azul e reinicialização, nenhum evento Bugcheck foi registrado, mas uma ID de evento: 219 (212) foi registrada. Isso explica:

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB&37c186b&0&STORAGE#VOLUME#_??
_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#.

drivers windows-7 debug windbg minidumps

por Richard 19.12.2014 / 11:39

0 respostas

Tags drivers windows-7 debug windbg minidumps

Como posso mudar a tecla de atalho para renomear Enter (Return) no gerenciador de arquivos Thunar? Como reverter para o Windows 8.1 Single Language from 8.1 Pro?