Quais são as possíveis causas do Windows para o Flash Orange na inicialização
1
Em um sistema operacional Windows 7 PosReady, observe um flash laranja na inicialização. Acontece muito rapidamente, é quase imperceptível. Para capturá-lo, iniciei no Hyper-V e configurei a CPU para um uso máximo de 1% para retardar o processo de inicialização. Uma pesquisa no google dessa experiência faz com que muitos usuários encontrem isso, mas não encontraram nenhuma definição definitiva.
Captura de tela da máquina virtual:
Comoestavalentoosuficiente,agoraeupodiainvadirodepuradorKernelenquantoatelalaranjaaindaestavasendoexibida.
Issoéoqueestásendoexecutadonomomento:
O WinLogon / WinInit acumula a tempo. SWIN é o agente McAfee Solidcore.
PROCESS 86c5b7f0 SessionId: 1 Cid: 02c4 Peb: 7ffd8000 ParentCid: 028c
DirBase: f6ea50e0 ObjectTable: a1cd5a88 HandleCount: 0.
Image: winlogon.exe
VadRoot 85cca438 Vads 8 Clone 0 Private 9. Modified 0. Locked 0.
DeviceMap 00000000
Token a1cd69a8
ElapsedTime 00:00:06.609
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 7636
QuotaPoolUsage[NonPagedPool] 480
Working Set Sizes (now,min,max) (18, 50, 345) (72KB, 200KB, 1380KB)
PeakWorkingSetSize 19
VirtualSize 2 Mb
PeakVirtualSize 2 Mb
PageFaultCount 15
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 60
THREAD 86e9e378 Cid 02c4.02c8 Teb: 7ffdf000 Win32Thread: 00000000 RUNNING on processor 0
IRP List:
86feea50: (0006,02d4) Flags: 00000884 Mdl: 00000000
Not impersonating
Owning Process 86c5b7f0 Image: winlogon.exe
Attached Process N/A Image: N/A
Wait Start TickCount 37023 Ticks: 13 (0:00:00:00.203)
Context Switch Count 6 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.093
Win32 Start Address 0x006412bf
Stack Init 91407ed0 Current 914074f0 Base 91408000 Limit 91405000 Call 00000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr
91407400 828c99d0 nt!RtlpBreakWithStatusInstruction (FPO: [1,0,0])
91407408 828c99a2 nt!KdCheckForDebugBreak+0x22 (FPO: [0,0,0])
91407438 828c9830 nt!KeUpdateRunTime+0x164
91407490 828c9033 nt!KeUpdateSystemTime+0x613
91407490 82971605 nt!KeUpdateSystemTimeAssist+0x13 (FPO: [0,2] TrapFrame @ 914074a4)
91407560 8d6249d0 nt!ExAllocatePoolWithTag+0x5fb
WARNING: Stack unwind information not available. Following frames may be wrong.
91407574 8d6d9dbf swin+0x39d0
91407590 8d6d9ed6 swin+0xb8dbf
914075a8 8d67cb90 swin+0xb8ed6
914075f4 8d673d95 swin+0x5bb90
91407614 8d68db07 swin+0x52d95
914076dc 8d68e114 swin+0x6cb07
9140770c 8d64c80a swin+0x6d114
9140772c 8d648c4f swin+0x2b80a
9140775c 8d64a9ca swin+0x27c4f
9140778c 8d64b1c2 swin+0x299ca
914077c0 8d64482f swin+0x2a1c2
914077dc 8d7d4e09 swin+0x2382f
91407820 82885129 swin+0x1b3e09
91407838 82a99539 nt!IofCallDriver+0x63
91407918 82a788fe nt!IopParseDevice+0xf08
91407994 82a88eb0 nt!ObpLookupObjectName+0x510
914079f4 82a7f7db nt!ObOpenObjectByName+0x165
91407a70 82a85b33 nt!IopCreateFile+0x673
91407ab8 82acfea3 nt!NtOpenFile+0x2a
91407b38 82aae8e9 nt!PfSnGetPrefetchInstructions+0xab
91407bc8 82ac67bd nt!PfSnBeginAppLaunch+0x303
91407bd8 82aac652 nt!PfProcessCreateNotification+0x65
91407c20 828ffa59 nt!PspUserThreadStartup+0x113
00000000 00000000 nt!KiThreadStartup+0x19
PROCESS 85ccad28 SessionId: 0 Cid: 02cc Peb: 7ffd3000 ParentCid: 025c
DirBase: f6ea5100 ObjectTable: 9f20f820 HandleCount: 0.
Image: wininit.exe
VadRoot 86c4c568 Vads 8 Clone 0 Private 10. Modified 0. Locked 0.
DeviceMap 00000000
Token 9f24c770
ElapsedTime 00:00:01.109
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 7236
QuotaPoolUsage[NonPagedPool] 480
Working Set Sizes (now,min,max) (19, 50, 345) (76KB, 200KB, 1380KB)
PeakWorkingSetSize 20
VirtualSize 1 Mb
PeakVirtualSize 1 Mb
PageFaultCount 16
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 59
THREAD 8707f560 Cid 02cc.02d0 Teb: 7ffdf000 Win32Thread: 00000000 READY on processor 0
IRP List:
88b77008: (0006,02d4) Flags: 00060043 Mdl: 9a1f0900
87eda788: (0006,02d4) Flags: 00000884 Mdl: 00000000
Not impersonating
Owning Process 85ccad28 Image: wininit.exe
Attached Process N/A Image: N/A
Wait Start TickCount 37032 Ticks: 4 (0:00:00:00.062)
Context Switch Count 4 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.140
Win32 Start Address 0x00ea4dc8
Stack Init 8f8f0ed0 Current 8f8f02e8 Base 8f8f1000 Limit 8f8ee000 Call 00000b2c
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr
8f8f0300 828ccf6d nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
8f8f0338 828cbdc7 nt!KiSwapThread+0x266
8f8f0360 828c560f nt!KiCommitThreadWait+0x1df
8f8f03dc 8d825c77 nt!KeWaitForSingleObject+0x393
8f8f03fc 8d82674a Ntfs!NtfsWaitOnIo+0x1c (FPO: [Non-Fpo])
8f8f051c 8d82a765 Ntfs!NtfsNonCachedIo+0x456 (FPO: [Non-Fpo])
8f8f05f0 8d82bdc5 Ntfs!NtfsCommonRead+0x1148 (FPO: [Non-Fpo])
8f8f0728 82885129 Ntfs!NtfsFsdRead+0x279 (FPO: [Non-Fpo])
8f8f0740 8d49e20c nt!IofCallDriver+0x63
8f8f0764 8d49e3cb FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa (FPO: [Non-Fpo])
8f8f079c 82885129 FLTMGR!FltpDispatch+0xc5 (FPO: [Non-Fpo])
8f8f07b4 8d64483e nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
8f8f07c8 8d66153f swin+0x2383e
8f8f0808 82885129 swin+0x4053f
8f8f0820 82913ddf nt!IofCallDriver+0x63
8f8f083c 828f5deb nt!IoPageRead+0x1f5
8f8f08a4 828df2cc nt!MiIssueHardFault+0x28c
8f8f0924 8288ef98 nt!MmAccessFault+0x29fc
8f8f0924 82a84de6 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 8f8f093c)
8f8f09f0 8d8c1305 nt!CcMapData+0xae
8f8f0a18 8d8c6931 Ntfs!NtfsMapStream+0x4a (FPO: [Non-Fpo])
8f8f0a48 8d8b2792 Ntfs!ReadIndexBuffer+0xdd (FPO: [Non-Fpo])
8f8f0a78 8d8bd050 Ntfs!FindFirstIndexEntry+0x1fa (FPO: [Non-Fpo])
8f8f0ac4 8d8c543b Ntfs!NtfsFindIndexEntry+0x48 (FPO: [Non-Fpo])
8f8f0af8 8d8ad6bb Ntfs!NtfsLookupEntry+0xa4 (FPO: [Non-Fpo])
8f8f0bdc 8d8311b6 Ntfs!NtfsCommonCreate+0x98a (FPO: [Non-Fpo])
8f8f0c1c 828ce08a Ntfs!NtfsCommonCreateCallout+0x20 (FPO: [Non-Fpo])
8f8f0c1c 828ce181 nt!KiSwapKernelStackAndExit+0x15a (FPO: [0,0] TrapFrame @ 8f8f0c34)
9140b4fc 828d7d7f nt!KiSwitchKernelStackAndCallout+0x31
9140b570 8d8310ec nt!KeExpandKernelStackAndCalloutEx+0x29d
9140b5a8 8d8c2a6a Ntfs!NtfsCommonCreateOnNewStack+0x39 (FPO: [Non-Fpo])
9140b6a4 82885129 Ntfs!NtfsFsdCreate+0x1f8 (FPO: [Non-Fpo])
9140b6bc 8d49e20c nt!IofCallDriver+0x63
9140b6e0 8d4b18c9 FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa (FPO: [Non-Fpo])
9140b72c 82885129 FLTMGR!FltpCreate+0x2db (FPO: [Non-Fpo])
9140b744 8d664745 nt!IofCallDriver+0x63
9140b758 8d64aa53 swin+0x43745
9140b78c 8d64b1c2 swin+0x29a53
9140b7c0 8d64482f swin+0x2a1c2
9140b7dc 8d7d4e09 swin+0x2382f
por Malcolm McCaffery
20.09.2017 / 01:52