gaoyuan 的个人博客

菜鸡的成长之路

Open Source, Open Mind,
Open Sight, Open Future!
  menu
34 文章
1 评论
20800 浏览
1 当前访客
ღゝ◡╹)ノ❤️

windbug分析

BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

READ_ADDRESS: fffff8024c0fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 000000000000003d 

ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p            0x%p                    %s

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  000000000000003d

EXCEPTION_STR:  0xc0000005

STACK_TEXT:  
fffffa86`42042340 fffff802`4b62400f     : 00000000`00000000 00000000`00000000 00000000`0d480000 00000000`00000000 : nt!MiMakePageAvoidRead+0x182
fffffa86`420424c0 fffff802`4b6231bc     : ffffb488`a4805000 ffff9100`d7827eb8 fffffa86`00000000 00000000`00001000 : nt!MmCopyToCachedPage+0x28f
fffffa86`42042590 fffff802`4b62232a     : ffffdd0b`d63ba520 ffff9100`d7827eb8 fffffa86`42042788 ffffdd0b`0009d168 : nt!CcMapAndCopyInToCache+0x41c
fffffa86`42042730 fffff802`4fe3870c     : 00000000`00000000 ffffa20b`f07e2a20 ffffdd0b`00000000 00000000`00000000 : nt!CcCopyWriteEx+0xea
fffffa86`420427b0 00000000`00000000     : ffffa20b`f07e2a20 ffffdd0b`00000000 00000000`00000000 ffff9100`d7800020 : Ntfs+0x2870c


SYMBOL_NAME:  nt!MiMakePageAvoidRead+182

MODULE_NAME: nt

IMAGE_VERSION:  10.0.19041.985

STACK_COMMAND:  .cxr 0xfffffa8642041940 ; kb

IMAGE_NAME:  ntkrnlmp.exe

BUCKET_ID_FUNC_OFFSET:  182

FAILURE_BUCKET_ID:  AV_nt!MiMakePageAvoidRead

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {918cf436-8911-8f6c-d117-f9205f44d721}

Followup:     MachineOwner
---------


1: kd> !process
PROCESS ffffdd0bc34b9040
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 001ad000  ObjectTable: ffffa20bd367d080  HandleCount: <Data Not Accessible>
    Image: System
    VadRoot ffffdd0bcdc9d7d0 Vads 6 Clone 0 Private 22. Modified 1151810. Locked 0.
    DeviceMap ffffa20bd365b600
    Token                             ffffa20bd3621750
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      272
    Working Set Sizes (now,min,max)  (21, 50, 450) (84KB, 200KB, 1800KB)
    PeakWorkingSetSize                209
    VirtualSize                       3 Mb
    PeakVirtualSize                   14 Mb
    PageFaultCount                    3456
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      49

        *** Error in reading nt!_ETHREAD @ ffffdd0bc349e040

这只能说非常尴尬了 PROCESS_NAME: System IMAGE_NAME: ntkrnlmp.exe 都说明了系统的内核存在异常 !process 看下是否 是 svchost.exe 结果 直接不给我看

那么目前只有两个原因了

1.系统内核故障

<code>Dism /Online /Cleanup-Image /CheckHealth
Dism /Online /Cleanup-Image /ScanHealth
Dism /Online /Cleanup-Image /RestoreHealth
sfc /scannow
</code>

通过上述操作检查系统内核和镜像确认一下系统是否存在异常,可以看到确实是恢复了部分文件的。

  1. 我的设备硬件可能有问题啦

问题找到了洗洗睡觉 附上 大佬写的文档 https://answers.microsoft.com/zh-hans/windows/forum/all/windows-10/c19cca52-9b8f-44e3-abfa-fbea7db68f48?ocid=OO_Core_NEU_GetHelp_DG_GetHelp_Solutions


标题:windbug分析
作者:gaoyuan
地址:HTTP://jkgaoyuan.tech/articles/2021/07/04/1625328070000.html

评论
取消