360netmon.sys蓝屏:PAGE_FAULT_IN_NONPAGED_AREA (50)
无任何操作蓝屏怎么解决?Loading Dump File
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff800`0b600000 PsLoadedModuleList = 0xfffff800`0c22a7c0
Debug session time: Tue Jan 21 07:03:58.753 2025 (UTC + 8:00)
System Uptime: 15 days 7:42:39.220
Loading Kernel Symbols
...............................................................
................................................................
................................................................
................................................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`0b9fe310 48894c2408 mov qword ptr ,rcx ss:0018:ffffc601`d9a67ca0=0000000000000050
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffc5e2c0000000, memory referenced.
Arg2: 0000000000000000, X64: bit 0 set if the fault was due to a not-present PTE.
bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the processor decided the fault was due to a corrupted PTE.
bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
- ARM64: bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: 0000000000000000, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000006, (reserved)
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for 360netmon.sys
*** WARNING: Check Image - Checksum mismatch - Dump: 0x28228, File: 0x30143 - C:\ProgramData\Dbg\sym\bindflt.sys\A3AFF37B28000\bindflt.sys
KEY_VALUES_STRING: 1
Key: AV.Type
Value: Read
Key: Analysis.CPU.mSec
Value: 1796
Key: Analysis.Elapsed.mSec
Value: 50203
Key: Analysis.IO.Other.Mb
Value: 3
Key: Analysis.IO.Read.Mb
Value: 1
Key: Analysis.IO.Write.Mb
Value: 4
Key: Analysis.Init.CPU.mSec
Value: 531
Key: Analysis.Init.Elapsed.mSec
Value: 17606
Key: Analysis.Memory.CommitPeak.Mb
Value: 105
Key: Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key: Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key: Analysis.Version.Ext
Value: 1.2408.27.1
Key: Bugcheck.Code.LegacyAPI
Value: 0x50
Key: Bugcheck.Code.TargetModel
Value: 0x50
Key: Failure.Bucket
Value: AV_R_(null)_360netmon!unknown_function
Key: Failure.Hash
Value: {3ad05e93-e16b-2142-9b35-f2b3333e1e32}
Key: WER.OS.Branch
Value: vb_release
Key: WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE:50
BUGCHECK_P1: ffffc5e2c0000000
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 6
FILE_IN_CAB:012125-19265-01.dmp
FAULTING_THREAD:ffff800674135080
READ_ADDRESS: fffff8000c2fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffc5e2c0000000
MM_INTERNAL_CODE:6
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT:1
PROCESS_NAME:System
TRAP_FRAME:ffffc601d9a67fc0 -- (.trap 0xffffc601d9a67fc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc58000000000 rbx=0000000000000000 rcx=ffffc5e2c0000000
rdx=ffffc58000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800108097bd rsp=ffffc601d9a68158 rbp=ffff80068b37fa20
r8=0000007ffffffff8r9=ffffe60ff22bf700 r10=fffff8000b8f96c0
r11=ffffc4f83b800000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
Ntfs!NtfsInitializeIrpContextInternal+0x11d:
fffff800`108097bd 85c0 test eax,eax
Resetting default scope
STACK_TEXT:
ffffc601`d9a67c98 fffff800`0ba3ded0 : 00000000`00000050 ffffc5e2`c0000000 00000000`00000000 ffffc5e2`f1600000 : nt!KeBugCheckEx
ffffc601`d9a67ca0 fffff800`0b83a27d : ffffc601`d9a67ee0 ffffc601`d9a67e20 ffffc601`d9a67e28 ffffc601`d9a67e38 : nt!MiZeroFault+0x1df590
ffffc601`d9a67d90 fffff800`0b8394fa : 00000000`00000001 00000000`00000000 ffffc601`d9a68040 00000000`00000000 : nt!MiUserFault+0x80d
ffffc601`d9a67e20 fffff800`0ba0e46d : ffff8006`8b37fa20 fffff800`0b872572 ffff8006`73d7eda0 ffffc601`d9a68049 : nt!MmAccessFault+0x16a
ffffc601`d9a67fc0 fffff800`108097bd : fffff800`0b8f975a ffff8006`73eeb050 00000000`00000001 ffffc601`d9a69000 : nt!KiPageFault+0x36d
ffffc601`d9a68158 ffff8006`73f48030 : fffff800`108eb9bd ffff8006`73f48012 00000000`00000000 ffff8006`8b37fa00 : Ntfs!NtfsInitializeIrpContextInternal+0x11d
ffffc601`d9a681c8 fffff800`108eb9bd : ffff8006`73f48012 00000000`00000000 ffff8006`8b37fa00 ffff8006`7d5d3150 : 0xffff8006`73f48030
ffffc601`d9a681d0 fffff800`0b84ad55 : ffff8006`871f7700 ffffc601`d9a685f0 ffff8006`8b37fa20 ffff8006`73d7eda0 : Ntfs!NtfsFsdCleanup+0xcd
ffffc601`d9a68520 fffff800`0a53710f : 00000000`20707249 ffffc601`d9a685d0 00000000`00000000 ffff8006`6d1e2a00 : nt!IofCallDriver+0x55
ffffc601`d9a68560 fffff800`0a534a43 : ffffc601`d9a685f0 00000000`00000000 00000000`00000000 ffff8006`6cebf040 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffffc601`d9a685d0 fffff800`0b84ad55 : ffff8006`8b20e550 fffff800`0b84ac1d ffff8006`809e5940 00000000`00989680 : FLTMGR!FltpDispatch+0xa3
ffffc601`d9a68630 fffff800`0bc2af37 : 00000000`00000001 ffff8006`8b20e550 00000000`00000000 00000000`00040042 : nt!IofCallDriver+0x55
ffffc601`d9a68670 fffff800`0bc32fff : ffff8006`6cebf040 00000000`00000001 ffffe60f`00000000 ffff8006`8b20e520 : nt!IopCloseFile+0x177
ffffc601`d9a68700 fffff800`0bc2deec : 00000000`000043c0 ffff1e66`34303a50 ffff8006`74135080 fffff800`0ba12ae6 : nt!ObCloseHandleTableEntry+0x51f
ffffc601`d9a68840 fffff800`0ba12b0b : 00000000`00000000 ffffc601`d9a68910 ffffc601`d9a68930 00000000`00000000 : nt!NtClose+0xec
ffffc601`d9a688b0 fffff800`0ba03100 : fffff800`19476f77 ffff8006`95cc5520 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x41f
ffffc601`d9a68a48 fffff800`19476f77 : ffff8006`95cc5520 00000000`00000000 00000000`00000000 00630076`0073005c : nt!KiServiceLinkage
ffffc601`d9a68a50 ffff8006`95cc5520 : 00000000`00000000 00000000`00000000 00630076`0073005c ffffc601`00000001 : 360netmon+0x6f77
ffffc601`d9a68a58 00000000`00000000 : 00000000`00000000 00630076`0073005c ffffc601`00000001 00000000`00000020 : 0xffff8006`95cc5520
SYMBOL_NAME:360netmon+6f77
MODULE_NAME: 360netmon
IMAGE_NAME:360netmon.sys
STACK_COMMAND:.process /r /p 0xffff80066cebf040; .thread 0xffff800674135080 ; kb
BUCKET_ID_FUNC_OFFSET:6f77
FAILURE_BUCKET_ID:AV_R_(null)_360netmon!unknown_function
OS_VERSION:10.0.19041.1
BUILDLAB_STR:vb_release
OSPLATFORM_TYPE:x64
OSNAME:Windows 10
FAILURE_ID_HASH:{3ad05e93-e16b-2142-9b35-f2b3333e1e32}
Followup: MachineOwner
---------
4: kd> lmvm 360netmon
Browse full module list
start end module name
fffff800`19470000 fffff800`194d2000 360netmon T (no symbols)
Loaded symbol image file: 360netmon.sys
Image path: \SystemRoot\system32\DRIVERS\360netmon.sys
Image name: 360netmon.sys
Browse all global symbolsfunctionsdataSymbol Reload
Timestamp: Mon Sep9 11:16:29 2024 (66DE688D)
CheckSum: 000289E1
ImageSize: 00062000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
您好,您提供下详细的蓝屏dump文件上传到附件中,我们去给技术分析
页:
[1]