昨晚,在浏览网页、迅雷下载游戏、和360木马扫描时突然蓝屏各一次,附蓝屏dmp文件
一
se !analyze -v to get detailed debugging information.
BugCheck 50, {fffff806a94a46f4, 10, fffff806a94a46f4, 2}
*** WARNING: Unable to verify timestamp for 360AntiHacker64.sys
*** ERROR: Module load completed but symbols could not be loaded for 360AntiHacker64.sys
Could not read faulting driver name
Probably caused by : NETIO.SYS ( NETIO!NsiGetAllParametersEx+217 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff806a94a46f4, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: fffff806a94a46f4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.15063.909 (WinBuild.160101.0800)
SYSTEM_MANUFACTURER: MSI
SYSTEM_PRODUCT_NAME: MS-7A37
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: 1.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1.70
BIOS_DATE: 09/19/2017
BASEBOARD_MANUFACTURER: MSI
BASEBOARD_PRODUCT: B350M MORTAR (MS-7A37)
BASEBOARD_VERSION: 1.0
DUMP_TYPE: 2
BUGCHECK_P1: fffff806a94a46f4
BUGCHECK_P2: 10
BUGCHECK_P3: fffff806a94a46f4
BUGCHECK_P4: 2
READ_ADDRESS: fffff8015ea79358: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff806a94a46f4
FAULTING_IP:
+0
fffff806`a94a46f4 ?? ???
MM_INTERNAL_CODE: 2
CPU_COUNT: c
CPU_MHZ: c80
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: ComputerZTray.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-NN6G9L0
ANALYSIS_SESSION_TIME: 04-21-2018 00:27:40.0405
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
TRAP_FRAME: ffff9801b22a2110 -- (.trap 0xffff9801b22a2110)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000440 rbx=0000000000000000 rcx=ffffab8592376a20
rdx=ffffab8592e17880 rsi=0000000000000000 rdi=0000000000000000
rip=fffff806a94a46f4 rsp=ffff9801b22a22a8 rbp=ffff9801b22a2339
r8=ffff9801b22a2300 r9=0000000000000004 r10=ffffab859462c6f0
r11=ffff9801b22a22a8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff806`a94a46f4 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8015e8695e0 to fffff8015e80fdd0
FAILED_INSTRUCTION_ADDRESS:
+0
fffff806`a94a46f4 ?? ???
STACK_TEXT:
ffff9801`b22a1e78 fffff801`5e8695e0 : 00000000`00000050 fffff806`a94a46f4 00000000`00000010 ffff9801`b22a2110 : nt!KeBugCheckEx
ffff9801`b22a1e80 fffff801`5e71b6dc : 00000000`00000010 fffff806`a94a46f4 ffff9801`b22a2110 00000000`00000000 : nt!MiSystemFault+0xb7480
ffff9801`b22a1f20 fffff801`5e81eb0e : ffff9801`b22a2150 ffff9801`b22a2134 00000000`00000000 ffff9801`b22a21b8 : nt!MmAccessFault+0x22c
ffff9801`b22a2110 fffff806`a94a46f4 : fffff807`29408a08 ffffab85`926481a0 fffff807`ffffffff ffffab85`92376e02 : nt!KiPageFault+0x40e
ffff9801`b22a22a8 fffff807`29408a08 : ffffab85`926481a0 fffff807`ffffffff ffffab85`92376e02 00000000`00000000 : 0xfffff806`a94a46f4
ffff9801`b22a22b0 fffff807`29559fb7 : ffffab85`90aa3010 00000000`00000000 fffff807`2947a230 00000000`00000000 : ndis!ndisNsiGetAllInterfaceInformation+0x568
ffff9801`b22a23a0 fffff807`2a4d1ae7 : ffff9801`b22a2620 ffffab85`92351c60 00000000`00000038 00000000`00000001 : NETIO!NsiGetAllParametersEx+0x217
ffff9801`b22a24c0 fffff807`2a4d2189 : 00000000`00000000 ffffab85`904347e8 00000000`00000001 ffffab85`90434708 : nsiproxy!NsippGetAllParameters+0x1d7
ffff9801`b22a26b0 fffff807`2a37f3e8 : 00000000`00000000 00000000`c0000001 00000000`00000000 ffffab85`9604f8a0 : nsiproxy!NsippDispatch+0x179
ffff9801`b22a2700 00000000`00000000 : 00000000`c0000001 00000000`00000000 ffffab85`9604f8a0 00000000`00000000 : 360AntiHacker64+0xf3e8
THREAD_SHA1_HASH_MOD_FUNC: 1bcd3671a3707dea456edec0a638586959324ebe
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7f8a62639ec214bf9a73d817b864493d98415ed2
THREAD_SHA1_HASH_MOD: a3d0a5cb887594590464ea95a1afa3f3efd009b9
FOLLOWUP_IP:
NETIO!NsiGetAllParametersEx+217
fffff807`29559fb7 8bd8 mov ebx,eax
FAULT_INSTR_CODE: c085d88b
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!NsiGetAllParametersEx+217
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: a963f91
IMAGE_VERSION: 10.0.15063.907
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 217
FAILURE_BUCKET_ID: AV_INVALID_BAD_IP_NETIO!NsiGetAllParametersEx
BUCKET_ID: AV_INVALID_BAD_IP_NETIO!NsiGetAllParametersEx
PRIMARY_PROBLEM_CLASS: AV_INVALID_BAD_IP_NETIO!NsiGetAllParametersEx
TARGET_TIME: 2018-04-20T15:39:14.000Z
OSBUILD: 15063
OSSERVICEPACK: 909
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-02-10 12:25:30
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.15063.909
ANALYSIS_SESSION_ELAPSED_TIME: 40c7
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_bad_ip_netio!nsigetallparametersex
FAILURE_ID_HASH: {d797fdde-1486-2bf6-f1e0-bdf8369c36f7}
Followup: MachineOwner
二
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {2f8759b88f92, 2, 0, fffff80200591705}
*** WARNING: Unable to verify timestamp for BAPIDRV64.sys
*** ERROR: Module load completed but symbols could not be loaded for BAPIDRV64.sys
Probably caused by : BAPIDRV64.sys ( BAPIDRV64+182f0 )
Followup: MachineOwner
---------
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00002f8759b88f92, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80200591705, address which referenced memory
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 15063.0.amd64fre.rs2_release.170317-1834
SYSTEM_MANUFACTURER: MSI
SYSTEM_PRODUCT_NAME: MS-7A37
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: 1.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1.70
BIOS_DATE: 09/19/2017
BASEBOARD_MANUFACTURER: MSI
BASEBOARD_PRODUCT: B350M MORTAR (MS-7A37)
BASEBOARD_VERSION: 1.0
DUMP_TYPE: 2
BUGCHECK_P1: 2f8759b88f92
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80200591705
READ_ADDRESS: fffff8020087d358: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
00002f8759b88f92
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiLogPageAccess+105
fffff802`00591705 41f6472202 test byte ptr [r15+22h],2
CPU_COUNT: c
CPU_MHZ: c80
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: 360Safe.exe
ANALYSIS_SESSION_HOST: DESKTOP-NN6G9L0
ANALYSIS_SESSION_TIME: 04-21-2018 10:33:28.0457
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
TRAP_FRAME: ffffe6004ec247a0 -- (.trap 0xffffe6004ec247a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff998d5bdb0b48 rbx=0000000000000000 rcx=998d5bdb0b480000
rdx=8000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80200591705 rsp=ffffe6004ec24930 rbp=fffff8020081ba40
r8=0000000000000000 r9=ffff877fffffffff r10=ffffaf8755512b50
r11=3fffffffffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!MiLogPageAccess+0x105:
fffff802`00591705 41f6472202 test byte ptr [r15+22h],2 ds:00000000`00000022=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80200626569 to fffff80200613dd0
STACK_TEXT:
ffffe600`4ec24658 fffff802`00626569 : 00000000`0000000a 00002f87`59b88f92 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffe600`4ec24660 fffff802`00622c19 : ffffe600`4ec24a20 fffff802`005546bc 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffe600`4ec247a0 fffff802`00591705 : ffff998d`58d84c00 fffff802`006b8ec0 ffff998d`5bdb09f8 ffffaf87`59b88f70 : nt!KiPageFault+0x519
ffffe600`4ec24930 fffff802`00552389 : 00000003`00000000 00000000`00000001 80000003`eba6f921 00000000`00000000 : nt!MiLogPageAccess+0x105
ffffe600`4ec249a0 fffff802`00983789 : ffff998d`58d84c00 720cf03c`f90df8f8 ffff998d`58d84c00 00000000`00400000 : nt!MmUnmapViewInSystemCache+0x289
ffffe600`4ec24ca0 fffff802`00553e26 : 00000000`00340000 ffffaf87`5db70b78 00000000`00440000 00000000`00000001 : nt!CcUnmapVacb+0x9d
ffffe600`4ec24ce0 fffff802`00579d4f : 00000000`00000001 00000000`00400000 00000000`00000001 00000000`00040000 : nt!CcUnmapVacbArray+0x156
ffffe600`4ec24d50 fffff802`0098d6c9 : 00000000`00000000 00000000`00000000 ffffe600`4ec24e80 ffffe600`4ec24e90 : nt!CcGetVirtualAddress+0x2cf
ffffe600`4ec24de0 fffff802`0057945b : 00000000`00000000 00000000`00400000 ffffaf87`5464d840 ffffaf87`52f3cc01 : nt!CcMapAndCopyFromCache+0x79
ffffe600`4ec24e80 fffff806`0fa34032 : 00000000`00000000 00000000`00000000 ffffaf87`00010000 ffffaf87`59608b78 : nt!CcCopyReadEx+0x12b
ffffe600`4ec24f10 fffff806`0fa2c5e3 : ffffaf87`52e53180 ffffe600`4ec251a0 ffff998d`58d84c00 00000000`000000ff : NTFS!NtfsCachedRead+0x1a6
ffffe600`4ec24f80 fffff806`0fa2b93e : ffffaf87`59608b78 ffffaf87`59fca010 ffff998d`58d84c90 00000000`00000001 : NTFS!NtfsCommonRead+0xad3
ffffe600`4ec25170 fffff806`10ae82f0 : ffffaf87`5b93ebb0 ffffaf87`59fca010 ffffaf87`59fca010 ffffaf87`52e53030 : NTFS!NtfsFsdRead+0x1ee
ffffe600`4ec25220 ffffaf87`5b93ebb0 : ffffaf87`59fca010 ffffaf87`59fca010 ffffaf87`52e53030 00000000`00000001 : BAPIDRV64+0x182f0
ffffe600`4ec25228 ffffaf87`59fca010 : ffffaf87`59fca010 ffffaf87`52e53030 00000000`00000001 00000000`00000002 : 0xffffaf87`5b93ebb0
ffffe600`4ec25230 ffffaf87`59fca010 : ffffaf87`52e53030 00000000`00000001 00000000`00000002 00000000`00010000 : 0xffffaf87`59fca010
ffffe600`4ec25238 ffffaf87`52e53030 : 00000000`00000001 00000000`00000002 00000000`00010000 fffff806`10ae8886 : 0xffffaf87`59fca010
ffffe600`4ec25240 00000000`00000001 : 00000000`00000002 00000000`00010000 fffff806`10ae8886 ffffaf87`59fca010 : 0xffffaf87`52e53030
ffffe600`4ec25248 00000000`00000002 : 00000000`00010000 fffff806`10ae8886 ffffaf87`59fca010 00000000`00000002 : 0x1
ffffe600`4ec25250 00000000`00010000 : fffff806`10ae8886 ffffaf87`59fca010 00000000`00000002 00000000`00000001 : 0x2
ffffe600`4ec25258 fffff806`10ae8886 : ffffaf87`59fca010 00000000`00000002 00000000`00000001 00000000`00000002 : 0x10000
ffffe600`4ec25260 ffffaf87`59fca010 : 00000000`00000002 00000000`00000001 00000000`00000002 ffffaf87`5c0d4c80 : BAPIDRV64+0x18886
ffffe600`4ec25268 00000000`00000002 : 00000000`00000001 00000000`00000002 ffffaf87`5c0d4c80 fffff802`0096c69e : 0xffffaf87`59fca010
ffffe600`4ec25270 00000000`00000001 : 00000000`00000002 ffffaf87`5c0d4c80 fffff802`0096c69e ffffaf87`5b93ebb0 : 0x2
ffffe600`4ec25278 00000000`00000002 : ffffaf87`5c0d4c80 fffff802`0096c69e ffffaf87`5b93ebb0 00000000`00000000 : 0x1
ffffe600`4ec25280 ffffaf87`5c0d4c80 : fffff802`0096c69e ffffaf87`5b93ebb0 00000000`00000000 00000000`00400000 : 0x2
ffffe600`4ec25288 fffff802`0096c69e : ffffaf87`5b93ebb0 00000000`00000000 00000000`00400000 ffffaf87`59fca001 : 0xffffaf87`5c0d4c80
ffffe600`4ec25290 fffff806`10ad5baf : ffffaf87`59fca010 ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 : nt!ObReferenceObjectByHandle+0x2e
ffffe600`4ec252e0 ffffaf87`59fca010 : ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 00000000`00000000 : BAPIDRV64+0x5baf
ffffe600`4ec252e8 ffffaf87`5c0d4c80 : 00000000`00000000 ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 : 0xffffaf87`59fca010
ffffe600`4ec252f0 00000000`00000000 : ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 00000000`1441adc0 : 0xffffaf87`5c0d4c80
THREAD_SHA1_HASH_MOD_FUNC: 94ba865f340dd92ea36be5db17eec8438b717c22
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1753dfde1c96d2113e51090990d19c170b54e1a7
THREAD_SHA1_HASH_MOD: 111132deb419fdba0524777304891162c0a4c6d9
FOLLOWUP_IP:
BAPIDRV64+182f0
fffff806`10ae82f0 8bf8 mov edi,eax
FAULT_INSTR_CODE: 8440f88b
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: BAPIDRV64+182f0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BAPIDRV64
IMAGE_NAME: BAPIDRV64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5a7b99a0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 182f0
FAILURE_BUCKET_ID: AV_BAPIDRV64!unknown_function
BUCKET_ID: AV_BAPIDRV64!unknown_function
PRIMARY_PROBLEM_CLASS: AV_BAPIDRV64!unknown_function
TARGET_TIME: 2018-04-20T16:34:01.000Z
OSBUILD: 15063
OSSERVICEPACK: 909
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-02-10 12:25:30
BUILDDATESTAMP_STR: 170317-1834
BUILDLAB_STR: rs2_release
BUILDOSVER_STR: 10.0.15063.0.amd64fre.rs2_release.170317-1834
ANALYSIS_SESSION_ELAPSED_TIME: 2a6e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_bapidrv64!unknown_function
FAILURE_ID_HASH: {b6f4277e-ae8d-78f5-c1c8-adc7d566254c}
Followup: MachineOwner
---------
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00002f8759b88f92, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80200591705, address which referenced memory
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 15063.0.amd64fre.rs2_release.170317-1834
SYSTEM_MANUFACTURER: MSI
SYSTEM_PRODUCT_NAME: MS-7A37
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: 1.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1.70
BIOS_DATE: 09/19/2017
BASEBOARD_MANUFACTURER: MSI
BASEBOARD_PRODUCT: B350M MORTAR (MS-7A37)
BASEBOARD_VERSION: 1.0
DUMP_TYPE: 2
BUGCHECK_P1: 2f8759b88f92
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80200591705
READ_ADDRESS: Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
00002f8759b88f92
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiLogPageAccess+105
fffff802`00591705 41f6472202 test byte ptr [r15+22h],2
CPU_COUNT: c
CPU_MHZ: c80
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: 360Safe.exe
ANALYSIS_SESSION_HOST: DESKTOP-NN6G9L0
ANALYSIS_SESSION_TIME: 04-21-2018 10:33:39.0939
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
TRAP_FRAME: ffffe6004ec247a0 -- (.trap 0xffffe6004ec247a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff998d5bdb0b48 rbx=0000000000000000 rcx=998d5bdb0b480000
rdx=8000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80200591705 rsp=ffffe6004ec24930 rbp=fffff8020081ba40
r8=0000000000000000 r9=ffff877fffffffff r10=ffffaf8755512b50
r11=3fffffffffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!MiLogPageAccess+0x105:
fffff802`00591705 41f6472202 test byte ptr [r15+22h],2 ds:00000000`00000022=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80200626569 to fffff80200613dd0
STACK_TEXT:
ffffe600`4ec24658 fffff802`00626569 : 00000000`0000000a 00002f87`59b88f92 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffe600`4ec24660 fffff802`00622c19 : ffffe600`4ec24a20 fffff802`005546bc 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffe600`4ec247a0 fffff802`00591705 : ffff998d`58d84c00 fffff802`006b8ec0 ffff998d`5bdb09f8 ffffaf87`59b88f70 : nt!KiPageFault+0x519
ffffe600`4ec24930 fffff802`00552389 : 00000003`00000000 00000000`00000001 80000003`eba6f921 00000000`00000000 : nt!MiLogPageAccess+0x105
ffffe600`4ec249a0 fffff802`00983789 : ffff998d`58d84c00 720cf03c`f90df8f8 ffff998d`58d84c00 00000000`00400000 : nt!MmUnmapViewInSystemCache+0x289
ffffe600`4ec24ca0 fffff802`00553e26 : 00000000`00340000 ffffaf87`5db70b78 00000000`00440000 00000000`00000001 : nt!CcUnmapVacb+0x9d
ffffe600`4ec24ce0 fffff802`00579d4f : 00000000`00000001 00000000`00400000 00000000`00000001 00000000`00040000 : nt!CcUnmapVacbArray+0x156
ffffe600`4ec24d50 fffff802`0098d6c9 : 00000000`00000000 00000000`00000000 ffffe600`4ec24e80 ffffe600`4ec24e90 : nt!CcGetVirtualAddress+0x2cf
ffffe600`4ec24de0 fffff802`0057945b : 00000000`00000000 00000000`00400000 ffffaf87`5464d840 ffffaf87`52f3cc01 : nt!CcMapAndCopyFromCache+0x79
ffffe600`4ec24e80 fffff806`0fa34032 : 00000000`00000000 00000000`00000000 ffffaf87`00010000 ffffaf87`59608b78 : nt!CcCopyReadEx+0x12b
ffffe600`4ec24f10 fffff806`0fa2c5e3 : ffffaf87`52e53180 ffffe600`4ec251a0 ffff998d`58d84c00 00000000`000000ff : NTFS!NtfsCachedRead+0x1a6
ffffe600`4ec24f80 fffff806`0fa2b93e : ffffaf87`59608b78 ffffaf87`59fca010 ffff998d`58d84c90 00000000`00000001 : NTFS!NtfsCommonRead+0xad3
ffffe600`4ec25170 fffff806`10ae82f0 : ffffaf87`5b93ebb0 ffffaf87`59fca010 ffffaf87`59fca010 ffffaf87`52e53030 : NTFS!NtfsFsdRead+0x1ee
ffffe600`4ec25220 ffffaf87`5b93ebb0 : ffffaf87`59fca010 ffffaf87`59fca010 ffffaf87`52e53030 00000000`00000001 : BAPIDRV64+0x182f0
ffffe600`4ec25228 ffffaf87`59fca010 : ffffaf87`59fca010 ffffaf87`52e53030 00000000`00000001 00000000`00000002 : 0xffffaf87`5b93ebb0
ffffe600`4ec25230 ffffaf87`59fca010 : ffffaf87`52e53030 00000000`00000001 00000000`00000002 00000000`00010000 : 0xffffaf87`59fca010
ffffe600`4ec25238 ffffaf87`52e53030 : 00000000`00000001 00000000`00000002 00000000`00010000 fffff806`10ae8886 : 0xffffaf87`59fca010
ffffe600`4ec25240 00000000`00000001 : 00000000`00000002 00000000`00010000 fffff806`10ae8886 ffffaf87`59fca010 : 0xffffaf87`52e53030
ffffe600`4ec25248 00000000`00000002 : 00000000`00010000 fffff806`10ae8886 ffffaf87`59fca010 00000000`00000002 : 0x1
ffffe600`4ec25250 00000000`00010000 : fffff806`10ae8886 ffffaf87`59fca010 00000000`00000002 00000000`00000001 : 0x2
ffffe600`4ec25258 fffff806`10ae8886 : ffffaf87`59fca010 00000000`00000002 00000000`00000001 00000000`00000002 : 0x10000
ffffe600`4ec25260 ffffaf87`59fca010 : 00000000`00000002 00000000`00000001 00000000`00000002 ffffaf87`5c0d4c80 : BAPIDRV64+0x18886
ffffe600`4ec25268 00000000`00000002 : 00000000`00000001 00000000`00000002 ffffaf87`5c0d4c80 fffff802`0096c69e : 0xffffaf87`59fca010
ffffe600`4ec25270 00000000`00000001 : 00000000`00000002 ffffaf87`5c0d4c80 fffff802`0096c69e ffffaf87`5b93ebb0 : 0x2
ffffe600`4ec25278 00000000`00000002 : ffffaf87`5c0d4c80 fffff802`0096c69e ffffaf87`5b93ebb0 00000000`00000000 : 0x1
ffffe600`4ec25280 ffffaf87`5c0d4c80 : fffff802`0096c69e ffffaf87`5b93ebb0 00000000`00000000 00000000`00400000 : 0x2
ffffe600`4ec25288 fffff802`0096c69e : ffffaf87`5b93ebb0 00000000`00000000 00000000`00400000 ffffaf87`59fca001 : 0xffffaf87`5c0d4c80
ffffe600`4ec25290 fffff806`10ad5baf : ffffaf87`59fca010 ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 : nt!ObReferenceObjectByHandle+0x2e
ffffe600`4ec252e0 ffffaf87`59fca010 : ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 00000000`00000000 : BAPIDRV64+0x5baf
ffffe600`4ec252e8 ffffaf87`5c0d4c80 : 00000000`00000000 ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 : 0xffffaf87`59fca010
ffffe600`4ec252f0 00000000`00000000 : ffffaf87`5c0d4c80 00000000`00000000 ffffaf87`5c0d4c80 00000000`1441adc0 : 0xffffaf87`5c0d4c80
THREAD_SHA1_HASH_MOD_FUNC: 94ba865f340dd92ea36be5db17eec8438b717c22
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1753dfde1c96d2113e51090990d19c170b54e1a7
THREAD_SHA1_HASH_MOD: 111132deb419fdba0524777304891162c0a4c6d9
FOLLOWUP_IP:
BAPIDRV64+182f0
fffff806`10ae82f0 8bf8 mov edi,eax
FAULT_INSTR_CODE: 8440f88b
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: BAPIDRV64+182f0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BAPIDRV64
IMAGE_NAME: BAPIDRV64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5a7b99a0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 182f0
FAILURE_BUCKET_ID: AV_BAPIDRV64!unknown_function
BUCKET_ID: AV_BAPIDRV64!unknown_function
PRIMARY_PROBLEM_CLASS: AV_BAPIDRV64!unknown_function
TARGET_TIME: 2018-04-20T16:34:01.000Z
OSBUILD: 15063
OSSERVICEPACK: 909
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-02-10 12:25:30
BUILDDATESTAMP_STR: 170317-1834
BUILDLAB_STR: rs2_release
BUILDOSVER_STR: 10.0.15063.0.amd64fre.rs2_release.170317-1834
ANALYSIS_SESSION_ELAPSED_TIME: 2993
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_bapidrv64!unknown_function
FAILURE_ID_HASH: {b6f4277e-ae8d-78f5-c1c8-adc7d566254c}
Followup: MachineOwner
---------
|
|
|
|
评论
直达楼层