粉丝: 1
关注: 0
积分: 76
精华: 0
金币: 112
经验: 71
最后登录 2026-4-15
|
ExtensionGallery settings after reading 'SOFTWARE\Microsoft\Debug Engine' registry:
ExtensionGallery ExtensionRepository: Implicit
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 46
Microsoft (R) Windows Debugger Version 10.0.29507.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\041326-8015-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 26100 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`a4c00000 PsLoadedModuleList = 0xfffff802`a5af50c0
Debug session time: Mon Apr 13 21:54:10.804 2026 (UTC + 8:00)
System Uptime: 0 days 0:10:48.435
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0035d018). Type ".hh dbgerr001" for details
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`a50fb990 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9301`34e58d30=000000000000007f
14: kd> !analyze -v
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0035d018). Type ".hh dbgerr001" for details
Loading unloaded module list
.....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff802a500ccad, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000014, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : AV.Page.Virtual
Value: 0x0
Key : AV.Type
Value: Read
Key : Analysis.CPU.mSec
Value: 1453
Key : Analysis.Elapsed.mSec
Value: 1514
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 609
Key : Analysis.Init.Elapsed.mSec
Value: 191299
Key : Analysis.Memory.CommitPeak.Mb
Value: 89
Key : Analysis.Version.DbgEng
Value: 10.0.29507.1001
Key : Analysis.Version.Description
Value: 10.2511.5.1 amd64fre
Key : Analysis.Version.Ext
Value: 1.2511.5.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1e
Key : Bugcheck.Code.TargetModel
Value: 0x1e
Key : Dump.Attributes.AsUlong
Value: 0x31808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0x0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: AV_nt!ExAcquireRundownProtectionCacheAwareEx
Key : Failure.Exception.IP.Address
Value: 0xfffff802a500ccad
Key : Failure.Exception.IP.Module
Value: nt
Key : Failure.Exception.IP.Offset
Value: 0x40ccad
Key : Failure.Hash
Value: {4ae0e2e6-5f32-8f08-3303-ed6ae486e8ba}
Key : Faulting.IP.Type
Value: Paged
Key : Hypervisor.Enlightenments.ValueHex
Value: 0x7417df84
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 55185662
Key : Hypervisor.Flags.ValueHex
Value: 0x34a10fe
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 0x3f7
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff802a500ccad
BUGCHECK_P3: 0
BUGCHECK_P4: 14
FILE_IN_CAB: 041326-8015-01.dmp
DUMP_FILE_ATTRIBUTES: 0x31808
Kernel Generated Triage Dump
FAULTING_THREAD: ffffa98838952080
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000014
READ_ADDRESS: fffff802a5bc44c8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000014
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: SoftupNotify.e
IP_IN_PAGED_CODE:
nt!ExAcquireRundownProtectionCacheAwareEx+d
fffff802`a500ccad f77114 div eax,dword ptr [rcx+14h]
STACK_TEXT:
ffff9301`34e58d28 fffff802`a52bece9 : 00000000`0000007f 00000000`00000008 ffff9301`34e58e70 ffffbe0a`8f0c0fe0 : nt!KeBugCheckEx
ffff9301`34e58d30 fffff802`a52b8911 : 6ffa5ec4`d78272c6 601901af`a604d7ab bc93c5be`7ef9e9b0 947ce8cb`c713475b : nt!KiBugCheckDispatch+0x69
ffff9301`34e58e70 fffff802`a51924e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x351
ffffbe0a`8f0c0fe0 fffff802`a5191f5b : 41042138`01c56088 41036b70`0c3c5292 4098def3`99e417ef 40630f55`5efde04c : nt!IoUpdateBugCheckProgressEnvVariable+0x4
ffffbe0a`8f0c1020 fffff802`a51b3980 : 00000000`00000000 fffff802`3c202402 bfc38ed1`00000000 fffff802`a4e069eb : nt!IoSaveBugCheckProgress+0x4b
ffffbe0a`8f0c1080 fffff802`a51b257a : 00000000`ffffbe00 000039f8`16a61700 00000000`00000001 00000000`00000008 : nt!KiDisplayBlueScreen+0xc0
ffffbe0a`8f0c1330 fffff802`a50fba97 : ffffbe0a`8f0c23d0 00000000`00000000 ffffa988`38952080 00000000`0010001f : nt!KeBugCheck2+0xdfa
ffffbe0a`8f0c1ac0 fffff802`a4fe8c2b : 00000000`0000001e ffffffff`c0000005 fffff802`a500ccad 00000000`00000000 : nt!KeBugCheckEx+0x107
ffffbe0a`8f0c1b00 fffff802`a52bee45 : 00000000`00000000 fffff802`a5a38c00 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x91b
ffffbe0a`8f0c21f0 fffff802`a52b9f82 : 00000000`00000000 00000000`00000000 ffffc48e`f5d64200 00000000`00000000 : nt!KiExceptionDispatch+0x145
ffffbe0a`8f0c23d0 fffff802`a500ccad : fffff802`3679d992 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x442
ffffbe0a`8f0c2565 fffff802`3679d992 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAcquireRundownProtectionCacheAwareEx+0xd
ffffbe0a`8f0c256d 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : FLTMGR!FltpGetFileNameInformation+0xa2
SYMBOL_NAME: nt!ExAcquireRundownProtectionCacheAwareEx+d
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.26100.8036
STACK_COMMAND: .process /r /p 0xffffa9883a043080; .thread 0xffffa98838952080 ; kb
BUCKET_ID_FUNC_OFFSET: d
FAILURE_BUCKET_ID: AV_nt!ExAcquireRundownProtectionCacheAwareEx
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4ae0e2e6-5f32-8f08-3303-ed6ae486e8ba}
Followup: MachineOwner
---------
根据你提供的蓝屏转储文件分析,本次蓝屏的根因已经明确,具体信息和解决方法如下:
一、蓝屏核心原因
本次蓝屏属于驱动兼容性问题,具体是:
错误类型:KMODE_EXCEPTION_NOT_HANDLED (0x1E),内核模式下出现了未被处理的异常,具体异常为c0000005,也就是内存访问违例,内核代码尝试访问了无效的内存地址0x0000000000000014(空指针偏移访问)。
触发进程:SoftupNotify.e,这是360 软件管家的升级通知进程(完整进程名为SoftupNotify.exe),是 360 安全卫士的内置升级模块。
问题驱动:360 的文件过滤驱动360FsFlt.sys,这是 360 安全卫士用于实现文件实时监控的内核驱动。
系统兼容性冲突:你的系统是 Windows 11 24H2(内核版本 26100,转储中误识别为 Windows 10),这是微软最新的系统版本,而你当前安装的 360 安全卫士的360FsFlt.sys驱动版本过旧,没有适配新系统的内核接口,导致在处理文件访问请求时,向系统内核函数传递了空指针,最终触发了内核崩溃。 |
|
京公网安备 11000002002063号
京ICP备08010314号-6 Copyright©2005- 360.com 版权所有 360互联网安全中心
安全卫士
极速浏览器
360壁纸
360摄像机
纳米AI
手机卫士
评论
直达楼层