蓝屏
最近玩游戏时不时就会蓝屏强制重启,用了windbg解析之后看不太懂,但是看上面跟360有关,有没有大佬帮忙看看:ExtensionGallery settings after reading 'SOFTWARE\Microsoft\Debug Engine' registry:
ExtensionGallery ExtensionRepository: Implicit
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 46
Microsoft (R) Windows Debugger Version 10.0.29547.1002 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 26100 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff801`76000000 PsLoadedModuleList = 0xfffff801`76ef4770
Debug session time: Wed Apr 22 22:15:14.782 2026 (UTC + 8:00)
System Uptime: 0 days 4:59:23.414
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
....................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0035b018).Type ".hh dbgerr001" for details
Loading unloaded module list
......................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`764b8b00 48894c2408 mov qword ptr ,rcx ss:0018:fffffa86`1849f130=0000000000000139
6: kd> !analyze -v
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0035b018).Type ".hh dbgerr001" for details
Loading unloaded module list
......................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffffa861849f450, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffffa861849f3a8, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for 360Hvm64.sys
KEY_VALUES_STRING: 1
Key: Analysis.CPU.mSec
Value: 1093
Key: Analysis.Elapsed.mSec
Value: 196046
Key: Analysis.IO.Other.Mb
Value: 18
Key: Analysis.IO.Read.Mb
Value: 1
Key: Analysis.IO.Write.Mb
Value: 31
Key: Analysis.Init.CPU.mSec
Value: 578
Key: Analysis.Init.Elapsed.mSec
Value: 518948
Key: Analysis.Memory.CommitPeak.Mb
Value: 91
Key: Analysis.Version.DbgEng
Value: 10.0.29547.1002
Key: Analysis.Version.Description
Value: 10.2602.27.2 amd64fre
Key: Analysis.Version.Ext
Value: 1.2602.27.2
Key: Bugcheck.Code.LegacyAPI
Value: 0x139
Key: Bugcheck.Code.TargetModel
Value: 0x139
Key: Dump.Attributes.AsUlong
Value: 0x20008
Key: Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key: FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key: FailFast.Type
Value: 3
Key: Failure.Bucket
Value: 0x139_3_CORRUPT_LIST_ENTRY_360Hvm64!unknown_function
Key: Failure.Exception.Code
Value: 0xc0000409
Key: Failure.Exception.Record
Value: 0xfffffa861849f3a8
Key: Failure.Hash
Value: {522cdf40-8775-9721-6cae-96f6385e7178}
Key: WER.System.BIOSRevision
Value: 10.28.0.0
BUGCHECK_CODE:139
BUGCHECK_P1: 3
BUGCHECK_P2: fffffa861849f450
BUGCHECK_P3: fffffa861849f3a8
BUGCHECK_P4: 0
FILE_IN_CAB:042226-12953-01.dmp
DUMP_FILE_ATTRIBUTES: 0x20008
Kernel Generated Triage Dump
FAULTING_THREAD:ffffdb8a33cab080
TRAP_FRAME:fffffa861849f450 -- (.trap 0xfffffa861849f450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff8082be388198 rbx=0000000000000000 rcx=0000000000000003
rdx=ffff808278bc5a80 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80108e719a9 rsp=fffffa861849f5e0 rbp=ffffdb8a20066960
r8=0000000000000000r9=0000000000000009 r10=fffff80176226660
r11=fffffa861849f558 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
Ntfs!NtfsCommonClose+0x619:
fffff801`08e719a9 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD:fffffa861849f3a8 -- (.exr 0xfffffa861849f3a8)
ExceptionAddress: fffff80108e719a9 (Ntfs!NtfsCommonClose+0x0000000000000619)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1 (!blackboxwinlogon) (!blackboxwinlogonnotify)
CUSTOMER_CRASH_COUNT:1
PROCESS_NAME:Sky.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR:c0000409
EXCEPTION_PARAMETER1:0000000000000003
EXCEPTION_STR:0xc0000409
STACK_TEXT:
fffffa86`1849f128 fffff801`76686fe9 : 00000000`00000139 00000000`00000003 fffffa86`1849f450 fffffa86`1849f3a8 : nt!KeBugCheckEx
fffffa86`1849f130 fffff801`766875f2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffffa86`1849f270 fffff801`76685228 : ffffdb8a`197e15d0 fffff801`762ad8b2 ffffdb8a`19832710 ffffdb8a`3e190420 : nt!KiFastFailDispatch+0xb2
fffffa86`1849f450 fffff801`08e719a9 : ffffdb8a`20066960 fffffa86`1849f728 00000000`00000000 00000000`c00000d8 : nt!KiRaiseSecurityCheckFailure+0x368
fffffa86`1849f5e0 fffff801`08e70761 : ffffdb8a`32431d28 ffff8082`78bc5700 ffff8082`78bc55a0 ffffdb89`d58181b0 : Ntfs!NtfsCommonClose+0x619
fffffa86`1849f6c0 fffff801`7629697e : ffffdb8a`2e60f8a0 ffffdb89`d164b050 ffffdb8a`2e60f908 ffffdb89`d546e200 : Ntfs!NtfsFsdClose+0x321
fffffa86`1849f830 fffff801`07b56afc : ffffdb8a`2e60f8a0 ffffdb8a`2e60f8a0 ffffdb89`cd100000 00000000`00000000 : nt!IofCallDriver+0xbe
fffffa86`1849f870 fffff801`07b55c19 : fffffa86`1849f970 ffffdb89`d57af9c0 ffff8082`c5233800 ffffdb8a`20066d90 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x23c
fffffa86`1849f910 fffff801`7629697e : 00000000`00000000 ffffdb8a`3e190420 ffffdb89`d5605d60 00000000`00000000 : FLTMGR!FltpDispatch+0x109
fffffa86`1849f9b0 fffff801`76828d49 : ffffdb89`d5818030 ffffdb89`d5605d60 00000000`ffff8005 ffffdb8a`3e190420 : nt!IofCallDriver+0xbe
fffffa86`1849f9f0 fffff801`768646cc : 00000000`00000000 ffffdb8a`3e190420 ffffdb8a`3e1903f0 ffffdb8a`2e53f0c0 : nt!IopDeleteFile+0x139
fffffa86`1849fa80 fffff801`7625b769 : 00000000`00000000 00000000`00000000 fffffa86`1849fc20 ffffdb8a`3e190420 : nt!ObpRemoveObjectRoutine+0xfc
fffffa86`1849fae0 fffff801`7685c7a5 : 00000000`00000001 00000000`00000001 ffffdb8a`3e190420 00000000`00000000 : nt!ObfDereferenceObjectWithTag+0x79
fffffa86`1849fb20 fffff801`7685aef9 : ffff8082`748a6000 fffff801`4895aef0 00000000`00000000 00000029`d33aa0e1 : nt!ObCloseHandleTableEntry+0x3e5
fffffa86`1849fc70 fffff801`4896873d : ffffdb8a`33cab000 00000000`00000005 00000000`00000000 00000000`00000000 : nt!NtClose+0xe9
fffffa86`1849fce0 ffffdb8a`33cab000 : 00000000`00000005 00000000`00000000 00000000`00000000 fffffa86`1849fd10 : 360Hvm64+0x1873d
fffffa86`1849fce8 00000000`00000005 : 00000000`00000000 00000000`00000000 fffffa86`1849fd10 fffffa86`1849fe20 : 0xffffdb8a`33cab000
fffffa86`1849fcf0 00000000`00000000 : 00000000`00000000 fffffa86`1849fd10 fffffa86`1849fe20 ffffc8e4`400027e8 : 0x5
SYMBOL_NAME:360Hvm64+1873d
MODULE_NAME: 360Hvm64
IMAGE_NAME:360Hvm64.sys
STACK_COMMAND: .process /r /p 0xffffdb8a2e53f0c0; .thread /r /p 0xffffdb8a33cab080 ; kb
BUCKET_ID_FUNC_OFFSET:1873d
FAILURE_BUCKET_ID:0x139_3_CORRUPT_LIST_ENTRY_360Hvm64!unknown_function
OSPLATFORM_TYPE:x64
OSNAME:Windows 10
FAILURE_ID_HASH:{522cdf40-8775-9721-6cae-96f6385e7178}
Followup: MachineOwner
---------
您好,您直接把dump文件上传到附件中,我们看下,还有您最好获取个核心dump文件,这样才能比较清晰的看到哪个模块导致的蓝屏
页:
[1]