频繁蓝屏,蓝屏修复工具检测不到蓝屏文件,于是手动找到dmp文件,使用windmp进行分析,提示360antihijack进程错误
Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\Users\Administrator\Desktop\minidump\031124-10281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff807`13800000 PsLoadedModuleList = 0xfffff807`1442a2b0
Debug session time: Mon Mar 11 18:11:46.951 2024 (UTC + 8:00)
System Uptime: 0 days 23:58:48.766
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`13bf72e0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff807`1a2a1e20=0000000000000133
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
component can usually be identified with a stack trace.
Arg2: 0000000000000501, The DPC time count (in ticks).
Arg3: 0000000000000500, The DPC time allotment (in ticks).
Arg4: fffff807144fb320, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding this single DPC timeout
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for 360AntiHijack64.sys
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2468
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 3700
Key : Analysis.Init.CPU.mSec
Value: 359
Key : Analysis.Init.Elapsed.mSec
Value: 163169
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 133
BUGCHECK_P1: 0
BUGCHECK_P2: 501
BUGCHECK_P3: 500
BUGCHECK_P4: fffff807144fb320
DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
fffff807`1a2a1e18 fffff807`13c1f5fa : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
fffff807`1a2a1e20 fffff807`13a16953 : 00002267`2b491e2e fffff807`10fcc180 00000000`00000000 fffff807`10fcc180 : nt!KeAccumulateTicks+0x20644a
fffff807`1a2a1e80 fffff807`13a1643a : fffff807`144f38c0 fffff807`1a28f940 fffff807`2c49d800 00000000`00009201 : nt!KeClockInterruptNotify+0x453
fffff807`1a2a1f30 fffff807`13ade195 : fffff807`144f38c0 fffff807`1a2a1f40 00000000`00000010 ffffb452`3556ac90 : nt!HalpTimerClockIpiRoutine+0x1a
fffff807`1a2a1f60 fffff807`13bf8d8a : fffff807`1a28f940 fffff807`144f38c0 fffff807`1a29004c 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0xa5
fffff807`1a2a1fb0 fffff807`13bf92f7 : 00000000`00000000 00000000`00000000 fffff807`1a28fb00 fffff807`13bf9304 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
fffff807`1a28f8c0 fffff807`13a80c67 : 00000000`00000010 00000000`00000202 fffff807`1a28fa78 00000000`00000018 : nt!KiInterruptDispatchNoLockNoEtw+0x37
fffff807`1a28fa50 fffff807`13ac0f2a : 00000000`00001388 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeYieldProcessorEx+0x17
fffff807`1a28fa80 fffff807`13ac0eef : 00000080`1db832cb fffff807`35d2eda9 ffff0000`36f9b869 00000000`00000000 : nt!KxWaitForLockOwnerShip+0x2a
fffff807`1a28fab0 fffff807`2cd07fba : 00000000`00000000 fffff807`35d2eda9 ffffc80b`61790000 fffff807`35d2eda9 : nt!KeAcquireInStackQueuedSpinLock+0x7f
fffff807`1a28fae0 00000000`00000000 : fffff807`35d2eda9 ffffc80b`61790000 fffff807`35d2eda9 ffffc681`58744e70 : 360AntiHijack64+0x7fba
SYMBOL_NAME: 360AntiHijack64+7fba
MODULE_NAME: 360AntiHijack64
IMAGE_NAME: 360AntiHijack64.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 7fba
FAILURE_BUCKET_ID: 0x133_DPC_360AntiHijack64!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3d292812-d066-4428-9960-436e5bab49f1}
Followup: MachineOwner
---------
另外能找到的dmp文件还有4分,经分析全部提示为360antihijack错误,请分析 |
|
|
|
评论
直达楼层