|
Windows DBG
Вложений: 1
Привет, есть пара дамп файлов в которых некоторым людям видно что мол ОЗУ подошёл конец и летят синие экраны смерти собственно,
так вот вопрос установил Windows DBG и когда запускаю его внутри пишет следующее: Скрытый текст
Microsoft (R) Windows Debugger Version 10.0.22621.755 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\vovan\OneDrive\Рабочий стол\111122-7968-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred SRV*%systemdrive%\symbols*http://msdl.microsoft.com/download/symbols Deferred symsrv*symsrv.dll*c:\symbols* http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*%systemdrive%\symbols*http://msdl.microsoft.com/download/s...ll*c:\symbols* http://msdl.microsoft.com/download/symbols Executable search path is: DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store Windows 10 Kernel Version 19041 MP (12 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff804`36600000 PsLoadedModuleList = 0xfffff804`3722a290 Debug session time: Fri Nov 11 20:46:26.280 2022 (UTC + 3:00) System Uptime: 0 days 0:09:13.928 DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store Loading Kernel Symbols . DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store .............................................................. ................................................................ ................................................................ ............... Loading User Symbols Loading unloaded module list ....... For analysis of this file, run !analyze -v Собственно меня беспокоит строка: DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store типо нету связи с сервером или что не так? если запустить анализ там так же Скрытый текст
6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 000000000000001d, An RTL_BALANCED_NODE RBTree entry has been corrupted. Arg2: fffff60971519b00, Address of the trap frame for the exception that caused the BugCheck Arg3: fffff60971519a58, Address of the exception record for the exception that caused the BugCheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------ DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store DBGHELP: %systemdrive%\symbols*http://msdl.microsoft.com/download/symbols is not a valid store KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 4968 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 7439 Key : Analysis.Init.CPU.mSec Value: 4437 Key : Analysis.Init.Elapsed.mSec Value: 261712 Key : Analysis.Memory.CommitPeak.Mb Value: 89 Key : FailFast.Name Value: INVALID_BALANCED_TREE Key : FailFast.Type Value: 29 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 FILE_IN_CAB: 111122-7968-01.dmp BUGCHECK_CODE: 139 BUGCHECK_P1: 1d BUGCHECK_P2: fffff60971519b00 BUGCHECK_P3: fffff60971519a58 BUGCHECK_P4: 0 TRAP_FRAME: fffff60971519b00 -- (.trap 0xfffff60971519b00) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=000000000000001d rdx=ffff81064b52cfb8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80436a24d2f rsp=fffff60971519c98 rbp=000000000000009a r8=ffff8106481ca008 r9=0000000000000000 r10=0000000000000000 r11=ffff81064aa2cfb8 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz ac po cy nt!RtlRbRemoveNode+0x1feaff: fffff804`36a24d2f cd29 int 29h Resetting default scope EXCEPTION_RECORD: fffff60971519a58 -- (.exr 0xfffff60971519a58) ExceptionAddress: fffff80436a24d2f (nt!RtlRbRemoveNode+0x00000000001feaff) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 000000000000001d Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: msedge.exe ERROR_CODE: (NTSTATUS) 0xc0000409 - . . EXCEPTION_CODE_STR: c0000409 EXCEPTION_PARAMETER1: 000000000000001d EXCEPTION_STR: 0xc0000409 STACK_TEXT: fffff609`715197d8 fffff804`36a0af69 : 00000000`00000139 00000000`0000001d fffff609`71519b00 fffff609`71519a58 : nt!KeBugCheckEx fffff609`715197e0 fffff804`36a0b390 : 00000000`00000004 00000000`00000000 00000000`00000000 fffff804`3a3e8e32 : nt!KiBugCheckDispatch+0x69 fffff609`71519920 fffff804`36a09723 : fffff804`3a3d3048 00000000`00000000 00000000`00000004 00000000`00000016 : nt!KiFastFailDispatch+0xd0 fffff609`71519b00 fffff804`36a24d2f : 00000045`00030000 00010003`009a0001 fffff804`36825ff0 00000000`0000009a : nt!KiRaiseSecurityCheckFailure+0x323 fffff609`71519c98 fffff804`36825ff0 : 00000000`0000009a ffff8106`4b52cfe0 00000000`00000000 ffff8106`4b52cfb0 : nt!RtlRbRemoveNode+0x1feaff fffff609`71519cb0 fffff804`36825a38 : ffff8106`37c02280 ffff8106`4b524000 ffff8106`37c02280 fffff609`71519db8 : nt!RtlpHpVsChunkCoalesce+0xb0 fffff609`71519d10 fffff804`368243c4 : ffff8106`00000000 ffff8106`00000000 00000000`00000000 ffff8106`00000000 : nt!RtlpHpVsContextFree+0x188 fffff609`71519db0 fffff804`36fb2019 : ffff8106`000002d0 00000000`00000238 00000000`00000000 01000000`00100000 : nt!ExFreeHeapPool+0x4d4 fffff609`71519e90 fffff804`50e8220c : 000000c2`1f9fe450 00000000`00000000 000000c2`1f9fe450 00000000`00000000 : nt!ExFreePool+0x9 fffff609`71519ec0 fffff804`50e82738 : 00000000`00000000 ffff8106`4c6f8c90 ffff8106`4c6f8bc0 000000c2`1f9fe450 : nsiproxy!NsippGetAllParameters+0x36c fffff609`7151a0b0 fffff804`3682a6b5 : 00000000`00000002 00000000`00000000 ffff8106`4cc3c9d0 ffff8106`385c5850 : nsiproxy!NsippDispatch+0xd8 fffff609`7151a100 fffff804`36c14848 : ffff8106`4c6f8bc0 00000000`00000000 00000000`00000000 00000000`00000068 : nt!IofCallDriver+0x55 fffff609`7151a140 fffff804`36c14647 : 00000000`00000000 fffff609`7151a480 00000000`00040800 fffff609`7151a480 : nt!IopSynchronousServiceTail+0x1a8 fffff609`7151a1e0 fffff804`36c139c6 : 00000000`00000001 00000000`000004c0 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc67 fffff609`7151a320 fffff804`36a0a9b5 : ffff8106`4896f080 000000c2`1f9fe268 fffff609`7151a3a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56 fffff609`7151a390 00007fff`2ec0d0e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 000000c2`1f9fe2f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`2ec0d0e4 SYMBOL_NAME: nsiproxy!NsippGetAllParameters+36c MODULE_NAME: nsiproxy IMAGE_NAME: nsiproxy.sys IMAGE_VERSION: 10.0.19041.546 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 36c FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nsiproxy!NsippGetAllParameters OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {c2bafe47-ad53-38ea-8e04-206ba485bd57} Followup: MachineOwner --------- У правильно настроенного WinDBG должно показывать что то вроде: Скрытый текст
MODULE_NAME: memory_corruption Если что на моём ноуте Windows 10 Home x64(лицензия) |
Цитата:
Цитата:
|
crackback, у меня так:
Скрытый текст
Код:
Loading Dump File [C:\10\111122-7968-01.dmp]Скрытый текст
Код:
> kСкрытый текст
Код:
MODULE_NAME: memory_corruption |
|
| Время: 08:31. |
Время: 08:31.
© OSzone.net 2001-