本帖最后由 飘忽的青布衫 于 2023-5-25 11:03 编辑
以下是 dmp 文件解析,哪位懂的大佬分析下,感谢
Microsoft (R) Windows Debugger Version 10.0.22621.1778 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (24 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22621.1.amd64fre.ni_release.220506-1250
Machine Name:
Kernel base = 0xfffff802`81600000 PsLoadedModuleList = 0xfffff802`82213470
Debug session time: Wed May 24 22:05:57.251 2023 (UTC + 8:00)
System Uptime: 0 days 0:00:08.923
Loading Kernel Symbols
...............................................................
................................................................
..............................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000af`03b43018). Type ".hh dbgerr001" for details
Loading unloaded module list
........
For analysis of this file, run !analyze -v
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
the PTE. Parameters 3/4 contain the low/high parts of the PTE.
Arg2: ffffa5bffd76e678
Arg3: 0000000010000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 515
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 5546
Key : Analysis.Init.CPU.mSec
Value: 499
Key : Analysis.Init.Elapsed.mSec
Value: 53825
Key : Analysis.Memory.CommitPeak.Mb
Value: 114
Key : MemoryManagement.PFN
Value: 10000
Key : WER.OS.Branch
Value: ni_release
Key : WER.OS.Timestamp
Value: 2022-05-06T12:50:00Z
Key : WER.OS.Version
Value: 10.0.22621.1
FILE_IN_CAB: MEMORY.DMP
DUMP_FILE_ATTRIBUTES: 0x1000
BUGCHECK_CODE: 1a
BUGCHECK_P1: 41792
BUGCHECK_P2: ffffa5bffd76e678
BUGCHECK_P3: 10000000
BUGCHECK_P4: 0
MEMORY_CORRUPTOR: ONE_BIT
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: wevtutil.exe
STACK_TEXT:
fffff184`bab46ea8 fffff802`819000e7 : 00000000`0000001a 00000000`00041792 ffffa5bf`fd76e678 00000000`10000000 : nt!KeBugCheckEx
fffff184`bab46eb0 fffff802`818efa8d : 00000000`00000000 fffff184`bab473b0 fffff343`0423a69c 00000000`00000000 : nt!MiDeleteVa+0x1597
fffff184`bab46fb0 fffff802`818ef88d : ffffa5bf`00000000 00000000`00000000 00000000`00000000 ffffe105`25ea1740 : nt!MiWalkPageTablesRecursively+0xb2d
fffff184`bab47040 fffff802`818ef88d : ffffa5d2`00000000 00000000`00000000 00000000`00000001 ffffe105`25ea1740 : nt!MiWalkPageTablesRecursively+0x92d
fffff184`bab470d0 fffff802`818ef88d : ffffa5d2`00000000 00000000`00000000 00000000`00000002 ffffe105`25ea1740 : nt!MiWalkPageTablesRecursively+0x92d
fffff184`bab47160 fffff802`81912951 : 00000000`00000000 00000000`00000000 00000000`00000003 ffffe105`25ea1740 : nt!MiWalkPageTablesRecursively+0x92d
fffff184`bab471f0 fffff802`818fe937 : fffff184`bab473b0 ffffa5d2`00000001 00000000`00000002 ffffa5d2`00000000 : nt!MiWalkPageTables+0x371
fffff184`bab472f0 fffff802`81857f42 : 00000000`00000000 fffff802`8185810d fffff184`bab476b8 ffffe105`255c50c0 : nt!MiDeletePagablePteRange+0x747
fffff184`bab47620 fffff802`81cc4158 : 00000000`00000000 fffff184`00000001 ffffe105`25ea10c0 fffff184`bab476f0 : nt!MiDeleteVirtualAddresses+0x52
fffff184`bab47670 fffff802`81d2e1d1 : ffffe105`25ea10c0 ffffe105`201478f0 00000000`00000000 00000000`00000000 : nt!MiDeleteVad+0x1a8
fffff184`bab47730 fffff802`81d2db73 : ffffe105`201478f0 00000000`00000000 ffffe105`255c50c0 00000000`00000000 : nt!MiUnmapVad+0x49
fffff184`bab47760 fffff802`81d2d6ed : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe105`25ea10c0 : nt!MiCleanVad+0x2f
fffff184`bab47790 fffff802`81da826d : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffffe105`25ea10c0 : nt!MmCleanProcessAddressSpace+0x10d
fffff184`bab47810 fffff802`81c965b4 : ffffe105`25ea10c0 ffffae0a`6f486060 ffffe105`25ea10c0 00000000`00000000 : nt!PspRundownSingleProcess+0xc1
fffff184`bab478a0 fffff802`81dad2b2 : 00000000`00000000 ffffe105`25ea1001 ffffe105`255c5134 000000af`03b44000 : nt!PspExitThread+0x63c
fffff184`bab479a0 fffff802`81a406e5 : ffffe105`000015d8 ffffe105`255c50c0 ffffe105`25ea10c0 ffffe105`25ea10c0 : nt!NtTerminateProcess+0xf2
fffff184`bab47a20 00007ffa`edbaf1d4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
000000af`03c7fb78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`edbaf1d4
MODULE_NAME: hardware
IMAGE_NAME: memory_corruption
STACK_COMMAND: .cxr; .ecxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.22621.1
BUILDLAB_STR: ni_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: MachineOwner
---------
|
310112100042806
发表于 2023-5-25 11:02