有人可以通过命令来查找第三方驱动程序可能是附加的minidump中BSOD的罪魁祸首。
https://1drv.ms/u/s!AqhhsryB84SOjPNG54-xPUQQ5SoouQ
我已经运行了ArrayList,它没有提供任何第三方驱动程序的线索,只有微软的驱动程序。
答案 0 :(得分:2)
!analyze -v Analyzing the dump with Windbg并未显示足够的详细信息:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8032ae9ada2, Address of the instruction which caused the bugcheck
Arg3: ffff8c001ea8eda0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
00 nt!KeBugCheckEx
01 nt!KiBugCheckDispatch
02 nt!KiSystemServiceHandler
03 nt!RtlpExecuteHandlerForException
04 nt!RtlDispatchException
05 nt!KiDispatchException
06 nt!KiExceptionDispatch
07 nt!KiGeneralProtectionFault
08 nt!ObDereferenceSecurityDescriptor
09 nt!SeDefaultObjectMethod
0a nt!ObpRemoveObjectRoutine
0b nt!ObfDereferenceObjectWithTag
0c nt!ObCloseHandleTableEntry
0d nt!NtClose
0e nt!KiSystemServiceCopyEnd
0f 0x0
因此,在关闭句柄时会出现00000000c0000005 - 访问被拒绝错误。接下来我使用了Andrew Richards的PDE.dll并使用!pde.dpx转储了所有数据,在这里我看到了一个McAfee DLL:
0xffff8c001ea8ee08 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8ee98 : 0xfffff8032ae9ada2 : nt!ObDereferenceSecurityDescriptor+0x12
Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
0xffff8c001ea8f058 : 0xfffff8032aafdc5a : nt!ExpReleaseResourceForThreadLite+0x13a
0xffff8c001ea8f068 : 0xfffff8032aafdac4 : nt!ExAcquireResourceSharedLite+0x394
0xffff8c001ea8f0c8 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8f0e8 : 0xfffff8032aab5420 : nt!MiFlushTbList+0x2f0
0xffff8c001ea8f100 : 0xfffff8032adc1100 : nt!NonPagedPoolDescriptor
0xffff8c001ea8f228 : 0xfffff8032ab35ddc : nt!RtlGetExtendedContextLength+0x34
0xffff8c001ea8f248 : 0xfffff8032ae81619 : nt!ObpCallPreOperationCallbacks+0x269
0xffff8c001ea8f2f8 : 0xfffff8032ab51ecb : nt!MiFlushHyperSpace+0x8b
0xffff8c001ea8f348 : 0xfffff8032ac4ae2d : nt!HvlpFastFlushAddressSpaceTb+0x59
0xffff8c001ea8f3b8 : 0xfffff8032ac4abde : nt!HvlFlushAddressSpaceTb+0x5e
0xffff8c001ea8f438 : 0xfffff8032abe7a02 : nt!KiExceptionDispatch+0xc2
0xffff8c001ea8f538 : 0xfffff8032adac040 : nt!MiSystemPartition
0xffff8c001ea8f588 : 0xfffff8032ae9ada2 : nt!ObDereferenceSecurityDescriptor+0x12
0xffff8c001ea8f618 : 0xfffff8032abe5cbd : nt!KiGeneralProtectionFault+0xfd
0xffff8c001ea8f620 : 0xfffff8800001f2f8 : Trap @ ffff8c001ea8f620
0xffff8c001ea8f628 : 0xfffff8032aaead13 : nt!MiDeleteVirtualAddresses+0xf63
0xffff8c001ea8f6f8 : 0xfffff8032aad3470 : nt!MiGetVadWakeList+0x120
0xffff8c001ea8f718 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8f738 : 0xfffff8032adac040 : nt!MiSystemPartition
0xffff8c001ea8f748 : 0xfffff8032aeaa349 : nt!MiRemoveVadCharges+0x219
0xffff8c001ea8f788 : 0xfffff8032ae9ada2 : nt!ObDereferenceSecurityDescriptor+0x12
0xffff8c001ea8f7b8 : 0xfffff8032aad3307 : nt!MiFinishVadDeletion+0x3d7
0xffff8c001ea8f7c8 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8f7e8 : 0xfffff8032ae9a948 : nt!SeDefaultObjectMethod+0xa8
0xffff8c001ea8f7f8 : 0xfffff8032aea8f4a : nt!MiRemoveSharedCommitNode+0x29a
0xffff8c001ea8f828 : 0xfffff8032af268c9 : nt!ObpLookupDirectoryUsingHash+0x95
0xffff8c001ea8f838 : 0xfffff8032ae96337 : nt!ObpRemoveObjectRoutine+0xc7
0xffff8c001ea8f898 : 0xfffff8032ab00326 : nt!ObfDereferenceObjectWithTag+0xc6
0xffff8c001ea8f8d8 : 0xfffff8032aeb135b : nt!ObCloseHandleTableEntry+0x28b
0xffff8c001ea8fa18 : 0xfffff8032aefb5db : nt!NtClose+0xcb
Image path: \SystemRoot\system32\drivers\mfehidk.sys
Image name: mfehidk.sys
Browse all global symbols functions data
Timestamp: Wed Nov 30 22:56:01 2016
如果没有可用的更新,请删除McAfee软件。