完美世界txt全集下载,欢乐颂小说在线阅读,懒人听书 http://wsmcp.cn High Speed, High Frequency Consulting| Wed, 06 Nov 2024 08:45:19 +0000 zh-TW hourly 1 http://wsmcp.cn/wp-content/uploads/2018/11/cropped-fav-icon-32x32.png Blue Screen – 百佳泰 Allion Labs http://wsmcp.cn 32 32 藍(lán)屏死機(jī)(BSOD)怎么辦?談Microsoft Windows dump file解析 http://wsmcp.cn/windows-dump-file-analysis/ Thu, 29 Oct 2020 10:17:47 +0000 http://wsmcp.cn/?p=11871 Allion Labs / Joseph Lin

BSOD (Blue Screen of Death) 指的是微軟Windows操作系統(tǒng)在無(wú)法從一個(gè)系統(tǒng)錯(cuò)誤中恢復(fù)過來時(shí)所顯示的屏幕圖像。藍(lán)屏死機(jī)出現(xiàn)時(shí),通常代表Windows操作系統(tǒng)已經(jīng)達(dá)到無(wú)法正常運(yùn)作的狀態(tài)。造成藍(lán)屏死機(jī)的原因有許多的可能性,例如硬件故障、驅(qū)動(dòng)程序問題或是關(guān)鍵程序異常終止。

下圖為Windows 10中常見的藍(lán)屏死機(jī)畫面:

雖然藍(lán)屏死機(jī)是Windows操作系統(tǒng)中,常見的故障畫面,但是要由藍(lán)屏死機(jī)發(fā)生當(dāng)下的藍(lán)色畫面得出故障的原因,是很困難的。但若能將下圖中的設(shè)定值改為Complete memory dump,那于藍(lán)屏死機(jī)發(fā)生后,就可由系統(tǒng)中取得完整的內(nèi)存轉(zhuǎn)儲(chǔ) (Memory dump)。透過這個(gè)內(nèi)存轉(zhuǎn)儲(chǔ) (Memory dump),便能尋找藍(lán)屏死機(jī)發(fā)生的原因。

將圖中的設(shè)定改為Complete memory dump,就可由系統(tǒng)中取得完整的記憶體傾印檔(Memory dump)。

  • Windows BSOD memory dump解析

取得藍(lán)屏死機(jī)的內(nèi)存轉(zhuǎn)儲(chǔ)文件后,可使用微軟所提供的WinDbg工具來協(xié)助找尋藍(lán)屏死機(jī)發(fā)生的原因。
WinDbg是微軟Windows上的多用途除錯(cuò)(Debug)工具,可從微軟網(wǎng)站上免費(fèi)下載安裝使用。除錯(cuò)(Debug)是發(fā)現(xiàn)和解決系統(tǒng)錯(cuò)誤的過程。WinDbg可用于除錯(cuò)用戶模式(user mode)下的應(yīng)用程序、驅(qū)動(dòng)程序,以及內(nèi)核模式(kernel mode)的操作系統(tǒng)自身。WinDbg執(zhí)行后的接口請(qǐng)參考下圖:

WinDbg 執(zhí)行畫面

百佳泰多年來,與各家PC品牌大廠皆有長(zhǎng)期且深入的合作,累積了豐富的WinDbg BSOD memory dump 分析經(jīng)驗(yàn),歸納下來,造成Windows操作系統(tǒng)產(chǎn)生BSOD可分為以下幾類:

  • 設(shè)備驅(qū)動(dòng)程序 (Device drivers issue)
  • 應(yīng)用程序錯(cuò)誤 (Application issue)
  • 硬件錯(cuò)誤 (Hardware device issue)
  • Windows操作系統(tǒng) (Windows OS issue)

百佳泰能協(xié)助分析Windows 藍(lán)屏死機(jī)(BSOD)發(fā)生的成因,并提供解決問題的方向及建議。

? 百佳泰實(shí)際BSOD memory dump解析案例

BSoD occurs on shutdown stress test, BSOD code is 0x9f

「Root Cause」: “Windows was waiting for the Intel Wireless Bluetooth Driver to transfer to next power state. Base on the analysis, we can know the device driver didn’t transfer to next power state.

So that BSOD happened after the IRP pending.

「Detailed」:By checking the dump files, we confirmed all BSOD were caused by Intel Wireless Bluetooth Driver didn’t transfer to next power state. So that BSOD happened after the IRP pending.

>[IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)]

0 e1 ffff8508e793ee10 00000000 00000000-00000000??? pending

DriverACPI

Args: 00000000 00000001 00000001 00000000

————————————————————————————————–

Windows was waiting for the device to transfer to next power state.

Base on above log, we can know the device didn’t transfer to next power state.

So that BSOD happened after the pending.

————————————————————————————————–

2: kd> !devstack ffff8508e6f2db90

!DevObj?????????? !DrvObj??????????? !DevExt?????????? ObjectName

ffff8508e6f30d50? DriverBTHUSB???? ffff8508e7991eb0

ffff8508e6f318d0? Driveribtusb???? ffff8508e71da310

ffff8508e793ee10? DriverACPI?????? ffff8508d32e7010

> ffff8508e6f2db90? DriverUSBHUB3??? ffff8508e715e310? USBPDO-4

!DevNode ffff8508e79516b0 :

DeviceInst is “USBVID_8087&PID_00265&c5fc33b&0&10”

ServiceName is “BTHUSB”

————————————————————————————————–

USBVID_8087&PID_00265&c5fc33b&0&10

=>Intel Wireless Bluetooth Driver

————————————————————————————————–

REG_DWORD?????????? UBR?????????????????????????? 184

————————————————————————————————–

Windows 10 Pro 2004 (19041.388)

————————————————————————————————–

2: kd> lmvm UsbHub3

Browse full module list

start???????????? end???????????????? module name

fffff800`332d0000 fffff800`33373000?? UsbHub3??? (pdb symbols)????????? d:symbolusbhub3.pdbFEB0212F8C4FD77DDEEBF0678FB00EA21usbhub3.pdb

Loaded symbol image file: UsbHub3.sys

Image path: SystemRootSystem32driversUsbHub3.sys

Image name: UsbHub3.sys

Browse all global symbols? functions? data

Image was built with /Brepro flag.

Timestamp:??????? FDA30E83 (This is a reproducible build file hash, not a timestamp)

CheckSum:???????? 000AC346

ImageSize:??????? 000A3000

File version:???? 10.0.19041.264

Product version:? 10.0.19041.264

————————————————————————————————–

UsbHub3.sys version is 10.0.19041.264

This version is the same with the version used in latest MSFT QFE 2020.08B

————————————————————————————————–

2: kd> lmvm bthusb

Browse full module list

start???????????? end???????????????? module name

fffff800`38b70000 fffff800`38b91000?? BTHUSB???? (pdb symbols)????????? d:symbolbthusb.pdbBE8B332932B8B19471111557BE5095DA1bthusb.pdb

Loaded symbol image file: BTHUSB.sys

Image path: SystemRootSystem32driversBTHUSB.sys

Image name: BTHUSB.sys

Browse all global symbols? functions? data

Image was built with /Brepro flag.

Timestamp:??????? 4B55908C (This is a reproducible build file hash, not a timestamp)

CheckSum:???????? 000279B2

ImageSize:??????? 00021000

Translations:???? 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Information from resource tables:

————————————————————————————————–

[Allion]

Can’t see the file version of BTHUSB.sys

But we can see the Windows version on BSOD machine is Windows 10 2004 (19041.388)

The latest version of BTHUSB.sys in MSFT QFE 2020.08B is 10.0.19041.423

————————————————————————————————–

2: kd> !reg querykey REGISTRYMACHINESYSTEMCONTROLSET001SERVICESibtusb

Sorry <REGISTRYMACHINESYSTEMCONTROLSET001SERVICESibtusb> is not cached

=============================================================

Falling back to traversing the tree of nodes.

Hive???????? ffffe70f12c72000

KeyNode????? ffffe70f176db5dc

[SubKeyAddr]???????? [SubKeyName]

ffffe70f176db8f4???? Parameters

[SubKeyAddr]???????? [VolatileSubKeyName]

ffffe70f17efe664???? Enum

Use ‘!reg keyinfo ffffe70f12c72000 <SubKeyAddr>’ to dump the subkey details

[ValueType]???????? [ValueName]?????????????????? [ValueData]

REG_DWORD?????????? Type????????????????????????? 1

REG_DWORD?????????? Start???????????????????????? 3

REG_DWORD?????????? ErrorControl????????????????? 1

REG_DWORD??? ???????Tag?????????????????????????? a

REG_EXPAND_SZ?????? ImagePath???????????????????? SystemRootSystem32DriverStoreFileRepositoryibtusb.inf_amd64_b9506ba89bf1aa17ibtusb.sys

REG_SZ????????????? DisplayName?????????????????? @oem55.inf,%ibtusb.SVCDESC_IBT%;インテル(R) ワイヤレス Bluetooth(R)

REG_SZ????????????? Group???????????????????????? PNP Filter

REG_MULTI_SZ??????? Owners??????????????????????? oem55.inf?

————————————————————————————————–

[Allion]

=>Intel Wireless Bluetooth Driver

————————————————————————————————–

「Recommend」:

Suggest to replace the Intel wireless bluetooth driver or report issue to Intel.

]]>