BSOD (Blue Screen of Death) 指的是微軟Windows操作系統(tǒng)在無法從一個系統(tǒng)錯誤中恢復過來時所顯示的屏幕圖像。藍屏死機出現(xiàn)時,通常代表Windows操作系統(tǒng)已經(jīng)達到無法正常運作的狀態(tài)。造成藍屏死機的原因有許多的可能性,例如硬件故障、驅動程序問題或是關鍵程序異常終止。
下圖為Windows 10中常見的藍屏死機畫面:
雖然藍屏死機是Windows操作系統(tǒng)中,常見的故障畫面,但是要由藍屏死機發(fā)生當下的藍色畫面得出故障的原因,是很困難的。但若能將下圖中的設定值改為Complete memory dump,那于藍屏死機發(fā)生后,就可由系統(tǒng)中取得完整的內存轉儲 (Memory dump)。透過這個內存轉儲 (Memory dump),便能尋找藍屏死機發(fā)生的原因。
取得藍屏死機的內存轉儲文件后,可使用微軟所提供的WinDbg工具來協(xié)助找尋藍屏死機發(fā)生的原因。
WinDbg是微軟Windows上的多用途除錯(Debug)工具,可從微軟網(wǎng)站上免費下載安裝使用。除錯(Debug)是發(fā)現(xiàn)和解決系統(tǒng)錯誤的過程。WinDbg可用于除錯用戶模式(user mode)下的應用程序、驅動程序,以及內核模式(kernel mode)的操作系統(tǒng)自身。WinDbg執(zhí)行后的接口請參考下圖:
百佳泰多年來,與各家PC品牌大廠皆有長期且深入的合作,累積了豐富的WinDbg BSOD memory dump 分析經(jīng)驗,歸納下來,造成Windows操作系統(tǒng)產(chǎn)生BSOD可分為以下幾類:
百佳泰能協(xié)助分析Windows 藍屏死機(BSOD)發(fā)生的成因,并提供解決問題的方向及建議。
BSoD occurs on shutdown stress test, BSOD code is 0x9f
「Root Cause」: “Windows was waiting for the Intel Wireless Bluetooth Driver to transfer to next power state. Base on the analysis, we can know the device driver didn’t transfer to next power state.
So that BSOD happened after the IRP pending.
「Detailed」:By checking the dump files, we confirmed all BSOD were caused by Intel Wireless Bluetooth Driver didn’t transfer to next power state. So that BSOD happened after the IRP pending.
>[IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)]
0 e1 ffff8508e793ee10 00000000 00000000-00000000??? pending
DriverACPI
Args: 00000000 00000001 00000001 00000000
————————————————————————————————–
Windows was waiting for the device to transfer to next power state.
Base on above log, we can know the device didn’t transfer to next power state.
So that BSOD happened after the pending.
————————————————————————————————–
2: kd> !devstack ffff8508e6f2db90
!DevObj?????????? !DrvObj??????????? !DevExt?????????? ObjectName
ffff8508e6f30d50? DriverBTHUSB???? ffff8508e7991eb0
ffff8508e6f318d0? Driveribtusb???? ffff8508e71da310
ffff8508e793ee10? DriverACPI?????? ffff8508d32e7010
> ffff8508e6f2db90? DriverUSBHUB3??? ffff8508e715e310? USBPDO-4
!DevNode ffff8508e79516b0 :
DeviceInst is “USBVID_8087&PID_00265&c5fc33b&0&10”
ServiceName is “BTHUSB”
————————————————————————————————–
USBVID_8087&PID_00265&c5fc33b&0&10
=>Intel Wireless Bluetooth Driver
————————————————————————————————–
REG_DWORD?????????? UBR?????????????????????????? 184
————————————————————————————————–
Windows 10 Pro 2004 (19041.388)
————————————————————————————————–
2: kd> lmvm UsbHub3
Browse full module list
start???????????? end???????????????? module name
fffff800`332d0000 fffff800`33373000?? UsbHub3??? (pdb symbols)????????? d:symbolusbhub3.pdbFEB0212F8C4FD77DDEEBF0678FB00EA21usbhub3.pdb
Loaded symbol image file: UsbHub3.sys
Image path: SystemRootSystem32driversUsbHub3.sys
Image name: UsbHub3.sys
Browse all global symbols? functions? data
Image was built with /Brepro flag.
Timestamp:??????? FDA30E83 (This is a reproducible build file hash, not a timestamp)
CheckSum:???????? 000AC346
ImageSize:??????? 000A3000
File version:???? 10.0.19041.264
Product version:? 10.0.19041.264
————————————————————————————————–
UsbHub3.sys version is 10.0.19041.264
This version is the same with the version used in latest MSFT QFE 2020.08B
————————————————————————————————–
2: kd> lmvm bthusb
Browse full module list
start???????????? end???????????????? module name
fffff800`38b70000 fffff800`38b91000?? BTHUSB???? (pdb symbols)????????? d:symbolbthusb.pdbBE8B332932B8B19471111557BE5095DA1bthusb.pdb
Loaded symbol image file: BTHUSB.sys
Image path: SystemRootSystem32driversBTHUSB.sys
Image name: BTHUSB.sys
Browse all global symbols? functions? data
Image was built with /Brepro flag.
Timestamp:??????? 4B55908C (This is a reproducible build file hash, not a timestamp)
CheckSum:???????? 000279B2
ImageSize:??????? 00021000
Translations:???? 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
————————————————————————————————–
[Allion]Can’t see the file version of BTHUSB.sys
But we can see the Windows version on BSOD machine is Windows 10 2004 (19041.388)
The latest version of BTHUSB.sys in MSFT QFE 2020.08B is 10.0.19041.423
————————————————————————————————–
2: kd> !reg querykey REGISTRYMACHINESYSTEMCONTROLSET001SERVICESibtusb
Sorry <REGISTRYMACHINESYSTEMCONTROLSET001SERVICESibtusb> is not cached
=============================================================
Falling back to traversing the tree of nodes.
Hive???????? ffffe70f12c72000
KeyNode????? ffffe70f176db5dc
[SubKeyAddr]???????? [SubKeyName]ffffe70f176db8f4???? Parameters
[SubKeyAddr]???????? [VolatileSubKeyName]ffffe70f17efe664???? Enum
Use ‘!reg keyinfo ffffe70f12c72000 <SubKeyAddr>’ to dump the subkey details
[ValueType]???????? [ValueName]?????????????????? [ValueData]REG_DWORD?????????? Type????????????????????????? 1
REG_DWORD?????????? Start???????????????????????? 3
REG_DWORD?????????? ErrorControl????????????????? 1
REG_DWORD??? ???????Tag?????????????????????????? a
REG_EXPAND_SZ?????? ImagePath???????????????????? SystemRootSystem32DriverStoreFileRepositoryibtusb.inf_amd64_b9506ba89bf1aa17ibtusb.sys
REG_SZ????????????? DisplayName?????????????????? @oem55.inf,%ibtusb.SVCDESC_IBT%;インテル(R) ワイヤレス Bluetooth(R)
REG_SZ????????????? Group???????????????????????? PNP Filter
REG_MULTI_SZ??????? Owners??????????????????????? oem55.inf?
————————————————————————————————–
[Allion]=>Intel Wireless Bluetooth Driver
————————————————————————————————–
「Recommend」:
Suggest to replace the Intel wireless bluetooth driver or report issue to Intel.