Jump to content

passat380

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

passat380's Achievements

Newbie

Newbie (1/14)

  • Week One Done
  • Conversation Starter Rare

Recent Badges

0

Reputation

  1. passat380 started following aida64每次关闭就蓝屏
  2. passat380
    ************* 为调试器扩展库存储库准备环境 ************** ExtensionRepository : 隐式 UseExperimentalFeatureForNugetShare:假 AllowNugetExeUpdate:假 AllowNugetMSCredentialProviderInstall:假 AllowParallelInitializationOfLocalRepositories:真 -- 配置存储库 ---->存储库:LocalInstalled,已启用:true ---->存储库:UserExtensions,已启用:true >>>>>>>>>>>>> 为调试器扩展库存储库准备环境已完成,持续时间 0.000 秒 等待调试器扩展库初始化************** >>>>>>>>>>>>> 等待调试器扩展库初始化完成,时长 0.063 秒 ---->存储库 : UserExtensions, Enabled: true, 包计数: 0 ----> 存储库 : LocalInstalled, Enabled: true, 包计数: 36 Microsoft (R) Windows 调试器版本 10.0.25877.1004 AMD64 版权所有 (c) Microsoft Corporation。保留所有权利。 加载转储文件 [C:\Users\Night\Desktop\012824-28390-01.dmp] Mini Kernel Dump File:只有寄存器和堆栈跟踪可用 路径验证摘要************** 响应时间(毫秒) 位置 延期 srv* 符号搜索路径为:srv* 可执行文件搜索路径为: Windows 10 内核版本 22621 MP(20 个程序)免费 x64 产品:WinNt,套件:TerminalServer SingleUserTS Personal 版本生成实验室:22621.1.amd64fre.ni_release.220506-1250 内核基础 = 0xfffff805'06000000 PsLoadedModuleList = 0xfffff805'06c13510 调试会话时间:2024 年 1 月 28 日星期日 10:08:37.458 (UTC + 8:00) 系统正常运行时间: 0 天 0:04:56.088 加载内核符号 ............................................................... ................................................................ ............................................................ 加载用户符号 加载卸载的模块列表 ........ 要分析此文件,请运行!analyze -vNT!KeBugCheckEx: fffff805'06416bc0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb88f'78ad8400=0000000000000050 10:kd> !analyze -v ******************************************************************************* * * * 错误检查分析 * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) 引用了无效的系统内存。这不能通过 try-except 来保护。 通常,该地址非常糟糕,或者指向释放的内存。 参数: Arg1:ffffe18000000000,引用的内存。 Arg2:0000000000000000,X64:如果故障是由于不存在的 PTE 引起的,则设置位 0。 如果故障是由于写入引起的,则设置位 1,如果读取,则设置位 1。 如果处理器确定故障是由于 PTE 损坏造成的,则设置位 3。 如果故障是由于尝试执行未执行 PTE 造成的,则设置位 4。 - ARM64:如果故障是由于写入引起的,则设置位 1,如果读取,则清除。 如果故障是由于尝试执行未执行 PTE 造成的,则设置位 3。 Arg3:0000000000000000,如果非零,则引用错误内存的指令地址 地址。 Arg4:0000000000000006,(保留) 调试详细信息: ------------------ 警告:无法验证 kerneld.x64 的时间戳 KEY_VALUES_STRING:1 键 : AV.类型 值:读取 键:Analysis.CPU.mSec 值: 3827 键:Analysis.Elapsed.mSec 值: 5922 关键字 : Analysis.IO.Other.Mb 值: 0 关键字:Analysis.IO.Read.Mb 值: 0 关键字 : Analysis.IO.Write.Mb 值: 0 键:Analysis.Init.CPU.mSec 值: 859 键:Analysis.Init.Elapsed.mSec 值: 9864 键 : Analysis.Memory.CommitPeak.Mb 值: 92 密钥:Bugcheck.Code.LegacyAPI 值:0x50 键:Failure.Bucket 值:AV_R_(null)_kerneld!unknown_function 键:Failure.Hash 值: {435933fa-e1a1-d4c8-2943-9fa8d1acf89d} 密钥 : WER.平衡计分卡分支 值:ni_release 密钥 : WER.平衡计分卡版本 值: 10.0.22621.1 BUGCHECK_CODE:50 BUGCHECK_P1: ffffe18000000000 BUGCHECK_P2:0 BUGCHECK_P3:0 BUGCHECK_P4:6 FILE_IN_CAB: 012824-28390-01.dmp READ_ADDRESS:fffff80506d1c470:无法获取 MiVisibleState 无法获取 NonPagedPoolStart 无法获取 NonPagedPoolEnd 无法获取 PagedPoolStart 无法获取 PagedPoolEnd 无法获得NT!MmSpecialPagesInUse FFFFFE18000000000 MM_INTERNAL_CODE:6 黑匣子BSD:1 (!blackboxbsd) BLACKBOXNTFS:1 (!blackboxntfs) 黑盒pnp:1 (!blackboxpnp) BLACKBOXWINLOGON:1 CUSTOMER_CRASH_COUNT:1 PROCESS_NAME:系统 TRAP_FRAME: ffffb88f78ad86b0 --(.trap 0xffffb88f78ad86b0)注: 陷阱帧不包含所有寄存器。某些寄存器值可能为零或不正确。RAX=00000000000000000 RBX=000000000000000000 RCX=FFFFFE18000000000 rdx=0000000000000001 rsi=000000000000000000 rdi=00000000000000000 rip=fffff8050629f5b0 rsp=ffffb88f78ad8848 rbp=00000000000000000 r8=0000007ffffffff8 r9=ffffe1f0c0000000 r10=0000000000000001 r11=ffffe1f0f87c3000 r12=00000000000000000 r13=00000000000000000 R14=000000000000000000 R15=00000000000000000 IOPL=0 NV UP EI PL ZR NA PO NC NT!MI_READ_PTE_LOCK_FREE: fffff805'0629f5b0 488b01 mov rax,qword ptr [rcx] ds:ffffe180'00000000=???????????????? 重置默认范围 STACK_TEXT: ffffb88f'78ad83f8 fffff805'0644223f : 00000000'00000050 ffffe180'000000000 00000000'00000000 ffffe1f0'c0000000 : nt!KeBugCheckEx ffffb88f'78ad8400 fffff805'06262732 : ffffb88f'78ad85d0 ffffb88f'78ad8590 ffffb88f'78ad85a0 ffffb88f'78ad8528 : nt!MiZeroFault+0x1c5c8f ffffb88f'78ad8500 fffff805'06261fbb : 00000000'00000001 00000000'00000000 00000000'000000000 ffffe180'00000000 : NT!MiUserFault+0x392 ffffb88f'78ad8590 ffff805'06427929 : 00000000'00000000 00000000'00000000 ffffbb00'0d6b3600 00100b55'000018da : NT!MmAccessFault+0x13b ffffb88f'78ad86b0 fffff805'0629f5b0 : fffff805'062c91a8 0000007f'fffffff8 ffffe180'000000000 00000000'00000001 : nt!KiPageFault+0x369 ffffb88f'78ad8848 fffff805'062c91a8 : 0000007f'fffffff8 ffffe180'00000000 00000000'00000001 ffffe1ca'00805ab0 : nt!MI_READ_PTE_LOCK_FREE ffffb88f'78ad8850 fffff805'062c90b5 : 00000000'00000001 ffffa889'2a6efcf0 ffffa889'2a6efcf0 000000000'00000001 : nt!MiMappingHasIoTracker+0x44 ffffb88f'78ad8880 fffff805'6cd7bb12 : 000000000'00000000 41c64e6d'a3bc4145 ffffff805'6cd7e2a8 fffff805'0627a1d5 : nt!MmUnmapIoSpace+0x65 ffffb88f'78ad89c0 000000000'00000000 : 41c64e6d'a3bc4145 fffff805'6cd7e2a8 fffff805'0627a1d5 000000000'00320030 : kerneld+0xbb12 SYMBOL_NAME:kerneld+bb12 MODULE_NAME:内核IMAGE_NAME:kerneld.x64 STACK_COMMAND: .cxr; .ecxr ;知识库 BUCKET_ID_FUNC_OFFSET: bb12 FAILURE_BUCKET_ID: AV_R_(null)_kerneld!unknown_function OS_VERSION: 10.0.22621.1 BUILDLAB_STR:ni_release OSPLATFORM_TYPE:x64 操作系统名称: Windows 10 FAILURE_ID_HASH: {435933FA-E1A1-D4C8-2943-9FA8D1ACF89D} 跟进:MachineOwner
  3. passat380
    最近出现aida64打开正常,关闭aida64瞬间蓝屏,以下是windbg分析的错误代码,请帮帮我吧! PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: ffffe18000000000, memory referenced. Arg2: 0000000000000000, X64: bit 0 set if the fault was due to a not-present PTE. bit 1 is set if the fault was due to a write, clear if a read. bit 3 is set if the processor decided the fault was due to a corrupted PTE. bit 4 is set if the fault was due to attempted execute of a no-execute PTE. - ARM64: bit 1 is set if the fault was due to a write, clear if a read. bit 3 is set if the fault was due to attempted execute of a no-execute PTE. Arg3: 0000000000000000, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000006, (reserved) Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for kerneld.x64 KEY_VALUES_STRING: 1 Key : AV.Type Value: Read Key : Analysis.CPU.mSec Value: 2562 Key : Analysis.Elapsed.mSec Value: 4437 Key : Analysis.IO.Other.Mb Value: 0 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 0 Key : Analysis.Init.CPU.mSec Value: 374 Key : Analysis.Init.Elapsed.mSec Value: 12577 Key : Analysis.Memory.CommitPeak.Mb Value: 92 Key : Bugcheck.Code.LegacyAPI Value: 0x50 Key : Failure.Bucket Value: AV_R_(null)_kerneld!unknown_function Key : Failure.Hash Value: {435933fa-e1a1-d4c8-2943-9fa8d1acf89d} Key : WER.OS.Branch Value: ni_release Key : WER.OS.Version Value: 10.0.22621.1 BUGCHECK_CODE: 50 BUGCHECK_P1: ffffe18000000000 BUGCHECK_P2: 0 BUGCHECK_P3: 0 BUGCHECK_P4: 6 FILE_IN_CAB: 012824-28390-01.dmp READ_ADDRESS: fffff80506d1c470: Unable to get MiVisibleState Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd unable to get nt!MmSpecialPagesInUse ffffe18000000000 MM_INTERNAL_CODE: 6 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System TRAP_FRAME: ffffb88f78ad86b0 -- (.trap 0xffffb88f78ad86b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=ffffe18000000000 rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8050629f5b0 rsp=ffffb88f78ad8848 rbp=0000000000000000 r8=0000007ffffffff8 r9=ffffe1f0c0000000 r10=0000000000000001 r11=ffffe1f0f87c3000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!MI_READ_PTE_LOCK_FREE: fffff805`0629f5b0 488b01 mov rax,qword ptr [rcx] ds:ffffe180`00000000=???????????????? Resetting default scope STACK_TEXT: ffffb88f`78ad83f8 fffff805`0644223f : 00000000`00000050 ffffe180`00000000 00000000`00000000 ffffe1f0`c0000000 : nt!KeBugCheckEx ffffb88f`78ad8400 fffff805`06262732 : ffffb88f`78ad85d0 ffffb88f`78ad8590 ffffb88f`78ad85a0 ffffb88f`78ad8528 : nt!MiZeroFault+0x1c5c8f ffffb88f`78ad8500 fffff805`06261fbb : 00000000`00000001 00000000`00000000 00000000`00000000 ffffe180`00000000 : nt!MiUserFault+0x392 ffffb88f`78ad8590 fffff805`06427929 : 00000000`00000000 00000000`00000000 ffffbb00`0d6b3600 00100b55`000018da : nt!MmAccessFault+0x13b ffffb88f`78ad86b0 fffff805`0629f5b0 : fffff805`062c91a8 0000007f`fffffff8 ffffe180`00000000 00000000`00000001 : nt!KiPageFault+0x369 ffffb88f`78ad8848 fffff805`062c91a8 : 0000007f`fffffff8 ffffe180`00000000 00000000`00000001 ffffe1ca`00805ab0 : nt!MI_READ_PTE_LOCK_FREE ffffb88f`78ad8850 fffff805`062c90b5 : 00000000`00000001 ffffa889`2a6efcf0 ffffa889`2a6efcf0 00000000`00000001 : nt!MiMappingHasIoTracker+0x44 ffffb88f`78ad8880 fffff805`6cd7bb12 : 00000000`00000000 41c64e6d`a3bc4145 fffff805`6cd7e2a8 fffff805`0627a1d5 : nt!MmUnmapIoSpace+0x65 ffffb88f`78ad89c0 00000000`00000000 : 41c64e6d`a3bc4145 fffff805`6cd7e2a8 fffff805`0627a1d5 00000000`00320030 : kerneld+0xbb12 SYMBOL_NAME: kerneld+bb12 MODULE_NAME: kerneld IMAGE_NAME: kerneld.x64 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: bb12 FAILURE_BUCKET_ID: AV_R_(null)_kerneld!unknown_function OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {435933fa-e1a1-d4c8-2943-9fa8d1acf89d} Followup: MachineOwner ---------
×
×
  • Create New...