|
|
发表于 2008-10-4 17:34:04| 字数 5,296| - 中国–浙江–杭州 电信/浙江大学
|
显示全部楼层
|阅读模式
7f错误
21、0x0000007F:UNEXPECTED_KERNEL_MOED_TRAP
错误分析:一般是由于有问题的硬件(比如:内存)或某些软件引起的. 有时超频也会产生这个错误.◇解决方案:用检测软件(比如:Memtest86)检查内存, 如果进行了超频, 请取消超频. 将PCI硬件插卡从主板插槽拔下来, 或更换插槽. 另外,
有些主板(比如:nForce2主板)在进行超频后, 南桥芯片过热也会导致蓝屏, 此时为该芯片单独增加散热片往往可以有效解决问题.
应该是软件带来的...有人遇到过否(具体症状是网络有时候会卡,vpn链接很容易断,而且偶尔在卡的时候容易蓝屏报错7f,ac切换网络的时候也容易蓝屏7f)
现在问题初步已经找到了,是卡巴司机的网络驱动程序klim6.sys(位于system32/driver下)造成的,具体机制不详(装了卡巴以后每个网络链接的协议里面都会有一个卡巴斯基的驱动在),赶紧卸掉这个协议,我等几天没再发生蓝屏就知道是不是他的缘故了
再次证明了windbg+minidumps分析处理这类问题的强大功能
windbg的教程网上很多,不讲了,死机以后打开minidump文件,发现错误指向wanarp.sys,pacer.sys,tdi.sys等,这些都是vista自带的网络协议驱动,之前被误导,以为是这些文件有问题,但是vista出问题的可能性显然不及我自己装的软件的兼容问题大
后来无意发现卡巴的自带网络截流协议,尝试uninstall之,发现系统在卸载klim6.sys,灵光一现...因为每个minidump里面开头都有这么一段
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81c0f000 PsLoadedModuleList = 0x81d26c70
Debug session time: Sun Oct 5 19:45:55.469 2008 (GMT+8)
System Uptime: 0 days 7:18:20.536
Loading Kernel Symbols
..............................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80154000, 0, 0}
Unable to load image \SystemRoot\system32\DRIVERS\klim6.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for klim6.sys
*** ERROR: Module load completed but symbols could not be loaded for klim6.sys
Probably caused by : pacer.sys ( pacer!PcFilterSendNetBufferListsComplete+ba )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80154000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 87acb4f1 to 87b9636f
STACK_TEXT:
c66cd018 87acb4f1 8c7430e8 84b2cb18 00000000 ndis!ndisMSendCompleteNetBufferListsInternal+0x9
c66cd02c 953ee0ee 950b5570 84b2cb18 00000000 ndis!NdisFSendNetBufferListsComplete+0x1a
c66cd050 87acb4f1 950b4840 00000000 00000000 pacer!PcFilterSendNetBufferListsComplete+0xba
c66cd064 95ff3ebb 950495b8 84b2cb18 00000000 ndis!NdisFSendNetBufferListsComplete+0x1a
WARNING: Stack unwind information not available. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 klim6+0x1ebb
**************************************************************************************************
接下去是
STACK_COMMAND: kb
FOLLOWUP_IP:
pacer!PcFilterSendNetBufferListsComplete+ba
953ee0ee 5b pop ebx
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: pacer!PcFilterSendNetBufferListsComplete+ba
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pacer
IMAGE_NAME: pacer.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47f6d426
FAILURE_BUCKET_ID: 0x7f_8_pacer!PcFilterSendNetBufferListsComplete+ba
BUCKET_ID: 0x7f_8_pacer!PcFilterSendNetBufferListsComplete+ba
Followup: MachineOwner
---------
0: kd> lmvm pacer
start end module name
953e9000 953ff000 pacer (pdb symbols) DownstreamStore\pacer.pdb\0AC27E0ED2534FEE962FEF01D300B20C1\pacer.pdb
Loaded symbol image file: pacer.sys
Mapped memory image file: DownstreamStore\pacer.sys\47F6D42616000\pacer.sys
Image path: \SystemRoot\system32\DRIVERS\pacer.sys
Image name: pacer.sys
Timestamp: Sat Apr 05 09:21:42 2008 (47F6D426)
CheckSum: 00016C8B
ImageSize: 00016000
File version: 6.0.6001.18046
Product version: 6.0.6001.18046
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pacer.sys
OriginalFilename: pacer.sys
ProductVersion: 6.0.6001.18046
FileVersion: 6.0.6001.18046 (vistasp1_gdr.080404-1506)
FileDescription: QoS Packet Scheduler
LegalCopyright: © Microsoft Corporation. All rights reserved.
************************************************************
注意到表面上问题出在svchost和pacer上,但实际上每次都会有klim6.sys伴随左右(最前面符号库找不到klim6的(当然找不到,因为那个不是ms自己的驱动,没源码),都后来dump出来的汇编代码最后klim那段),所以基本上问题就是卡巴这个klim6.sys带来的
剩下就是花两天时间验证机器在卸载了这个驱动以后就不会死机了,希望俺的分析是正确的...
ps:如果有遇到类似问题的xd,可以尝试我的处理办法...
[ Edited by leohart on 2008-10-6 22:04 ] |
|
狗仔卡
离线
提升卡
置顶卡
变色卡
