操作系统不断出现蓝屏重启故障，BCCord 19，貌似与ntoskrnl.exe有关

dmp文件信息：

Microsoft (R) Windows Debugger Version 6.1.7601.17514 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [H:\新建文件夹\121717-15194-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: E:\Symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`01603000 PsLoadedModuleList = 0xfffff800`01840e50
Debug session time: Sun Dec 17 21:58:17.443 2017 (UTC + 8:00)
System Uptime: 5 days 11:08:20.457
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

您好，

了解到您遇到蓝屏问题。

建议您可以将dump文件上传到云盘以供分析。

打开控制面板>>系统>>高级系统设置>>高级>>启动和故障恢复>>设置，写入调试信息>>选择“小内存转储（256KB）”，路径选择默认，确定并重启您的计算机。

再次蓝屏后，前往C:\Windows\Minidump提取即可。

希望以上信息能帮到您。
如果您所咨询的问题，得到解决请对我们的回复进行标记解答（对我们的工作非常重要）
如您的问题没有解决，我们会继续为您提供技术支持。

您看一下这个能不能有帮助，如果不行我在上传dmp文件
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [H:\新建文件夹\121717-15194-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: E:\Symbols;srv*E:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`01603000 PsLoadedModuleList = 0xfffff800`01840e50
Debug session time: Sun Dec 17 21:58:17.443 2017 (UTC + 8:00)
System Uptime: 5 days 11:08:20.457
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {3, fffff880008003c0, 0, fffff880008003c0}

Unable to load image \SystemRoot\system32\drivers\npdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for npdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for npdrv.sys
Probably caused by : Pool_Corruption ( nt!ExFreePool+536 )

Followup: Pool_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff880008003c0, the pool entry being checked.
Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
Arg4: fffff880008003c0, the read back blink freelist value (should be the same as 2).

Debugging Details:
------------------

BUGCHECK_STR: 0x19_3

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800017a6d6f to fffff80001674f00

STACK_TEXT:
fffff880`0643e388 fffff800`017a6d6f : 00000000`00000019 00000000`00000003 fffff880`008003c0 00000000`00000000 : nt!KeBugCheckEx
fffff880`0643e390 fffff880`0192bc37 : fffff880`00000000 00000000`c000000d fffffa80`07f25840 00000000`00000000 : nt!ExFreePool+0x536
fffff880`0643e480 fffff880`01935b1a : 00000000`c000000d fffffa80`08635b50 fffffa80`18ff0010 00000000`00000000 : tdx!TdxCreateConnection+0x37
fffff880`0643e4d0 fffff800`01975477 : 00000000`00000004 fffff800`01974ed0 fffffa80`1ec825e0 fffffa80`112a5e78 : tdx!TdxTdiDispatchCreate+0x18a
fffff880`0643e560 fffff800`0196b764 : fffffa80`08635970 00000000`00000000 fffffa80`1ec9e010 00000000`00000000 : nt!IopParseDevice+0x5a7
fffff880`0643e6f0 fffff800`01970876 : fffffa80`1ec9e010 fffff880`0643e870 fffffa80`00000040 fffffa80`07f45de0 : nt!ObpLookupObjectName+0x585
fffff880`0643e7f0 fffff800`01977587 : fffff880`0643eae0 00000000`00000002 00000000`00000000 00000000`000007ff : nt!ObOpenObjectByName+0x306
fffff880`0643e8c0 fffff800`01981198 : fffffa80`1480d328 00000000`c0000000 fffffa80`1afe0b00 fffff880`0643ec60 : nt!IopCreateFile+0x2b7
fffff880`0643e960 fffff800`01674153 : 00000000`00000000 fffffa80`07f0e890 fffffa80`1afe09f0 fffff8a0`08425600 : nt!NtCreateFile+0x78
fffff880`0643e9f0 fffff800`016706f0 : fffff880`0613ccd0 fffffa80`1480d4a8 fffffa80`1480d318 00000000`656e6f4e : nt!KiSystemServiceCopyEnd+0x13
fffff880`0643ebf8 fffff880`0613ccd0 : fffffa80`1480d4a8 fffffa80`1480d318 00000000`656e6f4e 00000000`000007ff : nt!KiServiceLinkage
fffff880`0643ec00 fffffa80`1480d4a8 : fffffa80`1480d318 00000000`656e6f4e 00000000`000007ff 00000000`00000000 : npdrv+0x4cd0
fffff880`0643ec08 fffffa80`1480d318 : 00000000`656e6f4e 00000000`000007ff 00000000`00000000 00000000`00000080 : 0xfffffa80`1480d4a8
fffff880`0643ec10 00000000`656e6f4e : 00000000`000007ff 00000000`00000000 00000000`00000080 00000000`00000000 : 0xfffffa80`1480d318
fffff880`0643ec18 00000000`000007ff : 00000000`00000000 00000000`00000080 00000000`00000000 fffffa80`00000002 : 0x656e6f4e
fffff880`0643ec20 00000000`00000000 : 00000000`00000080 00000000`00000000 fffffa80`00000002 fffff880`00000000 : 0x7ff

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePool+536
fffff800`017a6d6f cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePool+536

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: X64_0x19_3_nt!ExFreePool+536

BUCKET_ID: X64_0x19_3_nt!ExFreePool+536

Followup: Pool_corruption
---------

0: kd> !process
GetPointerFromAddress: unable to read from fffff800018ab000
PROCESS fffffa8007f0e890
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00187000 ObjectTable: fffff8a000001a60 HandleCount: <Data Not Accessible>
Image: System
VadRoot fffffa8008566cf0 Vads 5 Clone 0 Private 8. Modified 663504. Locked 0.
DeviceMap fffff8a000008b30
Token fffff8a000004040
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (15, 0, 0) (60KB, 0KB, 0KB)
PeakWorkingSetSize 1342
VirtualSize 3 Mb
PeakVirtualSize 8 Mb
PageFaultCount 17140
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 28

*** Error in reading nt!_ETHREAD @ fffffa8007f0e310

您好，

很抱歉这样无法分析，建议您根据上述步骤将dump文件上传到百度云盘。

链接：https://pan.baidu.com/s/1c9BzeI 密码：4s6t 最近四次蓝屏的dmp文件已分享，满烦你帮忙分析一下故障原因

最后更新：2017-12-20 17:04:11

操作系统不断出现蓝屏重启故障，BCCord 19，貌似与ntoskrnl.exe有关

上一篇： Outlook经常误删我的正常邮件

下一篇：能否提供下kb2494036补丁的下载地址啊，我找不到

相关内容

热门内容

最新内容

操作系统不断出现蓝屏重启故障，BCCord 19，貌似与ntoskrnl.exe有关

上一篇： Outlook经常误删我的正常邮件

下一篇： 能否提供下kb2494036补丁的下载地址啊，我找不到

相关内容

热门内容

最新内容

下一篇：能否提供下kb2494036补丁的下载地址啊，我找不到