閱讀114 返回首頁    go iPhone_iPad_Mac_apple

kernel security check failure藍屏

請幫忙分析一下藍屏的問題,最近一直藍屏

 Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffff968e3897fd30, ffff968e3897fc88, 0}

Probably caused by : memory_corruption

Followup:     memory_corruption
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff968e3897fd30, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff968e3897fc88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

SYSTEM_MANUFACTURER:  Alienware

SYSTEM_PRODUCT_NAME:  Alienware 17

SYSTEM_SKU:  Alienware 17

SYSTEM_VERSION:  A14

BIOS_VENDOR:  Alienware

BIOS_VERSION:  A14

BIOS_DATE:  09/24/2014

BASEBOARD_MANUFACTURER:  Alienware

BASEBOARD_PRODUCT:  068R5X

BASEBOARD_VERSION:  A03

DUMP_TYPE:  2

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_P1: 3

BUGCHECK_P2: ffff968e3897fd30

BUGCHECK_P3: ffff968e3897fc88

BUGCHECK_P4: 0

TRAP_FRAME:  ffff968e3897fd30 -- (.trap 0xffff968e3897fd30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9786c8315cc0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffff9786ca9ffb90 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8030ecd946b rsp=ffff968e3897fec0 rbp=0000000000000001
 r8=ffff968e3897fed8  r9=7fff9786c044ebc0 r10=7ffffffffffffffc
r11=ffff968e3897ff70 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!CmpReferenceKeyControlBlock+0x1109bb:
fffff803`0ecd946b cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffff968e3897fc88 -- (.exr 0xffff968e3897fc88)
ExceptionAddress: fffff8030ecd946b (nt!CmpReferenceKeyControlBlock+0x00000000001109bb)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

CPU_COUNT: 8

CPU_MHZ: 95a

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 1E'00000000 (cache) 1E'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0x139

PROCESS_NAME:  WerFault.exe

CURRENT_IRQL:  1

ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

ANALYSIS_SESSION_HOST:  LI

ANALYSIS_SESSION_TIME:  01-13-2018 00:40:20.0956

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8030e818729 to fffff8030e8056e0

STACK_TEXT:  
ffff968e`3897fa08 fffff803`0e818729 : 00000000`00000139 00000000`00000003 ffff968e`3897fd30 ffff968e`3897fc88 : nt!KeBugCheckEx
ffff968e`3897fa10 fffff803`0e818ad0 : 00000000`0337d160 fffff80b`6eb75b24 fffffb00`067b3d20 fffff803`0e6fa7ee : nt!KiBugCheckDispatch+0x69
ffff968e`3897fb50 fffff803`0e816e13 : 00000000`00000000 ffff968e`3897fe70 00000000`00000001 fffff803`0e93e11f : nt!KiFastFailDispatch+0xd0
ffff968e`3897fd30 fffff803`0ecd946b : ffff9786`c046b728 ffff9786`c046b730 00000000`00000000 ffff9786`00000000 : nt!KiRaiseSecurityCheckFailure+0x3d3
ffff968e`3897fec0 fffff803`0eb266bb : ffff9786`c046b730 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpReferenceKeyControlBlock+0x1109bb
ffff968e`3897ff00 fffff803`0eb231f8 : ffff9786`bf23b008 00000000`00000002 00000000`00000005 ffff968e`389802c0 : nt!CmpPerformCompleteKcbCacheLookup+0x4eb
ffff968e`3897ffe0 fffff803`0eb200d0 : ffffd580`0000001c ffff968e`389804d0 ffff968e`38980448 ffff9786`bf2262d0 : nt!CmpDoParseKey+0x438
ffff968e`389803d0 fffff803`0eb26da7 : 00000000`00000001 ffff9786`bf228801 00000000`00000000 ffff9786`bf217d01 : nt!CmpParseKey+0x270
ffff968e`389805b0 fffff803`0eb1e480 : ffffd580`7d810b00 ffff968e`38980808 00000000`00000040 ffffd580`7bb0fce0 : nt!ObpLookupObjectName+0x5b7
ffff968e`38980770 fffff803`0eb1e10d : ffff5cfb`00000001 ffffd580`7bb0fce0 00000000`00000000 00000000`00000000 : nt!ObOpenObjectByNameEx+0x1e0
ffff968e`389808b0 fffff803`0eb1bcc7 : 00000000`00000000 00000000`048c4790 00000000`048c0000 00000000`00000783 : nt!CmOpenKey+0x29d
ffff968e`38980ac0 fffff803`0e818203 : ffffd580`838ab700 00000000`00000004 ffffd580`838ab700 00000000`0277d000 : nt!NtOpenKeyEx+0xf
ffff968e`38980b00 00007ffa`d22b2144 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`025cde18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`d22b2144


STACK_COMMAND:  kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff8030e8056ba-fffff8030e8056bb  2 bytes - nt!ZwWaitLowEventPair+2a
[ 84 00:4c 87 ]
    fffff8030e8056bd-fffff8030e8056bf  3 bytes - nt!ZwWaitLowEventPair+2d (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e8056da-fffff8030e8056db  2 bytes - nt!KiBugCheckReturn+16 (+0x1d)
[ 84 00:4c 87 ]
    fffff8030e8056dd-fffff8030e8056df  3 bytes - nt!KiBugCheckReturn+19 (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e80580a-fffff8030e80580b  2 bytes - nt!KeBugCheckEx+12a (+0x12d)
[ 84 00:4c 87 ]
    fffff8030e80580d-fffff8030e80580f  3 bytes - nt!KeBugCheckEx+12d (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e80590a-fffff8030e80590b  2 bytes - nt!KeContextToKframes+fa (+0xfd)
[ 84 00:4c 87 ]
    fffff8030e80590d-fffff8030e80590f  3 bytes - nt!KeContextToKframes+fd (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e80595a-fffff8030e80595b  2 bytes - nt!KiSaveInitialProcessorControlState+4a (+0x4d)
[ 84 00:4c 87 ]
    fffff8030e80595d-fffff8030e80595f  3 bytes - nt!KiSaveInitialProcessorControlState+4d (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e805a2a-fffff8030e805a2b  2 bytes - nt!KiRestoreProcessorControlState+ca (+0xcd)
[ 84 00:4c 87 ]
    fffff8030e805a2d-fffff8030e805a2f  3 bytes - nt!KiRestoreProcessorControlState+cd (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e805baa-fffff8030e805bab  2 bytes - nt!KiSaveProcessorControlState+17a (+0x17d)
[ 84 00:4c 87 ]
    fffff8030e805bad-fffff8030e805baf  3 bytes - nt!KiSaveProcessorControlState+17d (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e805c2a-fffff8030e805c2b  2 bytes - nt!KiRestoreDebugRegisterState+7a (+0x7d)
[ 84 00:4c 87 ]
    fffff8030e805c2d-fffff8030e805c2f  3 bytes - nt!KiRestoreDebugRegisterState+7d (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e805daa-fffff8030e805daf  6 bytes - nt!KiSaveDebugRegisterState+17a (+0x17d)
[ cc cc cc 0f 1f 00:4c 87 00 98 c3 90 ]
    fffff8030e805dba-fffff8030e805dbf  6 bytes - nt!KeGetCurrentStackPointer+a (+0x10)
[ cc cc 0f 1f 40 00:4c 87 00 98 c3 90 ]
    fffff8030e805dca-fffff8030e805dcb  2 bytes - nt!KeResetLegacyFloatingPointState+a (+0x10)
[ 1f 80:4c 87 ]
    fffff8030e805dcd-fffff8030e805dcf  3 bytes - nt!KeResetLegacyFloatingPointState+d (+0x03)
[ 00 00 00:98 c3 90 ]
    fffff8030e805dda-fffff8030e805ddf  6 bytes - nt!KeSaveLegacyFloatingPointControlWord+a (+0x0d)
[ cc cc 0f 1f 40 00:4c 87 00 98 c3 90 ]
    fffff8030e805dfa-fffff8030e805dfb  2 bytes - nt!KeRestoreLegacyFloatingPointControlWord+1a (+0x20)
[ 84 00:4c 87 ]
    fffff8030e805dfd-fffff8030e805dff  3 bytes - nt!KeRestoreLegacyFloatingPointControlWord+1d (+0x03)
[ 00 00 00:98 c3 90 ]
68 errors : !nt (fffff8030e8056ba-fffff8030e805dff)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

BUCKET_ID:  MEMORY_CORRUPTION_LARGE

PRIMARY_PROBLEM_CLASS:  MEMORY_CORRUPTION_LARGE

TARGET_TIME:  2018-01-12T16:05:06.000Z

OSBUILD:  16299

OSSERVICEPACK:  192

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-01-01 19:07:05

ANALYSIS_SESSION_ELAPSED_TIME:  15f7

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:memory_corruption_large

FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}

Followup:     memory_corruption
---------

您好!

 

感謝您聯係微軟技術支持。

 

我了解到您遇到係統藍屏的問題 。

 

請您在電腦重啟之後,上傳藍屏minidump文件到百度網盤,然後提供鏈接,文件默認路徑在C:\Windows\Minidump(不需要進行壓縮操作)。

 

您可以通過以下方案收集您的dump日誌文件:

 

1)打開控製麵板>>係統>>高級係統設置>>高級>>啟動和故障恢複>>設置;

 

2)寫入調試信息>>選擇“小內存轉儲(256KB)”,路徑選擇默認,確定並重啟您的計算機;

 

3)再次藍屏後,前往C:\Windows\Minidump提取即可。

 

希望以上的信息可以幫助到您。

最後更新:2018-01-15 15:04:33

  上一篇:go win10使用圖片密碼登錄總是需要輸入兩次
  下一篇:go win10升級失敗,多次回滾,錯誤碼0x8007042B