操作係統不斷出現藍屏重啟故障，BCCord 19，貌似與ntoskrnl.exe有關

dmp文件信息：

Microsoft (R) Windows Debugger Version 6.1.7601.17514 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [H:\新建文件夾\121717-15194-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: E:\Symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`01603000 PsLoadedModuleList = 0xfffff800`01840e50
Debug session time: Sun Dec 17 21:58:17.443 2017 (UTC + 8:00)
System Uptime: 5 days 11:08:20.457
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

您好，

了解到您遇到藍屏問題。

建議您可以將dump文件上傳到雲盤以供分析。

打開控製麵板>>係統>>高級係統設置>>高級>>啟動和故障恢複>>設置，寫入調試信息>>選擇“小內存轉儲（256KB）”，路徑選擇默認，確定並重啟您的計算機。

再次藍屏後，前往C:\Windows\Minidump提取即可。

希望以上信息能幫到您。
如果您所谘詢的問題，得到解決請對我們的回複進行標記解答（對我們的工作非常重要）
如您的問題沒有解決，我們會繼續為您提供技術支持。

您看一下這個能不能有幫助，如果不行我在上傳dmp文件
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [H:\新建文件夾\121717-15194-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: E:\Symbols;srv*E:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`01603000 PsLoadedModuleList = 0xfffff800`01840e50
Debug session time: Sun Dec 17 21:58:17.443 2017 (UTC + 8:00)
System Uptime: 5 days 11:08:20.457
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {3, fffff880008003c0, 0, fffff880008003c0}

Unable to load image \SystemRoot\system32\drivers\npdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for npdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for npdrv.sys
Probably caused by : Pool_Corruption ( nt!ExFreePool+536 )

Followup: Pool_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff880008003c0, the pool entry being checked.
Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
Arg4: fffff880008003c0, the read back blink freelist value (should be the same as 2).

Debugging Details:
------------------

BUGCHECK_STR: 0x19_3

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800017a6d6f to fffff80001674f00

STACK_TEXT:
fffff880`0643e388 fffff800`017a6d6f : 00000000`00000019 00000000`00000003 fffff880`008003c0 00000000`00000000 : nt!KeBugCheckEx
fffff880`0643e390 fffff880`0192bc37 : fffff880`00000000 00000000`c000000d fffffa80`07f25840 00000000`00000000 : nt!ExFreePool+0x536
fffff880`0643e480 fffff880`01935b1a : 00000000`c000000d fffffa80`08635b50 fffffa80`18ff0010 00000000`00000000 : tdx!TdxCreateConnection+0x37
fffff880`0643e4d0 fffff800`01975477 : 00000000`00000004 fffff800`01974ed0 fffffa80`1ec825e0 fffffa80`112a5e78 : tdx!TdxTdiDispatchCreate+0x18a
fffff880`0643e560 fffff800`0196b764 : fffffa80`08635970 00000000`00000000 fffffa80`1ec9e010 00000000`00000000 : nt!IopParseDevice+0x5a7
fffff880`0643e6f0 fffff800`01970876 : fffffa80`1ec9e010 fffff880`0643e870 fffffa80`00000040 fffffa80`07f45de0 : nt!ObpLookupObjectName+0x585
fffff880`0643e7f0 fffff800`01977587 : fffff880`0643eae0 00000000`00000002 00000000`00000000 00000000`000007ff : nt!ObOpenObjectByName+0x306
fffff880`0643e8c0 fffff800`01981198 : fffffa80`1480d328 00000000`c0000000 fffffa80`1afe0b00 fffff880`0643ec60 : nt!IopCreateFile+0x2b7
fffff880`0643e960 fffff800`01674153 : 00000000`00000000 fffffa80`07f0e890 fffffa80`1afe09f0 fffff8a0`08425600 : nt!NtCreateFile+0x78
fffff880`0643e9f0 fffff800`016706f0 : fffff880`0613ccd0 fffffa80`1480d4a8 fffffa80`1480d318 00000000`656e6f4e : nt!KiSystemServiceCopyEnd+0x13
fffff880`0643ebf8 fffff880`0613ccd0 : fffffa80`1480d4a8 fffffa80`1480d318 00000000`656e6f4e 00000000`000007ff : nt!KiServiceLinkage
fffff880`0643ec00 fffffa80`1480d4a8 : fffffa80`1480d318 00000000`656e6f4e 00000000`000007ff 00000000`00000000 : npdrv+0x4cd0
fffff880`0643ec08 fffffa80`1480d318 : 00000000`656e6f4e 00000000`000007ff 00000000`00000000 00000000`00000080 : 0xfffffa80`1480d4a8
fffff880`0643ec10 00000000`656e6f4e : 00000000`000007ff 00000000`00000000 00000000`00000080 00000000`00000000 : 0xfffffa80`1480d318
fffff880`0643ec18 00000000`000007ff : 00000000`00000000 00000000`00000080 00000000`00000000 fffffa80`00000002 : 0x656e6f4e
fffff880`0643ec20 00000000`00000000 : 00000000`00000080 00000000`00000000 fffffa80`00000002 fffff880`00000000 : 0x7ff

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePool+536
fffff800`017a6d6f cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePool+536

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: X64_0x19_3_nt!ExFreePool+536

BUCKET_ID: X64_0x19_3_nt!ExFreePool+536

Followup: Pool_corruption
---------

0: kd> !process
GetPointerFromAddress: unable to read from fffff800018ab000
PROCESS fffffa8007f0e890
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00187000 ObjectTable: fffff8a000001a60 HandleCount: <Data Not Accessible>
Image: System
VadRoot fffffa8008566cf0 Vads 5 Clone 0 Private 8. Modified 663504. Locked 0.
DeviceMap fffff8a000008b30
Token fffff8a000004040
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (15, 0, 0) (60KB, 0KB, 0KB)
PeakWorkingSetSize 1342
VirtualSize 3 Mb
PeakVirtualSize 8 Mb
PageFaultCount 17140
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 28

*** Error in reading nt!_ETHREAD @ fffffa8007f0e310

您好，

很抱歉這樣無法分析，建議您根據上述步驟將dump文件上傳到百度雲盤。

鏈接：https://pan.baidu.com/s/1c9BzeI 密碼：4s6t 最近四次藍屏的dmp文件已分享，滿煩你幫忙分析一下故障原因

最後更新：2017-12-20 17:04:11

操作係統不斷出現藍屏重啟故障，BCCord 19，貌似與ntoskrnl.exe有關

上一篇： Outlook經常誤刪我的正常郵件

下一篇：能否提供下kb2494036補丁的下載地址啊，我找不到

相關內容

熱門內容

最新內容

操作係統不斷出現藍屏重啟故障，BCCord 19，貌似與ntoskrnl.exe有關

上一篇： Outlook經常誤刪我的正常郵件

下一篇： 能否提供下kb2494036補丁的下載地址啊，我找不到

相關內容

熱門內容

最新內容

下一篇：能否提供下kb2494036補丁的下載地址啊，我找不到