911
windows
幫忙分析下這個問題
******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff98810398cac0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff98810398ca18, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
FAULTING_MODULE: fffff80032417000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4d6da0f2
TRAP_FRAME: ffff98810398cac0 -- (.trap 0xffff98810398cac0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffab0cb1eabfc0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000002000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800325a407b rsp=ffff98810398cc50 rbp=ffff98810398cd79
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=ffff98810398cdd8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!memset+0x315fb:
fffff800`325a407b cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff98810398ca18 -- (.exr 0xffff98810398ca18)
ExceptionAddress: fffff800325a407b (nt!memset+0x00000000000315fb)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x139
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff80032571a29 to fffff800325668b0
STACK_TEXT:
ffff9881`0398c798 fffff800`32571a29 : 00000000`00000139 00000000`00000003 ffff9881`0398cac0 ffff9881`0398ca18 : nt!KeBugCheckEx
ffff9881`0398c7a0 fffff800`32571d90 : 00000001`00000000 0000924f`0002000e 00000000`00000000 00000000`00000000 : nt!setjmpex+0x3f49
ffff9881`0398c8e0 fffff800`32570d73 : 00000000`0000011c fffff800`324b6089 00000000`00000000 fffff800`32af77a8 : nt!setjmpex+0x42b0
ffff9881`0398cac0 fffff800`325a407b : 00000000`00000000 fffff800`3281949d 00000000`00000025 ffffab0c`bdb02010 : nt!setjmpex+0x3293
ffff9881`0398cc50 fffff800`ca602d14 : ffff9881`00002c50 ffffab0c`b5ca18c0 ffffab0c`aab85ad0 ffffab0c`b74f926a : nt!memset+0x315fb
ffff9881`0398cc90 fffff800`32448762 : ffffab0c`b5ca18c0 ffffab0c`aab85980 00000000`c000000d 00000000`00000200 : topsecpf+0x2d14
ffff9881`0398ccc0 fffff800`cafc725c : ffffab0c`00000200 00000000`00001000 ffffab0c`b371abf0 ffff9880`00000000 : nt!IoCompleteRequest+0x122
ffff9881`0398cde0 fffff800`ca602eb6 : 69746365`6e6e6f00 726f7073`6e617254 73736572`64644174 00000000`00000000 : tdx+0x725c
ffff9881`0398ce80 fffff800`ca60126d : ffffab0c`b5ca19d8 ffffab0c`b5ca18c0 ffffab0c`b5ca18c0 ffffab0c`b3705e28 : topsecpf+0x2eb6
ffff9881`0398cec0 fffff800`ca601739 : ffffab0c`aab85980 ffffab0c`b5ca19d8 ffffab0c`b5ca18c0 ffffab0c`bdb02010 : topsecpf+0x126d
ffff9881`0398cef0 fffff800`32818a3f : 00000000`00000024 ffffab0c`bdb02010 ffff9881`0398d190 ffffab0c`b5857118 : topsecpf+0x1739
ffff9881`0398cf20 fffff800`3283b1e2 : fffff800`328173b0 fffff800`328173b0 ffff9881`00000000 ffffab0c`a9c3a2d0 : nt!SeQueryInformationToken+0x7c9f
ffff9881`0398d110 fffff800`3281c42d : ffffab0c`b74f9200 ffff9881`0398d370 ffffab0c`00000240 ffffab0c`a8ed0dc0 : nt!ObWaitForMultipleObjects+0xf32
ffff9881`0398d2e0 fffff800`327fe0e9 : ffff9881`00000001 ffffab0c`bdb020a8 ffff9881`0398d5e0 00000000`00000028 : nt!ObOpenObjectByNameEx+0x1dd
ffff9881`0398d420 fffff800`328d3cca : ffffab0c`bda5dcf8 0000924f`0002000e ffff9881`0398d5e0 ffff9881`0398d5d0 : nt!NtCreateFile+0x469
ffff9881`0398d4c0 fffff800`ca6b8918 : ffffab0c`bda5dc50 00000000`00000000 ffffab0c`bdd03780 00000000`00000000 : nt!IoCreateFile+0x8a
ffff9881`0398d550 fffff800`ca6a6f99 : 00000000`00000005 ffffab0c`bdea4bc0 00000000`00000000 00000000`00000001 : afd+0x58918
ffff9881`0398d680 fffff800`3282cdd0 : ffffab0c`bdea4bc0 ffffab0c`bdea4d68 00000000`00000000 00000000`00000000 : afd+0x46f99
ffff9881`0398d820 fffff800`3282c16c : ffffab0c`00000000 ffffab0c`baecc504 fffff780`000002dc ffff9881`0398db80 : nt!NtQueryInformationFile+0xc20
ffff9881`0398d8e0 fffff800`3282b3c6 : ab0cb504`0770fa2b 00000000`0000115c 00000000`00000001 00000000`00000000 : nt!NtDeviceIoControlFile+0xdfc
ffff9881`0398da20 fffff800`32571593 : 00000000`00000000 00000000`00000001 00000000`00000000 fffff800`00000000 : nt!NtDeviceIoControlFile+0x56
ffff9881`0398da90 00000000`5179222c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!setjmpex+0x3ab3
00000000`011fef28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x5179222c
STACK_COMMAND: kb
FOLLOWUP_IP:
topsecpf+2d14
fffff800`ca602d14 4885f6 test rsi,rsi
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: topsecpf+2d14
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: topsecpf
IMAGE_NAME: topsecpf.sys
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:wrong_symbols
FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8}
Followup: MachineOwner
---------
最後更新:2017-09-19 23:03:03
上一篇: 打開文件夾,提示沒有與之關聯的程序來執行操作
下一篇: system 進程占CPU過高
- 你的設備已過期,並缺少重要的安全和質量更新,因此存在風險。讓我們帶你重回正軌,這樣
- Microsoft store 無法聯網,顯示Microsoft Store需要聯網,你似乎沒有聯網
- 設備以遷移 由於僅部分匹配或匹配不明確,因此無法遷移設備
- 由於在創建轉儲期間出錯,創建轉儲文件失敗。
- 發生臨時 DNS 錯誤
- 應用商店,在我們這邊發生問題,無法使你登陸,錯誤代碼: 0xD000000D
- 照相機不可用,錯誤代碼:0xA00F4244(0xC00DABE0)
- 應用商店打開異常提示“清單中指定了未知的布局”
- 自定義掃描Windows defender裏麵的設備性能和運行狀況 黃色感歎號問題
- windows預口體驗成員內口版本遇到問題需要重啟
熱門內容
- windows10 點開此電腦後,有兩個顯示硬盤盤符的目錄是怎麼回事?
- windows 10 專業版無法下載中文語言包
- KB4056892
- win10不能共享文件夾
- 在Surfacebook上用Windows to go 1703版本,更新後重啟藍屏,無法進入係統
- windows10 1709版本更新失敗,錯誤0x8007001f
- microdoft visual c++ 2015 redistributable
- WIN10 Insider Preview 17025更新失敗,錯誤代碼0x80096004
- 計算機管理服務 出現一個內部錯誤(INVALID
- 關於控製麵板中的安全和維護內提示Windows defender 防病毒已關閉的問題