win8.1頻繁藍屏!!!急急急!!!（之前的帖子沉了，再發一次

尊敬的技術人員，本人有一台安裝win8.1的係統（MSDN下載的），剛安裝好沒有問題，使用一段時間後開始頻繁藍屏，本人知道並非係統本身問題，所以想找出觸發藍屏的元凶。本人也會查看一些藍屏日誌，但是發現這個藍屏日誌和以往的都不太一樣，例如一般藍屏日誌使用！thread查看線程信息時是如下代碼（尤其注意紅字部分）

1: kd> !thread

GetPointerFromAddress: unable to read from fffff803376511c0

THREAD ffffe0009256d040  Cid 0004.11b0  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1

IRP List:

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

   ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

    ffffe0009256d680: (d680,9256) Flags: 00000001  Mdl: ffffe0009256d680

Not impersonating

GetUlongFromAddress: unable to read from fffff8033759ffe8

Owning Process            ffffe00090b55680       Image:         System Process

Attached Process          N/A            Image:         N/A

fffff78000000000: Unable to get shared data

Wait Start TickCount      58186       

Context Switch Count      26576            

ReadMemory error: Cannot get nt!KeMaximumIncrement value.

UserTime                  00:00:00.000

KernelTime                00:00:00.000

Stack Init ffffd0003bbaac90 Current ffffd0003bbaa850

Base ffffd0003bbab000 Limit ffffd0003bba5000 Call 0

Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

Child-SP          RetAddr           : Args to Child                                                           : Call Site

ffffd000`3bbaa0a8 00000000`00000000 : 00000000`00000109 a3a01f59`237bd618 b3b72bdf`75fbe5ff ffffe000`919e1d80 :nt!KeBugCheckEx

但是！這個無解的日誌是這樣的代碼（注意紅字）

0: kd> !thread
GetPointerFromAddress: unable to read from 81c37958
THREAD aa9e5040  Cid 00d8.01ac  Teb: 7f459000 Win32Thread: 8c485460 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from 81bf6bbc
Owning Process            aa9986c0       Image:         System Process
Attached Process          f20008       Image:         <Unknown>
ffdf0000: Unable to get shared data
Wait Start TickCount      5150900      
Context Switch Count      221584             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x76a54a40
Stack Init a9fbcfe0 Current a9fbcbe8 Base a9fbd000 Limit a9fba000 Call 0
Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr  Args to Child              
82ea8b90 81b19213 0000000a 00000060 00000002 nt!KiBugCheck2
82ea8b90 8302c90c 0000000a 00000060 00000002 nt!KiTrap0E+0x1cf (FPO: [0,0] TrapFrame @ 82ea8c34)
82ea8ce0 83032c69 00000000 ffffffff b09ce530 Wdf01000!FxRequest::CompleteInternal+0x30 (FPO: [Non-Fpo])
82ea8d00 8b542ea8 00000000 b09ce448 00000000 Wdf01000!imp_WdfRequestComplete+0x75 (FPO: [Non-Fpo])
82ea8d20 8b543a89 ffffffff 00000000 00000000 USBXHCI!Bulk_Transfer_CompleteCancelable+0xde (FPO: [Non-Fpo])
82ea8d58 8b540e27 82ea8de4 8b53aa38 82ea8d94 USBXHCI!Bulk_ProcessTransferEventWithED1+0x287 (FPO: [Non-Fpo])
82ea8d60 8b53aa38 82ea8d94 00000000 b09ce583 USBXHCI!Bulk_EP_TransferEventHandler+0x19 (FPO: [2,0,0])
82ea8d70 8b5351ab 8ae373c0 8ae55e40 751aa1b8 USBXHCI!TR_TransferEventHandler+0x3a (FPO: [0,0,4])
82ea8de4 830a1c10 751aa1b8 751cb1f8 8ae55e9c USBXHCI!Interrupter_WdfEvtInterruptDpc+0x32d (FPO: [2,23,4])
82ea8e04 830a1f6b 00000000 00000000 81c1c300 Wdf01000!FxInterrupt::DpcHandler+0x9c (FPO: [Non-Fpo])
82ea8e18 81a579a6 8ae55e9c 8ae55e40 8ae55e40 Wdf01000!FxInterrupt::_InterruptDpcThunk+0x3c (FPO: [Non-Fpo])
82ea8ed0 81a575c6 82ea8f18 00000000 00000000 nt!KiExecuteAllDpcs+0x216 (FPO: [Non-Fpo])
82ea8ff4 81b19e3e a9fbc988 00000000 00000000 nt!KiRetireDpcList+0xf6 (FPO: [0,65,4])
82ea8ff8 a9fbc988 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2e (FPO: [Uses EBP] [0,0,1])
WARNING: Frame IP not in any known module. Following frames may be wrong.
81b19e3e 00000000 00000023 011b850f bb830000 0xa9fbc988

0: kd> dd bb830000 0xa9fbc988
                            ^ Range error in 'dd bb830000 0xa9fbc988'
0: kd> dd 0000000a81b19213
81b19213  d9ec3d83 0f0081c0 fffef285 403d83ff
81b19223  0081c0d5 fee5850f ffb8ffff eb000000
81b19233  54a164c1 64000000 005405c7 00000000
81b19243  45890000 d593e968 498dffff 7045f700
81b19253  00020000 45f60a75 840f016c 00000127
81b19263  0fc3210f 210fc921 145d89d7 89184d89
81b19273  210f1c7d f1210fdb 89ff210f 4d89205d
81b19283  89db3324 230f287d 3d8b64fb 00000020
0: kd> ln 0000000a81b19213
(81b19044)   nt!KiTrap0E+0x1cf   |  (81b19250)   nt!Dr_kitf_a
0: kd> !thread
GetPointerFromAddress: unable to read from 81c37958
THREAD aa9e5040  Cid 00d8.01ac  Teb: 7f459000 Win32Thread: 8c485460 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from 81bf6bbc
Owning Process            aa9986c0       Image:         System Process
Attached Process          f20008       Image:         <Unknown>
ffdf0000: Unable to get shared data
Wait Start TickCount      5150900      
Context Switch Count      221584             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x76a54a40
Stack Init a9fbcfe0 Current a9fbcbe8 Base a9fbd000 Limit a9fba000 Call 0
Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr  Args to Child              
82ea8b90 81b19213 0000000a 00000060 00000002 nt!KiBugCheck2
82ea8b90 8302c90c 0000000a 00000060 00000002 nt!KiTrap0E+0x1cf (FPO: [0,0] TrapFrame @ 82ea8c34)
82ea8ce0 83032c69 00000000 ffffffff b09ce530 Wdf01000!FxRequest::CompleteInternal+0x30 (FPO: [Non-Fpo])
82ea8d00 8b542ea8 00000000 b09ce448 00000000 Wdf01000!imp_WdfRequestComplete+0x75 (FPO: [Non-Fpo])
82ea8d20 8b543a89 ffffffff 00000000 00000000 USBXHCI!Bulk_Transfer_CompleteCancelable+0xde (FPO: [Non-Fpo])
82ea8d58 8b540e27 82ea8de4 8b53aa38 82ea8d94 USBXHCI!Bulk_ProcessTransferEventWithED1+0x287 (FPO: [Non-Fpo])
82ea8d60 8b53aa38 82ea8d94 00000000 b09ce583 USBXHCI!Bulk_EP_TransferEventHandler+0x19 (FPO: [2,0,0])
82ea8d70 8b5351ab 8ae373c0 8ae55e40 751aa1b8 USBXHCI!TR_TransferEventHandler+0x3a (FPO: [0,0,4])
82ea8de4 830a1c10 751aa1b8 751cb1f8 8ae55e9c USBXHCI!Interrupter_WdfEvtInterruptDpc+0x32d (FPO: [2,23,4])
82ea8e04 830a1f6b 00000000 00000000 81c1c300 Wdf01000!FxInterrupt::DpcHandler+0x9c (FPO: [Non-Fpo])
82ea8e18 81a579a6 8ae55e9c 8ae55e40 8ae55e40 Wdf01000!FxInterrupt::_InterruptDpcThunk+0x3c (FPO: [Non-Fpo])
82ea8ed0 81a575c6 82ea8f18 00000000 00000000 nt!KiExecuteAllDpcs+0x216 (FPO: [Non-Fpo])
82ea8ff4 81b19e3e a9fbc988 00000000 00000000 nt!KiRetireDpcList+0xf6 (FPO: [0,65,4])
82ea8ff8 a9fbc988 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2e (FPO: [Uses EBP] [0,0,1])
WARNING: Frame IP not in any known module. Following frames may be wrong.
81b19e3e 00000000 00000023 011b850f bb830000 0xa9fbc988

我希望求助兩個問題：1.什麼會導致這兩個日誌有這種差別；2.這個日誌可以如何繼續排查下去？

PS：特別說一下，我查看到日誌中所描述的觸發文件是USBXHCI.sys，但是這個是係統自帶的，所以一般是由於外設引起的我也知道，我想知道的是在具體錯誤出現在哪裏，在係統和外設交互過程中，處理信息到哪一階段發生錯誤，例如哪個堆棧錯誤？或是指針錯誤？

---

---

最後更新：2017-11-01 09:04:14

  上一篇： 如何在Windows7設定密碼的情況下如何實現開機自啟程序

  下一篇： windows defender裏麵沒有病毒防護

---

---