Windbg 如何分析mindump?
是否有人可以通过该命令找到第三方驱动程序可能是附加小型转储中BSOD的罪魁祸首 我已经运行了Windbg 如何分析mindump?,windbg,Windbg,是否有人可以通过该命令找到第三方驱动程序可能是附加小型转储中BSOD的罪魁祸首 我已经运行了analyze-v,它没有向任何第三方驱动程序提供任何线索,只有microsoft驱动程序。通过运行!analyze-v未显示足够的详细信息: ******************************************************************************* *
analyze-v!analyze-v*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8032ae9ada2, Address of the instruction which caused the bugcheck
Arg3: ffff8c001ea8eda0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
00 nt!KeBugCheckEx
01 nt!KiBugCheckDispatch
02 nt!KiSystemServiceHandler
03 nt!RtlpExecuteHandlerForException
04 nt!RtlDispatchException
05 nt!KiDispatchException
06 nt!KiExceptionDispatch
07 nt!KiGeneralProtectionFault
08 nt!ObDereferenceSecurityDescriptor
09 nt!SeDefaultObjectMethod
0a nt!ObpRemoveObjectRoutine
0b nt!ObfDereferenceObjectWithTag
0c nt!ObCloseHandleTableEntry
0d nt!NtClose
0e nt!KiSystemServiceCopyEnd
0f 0x0
转储所有数据!pde.dpx0xffff8c001ea8ee08 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8ee98 : 0xfffff8032ae9ada2 : nt!ObDereferenceSecurityDescriptor+0x12
Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
0xffff8c001ea8f058 : 0xfffff8032aafdc5a : nt!ExpReleaseResourceForThreadLite+0x13a
0xffff8c001ea8f068 : 0xfffff8032aafdac4 : nt!ExAcquireResourceSharedLite+0x394
0xffff8c001ea8f0c8 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8f0e8 : 0xfffff8032aab5420 : nt!MiFlushTbList+0x2f0
0xffff8c001ea8f100 : 0xfffff8032adc1100 : nt!NonPagedPoolDescriptor
0xffff8c001ea8f228 : 0xfffff8032ab35ddc : nt!RtlGetExtendedContextLength+0x34
0xffff8c001ea8f248 : 0xfffff8032ae81619 : nt!ObpCallPreOperationCallbacks+0x269
0xffff8c001ea8f2f8 : 0xfffff8032ab51ecb : nt!MiFlushHyperSpace+0x8b
0xffff8c001ea8f348 : 0xfffff8032ac4ae2d : nt!HvlpFastFlushAddressSpaceTb+0x59
0xffff8c001ea8f3b8 : 0xfffff8032ac4abde : nt!HvlFlushAddressSpaceTb+0x5e
0xffff8c001ea8f438 : 0xfffff8032abe7a02 : nt!KiExceptionDispatch+0xc2
0xffff8c001ea8f538 : 0xfffff8032adac040 : nt!MiSystemPartition
0xffff8c001ea8f588 : 0xfffff8032ae9ada2 : nt!ObDereferenceSecurityDescriptor+0x12
0xffff8c001ea8f618 : 0xfffff8032abe5cbd : nt!KiGeneralProtectionFault+0xfd
0xffff8c001ea8f620 : 0xfffff8800001f2f8 : Trap @ ffff8c001ea8f620
0xffff8c001ea8f628 : 0xfffff8032aaead13 : nt!MiDeleteVirtualAddresses+0xf63
0xffff8c001ea8f6f8 : 0xfffff8032aad3470 : nt!MiGetVadWakeList+0x120
0xffff8c001ea8f718 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8f738 : 0xfffff8032adac040 : nt!MiSystemPartition
0xffff8c001ea8f748 : 0xfffff8032aeaa349 : nt!MiRemoveVadCharges+0x219
0xffff8c001ea8f788 : 0xfffff8032ae9ada2 : nt!ObDereferenceSecurityDescriptor+0x12
0xffff8c001ea8f7b8 : 0xfffff8032aad3307 : nt!MiFinishVadDeletion+0x3d7
0xffff8c001ea8f7c8 : 0xfffff8032acd634b : nt!ExFreePoolWithTag+0x34b
0xffff8c001ea8f7e8 : 0xfffff8032ae9a948 : nt!SeDefaultObjectMethod+0xa8
0xffff8c001ea8f7f8 : 0xfffff8032aea8f4a : nt!MiRemoveSharedCommitNode+0x29a
0xffff8c001ea8f828 : 0xfffff8032af268c9 : nt!ObpLookupDirectoryUsingHash+0x95
0xffff8c001ea8f838 : 0xfffff8032ae96337 : nt!ObpRemoveObjectRoutine+0xc7
0xffff8c001ea8f898 : 0xfffff8032ab00326 : nt!ObfDereferenceObjectWithTag+0xc6
0xffff8c001ea8f8d8 : 0xfffff8032aeb135b : nt!ObCloseHandleTableEntry+0x28b
0xffff8c001ea8fa18 : 0xfffff8032aefb5db : nt!NtClose+0xcb
Image path: \SystemRoot\system32\drivers\mfehidk.sys
Image name: mfehidk.sys
Browse all global symbols functions data
Timestamp: Wed Nov 30 22:56:01 2016
如果没有可用的更新,请删除McAfee软件。通常,第一步是运行
!加载minidump后分析-v