这是一个蓝屏dump分析出来的,貌似是这个进程引起的csrss.exe,但是也有其他蓝屏不是这个引起的,求大神帮忙分析下。
4: kd> !analyze -v
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffab004807abb, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8000567a7bf, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800058c8100
fffffab004807abb
FAULTING_IP:
nt!MiAgeWorkingSet+425
fffff800`0567a7bf 410fb65e1b movzx ebx,byte ptr [r14+1Bh]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88004b32680 -- (.trap 0xfffff88004b32680)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000058000000000 rbx=0000000000000000 rcx=fffff68000031068
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000567a7bf rsp=fffff88004b32810 rbp=000000000003106e
r8=0000000000000001 r9=fffffa800955ea88 r10=0000000000000005
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
这是另外一个蓝屏dump分析的:由于字数限制只能添这么多这里了。4: kd> !analyze -v
FAULTING_IP:
nt!ExAllocatePoolWithTag+693
fffff800`0580a2a3 488910 mov qword ptr [rax],rdx
MM_INTERNAL_CODE: 7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: YY.exe
CURRENT_IRQL: 0
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 52f4357b
FAILURE_BUCKET_ID: X64_0x50_win32k!NtUserSystemParametersInfo+264
BUCKET_ID: X64_0x50_win32k!NtUserSystemParametersInfo+264