Постоянно разные коды BSOD

esitapov70 · Отправлено: **09:41, 16-02-2023** | #**2721**

Цитата NickM:

У Вас не подключены символы; »

В программе WinDbg в пункте "Symbol file path..." указал путь https://msdl.microsoft.com/download/symbols.
Этого достаточно?

Цитата NickM:

При простом анализе видно это:
MODULE_NAME: memory_corruption »

Но все равно, даже после подключения символов, "мой" отчет WinDbg не такой как у вас.
В моем отчете нету фразы "MODULE_NAME: memory_corruption".

Вот что сейчас у меня выдает WinDbg:

Скрытый текст

Код:

Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\Erin_works\СанТехКом\55. Задания\2023-01-30. 08-00. Синий экран\MEMORY_2023-01-30.DMP]
Kernel Bitmap Dump File: Only kernel address space is available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       https://msdl.microsoft.com/download/symbols
Symbol search path is: https://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 17763 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff807`52e16000 PsLoadedModuleList = 0xfffff807`5322f430
Debug session time: Mon Jan 30 08:19:45.953 2023 (UTC + 3:00)
System Uptime: 2 days 23:48:34.823
Loading Kernel Symbols
...............................................................
................................................................
................................................................

Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`031fa018).  Type ".hh dbgerr001" for details
Loading unloaded module list
...................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80eaa782ba5, 1, c0000225}

Probably caused by : Wof.sys ( Wof!WofAcquireFileSystemRundown+1 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80eaa782ba5, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 00000000c0000225, Parameter 1 of the exception

Debugging Details:
------------------


WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 00000000c0000225 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP: 
Wof!WofAcquireFileSystemRundown+1
fffff80e`aa782ba5 3000            xor     byte ptr [rax],al

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  00000000c0000225

BUGCHECK_STR:  0x1E_c0000005_W

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

TRAP_FRAME:  0000000000001000 -- (.trap 0x1000)
Unable to read trap frame at 00000000`00001000

LAST_CONTROL_TRANSFER:  from fffff807530188d9 to fffff80752fceea0

STACK_TEXT:  
ffffee0f`d8bbeb58 fffff807`530188d9 : 00000000`0000001e ffffffff`c0000005 fffff80e`aa782ba5 00000000`00000001 : nt!KeBugCheckEx
ffffee0f`d8bbeb60 fffff807`52fe2902 : 00000000`00000000 ffffee0f`d8bbf3f0 00000000`00001000 00000000`c0000225 : nt!KiDispatchException+0x180d89
ffffee0f`d8bbf210 fffff807`52fde4e8 : ffff8684`19600340 ffffee0f`d8bbf868 00000000`00000003 00000000`00002970 : nt!KiExceptionDispatch+0xc2
ffffee0f`d8bbf3f0 fffff80e`aa782ba5 : ffffee0f`d8bbf610 fffff80e`aa7818fd ffffbc0b`fffeee60 ffffbc0c`09140b28 : nt!KiPageFault+0x428
ffffee0f`d8bbf580 ffffee0f`d8bbf610 : fffff80e`aa7818fd ffffbc0b`fffeee60 ffffbc0c`09140b28 00000000`00000002 : Wof!WofAcquireFileSystemRundown+0x1
ffffee0f`d8bbf588 fffff80e`aa7818fd : ffffbc0b`fffeee60 ffffbc0c`09140b28 00000000`00000002 ffffee0f`d8bbf6a0 : 0xffffee0f`d8bbf610
ffffee0f`d8bbf590 fffff80e`a98dfca2 : ffffbc0c`09140b28 ffffee0f`d8bbf6e0 ffffee0f`00000001 00000000`00000000 : Wof!WofPreReadCallback+0x6d
ffffee0f`d8bbf650 fffff80e`a98d7389 : ffffee0f`d8bbf890 ffffee0f`d8bbfc00 00000000`00000003 fffff80e`00000000 : FLTMGR!FltpPerformPreCallbacksWorker+0x4d2
ffffee0f`d8bbf760 fffff80e`a98d6f6c : ffffbc0c`0b29d3b0 ffffee0f`d8bc0000 ffffee0f`d8bba000 ffffee0f`d8bbf890 : FLTMGR!FltpPerformPreCallbacks+0x79
ffffee0f`d8bbf7b0 fffff80e`a98d66f0 : ffffbc0c`091af010 00000000`00060043 ffffbc0c`091af010 ffffee0f`d8bbf8a0 : FLTMGR!FltpPassThroughInternal+0x8c
ffffee0f`d8bbf7e0 fffff80e`a98d612e : ffff8684`19ec07a0 00000000`00000000 ffff9c80`030479c0 00000000`00000000 : FLTMGR!FltpPassThrough+0x510
ffffee0f`d8bbf870 fffff807`52e43029 : ffffbc0c`091af010 fffff807`52e2232f ffffbc0c`05dff350 00000000`00000000 : FLTMGR!FltpDispatch+0x9e
ffffee0f`d8bbf8d0 fffff807`52e22218 : ffffbc0b`ffed1cd0 ffffbc0c`091af010 ffffbc0c`0b29d3e0 ffffbc0c`0b29d4a0 : nt!IofCallDriver+0x59
ffffee0f`d8bbf910 fffff807`52f395a9 : ffffbc0c`0b29d390 ffffbc0c`0b29d3b0 ffffbc0c`0b29d3f0 ffffbc0c`0b29d3e0 : nt!IoPageReadEx+0x188
ffffee0f`d8bbf960 fffff807`52e53b3d : 00000000`00000003 ffffee0f`d8bbf9f0 ffffee0f`d8bbfb58 ffff9a4d`00001dc0 : nt!MiIssueHardFaultIo+0xc1
ffffee0f`d8bbf9b0 fffff807`52e6ad5f : ffff8000`00000000 00000000`c0033333 00000000`7701a835 00000000`00000000 : nt!MiIssueHardFault+0x3ed
ffffee0f`d8bbfa60 fffff807`52fde403 : ffffbc0c`06f9c080 00000000`04981820 ffffee0f`d8bbfc80 ffffbc0c`0b2f7b60 : nt!MmAccessFault+0x32f
ffffee0f`d8bbfc00 00000000`7701a835 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x343
00000000`0693cc10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7701a835


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Wof!WofAcquireFileSystemRundown+1
fffff80e`aa782ba5 3000            xor     byte ptr [rax],al

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  Wof!WofAcquireFileSystemRundown+1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Wof

IMAGE_NAME:  Wof.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  7d65a03b

BUCKET_ID_FUNC_OFFSET:  1

FAILURE_BUCKET_ID:  0x1E_c0000005_W_Wof!WofAcquireFileSystemRundown

BUCKET_ID:  0x1E_c0000005_W_Wof!WofAcquireFileSystemRundown

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x1e_c0000005_w_wof!wofacquirefilesystemrundown

FAILURE_ID_HASH:  {0c3d85ce-ec4d-9d2f-d934-09500386df5c}

Followup: MachineOwner
---------

Почему такая сильная разница в отчетах WinDbg?
Чей-то WinDbg сильно врет.

И куда дальше копать? Где искать причину синего экрана?