Home Sign Up Sign In
huyinjie
V2EX  ›  问与答

求助,帮忙用 WinDbg 分析电脑蓝屏文件

  •   
  •   huyinjie · Nov 7, 2019 · 2620 views
    This topic created in 2377 days ago, the information mentioned may be changed or developed.
    一打开 PDF 就蓝屏,大概率是 Sumatra 这个软件导致的。有没有好心人安装了非 UWP 版本的 Windbg 可以帮忙分析下 dmp 文件,UWP 版本的提示参数错误 0x80070057
    文件放在了这边: https://send.firefox.com/download/0cdaab4cf954cb3e/#tKaDhY1vILfqGwgd7WcMeA
  • windbg
  • uwp
  • 蓝屏
  • 文件
    5 replies    2019-11-07 19:42:00 +08:00
    jasonyang9
        1
    jasonyang9  
       Nov 7, 2019   ❤️ 1
    cldflts.sys ,可能是 OneDrive
    huyinjie
        2
    huyinjie  
    OP
       Nov 7, 2019
    @jasonyang9 #1 感谢 可以帮忙导出下文档或者粘贴出来吗
    jasonyang9
        3
    jasonyang9  
       Nov 7, 2019   ❤️ 1
    我是用 BlueScreenView 看的:

    110719-9390-01.dmp 2019/11/7 12:48:10 SYSTEM_SERVICE_EXCEPTION 0x0000003b 00000000`c0000005 fffff802`75ebfbfe ffffa203`2b885800 00000000`00000000 cldflt.sys cldflt.sys+5fbfe x64 ntoskrnl.exe+1c1220 110719-9390-01.dmp 4 15 18362 1,203,396 2019/11/7 13:48:45



    cldflt.sys cldflt.sys+5fbfe fffff802`75e60000 fffff802`75ed7000 0x00077000 0xb7d0f1f2 2067/9/22 21:32:34
    ntoskrnl.exe ntoskrnl.exe+1d30e9 fffff802`6e400000 fffff802`6eeb6000 0x00ab6000 0xfc9570f2 2104/4/15 5:36:50
    hal.dll fffff802`6e35d000 fffff802`6e400000 0x000a3000 0x1cd3fb4f
    kd.dll fffff802`70800000 fffff802`7080b000 0x0000b000 0x5a75d524 2018/2/3 23:28:36
    mcupdate_GenuineIntel.dll fffff802`70810000 fffff802`70a11000 0x00201000 0x258cab1a 1989/12/18 17:17:14
    msrpc.sys fffff802`70a70000 fffff802`70ad0000 0x00060000 0x8e1a4f15 2045/7/19 22:54:13
    ksecdd.sys fffff802`70a40000 fffff802`70a6a000 0x0002a000 0xa35f28f6 2056/11/8 23:23:34
    werkernel.sys fffff802`70a20000 fffff802`70a31000 0x00011000 0x958e14b2 2049/7/6 0:49:54
    CLFS.SYS fffff802`70b10000 fffff802`70b78000 0x00068000 0x07bc3c0b
    tm.sys fffff802`70ae0000 fffff802`70b07000 0x00027000 0x9a74c3b7 2052/2/12 17:39:03
    PSHED.dll fffff802`70b80000 fffff802`70b9a000 0x0001a000 0xb21f9dda 2064/9/12 11:41:14
    BOOTVID.dll fffff802`70ba0000 fffff802`70bab000 0x0000b000 0x0f301604
    FLTMGR.SYS fffff802`70d10000 fffff802`70d81000 0x00071000 0x801a5f11 2038/2/8 11:18:41
    clipsp.sys fffff802`70c00000 fffff802`70d05000 0x00105000 0x5d8991ba 2019/9/24 11:47:06
    cmimcext.sys fffff802`70bb0000 fffff802`70bbe000 0x0000e000 0xc7f022b4 2076/4/18 10:45:08
    ntosext.sys fffff802`70bc0000 fffff802`70bcc000 0x0000c000 0xbac877d8 2069/4/21 0:14:16
    CI.dll fffff802`70d90000 fffff802`70e6c000 0x000dc000 0xe1af0052 2089/12/25 17:48:02
    cng.sys fffff802`70e70000 fffff802`70f2c000 0x000bc000 0x5444b5a1 2014/10/20 15:11:29
    Wdf01000.sys fffff802`70f30000 fffff802`71005000 0x000d5000 0x116a658a
    WDFLDR.SYS fffff802`70bd0000 fffff802`70be3000 0x00013000 0x3b396780 2001/6/27 12:56:32
    WppRecorder.sys fffff802`71010000 fffff802`71020000 0x00010000 0x34a54231 1997/12/28 2:00:17
    SleepStudyHelper.sys fffff802`70bf0000 fffff802`70bff000 0x0000f000 0xba6e2346 2069/2/11 11:49:26
    acpiex.sys fffff802`71030000 fffff802`71055000 0x00025000 0x2b91edb2 1993/3/1 19:04:18
    mssecflt.sys fffff802`71060000 fffff802`710a2000 0x00042000 0x9c3fcc09 2053/1/25 22:04:57
    SgrmAgent.sys fffff802`710b0000 fffff802`710ca000 0x0001a000 0xf851a195 2102/1/8 1:49:09
    lxss.sys fffff802`710d0000 fffff802`710da000 0x0000a000 0x86d5f4c6 2041/9/7 20:12:54
    LXCORE.SYS fffff802`710e0000 fffff802`711f6000 0x00116000 0xdeb52477 2088/5/26 20:35:03
    ACPI.sys fffff802`71200000 fffff802`712cc000 0x000cc000 0x90b929f2 2046/12/10 19:26:42
    WMILIB.SYS fffff802`712d0000 fffff802`712dc000 0x0000c000 0x59021e3d 2017/4/28 0:37:17
    intelpep.sys fffff802`712e0000 fffff802`7133b000 0x0005b000 0xa0b377f1 2055/6/9 9:10:09
    WindowsTrustedRT.sys fffff802`71340000 fffff802`71357000 0x00017000 0xcb95ce3d 2078/3/27 15:41:49

    后面还有
    cjw1115
        4
    cjw1115  
       Nov 7, 2019   ❤️ 1
    STACK_TEXT:
    ffffa203`2b8861f0 fffff802`75ec0129 : ffffb783`0c4d1a88 ffffa203`2b886360 00000000`00000000 00000000`00000000 : cldflt!HsmiFltPostECPCREATE+0x1da
    ffffa203`2b886280 fffff802`70d13c03 : ffffb783`0c4d1a88 ffffa203`2b886360 ffffb783`0c4d19a0 00000000`0000366b : cldflt!HsmFltPostQUERY_OPEN+0x29
    ffffa203`2b886310 fffff802`70d1243c : 00000000`00000000 ffffb783`06e19d00 ffffb783`0fe4c4a8 00000000`00000000 : FLTMGR!FltpPerformPostCallbacks+0x3e3
    ffffa203`2b8863e0 fffff802`6e489aac : ffffa203`2b886480 ffffa203`2b886d0c ffffb783`06dd88f0 ffffb783`107339f0 : FLTMGR!FltpPostFsFilterOperation+0x2c
    ffffa203`2b886410 fffff802`6ec5010d : 00000000`00000000 ffffb783`06e19d60 ffffa203`2b886540 fffff802`719ddda0 : nt!FsFilterPerformCompletionCallbacks+0x4c
    ffffa203`2b886440 fffff802`6ebead94 : 00000000`6d4e6f49 fffff802`6e76f06d ffffa203`00000003 00000000`00000000 : nt!FsRtlQueryOpen+0xd1
    ffffa203`2b886710 fffff802`6e9e62ba : fffff802`00000004 fffff802`6e9e5944 ffffa203`2b886950 00000000`00000000 : nt!IopQueryInformation+0x139ad4
    ffffa203`2b886770 fffff802`6e9ecfcf : ffffb783`06dd88f0 ffffb783`06dd8844 ffffb783`0ee1f560 00000000`00000000 : nt!IopParseDevice+0x8ea
    ffffa203`2b8868e0 fffff802`6e9eb431 : ffffb783`0ee1f500 ffffa203`2b886b28 ffffb783`00000240 ffffb783`04cd40c0 : nt!ObpLookupObjectName+0x78f
    ffffa203`2b886aa0 fffff802`6ec57ec3 : 00000000`00000001 00000000`00000000 ffffa203`2b887090 ffffa203`2b886ef8 : nt!ObOpenObjectByNameEx+0x201
    ffffa203`2b886be0 fffff802`70d28063 : ffffa203`2b887000 ffffb783`1079e9a0 ffffb783`0af91a00 fffff802`70d176fb : nt!IoQueryInformationByName+0x263
    ffffa203`2b886e90 fffff802`75e75c99 : ffffa203`2b887088 00000000`00000000 ffffa203`2b887088 fffff802`6e46b455 : FLTMGR!FltQueryInformationByName+0x153
    ffffa203`2b886f40 fffff802`75e67924 : ffffa203`2b887088 00000000`00000000 00000000`00000000 00000000`00000000 : cldflt!FltQueryInformationByNameCallout+0x49
    ffffa203`2b886f90 fffff802`75ebf77d : 00000000`00000000 ffffa203`2b888000 ffffa203`2b881000 ffffb783`1079e9a0 : cldflt!HsmExpandKernelStackAndCallout+0x44
    ffffa203`2b886fd0 fffff802`75ec0019 : ffffb783`0e46a010 ffffb783`0beceb88 ffffb783`1079ec30 ffffa203`2b887219 : cldflt!HsmiFltPreECPCREATE+0x34d
    ffffa203`2b887140 fffff802`70d14a5d : ffffb783`0becea00 ffffb783`00000000 ffffb783`00000000 00000000`00000000 : cldflt!HsmFltPreCREATE+0x9
    ffffa203`2b887170 fffff802`70d145a0 : ffffa203`2b8872f0 ffffa203`2b887300 00000000`00000000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x2fd
    ffffa203`2b887280 fffff802`70d4cd13 : fffff802`70d39060 00000000`00000110 00000000`00000000 00000000`00000454 : FLTMGR!FltpPassThroughInternal+0x90
    ffffa203`2b8872b0 fffff802`6e431f39 : 00000000`00000000 fffff802`6e9e5905 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x2f3
    ffffa203`2b887360 fffff802`6e430fe4 : 00000000`00000003 00000000`00000000 00000000`00000000 fffff802`6e4317a3 : nt!IofCallDriver+0x59
    ffffa203`2b8873a0 fffff802`6e9e5ffb : ffffa203`2b887660 fffff802`6e9e5905 ffffa203`2b8875d0 ffffb783`10771010 : nt!IoCallDriverWithTracing+0x34
    ffffa203`2b8873f0 fffff802`6e9ecfcf : ffffb783`06dd88f0 ffffb783`06dd8805 ffffb783`100749a0 00000000`00000001 : nt!IopParseDevice+0x62b
    ffffa203`2b887560 fffff802`6e9eb431 : ffffb783`10074900 ffffa203`2b8877a8 00000000`00000040 ffffb783`04cd40c0 : nt!ObpLookupObjectName+0x78f
    ffffa203`2b887720 fffff802`6ea30300 : 00000000`00000001 00000017`4fd0f558 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x201
    ffffa203`2b887860 fffff802`6ea2fac9 : 00000017`4fd0f500 00000000`40100080 00000017`4fd0f558 00000017`4fd0f518 : nt!IopCreateFile+0x820
    ffffa203`2b887900 fffff802`6e5d2b15 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateFile+0x79
    ffffa203`2b887990 00007ffa`264dcb64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
    00000017`4fd0f488 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`264dcb64


    THREAD_SHA1_HASH_MOD_FUNC: 6c7518cce721fecd91a279b71d6c590012cfeb9e

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1242459b356dfef42d12ef1a660e2600ed8d7605

    THREAD_SHA1_HASH_MOD: 8fcdce0b961f3e096e6533bd1542fcd9959c4f1c

    FOLLOWUP_IP:
    cldflt!HsmiFltPostECPCREATE+1da
    fffff802`75ebfbfe f60201 test byte ptr [rdx],1

    FAULT_INSTR_CODE: 750102f6

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: cldflt!HsmiFltPostECPCREATE+1da

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: cldflt

    IMAGE_NAME: cldflt.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 0

    IMAGE_VERSION: 10.0.18362.1034

    STACK_COMMAND: .cxr 0xffffa2032b885800 ; kb

    BUCKET_ID_FUNC_OFFSET: 1da

    FAILURE_BUCKET_ID: 0x3B_c0000005_cldflt!HsmiFltPostECPCREATE

    BUCKET_ID: 0x3B_c0000005_cldflt!HsmiFltPostECPCREATE

    PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_cldflt!HsmiFltPostECPCREATE

    TARGET_TIME: 2019-11-07T04:48:10.000Z

    OSBUILD: 18362

    OSSERVICEPACK: 418

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK: 272

    PRODUCT_TYPE: 1

    OSPLATFORM_TYPE: x64

    OSNAME: Windows 10

    OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

    OS_LOCALE:

    USER_LCID: 0

    OSBUILD_TIMESTAMP: unknown_date

    BUILDDATESTAMP_STR: 190318-1202

    BUILDLAB_STR: 19h1_release

    BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

    ANALYSIS_SESSION_ELAPSED_TIME: 17102

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:0x3b_c0000005_cldflt!hsmifltpostecpcreate

    FAILURE_ID_HASH: {a70c9fc4-24a8-3907-3d56-b0e3f463c98e}

    Followup: MachineOwner
    ---------
    huyinjie
        5
    huyinjie  
    OP
       Nov 7, 2019
    感谢各位,这个问题在安装 KB4522741 后发生的,把 Onedrive 重启了一下目前还没有蓝屏
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   3780 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 35ms · UTC 04:56 · PVG 12:56 · LAX 21:56 · JFK 00:56
    ♥ Do have faith in what you're doing.