文档章节

WinDbg

x
 xueyuse0012
发布于 10/19 01:15
字数 752
阅读 6
收藏 0

参考来自:http://www.cnit.net.cn/?id=225

SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

ctrl + d to open dump_file


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Administrator\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600
Machine Name:
Kernel base = 0xfffff800`0480b000 PsLoadedModuleList = 0xfffff800`04a4d750
Debug session time: Tue Aug 28 15:35:47.585 2018 (UTC + 8:00)
System Uptime: 0 days 5:51:11.553
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols

Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 18, {fffffa800c7bd230, fffffa800d201360, 1, 1}

*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
Probably caused by : atikmdag.sys ( atikmdag+28710 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

REFERENCE_BY_POINTER (18)
Arguments:
Arg1: fffffa800c7bd230, Object type of the object whose reference count is being lowered
Arg2: fffffa800d201360, Object whose reference count is being lowered
Arg3: 0000000000000001, Reserved
Arg4: 0000000000000001, Reserved
    The reference count of an object is illegal for the current state of the object.
    Each time a driver uses a pointer to an object the driver calls a kernel routine
    to increment the reference count of the object. When the driver is done with the
    pointer the driver calls another kernel routine to decrement the reference count.
    Drivers must match calls to the increment and decrement routines. This bugcheck
    can occur because an object's reference count goes to zero while there are still
    open handles to the object, in which case the fourth parameter indicates the number
    of opened handles. It may also occur when the objects reference count drops below zero
    whether or not there are open handles to the object, and in that case the fourth parameter
    contains the actual value of the pointer references count.

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x18

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800048fc06d to fffff8000487be00

STACK_TEXT:  
fffff800`05f818d8 fffff800`048fc06d : 00000000`00000018 fffffa80`0c7bd230 fffffa80`0d201360 00000000`00000001 : nt!KeBugCheckEx
fffff800`05f818e0 fffff880`0fc62710 : 00000000`0000001f fffff880`0a7a10f8 fffffa80`0d201360 fffff880`0fc909eb : nt! ?? ::FNODOBFM::`string'+0x4160a
fffff800`05f81940 fffff880`0fc64794 : fffffa80`110f3000 fffff800`04a07cc0 fffff800`05f81a80 00000000`00000000 : atikmdag+0x28710
fffff800`05f81980 fffff880`0fc71c20 : 00000000`00000000 fffffa80`1118d3d0 fffff880`0fe3a410 fffffa80`deadbeef : atikmdag+0x2a794
fffff800`05f819b0 fffff880`0fcbbf11 : 00000000`00000000 fffff800`05f81b30 fffffa80`1119e430 fffff880`0fc7594f : atikmdag+0x37c20
fffff800`05f819e0 fffff880`0fcbd5d6 : fffffa80`0feb2668 00000000`00000000 00000007`00000030 fffff880`00000008 : atikmdag+0x81f11
fffff800`05f81a60 fffff880`0fcbf2c4 : fffffa80`1118c000 fffffa80`1118d3d0 00000000`00000000 fffffa80`0c6e4720 : atikmdag+0x835d6
fffff800`05f81ae0 fffff880`0fcbf01f : fffffa80`1118c000 fffff800`04a07cc0 fffffa80`1118d3d0 00000000`00000000 : atikmdag+0x852c4
fffff800`05f81b10 fffff880`0fcb9fea : fffffa80`1118c000 fffffa80`0feb2040 fffffa80`0feb2668 00000000`00000003 : atikmdag+0x8501f
fffff800`05f81bb0 fffff880`0fc5e864 : fffffa80`0f8901c0 00000000`00000002 00000000`00000000 00000000`00000000 : atikmdag+0x7ffea
fffff800`05f81be0 fffff880`05eb4e75 : fffffa80`0f8b1d40 01d43ea1`bc9fc643 00000000`00000000 fffffa80`0feb2040 : atikmdag+0x24864
fffff800`05f81c10 fffff880`062af5b6 : 00000000`00000000 fffffa80`0feb2668 fffffa80`0f8b1d40 00000000`00000000 : atikmpag+0x9e75
fffff800`05f81c40 fffff800`048876ec : fffff800`049f9e80 0000000f`ce768dc5 0000000f`ce768b46 00000000`0000004b : dxgkrnl!DpiFdoDpcForIsr+0x2e
fffff800`05f81c90 fffff800`04873b0a : fffff800`049f9e80 fffff800`04a07cc0 00000000`00000000 fffff880`062af588 : nt!KiRetireDpcList+0x1bc
fffff800`05f81d40 00000000`00000000 : fffff800`05f82000 fffff800`05f7c000 fffff800`05f81d00 00000000`00000000 : nt!KiIdleLoop+0x5a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
atikmdag+28710
fffff880`0fc62710 4883c710        add     rdi,10h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  atikmdag+28710

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  55a70ac5

FAILURE_BUCKET_ID:  X64_0x18_CORRUPT_REF_COUNT_atikmdag+28710

BUCKET_ID:  X64_0x18_CORRUPT_REF_COUNT_atikmdag+28710

Followup: MachineOwner
---------

0: kd> lmvm atikmdag
start             end                 module name
fffff880`0fc3a000 fffff880`11144000   atikmdag   (no symbols)           
    Loaded symbol image file: atikmdag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
    Image name: atikmdag.sys
    Timestamp:        Thu Jul 16 09:37:09 2015 (55A70AC5)
    CheckSum:         014A8B0F
    ImageSize:        0150A000
    File version:     8.1.1.1500
    Product version:  8.1.1.1500
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.4 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Advanced Micro Devices, Inc.
    ProductName:      ATI Radeon Family
    InternalName:     atikmdag.sys
    OriginalFilename: atikmdag.sys
    ProductVersion:   8.01.01.1500
    FileVersion:      8.01.01.1500
    FileDescription:  ATI Radeon Kernel Mode Driver
    LegalCopyright:   Copyright (C) 1998-2012 Advanced Micro Devices, Inc.

© 著作权归作者所有

共有 人打赏支持
x
粉丝 0
博文 5
码字总数 2947
作品 0
成都
私信 提问
WinDbg抓取程序报错dump文件的方法

程序崩溃的两种主要现象: a. 程序在运行中的时候,突然弹出错误窗口,然后点错误窗口的确定时,程序直接关闭 例如: “应用程序错误” “C++错误之类的窗口” “程序无响应” “假死”等 此...

1886317979982165
03/15
0
0
用WinDbg分析Debug Diagnostic Tool生成的Userdump文件

1、下载WinDbg(Debugging Tools for Windows):http://www.microsoft.com/whdc/devtools/debugging/default.mspx 2、安装WinDbg 3、运行WinDbg 4、配置Symbol文件路径: File>Symbol File P......

nothingfinal
03/07
0
0
Windbg入门讲解

Windbg是在windows平台下,强大的用户态和内核态调试工具。相比较于Visual Studio,它是一个轻量级的调试工具,所谓轻量级指的是它的安装文件大小较小,但是其调试功能,却比VS更为强大。它的...

English0523
2017/08/14
0
0
句柄泄漏调试经验

句柄泄漏检测-简单 在调试之前首先确定是不是真的发生了句柄泄漏,简单的检测方法是通过任务管理器来查看进程的句柄数是不是居高不下,任务管理器默认不显示句柄数,要查看进程的句柄数需要先...

nothingfinal
2017/01/23
0
0
Windbg+Procdump解决w3wp.exe CPU过百问题

最近发布在windows server2012 IIS8.0上的一个WebAPI项目,才几十个人在线,CPU就会出现过百情况,并且CPU一旦过百应用程序池就自动暂停掉,看到这个问题我感觉应该是程序哪个地方出了问题,...

nothingfinal
01/13
0
0

没有更多内容

加载失败,请刷新页面

加载更多

Confluence 6 教程:在 Confluence 中导航

当你对 Confluence 有所了解后,你会发现 Confluence 使用起来非常简单。这个教程主要是针对你使用的 Confluence 界面进行一些说明,同时向你展示在那里可以进行一些通用的任务和操作。 空间...

honeymose
今天
2
0
sed, awk 练习

1. sed打印某行到某行之间的内容 2. sed 转换大小写 将单词首字母转化大写 将所有小写转化大写 3. sed 在某一行最后面添加一个数字 4. 删除某行到最后一行 解析: {:a;N;$!ba;d} :a : 是...

Fc丶
今天
2
0
babel6升级到7,jest-babel报错:Requires Babel "^7.0.0-0", but was loaded with "6.26.3".

自从将前端环境更新到babel7,jest-babel之前是基于babel6的,执行时候就会报:Requires Babel "^7.0.0-0", but was loaded with "6.26.3". 很烦,因为连续帮好几台电脑修复这个问题,所以记...

曾建凯
今天
1
0
探索802.11ax

802.11ax承诺在真实条件下改善峰值性能和最差情况。 如何改善今天的Wi-Fi? 在决定如何改进当前版本以外的Wi-Fi时,802.11ac,IEEE和Wi-Fi联盟调查了Wi-Fi部署和行为,以确定更广泛使用的障碍...

linuxprobe16
今天
2
0
使用linux将64G的SDCARD格式化为FAT32

一、命令如下: sudo fdisk -lsudo mkfs.vfat /dev/sda -Isudo fdisk /dev/sda Welcome to fdisk (util-linux 2.29.2). Changes will remain in memory only, until you decide to wri......

mbzhong
今天
4
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部