文档章节

WinDbg

x
 xueyuse0012
发布于 2018/10/19 01:15
字数 752
阅读 6
收藏 0

参考来自:http://www.cnit.net.cn/?id=225

SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

ctrl + d to open dump_file


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Administrator\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600
Machine Name:
Kernel base = 0xfffff800`0480b000 PsLoadedModuleList = 0xfffff800`04a4d750
Debug session time: Tue Aug 28 15:35:47.585 2018 (UTC + 8:00)
System Uptime: 0 days 5:51:11.553
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols

Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 18, {fffffa800c7bd230, fffffa800d201360, 1, 1}

*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
Probably caused by : atikmdag.sys ( atikmdag+28710 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

REFERENCE_BY_POINTER (18)
Arguments:
Arg1: fffffa800c7bd230, Object type of the object whose reference count is being lowered
Arg2: fffffa800d201360, Object whose reference count is being lowered
Arg3: 0000000000000001, Reserved
Arg4: 0000000000000001, Reserved
    The reference count of an object is illegal for the current state of the object.
    Each time a driver uses a pointer to an object the driver calls a kernel routine
    to increment the reference count of the object. When the driver is done with the
    pointer the driver calls another kernel routine to decrement the reference count.
    Drivers must match calls to the increment and decrement routines. This bugcheck
    can occur because an object's reference count goes to zero while there are still
    open handles to the object, in which case the fourth parameter indicates the number
    of opened handles. It may also occur when the objects reference count drops below zero
    whether or not there are open handles to the object, and in that case the fourth parameter
    contains the actual value of the pointer references count.

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x18

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800048fc06d to fffff8000487be00

STACK_TEXT:  
fffff800`05f818d8 fffff800`048fc06d : 00000000`00000018 fffffa80`0c7bd230 fffffa80`0d201360 00000000`00000001 : nt!KeBugCheckEx
fffff800`05f818e0 fffff880`0fc62710 : 00000000`0000001f fffff880`0a7a10f8 fffffa80`0d201360 fffff880`0fc909eb : nt! ?? ::FNODOBFM::`string'+0x4160a
fffff800`05f81940 fffff880`0fc64794 : fffffa80`110f3000 fffff800`04a07cc0 fffff800`05f81a80 00000000`00000000 : atikmdag+0x28710
fffff800`05f81980 fffff880`0fc71c20 : 00000000`00000000 fffffa80`1118d3d0 fffff880`0fe3a410 fffffa80`deadbeef : atikmdag+0x2a794
fffff800`05f819b0 fffff880`0fcbbf11 : 00000000`00000000 fffff800`05f81b30 fffffa80`1119e430 fffff880`0fc7594f : atikmdag+0x37c20
fffff800`05f819e0 fffff880`0fcbd5d6 : fffffa80`0feb2668 00000000`00000000 00000007`00000030 fffff880`00000008 : atikmdag+0x81f11
fffff800`05f81a60 fffff880`0fcbf2c4 : fffffa80`1118c000 fffffa80`1118d3d0 00000000`00000000 fffffa80`0c6e4720 : atikmdag+0x835d6
fffff800`05f81ae0 fffff880`0fcbf01f : fffffa80`1118c000 fffff800`04a07cc0 fffffa80`1118d3d0 00000000`00000000 : atikmdag+0x852c4
fffff800`05f81b10 fffff880`0fcb9fea : fffffa80`1118c000 fffffa80`0feb2040 fffffa80`0feb2668 00000000`00000003 : atikmdag+0x8501f
fffff800`05f81bb0 fffff880`0fc5e864 : fffffa80`0f8901c0 00000000`00000002 00000000`00000000 00000000`00000000 : atikmdag+0x7ffea
fffff800`05f81be0 fffff880`05eb4e75 : fffffa80`0f8b1d40 01d43ea1`bc9fc643 00000000`00000000 fffffa80`0feb2040 : atikmdag+0x24864
fffff800`05f81c10 fffff880`062af5b6 : 00000000`00000000 fffffa80`0feb2668 fffffa80`0f8b1d40 00000000`00000000 : atikmpag+0x9e75
fffff800`05f81c40 fffff800`048876ec : fffff800`049f9e80 0000000f`ce768dc5 0000000f`ce768b46 00000000`0000004b : dxgkrnl!DpiFdoDpcForIsr+0x2e
fffff800`05f81c90 fffff800`04873b0a : fffff800`049f9e80 fffff800`04a07cc0 00000000`00000000 fffff880`062af588 : nt!KiRetireDpcList+0x1bc
fffff800`05f81d40 00000000`00000000 : fffff800`05f82000 fffff800`05f7c000 fffff800`05f81d00 00000000`00000000 : nt!KiIdleLoop+0x5a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
atikmdag+28710
fffff880`0fc62710 4883c710        add     rdi,10h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  atikmdag+28710

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  55a70ac5

FAILURE_BUCKET_ID:  X64_0x18_CORRUPT_REF_COUNT_atikmdag+28710

BUCKET_ID:  X64_0x18_CORRUPT_REF_COUNT_atikmdag+28710

Followup: MachineOwner
---------

0: kd> lmvm atikmdag
start             end                 module name
fffff880`0fc3a000 fffff880`11144000   atikmdag   (no symbols)           
    Loaded symbol image file: atikmdag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
    Image name: atikmdag.sys
    Timestamp:        Thu Jul 16 09:37:09 2015 (55A70AC5)
    CheckSum:         014A8B0F
    ImageSize:        0150A000
    File version:     8.1.1.1500
    Product version:  8.1.1.1500
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.4 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Advanced Micro Devices, Inc.
    ProductName:      ATI Radeon Family
    InternalName:     atikmdag.sys
    OriginalFilename: atikmdag.sys
    ProductVersion:   8.01.01.1500
    FileVersion:      8.01.01.1500
    FileDescription:  ATI Radeon Kernel Mode Driver
    LegalCopyright:   Copyright (C) 1998-2012 Advanced Micro Devices, Inc.

© 著作权归作者所有

共有 人打赏支持
x
粉丝 0
博文 5
码字总数 2947
作品 0
成都
私信 提问
WinDbg抓取程序报错dump文件的方法

程序崩溃的两种主要现象: a. 程序在运行中的时候,突然弹出错误窗口,然后点错误窗口的确定时,程序直接关闭 例如: “应用程序错误” “C++错误之类的窗口” “程序无响应” “假死”等 此...

1886317979982165
2018/03/15
0
0
用WinDbg分析Debug Diagnostic Tool生成的Userdump文件

1、下载WinDbg(Debugging Tools for Windows):http://www.microsoft.com/whdc/devtools/debugging/default.mspx 2、安装WinDbg 3、运行WinDbg 4、配置Symbol文件路径: File>Symbol File P......

nothingfinal
2018/03/07
0
0
句柄泄漏调试经验

句柄泄漏检测-简单 在调试之前首先确定是不是真的发生了句柄泄漏,简单的检测方法是通过任务管理器来查看进程的句柄数是不是居高不下,任务管理器默认不显示句柄数,要查看进程的句柄数需要先...

nothingfinal
2017/01/23
0
0
Windbg入门讲解

Windbg是在windows平台下,强大的用户态和内核态调试工具。相比较于Visual Studio,它是一个轻量级的调试工具,所谓轻量级指的是它的安装文件大小较小,但是其调试功能,却比VS更为强大。它的...

English0523
2017/08/14
0
0
使用Windbg调试内核

http://blog.pfan.cn/xman/44320.html Windbg是微软开发的免费源码级调试工具。Windbg可以用于Kernel模式调试和用户模式调试,还可以调试Dump文件。 1.从http://www.microsoft.com/whdc/dev...

nothingfinal
2012/08/26
0
0

没有更多内容

加载失败,请刷新页面

加载更多

OSChina 周六乱弹 —— 舔狗是没有好下场的

Osc乱弹歌单(2019)请戳(这里) 【今日歌曲】 @我没有抓狂 :#今天听什么# #今天听这个# 分享 Nirvana 的歌曲《Smells Like Teen Spi...》 《Smells Like Teen Spi...》- Nirvana 手机党少...

小小编辑
今天
62
4
Linux Wireshark普通用户启动使用方案

当系统安装好Wireshark后请正常启动是否可以进行正常使用,如果不行请参考下列指导 向系统添加一个用户组 sudo groupadd wireshark //如提示此组存在可跳过 将指定用户添加到这个组中 sudo...

CHONGCHEN
今天
2
0
CSS 选择器参考手册

CSS 选择器参考手册 选择器 描述 [attribute] 用于选取带有指定属性的元素。 [attribute=value] 用于选取带有指定属性和值的元素。 [attribute~=value] 用于选取属性值中包含指定词汇的元素。...

Jack088
今天
2
0
数据库篇一

数据库篇 第1章 数据库介绍 1.1 数据库概述  什么是数据库(DB:DataBase) 数据库就是存储数据的仓库,其本质是一个文件系统,数据按照特定的格式将数据存储起来,用户可以对数据库中的数据...

stars永恒
今天
5
0
Intellij IDEA中设置了jsp页面,但是在访问页面时却提示404

在Intellij IDEA中设置了spring boot的jsp页面,但是在访问时,却出现404,Not Found,经过查找资料后解决,步骤如下: 在Run/Debug Configurations面板中设置该程序的Working Directory选项...

uknow8692
昨天
4
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部