最近的一次蓝屏死机:Mini061218
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\224minidump\Mini061218-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*%Symbolspath%*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_rtm.070216-1710
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Tue Jun 12 23:22:27.148 2018 (UTC + 8:00)
System Uptime: 8 days 8:38:26.651
Loading Kernel Symbols
...............................................................
........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {0, d0000002, 1, 808921dd}
Unable to load image \SystemRoot\system32\DRIVERS\netkvm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for netkvm.sys
*** ERROR: Module load completed but symbols could not be loaded for netkvm.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1d7 )
Followup: Pool_corruption
---------
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis *
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 808921dd, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_D0000002
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+1d7
808921dd 8937 mov dword ptr [edi],esi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: Idle
TRAP_FRAME: 8089a3f8 -- (.trap 0xffffffff8089a3f8)
ErrCode = 00000002
eax=89ce5610 ebx=00000000 ecx=000001ff edx=89ce5000 esi=89d399f8 edi=00000000
eip=808921dd esp=8089a46c ebp=8089a4a4 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x1d7:
808921dd 8937 mov dword ptr [edi],esi ds:0023:00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 808921dd to 8088c963
STACK_TEXT:
8089a3f8 808921dd badb0d00 89ce5000 00000001 nt!KiTrap0E+0x2a7
8089a4a4 808928c3 808aeae0 89d66008 8a739a10 nt!ExDeferredFreePool+0x1d7
8089a4fc f76c9ee6 89d66008 00000000 8089a548 nt!ExFreePoolWithTag+0x57f
8089a50c badebe5f 89d66008 00000000 00000000 NDIS!NdisFreeMemory+0x3b
WARNING: Stack unwind information not available. Following frames may be wrong.
8089a548 bade9d77 8a51c00c 000003e8 8a739fb0 netkvm+0x7e5f
8089a574 bade5c8d 00739a10 000003e8 8a770ab0 netkvm+0x5d77
8089a590 f76ec466 8a739a10 ffdffa40 8a739f00 netkvm+0x1c8d
8089a5a8 808320f0 8a739f00 8a739eec 00000000 NDIS!ndisMDpcX+0x21
8089a600 8088de1f 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca
8089a604 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x37
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+1d7
808921dd 8937 mov dword ptr [edi],esi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+1d7
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_D0000002_nt!ExDeferredFreePool+1d7
BUCKET_ID: 0xC5_D0000002_nt!ExDeferredFreePool+1d7
Followup: Pool_corruption
---------
最近的第二次蓝屏死机:Mini053018
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\224minidump\Mini053018-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*%Symbolspath%*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_rtm.070216-1710
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed May 30 12:08:13.864 2018 (UTC + 8:00)
System Uptime: 14 days 2:56:13.982
Loading Kernel Symbols
...............................................................
........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis *
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {0, d0000002, 1, 808921dd}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1d7 )
Followup: Pool_corruption
---------
2: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis *
*
*
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 808921dd, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_D0000002
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+1d7
808921dd 8937 mov dword ptr [edi],esi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: System
TRAP_FRAME: f78debd0 -- (.trap 0xfffffffff78debd0)
ErrCode = 00000002
eax=89bb6610 ebx=00000000 ecx=000001ff edx=89bb6000 esi=89bd7008 edi=00000000
eip=808921dd esp=f78dec44 ebp=f78dec7c iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x1d7:
808921dd 8937 mov dword ptr [edi],esi ds:0023:00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 808921dd to 8088c963
STACK_TEXT:
f78debd0 808921dd badb0d00 89bb6000 00000000 nt!KiTrap0E+0x2a7
f78dec7c 808928c3 808aeae0 89cc1cc4 89cc1c60 nt!ExDeferredFreePool+0x1d7
f78decd4 8081095a 89cc1c60 00000000 80a5a4d0 nt!ExFreePoolWithTag+0x57f
f78ded08 8080fe95 00000001 808a3ff0 89de68e0 nt!CcDeleteSharedCacheMap+0x160
f78ded40 808127a2 8b16db40 808ae5c0 8b166260 nt!CcWriteBehind+0x359
f78ded80 80880441 8b166260 00000000 8b16db40 nt!CcWorkerThread+0x15a
f78dedac 80949b7c 8b166260 00000000 00000000 nt!ExpWorkerThread+0xeb
f78deddc 8088e062 80880356 00000000 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+1d7
808921dd 8937 mov dword ptr [edi],esi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+1d7
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_D0000002_nt!ExDeferredFreePool+1d7
BUCKET_ID: 0xC5_D0000002_nt!ExDeferredFreePool+1d7
Followup: Pool_corruption
---------
三次屏幕死机的文件位置:https://pan.baidu.com/s/1GrvJOirZINdBp0FGJNX6rQ
求解答~