V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
huyinjie
V2EX  ›  问与答

求助,帮忙用 WinDbg 分析电脑蓝屏文件

  •  
  •   huyinjie · 2019-11-07 13:47:18 +08:00 · 2059 次点击
    这是一个创建于 1604 天前的主题,其中的信息可能已经有所发展或是发生改变。
    一打开 PDF 就蓝屏,大概率是 Sumatra 这个软件导致的。有没有好心人安装了非 UWP 版本的 Windbg 可以帮忙分析下 dmp 文件,UWP 版本的提示参数错误 0x80070057
    文件放在了这边: https://send.firefox.com/download/0cdaab4cf954cb3e/#tKaDhY1vILfqGwgd7WcMeA
    5 条回复    2019-11-07 19:42:00 +08:00
    jasonyang9
        1
    jasonyang9  
       2019-11-07 13:55:07 +08:00   ❤️ 1
    cldflts.sys ,可能是 OneDrive
    huyinjie
        2
    huyinjie  
    OP
       2019-11-07 13:59:12 +08:00
    @jasonyang9 #1 感谢 可以帮忙导出下文档或者粘贴出来吗
    jasonyang9
        3
    jasonyang9  
       2019-11-07 14:09:53 +08:00   ❤️ 1
    我是用 BlueScreenView 看的:

    110719-9390-01.dmp 2019/11/7 12:48:10 SYSTEM_SERVICE_EXCEPTION 0x0000003b 00000000`c0000005 fffff802`75ebfbfe ffffa203`2b885800 00000000`00000000 cldflt.sys cldflt.sys+5fbfe x64 ntoskrnl.exe+1c1220 110719-9390-01.dmp 4 15 18362 1,203,396 2019/11/7 13:48:45



    cldflt.sys cldflt.sys+5fbfe fffff802`75e60000 fffff802`75ed7000 0x00077000 0xb7d0f1f2 2067/9/22 21:32:34
    ntoskrnl.exe ntoskrnl.exe+1d30e9 fffff802`6e400000 fffff802`6eeb6000 0x00ab6000 0xfc9570f2 2104/4/15 5:36:50
    hal.dll fffff802`6e35d000 fffff802`6e400000 0x000a3000 0x1cd3fb4f
    kd.dll fffff802`70800000 fffff802`7080b000 0x0000b000 0x5a75d524 2018/2/3 23:28:36
    mcupdate_GenuineIntel.dll fffff802`70810000 fffff802`70a11000 0x00201000 0x258cab1a 1989/12/18 17:17:14
    msrpc.sys fffff802`70a70000 fffff802`70ad0000 0x00060000 0x8e1a4f15 2045/7/19 22:54:13
    ksecdd.sys fffff802`70a40000 fffff802`70a6a000 0x0002a000 0xa35f28f6 2056/11/8 23:23:34
    werkernel.sys fffff802`70a20000 fffff802`70a31000 0x00011000 0x958e14b2 2049/7/6 0:49:54
    CLFS.SYS fffff802`70b10000 fffff802`70b78000 0x00068000 0x07bc3c0b
    tm.sys fffff802`70ae0000 fffff802`70b07000 0x00027000 0x9a74c3b7 2052/2/12 17:39:03
    PSHED.dll fffff802`70b80000 fffff802`70b9a000 0x0001a000 0xb21f9dda 2064/9/12 11:41:14
    BOOTVID.dll fffff802`70ba0000 fffff802`70bab000 0x0000b000 0x0f301604
    FLTMGR.SYS fffff802`70d10000 fffff802`70d81000 0x00071000 0x801a5f11 2038/2/8 11:18:41
    clipsp.sys fffff802`70c00000 fffff802`70d05000 0x00105000 0x5d8991ba 2019/9/24 11:47:06
    cmimcext.sys fffff802`70bb0000 fffff802`70bbe000 0x0000e000 0xc7f022b4 2076/4/18 10:45:08
    ntosext.sys fffff802`70bc0000 fffff802`70bcc000 0x0000c000 0xbac877d8 2069/4/21 0:14:16
    CI.dll fffff802`70d90000 fffff802`70e6c000 0x000dc000 0xe1af0052 2089/12/25 17:48:02
    cng.sys fffff802`70e70000 fffff802`70f2c000 0x000bc000 0x5444b5a1 2014/10/20 15:11:29
    Wdf01000.sys fffff802`70f30000 fffff802`71005000 0x000d5000 0x116a658a
    WDFLDR.SYS fffff802`70bd0000 fffff802`70be3000 0x00013000 0x3b396780 2001/6/27 12:56:32
    WppRecorder.sys fffff802`71010000 fffff802`71020000 0x00010000 0x34a54231 1997/12/28 2:00:17
    SleepStudyHelper.sys fffff802`70bf0000 fffff802`70bff000 0x0000f000 0xba6e2346 2069/2/11 11:49:26
    acpiex.sys fffff802`71030000 fffff802`71055000 0x00025000 0x2b91edb2 1993/3/1 19:04:18
    mssecflt.sys fffff802`71060000 fffff802`710a2000 0x00042000 0x9c3fcc09 2053/1/25 22:04:57
    SgrmAgent.sys fffff802`710b0000 fffff802`710ca000 0x0001a000 0xf851a195 2102/1/8 1:49:09
    lxss.sys fffff802`710d0000 fffff802`710da000 0x0000a000 0x86d5f4c6 2041/9/7 20:12:54
    LXCORE.SYS fffff802`710e0000 fffff802`711f6000 0x00116000 0xdeb52477 2088/5/26 20:35:03
    ACPI.sys fffff802`71200000 fffff802`712cc000 0x000cc000 0x90b929f2 2046/12/10 19:26:42
    WMILIB.SYS fffff802`712d0000 fffff802`712dc000 0x0000c000 0x59021e3d 2017/4/28 0:37:17
    intelpep.sys fffff802`712e0000 fffff802`7133b000 0x0005b000 0xa0b377f1 2055/6/9 9:10:09
    WindowsTrustedRT.sys fffff802`71340000 fffff802`71357000 0x00017000 0xcb95ce3d 2078/3/27 15:41:49

    后面还有
    cjw1115
        4
    cjw1115  
       2019-11-07 16:57:36 +08:00   ❤️ 1
    STACK_TEXT:
    ffffa203`2b8861f0 fffff802`75ec0129 : ffffb783`0c4d1a88 ffffa203`2b886360 00000000`00000000 00000000`00000000 : cldflt!HsmiFltPostECPCREATE+0x1da
    ffffa203`2b886280 fffff802`70d13c03 : ffffb783`0c4d1a88 ffffa203`2b886360 ffffb783`0c4d19a0 00000000`0000366b : cldflt!HsmFltPostQUERY_OPEN+0x29
    ffffa203`2b886310 fffff802`70d1243c : 00000000`00000000 ffffb783`06e19d00 ffffb783`0fe4c4a8 00000000`00000000 : FLTMGR!FltpPerformPostCallbacks+0x3e3
    ffffa203`2b8863e0 fffff802`6e489aac : ffffa203`2b886480 ffffa203`2b886d0c ffffb783`06dd88f0 ffffb783`107339f0 : FLTMGR!FltpPostFsFilterOperation+0x2c
    ffffa203`2b886410 fffff802`6ec5010d : 00000000`00000000 ffffb783`06e19d60 ffffa203`2b886540 fffff802`719ddda0 : nt!FsFilterPerformCompletionCallbacks+0x4c
    ffffa203`2b886440 fffff802`6ebead94 : 00000000`6d4e6f49 fffff802`6e76f06d ffffa203`00000003 00000000`00000000 : nt!FsRtlQueryOpen+0xd1
    ffffa203`2b886710 fffff802`6e9e62ba : fffff802`00000004 fffff802`6e9e5944 ffffa203`2b886950 00000000`00000000 : nt!IopQueryInformation+0x139ad4
    ffffa203`2b886770 fffff802`6e9ecfcf : ffffb783`06dd88f0 ffffb783`06dd8844 ffffb783`0ee1f560 00000000`00000000 : nt!IopParseDevice+0x8ea
    ffffa203`2b8868e0 fffff802`6e9eb431 : ffffb783`0ee1f500 ffffa203`2b886b28 ffffb783`00000240 ffffb783`04cd40c0 : nt!ObpLookupObjectName+0x78f
    ffffa203`2b886aa0 fffff802`6ec57ec3 : 00000000`00000001 00000000`00000000 ffffa203`2b887090 ffffa203`2b886ef8 : nt!ObOpenObjectByNameEx+0x201
    ffffa203`2b886be0 fffff802`70d28063 : ffffa203`2b887000 ffffb783`1079e9a0 ffffb783`0af91a00 fffff802`70d176fb : nt!IoQueryInformationByName+0x263
    ffffa203`2b886e90 fffff802`75e75c99 : ffffa203`2b887088 00000000`00000000 ffffa203`2b887088 fffff802`6e46b455 : FLTMGR!FltQueryInformationByName+0x153
    ffffa203`2b886f40 fffff802`75e67924 : ffffa203`2b887088 00000000`00000000 00000000`00000000 00000000`00000000 : cldflt!FltQueryInformationByNameCallout+0x49
    ffffa203`2b886f90 fffff802`75ebf77d : 00000000`00000000 ffffa203`2b888000 ffffa203`2b881000 ffffb783`1079e9a0 : cldflt!HsmExpandKernelStackAndCallout+0x44
    ffffa203`2b886fd0 fffff802`75ec0019 : ffffb783`0e46a010 ffffb783`0beceb88 ffffb783`1079ec30 ffffa203`2b887219 : cldflt!HsmiFltPreECPCREATE+0x34d
    ffffa203`2b887140 fffff802`70d14a5d : ffffb783`0becea00 ffffb783`00000000 ffffb783`00000000 00000000`00000000 : cldflt!HsmFltPreCREATE+0x9
    ffffa203`2b887170 fffff802`70d145a0 : ffffa203`2b8872f0 ffffa203`2b887300 00000000`00000000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x2fd
    ffffa203`2b887280 fffff802`70d4cd13 : fffff802`70d39060 00000000`00000110 00000000`00000000 00000000`00000454 : FLTMGR!FltpPassThroughInternal+0x90
    ffffa203`2b8872b0 fffff802`6e431f39 : 00000000`00000000 fffff802`6e9e5905 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x2f3
    ffffa203`2b887360 fffff802`6e430fe4 : 00000000`00000003 00000000`00000000 00000000`00000000 fffff802`6e4317a3 : nt!IofCallDriver+0x59
    ffffa203`2b8873a0 fffff802`6e9e5ffb : ffffa203`2b887660 fffff802`6e9e5905 ffffa203`2b8875d0 ffffb783`10771010 : nt!IoCallDriverWithTracing+0x34
    ffffa203`2b8873f0 fffff802`6e9ecfcf : ffffb783`06dd88f0 ffffb783`06dd8805 ffffb783`100749a0 00000000`00000001 : nt!IopParseDevice+0x62b
    ffffa203`2b887560 fffff802`6e9eb431 : ffffb783`10074900 ffffa203`2b8877a8 00000000`00000040 ffffb783`04cd40c0 : nt!ObpLookupObjectName+0x78f
    ffffa203`2b887720 fffff802`6ea30300 : 00000000`00000001 00000017`4fd0f558 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x201
    ffffa203`2b887860 fffff802`6ea2fac9 : 00000017`4fd0f500 00000000`40100080 00000017`4fd0f558 00000017`4fd0f518 : nt!IopCreateFile+0x820
    ffffa203`2b887900 fffff802`6e5d2b15 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateFile+0x79
    ffffa203`2b887990 00007ffa`264dcb64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
    00000017`4fd0f488 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`264dcb64


    THREAD_SHA1_HASH_MOD_FUNC: 6c7518cce721fecd91a279b71d6c590012cfeb9e

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1242459b356dfef42d12ef1a660e2600ed8d7605

    THREAD_SHA1_HASH_MOD: 8fcdce0b961f3e096e6533bd1542fcd9959c4f1c

    FOLLOWUP_IP:
    cldflt!HsmiFltPostECPCREATE+1da
    fffff802`75ebfbfe f60201 test byte ptr [rdx],1

    FAULT_INSTR_CODE: 750102f6

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: cldflt!HsmiFltPostECPCREATE+1da

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: cldflt

    IMAGE_NAME: cldflt.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 0

    IMAGE_VERSION: 10.0.18362.1034

    STACK_COMMAND: .cxr 0xffffa2032b885800 ; kb

    BUCKET_ID_FUNC_OFFSET: 1da

    FAILURE_BUCKET_ID: 0x3B_c0000005_cldflt!HsmiFltPostECPCREATE

    BUCKET_ID: 0x3B_c0000005_cldflt!HsmiFltPostECPCREATE

    PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_cldflt!HsmiFltPostECPCREATE

    TARGET_TIME: 2019-11-07T04:48:10.000Z

    OSBUILD: 18362

    OSSERVICEPACK: 418

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK: 272

    PRODUCT_TYPE: 1

    OSPLATFORM_TYPE: x64

    OSNAME: Windows 10

    OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

    OS_LOCALE:

    USER_LCID: 0

    OSBUILD_TIMESTAMP: unknown_date

    BUILDDATESTAMP_STR: 190318-1202

    BUILDLAB_STR: 19h1_release

    BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

    ANALYSIS_SESSION_ELAPSED_TIME: 17102

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:0x3b_c0000005_cldflt!hsmifltpostecpcreate

    FAILURE_ID_HASH: {a70c9fc4-24a8-3907-3d56-b0e3f463c98e}

    Followup: MachineOwner
    ---------
    huyinjie
        5
    huyinjie  
    OP
       2019-11-07 19:42:00 +08:00
    感谢各位,这个问题在安装 KB4522741 后发生的,把 Onedrive 重启了一下目前还没有蓝屏
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   我们的愿景   ·   实用小工具   ·   4484 人在线   最高记录 6543   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 30ms · UTC 10:01 · PVG 18:01 · LAX 03:01 · JFK 06:01
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.