Постоянно разные коды BSOD

esitapov70 · Отправлено: **12:51, 14-02-2023** | #**2719**

Цитата NickM:

При простом анализе видно это:
Код:
MODULE_NAME: memory_corruption »

Так может быть это имеется ввиду оперативная память?

Цитата NickM:

Если интересно, то вот вывод !analyze -v одного из дампов... »

Хм... А как вы получили этот отчет?
У меня WinDbg вот что выдает - там совсем другое:

windbg

Код:

Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\Erin_works\СанТехКом\55. Задания\2023-01-30. 08-00. Синий экран\MEMORY_2023-01-30.DMP]
Kernel Bitmap Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
Executable search path is: 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Windows 8 Kernel Version 17763 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff807`52e16000 PsLoadedModuleList = 0xfffff807`5322f430
Debug session time: Mon Jan 30 08:19:45.953 2023 (UTC + 3:00)
System Uptime: 2 days 23:48:34.823
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Loading Kernel Symbols
...............................................................
................................................................
................................................................

Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`031fa018).  Type ".hh dbgerr001" for details
Loading unloaded module list
...................

************* Symbol Loading Error Summary **************
Module name            Error
ntkrnlmp               The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80eaa782ba5, 1, c0000225}

*** ERROR: Module load completed but symbols could not be loaded for Wof.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for FLTMGR.SYS - 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : Wof.sys ( Wof+2ba5 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80eaa782ba5, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 00000000c0000225, Parameter 1 of the exception

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


ADDITIONAL_DEBUG_TEXT:  
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

MODULE_NAME: Wof

FAULTING_MODULE: fffff80752e16000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  7d65a03b

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 00000000c0000225 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP: 
Wof+2ba5
fffff80e`aa782ba5 3000            xor     byte ptr [rax],al

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  00000000c0000225

BUGCHECK_STR:  0x1E_c0000005_W

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff807530188d9 to fffff80752fceea0

STACK_TEXT:  
ffffee0f`d8bbeb58 fffff807`530188d9 : 00000000`0000001e ffffffff`c0000005 fffff80e`aa782ba5 00000000`00000001 : nt!KeBugCheckEx
ffffee0f`d8bbeb60 fffff807`52fe2902 : 00000000`00000000 ffffee0f`d8bbf3f0 00000000`00001000 00000000`c0000225 : nt!memset+0x34ad9
ffffee0f`d8bbf210 fffff807`52fde4e8 : ffff8684`19600340 ffffee0f`d8bbf868 00000000`00000003 00000000`00002970 : nt!setjmpex+0x8892
ffffee0f`d8bbf3f0 fffff80e`aa782ba5 : ffffee0f`d8bbf610 fffff80e`aa7818fd ffffbc0b`fffeee60 ffffbc0c`09140b28 : nt!setjmpex+0x4478
ffffee0f`d8bbf580 ffffee0f`d8bbf610 : fffff80e`aa7818fd ffffbc0b`fffeee60 ffffbc0c`09140b28 00000000`00000002 : Wof+0x2ba5
ffffee0f`d8bbf588 fffff80e`aa7818fd : ffffbc0b`fffeee60 ffffbc0c`09140b28 00000000`00000002 ffffee0f`d8bbf6a0 : 0xffffee0f`d8bbf610
ffffee0f`d8bbf590 fffff80e`a98dfca2 : ffffbc0c`09140b28 ffffee0f`d8bbf6e0 ffffee0f`00000001 00000000`00000000 : Wof+0x18fd
ffffee0f`d8bbf650 fffff80e`a98d7389 : ffffee0f`d8bbf890 ffffee0f`d8bbfc00 00000000`00000003 fffff80e`00000000 : FLTMGR!FltAllocatePoolAlignedWithTag+0xaa2
ffffee0f`d8bbf760 fffff80e`a98d6f6c : ffffbc0c`0b29d3b0 ffffee0f`d8bc0000 ffffee0f`d8bba000 ffffee0f`d8bbf890 : FLTMGR!FltDecodeParameters+0x1e9
ffffee0f`d8bbf7b0 fffff80e`a98d66f0 : ffffbc0c`091af010 00000000`00060043 ffffbc0c`091af010 ffffee0f`d8bbf8a0 : FLTMGR!FltFreeCallbackData+0x137c
ffffee0f`d8bbf7e0 fffff80e`a98d612e : ffff8684`19ec07a0 00000000`00000000 ffff9c80`030479c0 00000000`00000000 : FLTMGR!FltFreeCallbackData+0xb00
ffffee0f`d8bbf870 fffff807`52e43029 : ffffbc0c`091af010 fffff807`52e2232f ffffbc0c`05dff350 00000000`00000000 : FLTMGR!FltFreeCallbackData+0x53e
ffffee0f`d8bbf8d0 fffff807`52e22218 : ffffbc0b`ffed1cd0 ffffbc0c`091af010 ffffbc0c`0b29d3e0 ffffbc0c`0b29d4a0 : nt!IofCallDriver+0x59
ffffee0f`d8bbf910 fffff807`52f395a9 : ffffbc0c`0b29d390 ffffbc0c`0b29d3b0 ffffbc0c`0b29d3f0 ffffbc0c`0b29d3e0 : nt!IoSynchronousPageWrite+0x1e8
ffffee0f`d8bbf960 fffff807`52e53b3d : 00000000`00000003 ffffee0f`d8bbf9f0 ffffee0f`d8bbfb58 ffff9a4d`00001dc0 : nt!FsRtlValidateReparsePointBuffer+0x449
ffffee0f`d8bbf9b0 fffff807`52e6ad5f : ffff8000`00000000 00000000`c0033333 00000000`7701a835 00000000`00000000 : nt!IoGetBaseFileSystemDeviceObject+0xded
ffffee0f`d8bbfa60 fffff807`52fde403 : ffffbc0c`06f9c080 00000000`04981820 ffffee0f`d8bbfc80 ffffbc0c`0b2f7b60 : nt!MmProbeAndLockPages+0x3d4f
ffffee0f`d8bbfc00 00000000`7701a835 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!setjmpex+0x4393
00000000`0693cc10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7701a835


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Wof+2ba5
fffff80e`aa782ba5 3000            xor     byte ptr [rax],al

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  Wof+2ba5

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  Wof.sys

BUCKET_ID:  WRONG_SYMBOLS

FAILURE_BUCKET_ID:  WRONG_SYMBOLS

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:wrong_symbols

FAILURE_ID_HASH:  {70b057e8-2462-896f-28e7-ac72d4d365f8}

Followup: MachineOwner
---------