weixin_43682598
小米酱
2018-12-06 03:19

上周服务器重启后得到dump,帮忙分析~

  • 服务器
  • dump
  • windows
  • 微软

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\Michelle\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Kernel Version 7601 (Service Pack 1) MP (64 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 7601.23677.amd64fre.win7sp1_ldr.170209-0600
Kernel base = 0xfffff80002604000 PsLoadedModuleList = 0xfffff80002846730
Debug session time: Fri Nov 30 16:20:38.309 2018 (GMT+8)
System Uptime: 386 days 22:42:18.097
Loading Kernel Symbols
.................................................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd8018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................


  • *
  • Bugcheck Analysis *
  • * *******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff88009fcee54, fffff88023f78d40, 0}

Probably caused by : rdpdr.sys ( rdpdr!CTransportVC::CloseChannels+18 )

Followup: MachineOwner

48: kd> !analyze -v


  • *
  • Bugcheck Analysis *
  • * *******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88009fcee54, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff88023f78d40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p

FAULTING_IP:
rdpdr!CTransportVC::CloseChannels+18
fffff880`09fcee54 488b4148 mov rax,qword ptr [rcx+48h]

CONTEXT: fffff88023f78d40 -- (.cxr 0xfffff88023f78d40)
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=fffffa803388c0b0
rip=fffff88009fcee54 rsp=fffff88023f79720 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=002d005000440052
r11=fffff88023f79880 r12=000000000000493a r13=0000000000000000
r14=000000000000493a r15=0000000000000003
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
rdpdr!CTransportVC::CloseChannels+0x18:
fffff88009fcee54 488b4148 mov rax,qword ptr [rcx+48h] ds:002b:0000000000000048=????????????????
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff88009fcbd7b to fffff88009fcee54

STACK_TEXT:

fffff88023f79720 fffff88009fcbd7b : 0000000000000000 0000000000000001 0000000000000000 fffff88009fcb6d5 : rdpdr!CTransportVC::CloseChannels+0x18
fffff88023f79760 fffff88009fcb5c9 : 0000000000000000 fffffa8020c0ef50 0000000000000000 000000000000493a : rdpdr!CVCSession::Disconnect+0x7b
fffff88023f797b0 fffff88009fcb43b : 0000000000000000 fffff88023f79880 fffffa803388c0b0 fffffa8020c0ef50 : rdpdr!CDynVC::NotifySessionDisconnected+0x71
fffff88023f797e0 fffff88009fcd0fc : 0000000000003020 fffffa8020c04870 000000000233e280 fffffa804e814cc8 : rdpdr!CDynVC::NotifySessionConnected+0x47
fffff88023f79830 fffff88009fcb020 : 0000000000003924 fffff8a009e10afe fffffa8023297860 fffff88023f79920 : rdpdr!CFileVC::DeviceIoControl+0x15c
fffff88023f79910 fffff88009fbaa19 : fffffa8023297860 fffff8a009e10af0 0000000000000000 fffffa8019ae84b0 : rdpdr!DYNVC_Dispatch+0x70
fffff88023f79940 fffff800029832ca : 0000000000000002 0000000000000002 fffffa8024c06110 fffffa8023297860 : rdpdr!DrPeekDispatch+0x61
fffff88023f79990 fffff8000299756a : fffffa8024c06110 fffffa8024c06110 fffffa8024c06110 fffff88003516180 : nt!IopSynchronousServiceTail+0xfa
fffff88023f79a00 fffff80002997606 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff88023f79b40 fffff800026726d3 : 0000000000000018 000000000233ea50 000000000233e770 0000000001e0fc40 : nt!NtDeviceIoControlFile+0x56
fffff88023f79bb0 00000000777abdaa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
000000000233e0f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x777abdaa

FOLLOWUP_IP:
rdpdr!CTransportVC::CloseChannels+18
fffff880`09fcee54 488b4148 mov rax,qword ptr [rcx+48h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: rdpdr!CTransportVC::CloseChannels+18

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdpdr

IMAGE_NAME: rdpdr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7abc1

STACK_COMMAND: .cxr 0xfffff88023f78d40 ; kb

FAILURE_BUCKET_ID: X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

BUCKET_ID: X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

Followup: MachineOwner

48: kd> !analyze -v


  • *
  • Bugcheck Analysis *
  • * *******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88009fcee54, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff88023f78d40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p

FAULTING_IP:
rdpdr!CTransportVC::CloseChannels+18
fffff880`09fcee54 488b4148 mov rax,qword ptr [rcx+48h]

CONTEXT: fffff88023f78d40 -- (.cxr 0xfffff88023f78d40)
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=fffffa803388c0b0
rip=fffff88009fcee54 rsp=fffff88023f79720 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=002d005000440052
r11=fffff88023f79880 r12=000000000000493a r13=0000000000000000
r14=000000000000493a r15=0000000000000003
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
rdpdr!CTransportVC::CloseChannels+0x18:
fffff88009fcee54 488b4148 mov rax,qword ptr [rcx+48h] ds:002b:0000000000000048=????????????????
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff88009fcbd7b to fffff88009fcee54

STACK_TEXT:

fffff88023f79720 fffff88009fcbd7b : 0000000000000000 0000000000000001 0000000000000000 fffff88009fcb6d5 : rdpdr!CTransportVC::CloseChannels+0x18
fffff88023f79760 fffff88009fcb5c9 : 0000000000000000 fffffa8020c0ef50 0000000000000000 000000000000493a : rdpdr!CVCSession::Disconnect+0x7b
fffff88023f797b0 fffff88009fcb43b : 0000000000000000 fffff88023f79880 fffffa803388c0b0 fffffa8020c0ef50 : rdpdr!CDynVC::NotifySessionDisconnected+0x71
fffff88023f797e0 fffff88009fcd0fc : 0000000000003020 fffffa8020c04870 000000000233e280 fffffa804e814cc8 : rdpdr!CDynVC::NotifySessionConnected+0x47
fffff88023f79830 fffff88009fcb020 : 0000000000003924 fffff8a009e10afe fffffa8023297860 fffff88023f79920 : rdpdr!CFileVC::DeviceIoControl+0x15c
fffff88023f79910 fffff88009fbaa19 : fffffa8023297860 fffff8a009e10af0 0000000000000000 fffffa8019ae84b0 : rdpdr!DYNVC_Dispatch+0x70
fffff88023f79940 fffff800029832ca : 0000000000000002 0000000000000002 fffffa8024c06110 fffffa8023297860 : rdpdr!DrPeekDispatch+0x61
fffff88023f79990 fffff8000299756a : fffffa8024c06110 fffffa8024c06110 fffffa8024c06110 fffff88003516180 : nt!IopSynchronousServiceTail+0xfa
fffff88023f79a00 fffff80002997606 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff88023f79b40 fffff800026726d3 : 0000000000000018 000000000233ea50 000000000233e770 0000000001e0fc40 : nt!NtDeviceIoControlFile+0x56
fffff88023f79bb0 00000000777abdaa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
000000000233e0f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x777abdaa

FOLLOWUP_IP:
rdpdr!CTransportVC::CloseChannels+18
fffff880`09fcee54 488b4148 mov rax,qword ptr [rcx+48h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: rdpdr!CTransportVC::CloseChannels+18

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdpdr

IMAGE_NAME: rdpdr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7abc1

STACK_COMMAND: .cxr 0xfffff88023f78d40 ; kb

FAILURE_BUCKET_ID: X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

BUCKET_ID: X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

Followup: MachineOwner

48: kd> .dll
^ Syntax error in '.dll'
48: kd> !dlls
Unable to read nt!_PEB_LDR_DATA type at 0000000000000000

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

1条回答

为你推荐

换一换