Blue screen dump file analysis method

Source: Internet
Author: User

WinDbg use a bit of trouble, but also to sign the table or something. Tried, the feeling shows very messy, analysis is not comprehensive ...

Try something else! Today the computer is blue screen, use its dump file test, as follows:

1, first, the most detailed , to be the Osr Online analysis website:

Open its analysis address: Http://www.osronline.com/page.cfm?name=analyze

Drop down, find the upload button (), will need to analyze the dump file browsing upload can ... Dump files are generally under C:\www\minidump

There is a lot of content generated after the analysis is complete:

The main view of the first primary analysis is good:

Crash Dump analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)Online Crash Dump Analysis Servicesee http://www.osronline.com For more informationWindows7Kernel Version7601(Service Pack1) MP (4procs) Free x64product:winnt, Suite:terminalserver singleusertsbuilt by:7601.18741. Amd64fre.win7sp1_gdr.150202-1526Machine Name:kernelBase=0xfffff800`04606000PsLoadedModuleList =0xfffff800' 0484a890debug session Time:sun Mar -  -: -:48.129  .(UTC-4:xx) System Uptime: ADays A: -:09.972********************************************************************************                                                                             * * Bugcheck Analysis * * *************************************************** *****************************System_service_exception (3b) An EXCEPTION happened whileexecuting a system service routine. arguments:arg1:00000000c0000005, Exception code that caused the bugcheckarg2:fffff960000c7237, Address of the Instructio n which caused the bugcheckarg3:fffff88006e6e9d0, Address of the context record forThe exception that caused the BUGCHECKARG4:0000000000000000, Zero. Debugging Details:------------------triager:could not open triage File:e:\dump_analysis\program\triage\modclass.ini, error2Exception_code: (NTSTATUS)0xc0000005-The instruction at"0X%08LX"Referenced memory at"0X%08LX". The memory could not being"%s". faulting_ip:win32k! hmglockex+a3fffff960 ' 000c7237 0fb7430c movzx eax,word ptr [RBX+0Ch] Context:fffff88006e6e9d0--(. CXR0xfffff88006e6e9d0) Rax=fffff900c0210000 rbx=0000000000000000rcx=FFFFFA800CC05B50RDX=fffff900c0210000 rsi=0000000000000000Rdi=Fffff900c0210000rip=fffff960000c7237 rsp=fffff88006e6f3b0 rbp=0000000000000000R8=0000000000000001r9=0000000000000000r10=0000000000000000R11=fffff88006e6f418 r12=000000006601ac00 r13=0000000000000000R14=0000000000000001r15=0000000000000001IOPL=0nv up ei pl zr na po nccs=0010ss=0000ds=002b es=002b fs=0053gs=002b efl=00010246win32k! hmglockex+0xa3: fffff960 ' 000c7237 0fb7430c movzx eax,word ptr [RBX+0CH] ds:002b:00000000' 0000000c=????resettingdefaultScopecustomer_crash_count:2Default_bucket_id:win7_driver_faultbugcheck_str:0x3BPROCESS_NAME:dwm.exeCURRENT_IRQL:0Last_control_transfer: fromfffff9600028dc00 to fffff960000c7237stack_text:fffff880 ' 06e6f3b0 fffff960 ' 0028dc00:fffff900 ' cddb1320 000006ff ' 31355348fffff900 ' c00cd010 fffff900 ' d3bc6010:win32k! hmglockex+0xa3fffff880 ' 06e6f420 fffff960 ' 001e3a4c:fffff900 ' cddb1320 fffff900 ' cddb1320 fffff900 ' c00cd010 fffff900 ' c00cd070: win32k! sfmlogicalsurface::ownssurfacecleanup+0x40fffff880 ' 06e6f450 fffff960 ' 001570f9:fffff900 '00000001fffff900 ' d3bc602800000000`00000000 00000029`00000029: win32k! Gretransferdwmstatetospritestate+0xf4fffff880 ' 06e6f540 fffff960 ' 0015768d:00000000`00000001 00000000`00000000 00000000`00000001fffff960 '00000000: win32k!zzzdecomposedesktop+0x139fffff880 ' 06e6f5d0 fffff960 ' 0012c40b:fffffa80 ' 0c132690 fffff880 ' 06e6fae000000000`00000001 00000000`00000000: win32k!xxxdwmstopredirection+0x69fffff880 ' 06e6f620 fffff960 ' 000cad71:00000000`00000000 00000000`00000000fffff900 ' c04010e0 fffffa80 ' 0cc05b00:win32k!xxxdwmprocessshutdown+0x3bfffff880 ' 06e6f650 fffff960 ' 000ef8d3:fffff900 ' c2197c48 fffff900 ' c2197c20 fffff900 ' c2197c20 fffff900 ' C2197C20: win32k!xxxdestroythreadinfo+0x5a9fffff880 ' 06e6f720 fffff960 ' 000C6C10:00000000`00000000Fffffa80 ' 0cc05b50 fffffa80 ' 0cc05b5000000000`00000001: win32k! userthreadcallout+0x93fffff880 ' 06e6f750 fffff800 '04952615:00000000`00000000 00000000`00000000 00000000`00000000Fffffa80 ' 0cc05b00:win32k! w32pthreadcallout+0x78fffff880 ' 06e6f780 fffff800 ' 04938a75:00000000' C000000500000000`00000000 00000000`78457300 00000000`00000000: nt! Pspexitthread+0x285fffff880 ' 06e6f880 fffff800 ' 0466E6FA:00000000`00000002Fffffa80 ' 0cc05c58 fffff880 ' 06e6fa10 fffff800 ' 047f7e80:nt! psexitspecialapc+0x1dfffff880 ' 06e6f8b0 fffff800 ' 0466ea40:00000000' 000ff530 fffff880 ' 06e6f930 fffff800 ' 049389e800000000`00000001: nt! kideliverapc+0X2CAfffff880 ' 06e6f930 fffff800 ' 0467a1f7:fffffa80 ' 0cc05b5000000000' 000ff418 fffff880 ' 06e6fa8800000000`00000000: nt! kiinitiateuserapc+0x70fffff880 ' 06e6fa7000000000' 76E0186A:00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000: nt! kisystemserviceexit+0x9c00000000' 000ff3f800000000`00000000:00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000:0x76e0186afollowup_ip:win32k! hmglockex+a3fffff960 ' 000c7237 0fb7430c movzx eax,word ptr [RBX+0Ch] Symbol_stack_index:0symbol_name:win32k! hmglockex+A3followup_name:machineownermodule_name:win32kimage_name:win32k.sysdebug_flr_image_timestamp:54ee9222stack _command:. CXR0xfffff88006e6e9d0; kbfailure_bucket_id:x64_0x3b_win32k! hmglockex+a3bucket_id:x64_0x3b_win32k! hmglockex+A3followup:machineowner---------
Primary Analysis

Dwm.exe and Win32k.sysare the main points of reference. This is true, today I computer blue screen before, is dwm.exe first abnormal!!!

2,bluescreenview and whocrashed

Bluescreenview size only dozens of KB, there is a green Chinese. When opened, it lists the crash files under C:\www\minidump. Double-click the entry to bring up more detailed property information:

The whocrashed home version shows less detail, and the same DMP file shows the following point. Not recommended ~

The last two software is only located to Win32k.sys this file, as far as the more detailed content is basically gone.

recommend the first online analysis site , the dump file analysis is very comprehensive! Nor do I need to install any software ~ ~ ~

Blue screen dump file analysis method

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.