KemalTAN
Femtopat
- Katılım
- 29 Ağustos 2020
- Mesajlar
- 6
Merhaba, az önce mavi ekran hatası aldım ve .dmp dosyasını açıp baktım ve bir sonuca varamadım. Rica etsem bir de siz bakabilir misiniz?
Kod:
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\082920-15812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`40200000 PsLoadedModuleList = 0xfffff806`40e2a250
Debug session time: Sat Aug 29 01:42:11.901 2020 (UTC + 3:00)
System Uptime: 0 days 2:54:50.751
Loading Kernel Symbols
...............................................................
................................................................
................................................................
......
Loading User Symbols
Loading unloaded module list
......................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`405dda20 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8807`8078ced0=000000000000007e
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff806430cd80e, The address that the exception occurred at
Arg3: ffff88078078dec8, Exception Record Address
Arg4: ffff88078078d700, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 19781
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-2A1TE21
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 162909
Key : Analysis.Memory.CommitPeak.Mb
Value: 85
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff806430cd80e
BUGCHECK_P3: ffff88078078dec8
BUGCHECK_P4: ffff88078078d700
EXCEPTION_RECORD: ffff88078078dec8 -- (.exr 0xffff88078078dec8)
ExceptionAddress: fffff806430cd80e (fileinfo!FIStreamLog+0x000000000000014e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffff88078078d700 -- (.cxr 0xffff88078078d700)
rax=00000000000c9a5e rbx=ffff88078078e210 rcx=0000000000000001
rdx=ffffc20443392fc0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff806430cd80e rsp=ffff88078078e100 rbp=ffffd208c2abe300
r8=fffdc2045f673da0 r9=0000000000000018 r10=0000000000000003
r11=ffff88078078e170 r12=0000000000000000 r13=ffffd208bccc7268
r14=ffffc20450ec9010 r15=0000000000000706
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
fileinfo!FIStreamLog+0x14e:
fffff806`430cd80e 498b4010 mov rax,qword ptr [r8+10h] ds:002b:fffdc204`5f673db0=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff80640efa388: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80640e0f2a8: Unable to get Flags value from nt!KdVersionBlock
fffff80640e0f2a8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p adresindeki y nerge 0x%p adresindeki belle e ba vurdu. Bellek u olamaz %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffff8807`8078e100 fffff806`430cc976 : 00000000`00000000 ffffd208`ac83a6a0 ffffc204`43392f90 fffff806`3c9b32cb : fileinfo!FIStreamLog+0x14e
ffff8807`8078e1f0 fffff806`3d008862 : ffffc204`43392f30 ffffd208`c2abe300 ffffd208`b78e8aa0 ffffffff`ffffffff : fileinfo!FIStreamCleanup+0xb6
ffff8807`8078e250 fffff806`3d03c331 : ffffd208`c2abe328 00000000`00000000 ffffc204`43392f48 ffffffff`ffffffff : FLTMGR!DoReleaseContext+0x82
ffff8807`8078e290 fffff806`3d03c822 : ffffd208`c2abe328 00000000`00000705 ffffffff`ffffffff ffffd208`ac975588 : FLTMGR!FltpDeleteContextList+0xc1
ffff8807`8078e2c0 fffff806`3d03cd8a : ffffd208`c2abe2e0 ffffd208`c2abe2e8 ffffd208`c2abe2e0 ffffd208`c2abe2e0 : FLTMGR!CleanupStreamListCtrl+0x4a
ffff8807`8078e300 fffff806`408826c9 : ffffc204`50ec91a8 ffffd208`c2abe2e8 00000000`00000000 ffffd208`bccc7268 : FLTMGR!DeleteStreamListCtrlCallback+0xba
ffff8807`8078e340 fffff806`432c0d7b : ffffc204`50ec9170 ffff8807`8078e488 ffffd208`bccc7268 00000000`00000705 : nt!FsRtlTeardownPerStreamContexts+0xc9
ffff8807`8078e380 ffffc204`50ec9170 : ffff8807`8078e488 ffffd208`bccc7268 00000000`00000705 00000000`00000000 : Ntfs+0x130d7b
ffff8807`8078e388 ffff8807`8078e488 : ffffd208`bccc7268 00000000`00000705 00000000`00000000 00000000`0000001c : 0xffffc204`50ec9170
ffff8807`8078e390 ffffd208`bccc7268 : 00000000`00000705 00000000`00000000 00000000`0000001c 00000000`00000000 : 0xffff8807`8078e488
ffff8807`8078e398 00000000`00000705 : 00000000`00000000 00000000`0000001c 00000000`00000000 00000000`00000000 : 0xffffd208`bccc7268
ffff8807`8078e3a0 00000000`00000000 : 00000000`0000001c 00000000`00000000 00000000`00000000 00000000`00000000 : 0x705
SYMBOL_NAME: fileinfo!FIStreamLog+14e
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
IMAGE_VERSION: 10.0.19041.1030
STACK_COMMAND: .cxr 0xffff88078078d700 ; kb
BUCKET_ID_FUNC_OFFSET: 14e
FAILURE_BUCKET_ID: AV_fileinfo!FIStreamLog
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {fe921cf1-eb48-5a69-fae6-1cebd1abe45d}
Followup: MachineOwner
---------
3: kd> lmvm fileinfo
Browse full module list
start end module name
fffff806`430c0000 fffff806`430da000 fileinfo # (pdb symbols) C:\ProgramData\Dbg\sym\fileinfo.pdb\9315E0DB7B3E69E10CE8C62054F75C4D1\fileinfo.pdb
Loaded symbol image file: fileinfo.sys
Mapped memory image file: C:\ProgramData\Dbg\sym\fileinfo.sys\AEE275C21a000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: AEE275C2 (This is a reproducible build file hash, not a timestamp)
CheckSum: 0002169B
ImageSize: 0001A000
File version: 10.0.19041.1030
Product version: 10.0.19041.1030
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 10.0.19041.1030
FileVersion: 10.0.19041.1030 (WinBuild.160101.0800)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.