HiJuniO7R
Hectopat
- Katılım
- 6 Temmuz 2020
- Mesajlar
- 358
- Çözümler
- 4
Minidumpda neden mavi ekran yediğimin sorununu araştırmak istiyordum ki minidump dosyalarımı açtığımda erişim reddedildi dedi ve bu sefer yönetici olarak WinDbg'yi açtıgımda otomatik olarak sağ alta geldi. Ona evet dedim ve 1 tane minidump kurtarabilmiş. Onu size atıyorum.
Bu neden kaynaklı, bir de diğer minidump dosyalarını da nasıl açabilirim?
Minidump'ları ben incelediğimde ntkrnlmp.exe ve CRITICAL_PROCESS_DIE vardı çoğunda.
Kod:
Microsoft (r) Windows debugger version 10.0.21349.1004 AMD64.
Copyright (C) Microsoft corporation. All rights reserved.
Loading dump file [C:\Windows\MEMORY.DMP]
Kernel bitmap dump file: Kernel address space is available, user address space may not be available.
Symbol Search path is: Srv*
Executable Search path is:
Windows 10 kernel version 19041 MP (4 procs) Free X64.
PROduct: Winnt, Suite: Terminalserver singleuserts.
Edition Build lab: 19041.1.AMD64fre. Vb_release. 191206-1406
Machine name:
Kernel base = 0xfffff805`7fc00000 psloadedmodulelist = 0xfffff805`8082a130
Debug session time: Thu may 6 06:01:37.900 2021 (utc + 3:00)
System uptime: 0 days 2:25:59.582
Loading kernel symbols.
Loading user symbols.
Peb address is null!
Loading unloaded module list.
For analysis of this file, run! Analyze -v
Nt! Kebugcheckex:
Fffff805'7fff6CF0 48894C2408 mov qword ptr [rsp+8],rcx SS: Ffffbc09'C517EF80 = 0000000000000154.
1: Kd>!analyze -v
*******************************************************************************
* *
* Bugcheck analysis *
* *
*******************************************************************************
Unexpected_store_exceptıon (154)
The Store component caught an unexpected exception.
Arguments:
Arg1: FffFD70E132F2000, pointer to the Store context or data Manager.
Arg2: FfffBC09C517F030, exception information.
Arg3: 0000000000000002, reserved.
Arg4: 0000000000000000, reserved.
Debugging details:
------------------
Key_values_strıng: 1
Key: Analysis. CPU. Msec.
Value: 3046.
Key: Analysis. Debuganalysismanager.
Value: Create.
Key: Analysis. Elapsed. Msec.
Value: 8485.
Key: Analysis. Init. CPU. Msec.
Value: 561.
Key: Analysis. Init. Elapsed. Msec.
Value: 22274.
Key: Analysis. Memory.commitpeak. MB.
Value: 75.
Key: Wer. OS. Branch.
Value: Vb_release.
Key: Wer. OS. Timestamp.
Value: 2019-12-06t14:06:00Z
Key: Wer. OS. Version.
Value: 10.0.19041.1
Bugcheck_code: 154.
Bugcheck_p1: FFFFD70E132F2000.
Bugcheck_p2: FfffBC09C517F030.
Bugcheck_p3: 2
Bugcheck_p4: 0
Exceptıon_record: FfffBC09C517ffb8 -- (.exr 0xffffbc09c517ffb8)
Exceptionaddress: FffFF8057FEd10D0 (nt! Rtldecompressbufferxpresslz+0x0000000000000050)
Exceptioncode: C0000006 (ın-page ı/o error)
Exceptionflags: 00000000.
Numberparameters: 3
Parameter[0]: 0000000000000000.
Parameter[1]: 000001AEC0901C90.
Parameter[2]: 00000000C000000E.
Inpage operation failed at 000001AEC0901C90, due to ı/o error 00000000C000000E.
Exceptıon_parameter1: 0000000000000000.
Exceptıon_parameter2: 000001AEC0901C90.
Context: FfffBC09C517F7F0 -- (.cxr 0xffffbc09c517f7f0)
Rax = fffFF8057FEd1080 rbx = ffFF96006802B000 rcx = ffFF96006802B000.
Rdx = ffFF96006802B000 rsi = 0000000000000002 rdi = 000001AEC0901C90.
Rip = fffFF8057FEd10D0 rsp = ffffBC09C51801F8 rbp = 000001AEC0901FDF.
R8 = 000001AEC0901C90 R9 = 00000000000003A5 R10 = ffFF96006802bea0.
R11 = 000001AEC0902035 R12 = ffffBC09C5180468 R13 = fffFD70E14696000.
R14 = ffFF96006802C000 R15 = 0000000000000000.
İopl = 0 nv up ei pl zrna po nc.
CS = 0010 SS = 0000 DS = 002b es = 002b fs = 0053 GS = 002b efl = 00050246.
Nt! Rtldecompressbufferxpresslz+0x50:
Fffff805'7fed10D0 418B08 mov ecx, dword ptr [r8] DS:002b:000001AE'C0901C90=?
Resetting default scope.
Blackboxbsd: 1 (!blackboxbsd)
Blackboxntfs: 1 (!blackboxntfs)
Blackboxpnp: 1 (!blackboxpnp)
Blackboxwınlogon: 1
Process_name: Memcompression.
Error_code: (ntstatus) 0xc0000006 - 0x%p adresindeki y nerge, 0x%p bellek adresine ba vurdu. Gerekli veriler, 0x%x g/ hata durumu y Z'nden belle e yerle tirilmedi.
Exceptıon_code_str: C0000006.
Exceptıon_parameter3: 00000000C000000E.
Exceptıon_str: 0xc0000006.
Stack_text:
Ffffbc09'C51801F8 fffff805'7fea6BF0: Ffff9600'6802B000 ffff9600'6802B000 00000000'00000002 000001AE'C0901C90: Nt! Rtldecompressbufferxpresslz+0x50
Ffffbc09'C5180210 fffff805'7fea6938: 00000000'00000001 00000000'00000000 00000000'00000000 00000000'00000000: Nt! Rtldecompressbufferex+0x60
Ffffbc09'C5180260 fffff805'7fea67C5: 00000000'00000004 fffff805'7fea632e 00000000'00000000 00000000'00000001: Nt! St_store<sm_traıts>:stdmsinglepagecopy+0x150
Ffffbc09'C5180320 fffff805'7fea5ffc: 00000000'00000001 00000000'00001C90 ffffd70e'132F2000 ffffd70e'00001000: Nt! St_store<sm_traıts>:stdmsinglepagetransfer+0xa5
Ffffbc09'C5180370 fffff805'7fea5e2C: 00000000'ffffffff ffffd70e'14696000 ffffbc09'C5180450 ffffd70e'17813CD0: Nt! St_store<sm_traıts>:stdmpsinglepageretrieve+0x180
Ffffbc09'C5180410 fffff805'7fea5C79: Ffff9600'67AE8730 00000000'00000001 00000000'00000000 00000000'00000000: Nt! St_store<sm_traıts>:stdmpageretrieve+0xc8
Ffffbc09'C51804C0 fffff805'7fea5b31: Ffffd70e'132F2000 ffffd70e'17813CD0 ffffd70e'14696000 ffffd70e'132F39C0: Nt! Smkm_store<sm_traıts>:smstdirectreadıssue+0x85
Ffffbc09'C5180540 fffff805'7FE98bc8: Ffffd70e'191ca080 ffffd70e'132F2000 00000000'00000000 ffffd70e'16b55cb0: Nt! Smkm_store<sm_traıts>:smstdirectreadcallout+0x21
Ffffbc09'C5180570 fffff805'7fea368F: Fffff805'7fea5B10 ffffbc09'C5180610 00000000'00000003 00000000'00000000: Nt! Keexpandkernelstackandcalloutınternal+0x78
Ffffbc09'C51805E0 fffff805'7ff59934: Ffffbc09'C51806E0 00000000'31526D73 00000000'000003FF fffff805'809229C0: Nt! Smkm_store<sm_traıts>:smstdirectread+0xc7
Ffffbc09'C51806B0 fffff805'7ff59368: 00000000'0000000C 00000000'000003FF ffffbc09'C5180760 fffff805'809229C0: Nt! Smkm_store<sm_traıts>:smstworkıtemqueue+0x1AC
Ffffbc09'C5180700 fffff805'7fea4117: 00000000'0000000C 00000000'00000001 ffffd70e'17813CD0 ffffd70e'16b55cb0: Nt! Smkm_store_mgr<sm_traıts>:smıoctxqueuework+0xc0
Ffffbc09'C5180790 fffff805'7fefa96b: Ffffd70e'00000001 ffffd70e'16b55D70 00000000'00000000 ffffd70e'132F2000: Nt! Smkm_store_mgr<sm_traıts>:smpageread+0x167
Ffffbc09'C5180800 fffff805'7FE5e0a0: 0000007F'00000100 00000000'00000000 ffffbc09'C5180A58 fffff805'7FE5bff0: Nt! Smpageread+0x33
Ffffbc09'C5180850 fffff805'7FE5bb4D: 00000000'00000002 ffffbc09'C51808E0 ffffbc09'C5180A58 ffffd70e'16b55C60: Nt! Miıssuehardfaultıo+0x10C
Ffffbc09'C51808A0 fffff805'7ff28278: 00000000'C0033333 00000000'00000001 00007FF5'2E545AD8 ffffe70a'4D1ff028: Nt! Miıssuehardfault+0x29D
Ffffbc09'C5180960 fffff805'80004E5E: 00000000'00000800 ffffd70e'0bc45260 ffffbc09'C5180B80 0000021F'7B02BD20: Nt! Mmaccessfault+0x468
Ffffbc09'C5180B00 00007FFF'FA77C63E: 00000000'00000000 00000000'00000000 00000000'00000000 00000000'00000000: Nt! Kipagefault+0x35E
00000032'faffdac8 00000000'00000000: 00000000'00000000 00000000'00000000 00000000'00000000 00000000'00000000: 0x00007fff`fa77c63e
Symbol_name: Nt! Rtldecompressbufferxpresslz+50
Module_name: Nt.
Image_name: ntkrnlmp.exe
Stack_command: Cxr 0xffffbc09c517f7f0; KB.
Bucket_ıd_func_offset: 50.
Faılure_bucket_ıd: 0x154_c0000006_c000000e_nt!RtlDecompressBufferXpressLz
Os_versıon: 10.0.19041.1
Buıldlab_str: Vb_release.
Osplatform_type: X64.
Osname: Windows 10.
Faılure_ıd_hash: {04BBC5BA-A28a-9EFE-B2FD-8956BFD9dd67}
Followup: Machineowner.
---------
1: Kd>
Implicit thread is Now ffffd70e'191ca080.
1: Kd> lmvm nt.
Browse Full module list.
Start end module name.
Fffff805'7fc00000 fffff805'80C46000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\21162BDFAA4AF6C73689A910245CE0BB1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped Memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\1DFE61061046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data.
Image was built with /brepro flag.
Timestamp: 1DFE6106 (this is a reproducible Build file hash, not a timestamp)
Checksum: 00A626F5.
Imagesize: 01046000.
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
Bu neden kaynaklı, bir de diğer minidump dosyalarını da nasıl açabilirim?
minidump (1)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Minidump'ları ben incelediğimde ntkrnlmp.exe ve CRITICAL_PROCESS_DIE vardı çoğunda.
Son düzenleyen: Moderatör: