Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\070311-28140-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*D:\down\TEMP*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0x8420d000 PsLoadedModuleList = 0x84355810
Debug session time: Sun Jul 3 11:26:15.069 2011 (GMT+8)
System Uptime: 0 days 0:15:47.194
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
........
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 00000000, Object type of the object whose reference count is being lowered
Arg2: 87fc3030, Object whose reference count is being lowered
Arg3: 00000002, Reserved
Arg4: ffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the objects reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for KAVSafe.sys
*** ERROR: Module load completed but symbols could not be loaded for KAVSafe.sys
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: kxescore.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 84276042 to 842e9dfc
STACK_TEXT:
94bbd6d8 84276042 00000018 00000000 87fc3030 nt!KeBugCheckEx+0x1e
94bbd6fc 84275ff0 87fc3030 844569ce b035dbe0 nt!ObfDereferenceObjectWithTag+0x4b
94bbd704 844569ce b035dbe0 94bbda0c 94bbda98 nt!ObfDereferenceObject+0xd
94bbd9f0 8425043a 00000001 00000018 94bbdaa4 nt!NtQueryInformationProcess+0x4ba
94bbd9f0 8424ebed 00000001 00000018 94bbdaa4 nt!KiFastCallEntry+0x12a
94bbda7c 89da7c2e ffffffff 00000000 94bbdaa4 nt!ZwQueryInformationProcess+0x11
WARNING: Stack unwind information not available. Following frames may be wrong.
94bbdabc 89da7c8e 87bc3030 00000000 00000000 KAVSafe+0xbc2e
94bbdad8 89da79a3 94bbdae4 00000001 00000000 KAVSafe+0xbc8e
94bbdd04 89da77e8 94bbdd1c 89d9e696 00000500 KAVSafe+0xb9a3
94bbdd0c 89d9e696 00000500 c0000022 94bbdd34 KAVSafe+0xb7e8
94bbdd1c 8425043a ffffffff 0000000c 08b6e474 KAVSafe+0x2696
94bbdd1c 77156344 ffffffff 0000000c 08b6e474 nt!KiFastCallEntry+0x12a
08b6e478 00000000 00000000 00000000 00000000 0x77156344
STACK_COMMAND: kb
FOLLOWUP_IP:
KAVSafe+bc2e
89da7c2e ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: KAVSafe+bc2e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: KAVSafe
IMAGE_NAME: KAVSafe.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4dad3ad5
FAILURE_BUCKET_ID: 0x18_KAVSafe+bc2e
BUCKET_ID: 0x18_KAVSafe+bc2e
Followup: MachineOwner
---------
本文记录了一次Windows系统的蓝屏故障及其详细分析过程。故障由KAVSafe.sys驱动引起,表现为REFERENCE_BY_POINTER错误,参数表明对象引用计数不匹配。通过对堆栈跟踪的解析,确定了引发故障的具体函数。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
