Windows 蓝屏分析笔记

最新推荐文章于 2025-05-11 18:32:03 发布

原创最新推荐文章于 2025-05-11 18:32:03 发布 · 775 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#windows #microsoft #application #module #system #function

本文针对Windows XP系统的稳定性问题，介绍了使用WinDBG配合Windows符号来分析minidump的方法，并提供了调试资源链接。文章还讨论了系统崩溃的原因，指出第三方设备驱动程序是主要因素。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

最近发现windows xp在我们的产品上不稳定，急的“脸色”都变了，本来是五颜六色，最后蹦出蓝底白字给你看。

现在没时间总结，先写点零碎的东西，以后在整理吧。

首先

用WinDBG配合Windows符号来分析minidump

windows符号下载地址http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx

当然也可用windows的调试符号服务器，位置在这里

http://msdl.microsoft.com/download/symbols

其次

阅读这篇文章入门WinDbg的调试方法

http://blogs.msdn.com/b/iliast/archive/2006/12/10/windbg-tutorials.aspx

再次

这篇文章页非常重要

http://blogs.msdn.com/b/iliast/archive/2006/12/11/crash-dump-analysis.aspx

这篇文章中提到了三个很重要的信息

SYMBOL_NAME: Exactly where the invalid operation was caused (module + function)
MODULE_NAME: The name of the module that caused the crash
IMAGE_NAME: The file, in which the problematic code resides

还有一些指令帮助分析，总之很重要。

这里提供了一些常用的Windbg，应该有所帮助

http://www.tonyschr.net/debugging.htm

微软还有这样的好东西

http://oca.microsoft.com/en/windiag.asp

以上笔迹是2010-9-7日前

原文

QUESTION 1: What causes all these reboots?

First of all, because of the architecture of the windows kernel in the NT/2000/XP/Vista series, an application cannot corrupt data that belongs to another application or to the kernel. This means that each application is totally isolated and cannot harm the system. The worst thing that can happen is that the application does something invalid and crashes without any further implications for the rest of the system. On the other hand, the windows kernel and the device drivers have unlimited access to the system. If the kernel or a driver misbehaves, then it can corrupt the whole system. The immediate result of this, is that the reason for all the blue screens lies either in the windows kernel or in the windows device drivers. That's why, whenever an application crashes, the system keeps working without a problem, whereas if there is a bug in the kernel or in a device driver, the whole system goes down.

Now that we've identified the possible causes of the crashes, it's time to go even further. According to the reports that were sent to Microsoft until April 2004 (from all those people, who pressed "Yes", when they were asked to send the data to Microsoft) the reasons for the crashes can be split as follows:

Third-party device drivers: 70%
Unknown, because of severe memory corruption: 15%
Hardware error: 10%
Microsoft code: 5%

This shows that Microsoft is not the one to blame. The main cause for these crashes is poorly written third-party (non-Microsoft) device drivers.

我们排除的顺序是

第三方设备驱动程序

内存崩溃

硬件错误

微软bug