属于偶然?上午12点左右,本子上运行着QQ2个聊天窗口,还有几个WEB网页,外面2声放炮响声,房间内1台台式机,1台笔记本,型号是DELL 1420笔记本,随着2声放炮声响,DELL1420立即蓝屏,没看见具体代码,随后立即自动重启!查看系统日志:错误代码 10000050,参数1 bad0b148,参数2 00000000,参数3 805baec9,参数4 00000002。 错误事件ID:1003。
立即发送信息到DELL客服MAIL,对方要求:把c盘下-windows-下的 minidump的文件发給他。 我们分析minidump 文件是什么?小存储器转储文件MiniDump:小存储器转储文件记录可帮助确定计算机为什么意外停止的最小的有用信息集。此选项要求启动卷上有一个至少为 2 MB 的页面文件。在运行 Microsoft Windows 2000 或更高版本的计算机上,计算机每次意外停止时 Windows 都会新建一个文件。这些文件的历史记录按照日期命名,存储在以下文件夹中,如:
C:\WINDOWS\Minidump\Mini010806-02.dmp /// Mini040208-01.dmp 这个文件有好多种文件名命名。
该转储文件类型包括以下信息:
• Stop 消息及其参数和其他数据
• 加载的驱动程序的列表
• 已停止的处理器的上下文 (PRCB)
• 已停止的进程的信息和内核上下文 (EPROCESS)
• 已停止的进程的信息和内核上下文 (ETHREAD)
• 已停止的线程的内核模式调用堆栈
当硬盘空间有限时,小存储器转储文件十分有用。但是,由于包括的信息有限,因此,通过分析此文件,可能无法发现并非由正在运行的线程在出现问题时直接导致的错误。
来自Microsoft的帮助信息:用于读取小存储器转储文件的工具,您可以使用转储检查实用工具 (Dumpchk.exe) 加载小存储器转储文件,还可以使用 Dumpchk.exe 验证是否正确创建了存储器转储文件。转储检查实用工具不要求访问调试符号。Microsoft Windows 2000 支持工具和 Microsoft Windows XP 支持工具中包含有转储检查实用工具。
C:\WINDOWS\Minidump\Mini040208-01.dmp 该文件用 http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe 软件打开,下载该软件,安装后,将Mini040208-01.dmp 放到windbg里面,点YES打开后分析:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini040208-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055d700
Debug session time: Wed Apr 2 12:00:08.031 2008 (GMT+8)
System Uptime: 0 days 3:20:33.725
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {bad0b148, 0, 805baec9, 2}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+e2ec9 )
Followup: MachineOwner
---------
懂嘛!看不懂的。 估计DELL的工程师也是这么的打开他看了。 等待他的邮件信息,看最后分析结果是哪里出了问题。
