windows服务器dmp⽂件分析,如何⽤WinDbg分析 MEMORY.DMP⽂件
1. 我的电脑,属性->⾼级->启动,最下⾯的内存调试选最后⼀项的全部,确定后重新启动 2. 蓝屏后不要急着重启,系统会保存整个内存内容,然后会⾃动重启
3. 重启后,windows⽬录会多出 MEMORY.DMP, 如果1步骤选完全调试,那么这个⽂件和你的内存⼀样⼤
4. 下载安装windwos 的 debug tools, 我这有下载地址,或微软⽹站车载卫星天线
5. 安装后创建⼀个临时⽬录,例如 c:\temp
6. 启动 windbg
7. windbg界⾯: file->symbol file path (ctrl+s) 输⼊:
然后确定
8. windbg界⾯: file->open crash dump(ctrl+d),打开windows⽬录下⾯的 memory.dmp
9. 打开后,等待提⽰0402封装
当出现 Use !analyze -v to get detailed debugging information. 字样后,在下⾯输⼊框
!analyze -v
10. 等待分析完毕,可以知道什么导致的出错
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffffadf291e4ec4, fffffadf25015d90, 0}
Page cc2d8 not present in the dump file. Type ".hh dbgerr004" for details
Page cdecc not present in the dump file. Type ".hh dbgerr004" for details
*** ERROR: Module load completed but symbols could not be loaded for HpCISSs2.sysPage cdecc not present in the dump file. Type ".hh dbgerr004" for details
Page cc2d8 not present in the dump file. Type ".hh dbgerr004" for details
Page c549d not present in the dump file. Type ".hh dbgerr004" for details
Page c555e not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details
Page cdecc not present in the dump file. Type ".hh dbgerr004" for details
Page cc2d8 not present in the dump file. Type ".hh dbgerr004" for details
Page c549d not present in the dump file. Type ".hh dbgerr004" for details
Page c555e not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details
Probably caused by : storport.sys ( storport!StorPortGetPhysicalAddress+2db )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffffadf291e4ec4, Address of the exception record for the exception that caused the bugcheck
Arg3: fffffadf25015d90, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
Page cc2d8 not present in the dump file. Type ".hh dbgerr004" for details
Page cdecc not present in the dump file. Type ".hh dbgerr004" for details
Page cdecc not present in the dump file. Type ".hh dbgerr004" for details
Page cc2d8 not present in the dump file. Type ".hh dbgerr004" for details
Page c549d not present in the dump file. Type ".hh dbgerr004" for details
Page c555e not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details
Page cdecc not present in the dump file. Type ".hh dbgerr004" for details
Page cc2d8 not present in the dump file. Type ".hh dbgerr004" for details
Page c549d not present in the dump file. Type ".hh dbgerr004" for details
Page c555e not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
storport!StorPortGetPhysicalAddress+2db
fffffadf`291e4ec4 4c8b4850 mov r9,qword ptr [rax+50h]
CONTEXT: fffffadf25015d90 -- (.cxr 0xfffffadf25015d90)
rax=00015105823e684c rbx=0000000000000000 rcx=fffffadf29edb000
rdx=fffffadf2740e380 rsi=fffffadf2740e380 rdi=00000000f1594964
rip=fffffadf291e4ec4 rsp=fffffadf250165a0 rbp=fffffadf383796e0
r8=fffffadf2740e438 r9=fffffadf25016620 r10=fffffadf3836e008
r11=fffffadf2740e498 r12=fffffadf3836e008 r13=fffffadf25016620
r14=0000000000000298 r15=00000000000001a8
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
KU波可调电衰减器
storport!StorPortGetPhysicalAddress+0x2db:
fffffadf`291e4ec4 4c8b4850 mov r9,qword ptr [rax+50h] ds:002b:00015105`823e689c=????????????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME:
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffffadf2950eb06 to fffffadf291e4ec4
STACK_TEXT:
fffffadf`250165a0 fffffadf`2950eb06 : fffffadf`2740e480 fffffadf`35e79a40 fffffadf`2740e380 fffffadf`2740e3e0 : storport!StorPortGetPhysicalAddress+0x2db
fffffadf`25016600 fffffadf`2950cbd4 : fffffadf`3836e008 fffffadf`35e79a40 fffffadf`2740e380 fffffadf`35fd64e0 : HpCISSs2+0x8b06
fffffadf`25016640 fffffadf`295087fb : fffffadf`35fd64e0 fffffadf`35e79a40 fffffadf`3836e008 fffffadf`29506000 : HpCISSs2+0x6bd4fffffadf`25016670 fffffadf`291e251a : 00000000`00000000 fffffadf`291e4282
fffffadf`383796e0 fffffadf`2740e0c8 : HpCISSs2+0x27fbfffffadf`250166f0 fffffadf`291e2e83 : fffffadf`378d33f0 00000000`00000001 fffffadf`2740e010 fffffadf`383796e0 : storport!RaidAdapterPostScatterGatherExecute+0xf1
fffffadf`25016740 fffff800`0080c0a9 : 00000000`00000004 fffff800`0128b06d fffffadf`35e97000
00000000`00000002 : storport!RaidpAdapterContinueScatterGather+0x5b
fffffadf`25016780 fffffadf`291e385a : 00000000`00000000 fffffadf`38379590 fffffadf`2740e0b8
fffffadf`2740e000 : hal!HalBuildScatterGatherList+0x2b9
fffffadf`250167e0 fffffadf`291e7b21 : 00000000`00000000 00000000`00000298 fffffadf`2740e010
00000000`00000000 : storport!RaidAdapterExecuteXrb+0xb3
fffffadf`25016840 fffffadf`29239642 : fffffadf`383796e0 fffffadf`35e79a40 fffffadf`3600a010
车辆排队长度00000000`0004d008 : storport!RaidAdapterScsiMiniportIoctl+0x351
多媒体控制器fffffadf`250168b0 fffffadf`2923add0 : fffffadf`38a20f20 fffffadf`38a20dd0 fffffadf`38379590 fffffadf`3600
a010 : storport!RaidAdapterDeviceControlIrp+0x1b2
fffffadf`25016950 fffffadf`2985c586 : fffffadf`00000000 fffffadf`38a20f20 fffffadf`3600a170 fffffadf`3600a010 : storport!RaDriverDeviceControlIrp+0xb0
fffffadf`250169e0 fffff800`01282091 : 00000000`00000201 fffffadf`25016cf0 00000000`00000000
fffffadf`3718c710 : mpspfltr!MPSPDevCtlDispatch+0x86
fffffadf`25016a70 fffff800`01281b96 : 00000000`00000174 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa79
fffffadf`25016b90 fffff800`0102e3fd : fffffadf`36bd4310 fffffadf`3716d4b0 00000000`00000000
00000000`0096f820 : nt!NtDeviceIoControlFile+0x56
fffffadf`25016c00 00000000`77ef0a5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`0096fc48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a5a
FOLLOWUP_IP:
storport!StorPortGetPhysicalAddress+2db
fffffadf`291e4ec4 4c8b4850 mov r9,qword ptr [rax+50h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: storport!StorPortGetPhysicalAddress+2db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: storport
IMAGE_NAME: storport.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d06f34
STACK_COMMAND: .cxr 0xfffffadf25015d90 ; kb
FAILURE_BUCKET_ID: X64_0x3B_storport!StorPortGetPhysicalAddress+2db
BUCKET_ID: X64_0x3B_storport!StorPortGetPhysicalAddress+2db
Followup: MachineOwner
---------
看上边红⾊字体部分,⼤概说明都是HP的某个驱动有问题 审批流去google搜索HpCISSs2.sys,最好加上Microsoft,这样筛选快⼀些。
我的运⽓还算好,马上就看见⼀个KB就是关于这个错误,说是HP的机器更新了⼀个windows Server 2003 的补丁后,驱动有问题,必须到HP的⽹站上去更新相关的驱动。我去查看服务器补丁安装的情况,果然发现机器出问题的时间和更新那个补丁的时间差不多。
问题终于搞定,观察了两天,服务器没有再出现异常蓝屏
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议