///后跟的所有内容都是对下一行具体项目的具体解释

Microsoft ? Windows Debugger Version 6.12.0002.633 AMD64 Copyright ? Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\103021-8359-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRVC:\Symbolshttp://msdl.microsoft.com/download/symbols Executable search path is: // 内核版:可见Win10用的还是win77内核只修改了 Windows 7 Kernel Version 19041 MP (24 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff80526800000 PsLoadedModuleList = 0xfffff8052742a3d0 Debug session time: Sat Oct 30 21:32:19.861 2021 (UTC 8:00) // 这一行更重要： 从系统的运行时间可以看出，我运行了将近2次h，OS蓝屏挂掉了 System Uptime: 0 days 1:56:51.634 Loading Kernel Symbols … … … … Loading User Symbols Loading unloaded module list … // 下一个内容是更重要的信息内容，记录这次OS挂断系统错误检查分析

•                                                                         * 

•                    Bugcheck Analysis                                    * 

•                                                                         * 

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 1, fffff8053b56f00c} // !!! 注：第一个非常明显的错误警告出现，无法加载NV的一个镜像 —> 产生错误条件的条件 1 < NV镜像出错 > // 解决方案： // https://validedge.com/nvlddmkm-sys/#:~:text=How to Fix nvlddmkm.Sys Error on Windows 10,… 6 Method #6 Update Your Windows. // 本网页阐述了产生NV这个驱动文件缺失的六个解决方案 // C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff // NV该模块来自上述路径，试图重新安装卸载驱动器 Unable to load image \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_44dc4eefedc0d082\nvlddmkm.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for nvlddmkm.sys *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys *** WARNING: Unable to verify timestamp for win32k.sys *** ERROR: Module load completed but symbols could not be loaded for win32k.sys // 错误的可能原因：内存损坏 Probably caused by : memory_corruption Followup: memory_corruption

下面是具体的调试信息 DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff8053b56f00c, address which referenced memory // 这里接下来是调试的详情信息 Debugging Details: ------------------

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 0000000000000000

CURRENT_IRQL: 2

FAULTING_IP: // 看到这个mov我想起了我学汇编的痛苦岁月 T_T // NV模块（nvlddmkm）这里又出现了名字。NV 1 // 有一个非常重要的问题。如果每次处理后仍有蓝屏问题，请注意驱动模块的每次偏移地址是否一致 nvlddmkm 81f00c fffff805`3b56f00c 458c03 mov word ptr [r11],es

CUSTOMER_CRASH_COUNT: 1 // 一般意思是代码损坏出现在这个内存中 DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0xD1 // 触发蓝屏的过程：系统 PROCESS_NAME: System // 最后一次控制的转换地址 LAST_CONTROL_TRANSFER: from fffff80526c07d69 to fffff80526bf5e40 // 堆栈表 STACK_TEXT: ffff8085332e57f8 fffff80526c07d69 : 000000000000000a 0000000000000000 0000000000000002 0000000000000001 : nt!KeBugCheckEx ffff8085332e5800 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch 0x69

STACK_COMMAND: .bugcheck ; kb // 这个！chkimg调试命令是检查符号表与其他地方的差异，以检查镜像中的错误 CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt fffff80526b9752f-fffff80526b97531 3 bytes - nt!MiFreeUltraMapping 33 [ 7d fb f6:6b d7 ae ] fffff80526bf7198-fffff80526bf7199 2 bytes - nt!KiChainedDispatch b8 ( 0x5fc69) [ 48 ff:4c 8b ] fffff80526bf719f-fffff8026bf71a2 4 bytes - nt!KiChainedDispatch+bf (+0x07) [ 0f 1f 44 00:e8 7c d2 61 ] 9 errors : !nt (fffff80526b9752f-fffff80526bf71a2)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption

!analyze -v ******************************************************************************* * Bugcheck Analysis * *******************************************************************************

DPC_WATCHDOG_VIOLATION (133) The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. Arguments: Arg1: 0000000000000001, The system cumulatively spent an extended period of time at DISPATCH_LEVEL or above. The offending component can usually be identified with a stack trace. Arg2: 0000000000001e00, The watchdog period. Arg3: fffff8051c8fb320 Arg4: 0000000000000000

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0x133 // 导致蓝屏的程序：文件夹（对！我在打开文件夹的时候卡死了蓝屏了） PROCESS_NAME: explorer.exe

CURRENT_IRQL: d

LAST_CONTROL_TRANSFER: from fffff8051c03ae42 to fffff8051bff5e40

STACK_TEXT: ffffcc0169ad3e18 fffff8051c03ae42 : 0000000000000133 0000000000000001 0000000000001e00 fffff8051c8fb320 : nt!KeBugCheckEx ffffcc0169ad3e20 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KeAccumulateTicks+0x1c8c42

STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32k ffffcb5ba3ea4c6c-ffffcb5ba3ea4c71 6 bytes - win32k!NtUserCallHwndLock+10 [ ff 15 ee fc 06 00:e8 2f 56 09 00 90 ] ffffcb5ba3ea4c90-ffffcb5ba3ea4c95 6 bytes - win32k!NtUserCallHwndLockSafe+10 (+0x24) [ ff 15 ca fc 06 00:e8 0b 56 09 00 90 ] ffffcb5ba3ea4cb4-ffffcb5ba3ea4cb9 6 bytes - win32k!NtUserCallHwndOpt+10 (+0x24) [ ff 15 a6 fc 06 00:e8 e7 55 09 00 90 ] ffffcb5ba3ea4cd8-ffffcb5ba3ea4cdd 6 bytes - win32k!NtUserCallHwndParam+10 (+0x24) [ ff 15 82 fc 06 00:e8 c3 55 09 00 90 ] ffffcb5ba3ea4cfc-ffffcb5ba3ea4d01 6 bytes - win32k!NtUserCallHwndParamLock+10 (+0x24) [ ff 15 5e fc 06 00:e8 9f 55 09 00 90 ] ffffcb5ba3ea4d20-ffffcb5ba3ea4d25 6 bytes - win32k!NtUserCallHwndParamLockSafe+10 (+0x24) [ ff 15 3a fc 06 00:e8 7b 55 09 00 90 ] ffffcb5ba3ea4d44-ffffcb5ba3ea4d49 6 bytes - win32k!NtUserCallHwndSafe+10 (+0x24) [ ff 15 16 fc 06 00:e8 57 55 09 00 90 ] ffffcb5ba3ea4d68-ffffcb5ba3ea4d6d 6 bytes - win32k!NtUserCallMsgFilter+10 (+0x24) [ ff 15 f2 fb 06 00:e8 33 55 09 00 90 ] 48 errors : !win32k (ffffcb5ba3ea4c6c-ffffcb5ba3ea4d6d)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption

==================================================================================== 第三份日志 !analyze -v

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

CRITICAL_PROCESS_DIED (ef) A critical system process died Arguments: Arg1: ffffa20db825d240, Process object Arg2: 0000000000000000 Arg3: 0000000000000000 Arg4: 0000000000000000

PROCESS_OBJECT: ffffa20db825d240

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0xEF

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff8035b706972 to fffff8035b1f5e40

STACK_TEXT: fffffd8721214938 fffff8035b706972 : 00000000000000ef ffffa20db825d240 0000000000000000 0000000000000000 : nt!KeBugCheckEx fffffd8721214940 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!PspCatchCriticalBreak+0x10e

STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt fffff8035b19752e-fffff8035b197531 4 bytes - nt!MiFreeUltraMapping+32 [ a0 7d fb f6:20 63 c6 8c ] 4 errors : !nt (fffff8035b19752e-fffff8035b197531)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption