我遇到使用VMWare运行的虚拟
Windows Server 2008 R2 SP1服务器的问题.服务器正在运行Citrix,并且还安装了Symantec Endpoint保护.它随机崩溃并转到BSOD.
调查事件日志并未提供有关崩溃原因的任何有用信息.我运行Windows调试并生成如下所示的报告.显然它指向一个失败的司机.问题是我无法确定驱动程序导致它的原因.我想知道是否有人可以提供一些帮助.
---------- ## Bugcheck Analysis ## SYstem_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005,Exception code that caused the bugcheck Arg2: fffff9600008744d,Address of the instruction which caused the bugcheck Arg3: fffff88007ba3de0,Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000,zero. Debugging Details: ------------------ Page 125923 not present in the dump file. Type ".hh dbgerr004" for details EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory Could not be %s. FAULTING_IP: win32k!xxxInternalInvalidate+7d fffff960`0008744d f6473208 test byte ptr [rdi+32h],8 CONTEXT: fffff88007ba3de0 -- (.cxr 0xfffff88007ba3de0) rax=0000000000000000 rbx=0000000000010485 rcx=0000000000000000 rdx=0000000000000b02 rsi=0000000000000000 rdi=0000000000000000 rip=fffff9600008744d rsp=fffff88007ba47c0 rbp=0000000000000000 r8=0000000000010485 r9=0000000000000000 r10=fffff900000004c0 r11=fffff900c26eac30 r12=0000000000000000 r13=0000000000000001 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 win32k!xxxInternalInvalidate+0x7d: fffff960`0008744d f6473208 test byte ptr [rdi+32h],8 ds:002b:00000000`00000032=?? Resetting default scope DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: csRSS.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff960001351a2 to fffff9600008744d STACK_TEXT: fffff880`07ba47c0 fffff960`001351a2 : 00000000`00000000 00000000`00000040 fffffa80`0678d330 00000000`00000000 : win32k!xxxInternalInvalidate+0x7d fffff880`07ba4840 fffff960`001352a2 : fffffa80`0678d330 00000000`00000000 fffff880`07ba4ca0 fffffa80`06109ab0 : win32k!xxxInternalUserChangedisplaySettings+0x486 fffff880`07ba4900 fffff960`001330e3 : 00000000`00000000 00000000`00000000 fffff900`c0f9ead0 fffff900`00000040 : win32k!xxxUserChangedisplaySettings+0x92 fffff880`07ba49f0 fffff960`00115cba : 00000000`00000001 00000000`00aff960 00000000`00000000 ffffffff`ffffffff : win32k!xxxRemoteReconnect+0x6d7 fffff880`07ba4bf0 fffff800`016d9ed3 : fffffa80`06f66b00 fffff880`07ba4ca0 00000000`00000000 00000000`00000000 : win32k!NtUserCallOneParam+0x4e fffff880`07ba4c20 000007fe`fd1b2aea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServicecopyEnd+0x13 00000000`00aff918 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`fd1b2aea FOLLOWUP_IP: win32k!xxxInternalInvalidate+7d fffff960`0008744d f6473208 test byte ptr [rdi+32h],8 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!xxxInternalInvalidate+7d FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 50e64bda STACK_COMMAND: .cxr 0xfffff88007ba3de0 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!xxxInternalInvalidate+7d BUCKET_ID: X64_0x3B_win32k!xxxInternalInvalidate+7d Followup: MachineOwner ---------
这看起来像以下知识库文章中描述的问题:
https://support.microsoft.com/en-us/kb/2359223
“0x0000003B”当应用程序或服务执行与GUI相关的操作时,Windows Server 2008 R2和Windows 7中出现停止错误
我认为这是修复程序中描述的问题的原因是因为它专门调用win32k.sys驱动程序.此外,还在转储中显示的CSRSS.exe进程用于用户模式GUI操作与内核之间的进程间通信,这也表示修补程序中描述的问题(参考:https://en.wikipedia.org/wiki/Client/Server_Runtime_Subsystem).
