none
上周遇到的系统重启问题,得到Dump求分析~ RRS feed

  • 问题

  • Microsoft (R) Windows Debugger  Version 6.7.0005.1
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Michelle\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Kernel Version 7601 (Service Pack 1) MP (64 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer
    Built by: 7601.23677.amd64fre.win7sp1_ldr.170209-0600
    Kernel base = 0xfffff800`02604000 PsLoadedModuleList = 0xfffff800`02846730
    Debug session time: Fri Nov 30 16:20:38.309 2018 (GMT+8)
    System Uptime: 386 days 22:42:18.097
    Loading Kernel Symbols
    .................................................................................................................................................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 3B, {c0000005, fffff88009fcee54, fffff88023f78d40, 0}

    Probably caused by : rdpdr.sys ( rdpdr!CTransportVC::CloseChannels+18 )

    Followup: MachineOwner
    ---------

    48: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff88009fcee54, Address of the exception record for the exception that caused the bugcheck
    Arg3: fffff88023f78d40, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p

    FAULTING_IP:
    rdpdr!CTransportVC::CloseChannels+18
    fffff880`09fcee54 488b4148        mov     rax,qword ptr [rcx+48h]

    CONTEXT:  fffff88023f78d40 -- (.cxr 0xfffff88023f78d40)
    rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000001 rsi=0000000000000000 rdi=fffffa803388c0b0
    rip=fffff88009fcee54 rsp=fffff88023f79720 rbp=0000000000000001
     r8=0000000000000000  r9=0000000000000000 r10=002d005000440052
    r11=fffff88023f79880 r12=000000000000493a r13=0000000000000000
    r14=000000000000493a r15=0000000000000003
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
    rdpdr!CTransportVC::CloseChannels+0x18:
    fffff880`09fcee54 488b4148        mov     rax,qword ptr [rcx+48h] ds:002b:00000000`00000048=????????????????
    Resetting default scope

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0x3B

    PROCESS_NAME:  svchost.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff88009fcbd7b to fffff88009fcee54

    STACK_TEXT: 
    fffff880`23f79720 fffff880`09fcbd7b : 00000000`00000000 00000000`00000001 00000000`00000000 fffff880`09fcb6d5 : rdpdr!CTransportVC::CloseChannels+0x18
    fffff880`23f79760 fffff880`09fcb5c9 : 00000000`00000000 fffffa80`20c0ef50 00000000`00000000 00000000`0000493a : rdpdr!CVCSession::Disconnect+0x7b
    fffff880`23f797b0 fffff880`09fcb43b : 00000000`00000000 fffff880`23f79880 fffffa80`3388c0b0 fffffa80`20c0ef50 : rdpdr!CDynVC::NotifySessionDisconnected+0x71
    fffff880`23f797e0 fffff880`09fcd0fc : 00000000`00003020 fffffa80`20c04870 00000000`0233e280 fffffa80`4e814cc8 : rdpdr!CDynVC::NotifySessionConnected+0x47
    fffff880`23f79830 fffff880`09fcb020 : 00000000`00003924 fffff8a0`09e10afe fffffa80`23297860 fffff880`23f79920 : rdpdr!CFileVC::DeviceIoControl+0x15c
    fffff880`23f79910 fffff880`09fbaa19 : fffffa80`23297860 fffff8a0`09e10af0 00000000`00000000 fffffa80`19ae84b0 : rdpdr!DYNVC_Dispatch+0x70
    fffff880`23f79940 fffff800`029832ca : 00000000`00000002 00000000`00000002 fffffa80`24c06110 fffffa80`23297860 : rdpdr!DrPeekDispatch+0x61
    fffff880`23f79990 fffff800`0299756a : fffffa80`24c06110 fffffa80`24c06110 fffffa80`24c06110 fffff880`03516180 : nt!IopSynchronousServiceTail+0xfa
    fffff880`23f79a00 fffff800`02997606 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc27
    fffff880`23f79b40 fffff800`026726d3 : 00000000`00000018 00000000`0233ea50 00000000`0233e770 00000000`01e0fc40 : nt!NtDeviceIoControlFile+0x56
    fffff880`23f79bb0 00000000`777abdaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0233e0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777abdaa


    FOLLOWUP_IP:
    rdpdr!CTransportVC::CloseChannels+18
    fffff880`09fcee54 488b4148        mov     rax,qword ptr [rcx+48h]

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  rdpdr!CTransportVC::CloseChannels+18

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: rdpdr

    IMAGE_NAME:  rdpdr.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7abc1

    STACK_COMMAND:  .cxr 0xfffff88023f78d40 ; kb

    FAILURE_BUCKET_ID:  X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

    BUCKET_ID:  X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

    Followup: MachineOwner
    ---------

    48: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff88009fcee54, Address of the exception record for the exception that caused the bugcheck
    Arg3: fffff88023f78d40, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p

    FAULTING_IP:
    rdpdr!CTransportVC::CloseChannels+18
    fffff880`09fcee54 488b4148        mov     rax,qword ptr [rcx+48h]

    CONTEXT:  fffff88023f78d40 -- (.cxr 0xfffff88023f78d40)
    rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000001 rsi=0000000000000000 rdi=fffffa803388c0b0
    rip=fffff88009fcee54 rsp=fffff88023f79720 rbp=0000000000000001
     r8=0000000000000000  r9=0000000000000000 r10=002d005000440052
    r11=fffff88023f79880 r12=000000000000493a r13=0000000000000000
    r14=000000000000493a r15=0000000000000003
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
    rdpdr!CTransportVC::CloseChannels+0x18:
    fffff880`09fcee54 488b4148        mov     rax,qword ptr [rcx+48h] ds:002b:00000000`00000048=????????????????
    Resetting default scope

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0x3B

    PROCESS_NAME:  svchost.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff88009fcbd7b to fffff88009fcee54

    STACK_TEXT: 
    fffff880`23f79720 fffff880`09fcbd7b : 00000000`00000000 00000000`00000001 00000000`00000000 fffff880`09fcb6d5 : rdpdr!CTransportVC::CloseChannels+0x18
    fffff880`23f79760 fffff880`09fcb5c9 : 00000000`00000000 fffffa80`20c0ef50 00000000`00000000 00000000`0000493a : rdpdr!CVCSession::Disconnect+0x7b
    fffff880`23f797b0 fffff880`09fcb43b : 00000000`00000000 fffff880`23f79880 fffffa80`3388c0b0 fffffa80`20c0ef50 : rdpdr!CDynVC::NotifySessionDisconnected+0x71
    fffff880`23f797e0 fffff880`09fcd0fc : 00000000`00003020 fffffa80`20c04870 00000000`0233e280 fffffa80`4e814cc8 : rdpdr!CDynVC::NotifySessionConnected+0x47
    fffff880`23f79830 fffff880`09fcb020 : 00000000`00003924 fffff8a0`09e10afe fffffa80`23297860 fffff880`23f79920 : rdpdr!CFileVC::DeviceIoControl+0x15c
    fffff880`23f79910 fffff880`09fbaa19 : fffffa80`23297860 fffff8a0`09e10af0 00000000`00000000 fffffa80`19ae84b0 : rdpdr!DYNVC_Dispatch+0x70
    fffff880`23f79940 fffff800`029832ca : 00000000`00000002 00000000`00000002 fffffa80`24c06110 fffffa80`23297860 : rdpdr!DrPeekDispatch+0x61
    fffff880`23f79990 fffff800`0299756a : fffffa80`24c06110 fffffa80`24c06110 fffffa80`24c06110 fffff880`03516180 : nt!IopSynchronousServiceTail+0xfa
    fffff880`23f79a00 fffff800`02997606 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc27
    fffff880`23f79b40 fffff800`026726d3 : 00000000`00000018 00000000`0233ea50 00000000`0233e770 00000000`01e0fc40 : nt!NtDeviceIoControlFile+0x56
    fffff880`23f79bb0 00000000`777abdaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0233e0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777abdaa


    FOLLOWUP_IP:
    rdpdr!CTransportVC::CloseChannels+18
    fffff880`09fcee54 488b4148        mov     rax,qword ptr [rcx+48h]

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  rdpdr!CTransportVC::CloseChannels+18

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: rdpdr

    IMAGE_NAME:  rdpdr.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7abc1

    STACK_COMMAND:  .cxr 0xfffff88023f78d40 ; kb

    FAILURE_BUCKET_ID:  X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

    BUCKET_ID:  X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

    Followup: MachineOwner
    ---------

    2018年12月6日 3:09

全部回复

  • 0x0000003B 错误表示一个从没有权限的代码传送至有权限的代码时遇到了例外的错误,一般是软件兼容性问题引起页面库占用过多,或者用户模式的显示驱动传送了不正确的代码。

    因为涉及到 RDPDR.SYS,请问你的问题是不是只在使用 RDP 远程桌面的时候出现呢?


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <Mier06>;原帖链接:

    | BugCheck 3B, {c0000005, fffff88009fcee54, fffff88023f78d40, 0}
    | Probably caused by : rdpdr.sys ( rdpdr!CTransportVC::CloseChannels+18 )

    2018年12月6日 7:47
    版主