通常在荡机的瞬间,操作系统会形成一个存储器转储文件。 这个文件是当计算机死机的瞬间的内存的映像.该文件通常放置在系统目录下的minidum目录下.例如 C:/WINDOWS/Minidump/Mini082106-01.dmp. 所以对该文件的分析就能很快查找到问题的所在.
当安装这个工具后,则就可以使用 WinDbg 来对 mimidump文件进行分析了.打开WinDbg ,首先要设置符号文件路径.符号文件是用来分析错误原因位置信息的文件.这个文件可以从 的网站随着WinDbg 一起下载,当然了比较大了.如果你不愿意下载,则可以设置连接到网站上的地址就可以了.我通常采用这种方法.
然后就可以打开 minidump文件进行分析了 . File--> Open Crash Dump , ,例如打开 C:/WINDOWS/Minidump/Mini082106-01.dmp .等待一会,根据前面设置的符号文件的地址,windbg 连接到 microsoft 的网站,得到符号信息.
从这里我们可以知道当前错误是出在SkyProcs.sys这个文件上(ERROR: Module load completed but symbols could not be loaded for SkyProcs.sys ). 至于具体的原因就是RIVER_IRQL_NOT_LESS_OR_EQUAL ,这个错误一般是驱动程序中IRQL的问题.
如果不懂这些技术问题,就查找到SkyProcs.sys这个文件,然后就知道了是哪个程序出现了问题,删除或者卸载掉该软件,一般情况下就能解决计算机频繁重新启动的问题.到现在看来这个问题的原因多数的安装的驱动程序出现了问题.
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:/WINDOWS/Minidump/Mini070208-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d8000 PsLoadedModuleList = 0x805634a0
Debug session time: Wed Jul 2 06:22:29.015 2008 (GMT+8)
System Uptime: 0 days 0:12:21.733
Loading Kernel Symbols
............................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, c8abd001, 4b5e, c0c00000}
Probably caused by : memory_corruption ( nt!MiLocateWsle+c0 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: c8abd001
Arg3: 00004b5e
Arg4: c0c00000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 8052abf2 to 8053838a
STACK_TEXT:
f7969bf0 8052abf2 0000001a 00041284 c8abd001 nt!KeBugCheckEx+0x1b
f7969c28 804f56b5 00004b5e 82f1f008 82fa55a8 nt!MiLocateWsle+0xc0
f7969c68 805709c2 c8abd000 82f1c170 00000000 nt!MmUnmapViewInSystemCache+0xc2
f7969c80 804f5638 82fa55a8 82f1f008 00000000 nt!CcUnmapVacb+0x2a
f7969cb0 804f5b44 00000000 00000000 82f1f06c nt!CcUnmapVacbArray+0xe5
f7969ccc 804f5ab6 82f1f008 80700a4c 82f1f008 nt!CcUnmapAndPurge+0x20
f7969cfc 804ee808 00000001 8055f690 82f059e0 nt!CcDeleteSharedCacheMap+0xc5
f7969d34 804e77c8 82fb6098 8056a4c0 82fb65b8 nt!CcWriteBehind+0x357
f7969d7c 804e33b5 82fb6098 00000000 82fb65b8 nt!CcWorkerThread+0x12f
f7969dac 80575128 82fb6098 00000000 00000000 nt!ExpWorkerThread+0xef
f7969ddc 804ed781 804e32f1 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiLocateWsle+c0
8052abf2 006a00 add byte ptr [edx],ch
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 45e54690
SYMBOL_NAME: nt!MiLocateWsle+c0
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c0
BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c0
Followup: MachineOwner