系统为:Windows Server 2019 Standard
通过debugging tools 读取的日志信息如下:
Loading Dump File [E:\dmp\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff8061fc0c000 PsLoadedModuleList = 0xfffff806
2002b9b0
Debug session time: Sat Jan 1 03:10:08.610 2022 (UTC + 8:00)
System Uptime: 2 days 9:33:07.065
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
.......................................Page 2001095ab too large to be in the dump file.
Page 2004405aa too large to be in the dump file.
........................
................................................................
.................................
Loading User Symbols
....................
Loading unloaded module list
..............*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified
ntdll The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
Unable to add extension DLL: kdexts
Unable to add extension DLL: kext
Unable to add extension DLL: exts
The call to LoadLibrary(ext) failed, Win32 error 0n2
"系统找不到指定的文件。"
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ext) failed, Win32 error 0n2
"系统找不到指定的文件。"
Please check your debugger configuration and/or network access.
Bugcheck code 000000EF
Arguments ffffa681c68cd140 00000000
00000000 0000000000000000 00000000
00000000
RetAddr : Args to Child : Call Site
fffff8062041a1dd : 00000000
000000ef ffffa681c68cd140 00000000
00000000 00000000`00000000 : nt!KeBugCheckEx
fffff806202f497b : 00000000
00000000 0000000000000000 ffffa681
c68cd140 fffff806`1fcdcef8 : nt!PsSetLegoNotifyRoutine+0x5dd
fffff806201d57c8 : ffffa681
00000000 0000000000000000 ffffa681
c68cd140 ffffa681`c68cd418 : nt!FsRtlRegisterFltMgrCalls+0x2051b
fffff806201d5599 : ffffffff
ffffffff ffffa58c5ffefa80 ffffa681
c68cd140 00000000`00000001 : nt!PsChargeProcessWakeCounter+0xbc8
fffff8061fdce285 : ffffa681
0000026c ffffa681c89c9080 ffffa681
c68cd140 00000000`00000000 : nt!PsChargeProcessWakeCounter+0x999
00007ffd6cdfeb14 : 00007ffd
68d483a1 0000000000000000 00000000
00000000 ffffffff`ee1e5d00 : nt!setjmpex+0x78c5
*** ERROR: Symbol file could not be found. Defaulted to export symbols for CSRSRV.dll -
00007ffd68d483a1 : 00000000
00000000 0000000000000000 ffffffff
ee1e5d00 00000000`00000c70 : ntdll+0x9eb14
00007ffd6ce07100 : 00000000
00000000 00007ffd6cea37a8 0000000c
802bddd8 00000000`00200040 : CSRSRV!CsrUnhandledExceptionFilter+0x131
0000000000000000 : 00007ffd
6cea37a8 0000000c802bddd8 00000000
00200040 00000000`00000000 : ntdll+0xa7100