Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- rm -rf
- ext4
- 디스크
- 리눅스
- CPU
- Linux
- Bash
- pid
- 칭찬교육
- ext3
- Hack
- PORT
- Python
- Cache
- PERL
- windows
- goaccess
- 솔라리스
- Performance
- 좌절교육
- rm
- cadre
- 쇼펜의상속자 #킨텍스메가쇼 #섬유향수탈취제
- Kernel
- Disk
- apachetop
- iptables
- rsync
- http
- DNS
Archives
- Today
- Total
Ben's
Windows7 Blue Screen시 WinDBG 로 디버깅하여 원인 찾기 본문
728x90
안녕하세요.. 제 컴퓨터가 어제 두번이나 블루스크린을 일으키면서 다운이 됐네요 ㅡ.ㅡ;
예전에는 블루스크린 떴을때 막막했는데..
찾아보니 원인을 찾을수 있는 방법이 있더구요..
관련링크 참조
http://blogs.technet.com/b/koreapartner/archive/2010/01/19/3306552.aspx
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
http://www.microsoft.com/download/en/confirmation.aspx?id=8279
1. Windows SDK 설치(이걸 설치하면 여러가지 tool 이 설치되는데 이중에 WinDBG가 포함되어 있더군요)
2. 블루스크린시 남겨진 C:\Windows\MEMORY.DMP 파일을 로딩(WinDBG 실행 -> File -> Open Crash Dump... )
- 주의!! WinDBG 실행시 마우스 오른쪽 버튼을 이용하여 "관리자 권한으로 실행" 으로 실행해야 합니다.
3. 성공적으로 로딩되면 아래와 같은 화면이 나옵니다.
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -yargument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.x86fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0x82e3d000 PsLoadedModuleList = 0x82f864f0
Debug session time: Tue Oct 18 17:17:05.533 2011 (UTC + 9:00)
System Uptime: 24 days 21:59:04.207
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -yargument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
4. 이 상태에서 맨 하단 kd> 라는 프롬프트에서 !analyze -v 입력하면 디버깅 결과가 아래와 같이 출력됩니다.
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: 8d44d008, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: 92a2fc26, The pointer into responsible device driver module (e.g. owner tag).
Arg3: 00000000, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 00000002, Optional internal context dependent data.
Debugging Details:
------------------
*** ERROR: Module load completed but symbols could not be loaded for dxgmms1.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: 82e3d000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a8a1a1e
FAULTING_IP:
atikmdag+fc26
92a2fc26 8bff mov edi,edi
DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT ===> 이부분이 중요하겠죠 ^^
BUGCHECK_STR: 0x116
CURRENT_IRQL: 0
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
9343ab74 92fc207b 00000116 8d44d008 92a2fc26 nt!KeBugCheckEx+0x1e
9343ab98 92fb6937 92a2fc26 00000000 00000002 dxgkrnl+0x8d07b
9343abbc 8c00692c 00000000 00000102 87227788 dxgkrnl+0x81937
9343ac34 8c030944 fffffcfb 0839a486 00000000 dxgmms1+0x692c
9343ac5c 8c031065 00000000 00000000 00000000 dxgmms1+0x30944
9343ac98 8c00d8f0 9343ac90 88b44f08 b1104008 dxgmms1+0x31065
9343ad28 8c0323c9 87227788 82e74509 87227788 dxgmms1+0xd8f0
9343ad3c 8c032485 87227788 00000000 87b76b48 dxgmms1+0x323c9
9343ad50 83045fda 87227788 a2f0c21f 00000000 dxgmms1+0x32485
9343ad90 82eee1d9 8c032406 87227788 00000000 nt!RtlAnsiStringToUnicodeString+0x19d
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x3c8
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
atikmdag+fc26
92a2fc26 8bff mov edi,edi
SYMBOL_NAME: atikmdag+fc26
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
5. 결론: 그래픽 드라이버 문제로 인해 블루스크린이 발생하였다고 나와서 그래픽 드라이버 업그레이드를 하였습니다.
첫번째 글이라 기분 좋네요
다음에 더 좋은 내용 올리도록 할께요
예전에는 블루스크린 떴을때 막막했는데..
찾아보니 원인을 찾을수 있는 방법이 있더구요..
관련링크 참조
http://blogs.technet.com/b/koreapartner/archive/2010/01/19/3306552.aspx
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
http://www.microsoft.com/download/en/confirmation.aspx?id=8279
1. Windows SDK 설치(이걸 설치하면 여러가지 tool 이 설치되는데 이중에 WinDBG가 포함되어 있더군요)
2. 블루스크린시 남겨진 C:\Windows\MEMORY.DMP 파일을 로딩(WinDBG 실행 -> File -> Open Crash Dump... )
- 주의!! WinDBG 실행시 마우스 오른쪽 버튼을 이용하여 "관리자 권한으로 실행" 으로 실행해야 합니다.
3. 성공적으로 로딩되면 아래와 같은 화면이 나옵니다.
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.x86fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0x82e3d000 PsLoadedModuleList = 0x82f864f0
Debug session time: Tue Oct 18 17:17:05.533 2011 (UTC + 9:00)
System Uptime: 24 days 21:59:04.207
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
4. 이 상태에서 맨 하단 kd> 라는 프롬프트에서 !analyze -v 입력하면 디버깅 결과가 아래와 같이 출력됩니다.
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
VIDEO_TDR_FAILURE (116)
Attempt to reset the display driver and recover from timeout failed.
Arguments:
Arg1: 8d44d008, Optional pointer to internal TDR recovery context (TDR_RECOVERY_CONTEXT).
Arg2: 92a2fc26, The pointer into responsible device driver module (e.g. owner tag).
Arg3: 00000000, Optional error code (NTSTATUS) of the last failed operation.
Arg4: 00000002, Optional internal context dependent data.
Debugging Details:
------------------
*** ERROR: Module load completed but symbols could not be loaded for dxgmms1.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: 82e3d000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a8a1a1e
FAULTING_IP:
atikmdag+fc26
92a2fc26 8bff mov edi,edi
DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT ===> 이부분이 중요하겠죠 ^^
BUGCHECK_STR: 0x116
CURRENT_IRQL: 0
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
9343ab74 92fc207b 00000116 8d44d008 92a2fc26 nt!KeBugCheckEx+0x1e
9343ab98 92fb6937 92a2fc26 00000000 00000002 dxgkrnl+0x8d07b
9343abbc 8c00692c 00000000 00000102 87227788 dxgkrnl+0x81937
9343ac34 8c030944 fffffcfb 0839a486 00000000 dxgmms1+0x692c
9343ac5c 8c031065 00000000 00000000 00000000 dxgmms1+0x30944
9343ac98 8c00d8f0 9343ac90 88b44f08 b1104008 dxgmms1+0x31065
9343ad28 8c0323c9 87227788 82e74509 87227788 dxgmms1+0xd8f0
9343ad3c 8c032485 87227788 00000000 87b76b48 dxgmms1+0x323c9
9343ad50 83045fda 87227788 a2f0c21f 00000000 dxgmms1+0x32485
9343ad90 82eee1d9 8c032406 87227788 00000000 nt!RtlAnsiStringToUnicodeString+0x19d
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimerEx+0x3c8
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
atikmdag+fc26
92a2fc26 8bff mov edi,edi
SYMBOL_NAME: atikmdag+fc26
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
5. 결론: 그래픽 드라이버 문제로 인해 블루스크린이 발생하였다고 나와서 그래픽 드라이버 업그레이드를 하였습니다.
첫번째 글이라 기분 좋네요
다음에 더 좋은 내용 올리도록 할께요
'Other OS > 윈도우' 카테고리의 다른 글
| EMET(Enhanced Mitigation Experience Toolkit) (0) | 2013.01.21 |
|---|---|
| window time_wait 줄이기 (0) | 2013.01.21 |
| GUID (0) | 2013.01.21 |
| autoruns, tcpview, processexplorer (0) | 2013.01.17 |
| icesword(anti rootkit) (0) | 2013.01.17 |