windbg 命令
https://blog.csdn.net/weixin_30527551/article/details/96035143
Loading Dump File [Z:\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: srv*d:\Sym\sym_win*\\10.26.15.3\share\sym\sym_win*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x83c15000 PsLoadedModuleList = 0x83d5d810
Debug session time: Mon Jun 13 12:40:09.541 2011 (GMT+8)
System Uptime: 0 days 1:10:09.198
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for details
Loading unloaded module list
.....
kd> kv
ChildEBP RetAddr Args to Child
97203c58 83c5b5f8 00000000 99b4d000 00000000 nt!MmAccessFault+0x106
97203c58 83c2f8a7 00000000 99b4d000 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 97203c70)
*** ERROR: Module load completed but symbols could not be loaded for SPPsFlt.sys
97203ce4 8bc09f7e 99b4ced8 0000002e 013af4e0 nt!wcsrchr+0xa (FPO: [2,0,0])
WARNING: Stack unwind information not available. Following frames may be wrong.
97203d10 83c5842a 013af4e0 000f0005 00000000 SPPsFlt+0x1f7e
97203d10 773964f4 013af4e0 000f0005 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 97203d34)
013af4c4 00000000 00000000 00000000 00000000 0x773964f4
kd> !sym noisy
noisy mode - symbol prompts on
kd> .reload /f sppsflt.sys
SYMSRV: d:\sym\sym_win\SPPsFltDrv.pdb\93597CC9B295424BBD730F24561F46E41\SPPsFltDrv.pdb not found
SYMSRV: \\10.26.15.3\share\sym\sym_win\SPPsFltDrv.pdb\93597CC9B295424BBD730F24561F46E41\SPPsFltDrv.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/SPPsFltDrv.pdb/93597CC9B295424BBD730F24561F46E41/SPPsFltDrv.pdb not found
DBGHELP: d:\WaterBox\UEM8.0\Src\Client\pdb\SPPsFltDrv.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for SPPsFlt.sys
DBGHELP: SPPsFlt - no symbols loaded
kd> lmvm sppsflt
start end module name
8bc08000 8bc13000 SPPsFlt (no symbols)
Loaded symbol image file: SPPsFlt.sys
Image path: \SystemRoot\system32\SPPsFlt.sys
Image name: SPPsFlt.sys
Timestamp: Thu Jun 02 10:26:46 2011 (4DE6F4E6)
CheckSum: 0000B146
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
kd> lmvm wbsecdoc
start end module name
8ba00000 8ba23000 WBSecDoc (deferred)
Image path: \SystemRoot\system32\WBSecDoc.sys
Image name: WBSecDoc.sys
Timestamp: Mon Jun 13 09:40:32 2011 (4DF56A90)
CheckSum: 0002E220
ImageSize: 00023000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
kd> lm
start end module name
80bb8000 80bc0000 kdcom (deferred)
83c15000 84025000 nt (pdb symbols) d:\sym\sym_win\ntkrpamp.pdb\5B308B4ED6464159B87117C711E7340C2\ntkrpamp.pdb
84025000 8405c000 hal (deferred)
84208000 84280000 mcupdate_GenuineIntel (deferred)
84280000 84291000 PSHED (deferred)
84291000 84299000 BOOTVID (deferred)
84299000 842db000 CLFS (deferred)
842db000 84386000 CI (deferred)
84386000 843f7000 Wdf01000 (deferred)
84815000 84823000 WDFLDR (deferred)
84823000 8486b000 ACPI (deferred)
8486b000 84874000 WMILIB (deferred)
84874000 8487c000 msisadrv (deferred)
8487c000 848a6000 pci (deferred)
848a6000 848b1000 vdrvroot (deferred)
848b1000 848c2000 partmgr (deferred)
848c2000 848ca000 compbatt (deferred)
848ca000 848d5000 BATTC (deferred)
848d5000 848e5000 volmgr (deferred)
848e5000 84930000 volmgrx (deferred)
84930000 84937000 intelide (deferred)
84937000 84945000 PCIIDEX (deferred)
84945000 8495b000 mountmgr (deferred)
8495b000 84964000 atapi (deferred)
84964000 84987000 ataport (deferred)
84987000 8499f000 lsi_sas (deferred)
8499f000 849e6000 storport (deferred)
849e6000 849ef000 amdxata (deferred)
84a00000 84a13000 rspndr (deferred)
84a1f000 84a53000 fltmgr (deferred)
84a53000 84a64000 fileinfo (deferred)
84a64000 84a73000 SPFile (deferred)
84a73000 84ba2000 Ntfs (deferred)
84ba2000 84bcd000 msrpc (deferred)
84bcd000 84be0000 ksecdd (deferred)
84be0000 84bf0000 lltdio (deferred)
8ba00000 8ba23000 WBSecDoc (deferred)
8ba24000 8ba81000 cng (deferred)
8ba81000 8ba8f000 pcw (deferred)
8ba8f000 8ba98000 Fs_Rec (deferred)
8ba98000 8bb4f000 ndis (deferred)
8bb4f000 8bb8d000 NETIO (deferred)
8bb8d000 8bbb2000 ksecpkg (deferred)
8bbb2000 8bbdf000 rdyboost (deferred)
8bbdf000 8bbfa000 luafv (deferred)
8bc00000 8bc08000 hwpolicy (deferred)
8bc08000 8bc13000 SPPsFlt (no symbols)
8bc1c000 8bd65000 tcpip (deferred)
8bd65000 8bd96000 fwpkclnt (deferred)
8bd96000 8bd9f000 vmstorfl (deferred)
8bd9f000 8bdde000 volsnap (deferred)
8bdde000 8bde6000 spldr (deferred)
8bde6000 8bded000 SPCdr (deferred)
8bded000 8bdfd000 mup (deferred)
8be00000 8be18000 dump_LSI_SAS (deferred)
8be20000 8be52000 fvevol (deferred)
8be52000 8be63000 disk (deferred)
8be63000 8be88000 CLASSPNP (deferred)
8be88000 8be98000 agp440 (deferred)
8be98000 8beaf000 usbccgp (deferred)
8beaf000 8bec2000 HIDCLASS (deferred)
8bec2000 8bec8480 HIDPARSE (deferred)
8bec9000 8bed4000 mouhid (deferred)
8bed8000 8bef7000 cdrom (deferred)
8bef7000 8befe000 Null (deferred)
8befe000 8bf05000 Beep (deferred)
8bf05000 8bf0c300 vmrawdsk (deferred)
8bf0d000 8bf19000 vga (deferred)
8bf19000 8bf3a000 VIDEOPRT (deferred)
8bf3a000 8bf47000 watchdog (deferred)
8bf47000 8bf4f000 RDPCDD (deferred)
8bf4f000 8bf57000 rdpencdd (deferred)
8bf57000 8bf5f000 rdprefmp (deferred)
8bf5f000 8bf6a000 Msfs (deferred)
8bf6a000 8bf78000 Npfs (deferred)
8bf78000 8bf8f000 tdx (deferred)
8bf8f000 8bf9a000 TDI (deferred)
8bf9a000 8bfa8300 SPTdi (deferred)
8bfa9000 8bff4000 USBPORT (deferred)
8bff4000 8bfff000 monitor (deferred)
92200000 9221d000 E1G60I32 (deferred)
92223000 9227d000 afd (deferred)
9227d000 922af000 netbt (deferred)
922af000 922b8000 ws2ifsl (deferred)
922b8000 922bf000 wfplwf (deferred)
922bf000 922de000 pacer (deferred)
922de000 922ec000 netbios (deferred)
922ec000 92309b80 vmhgfs (deferred)
9230a000 92324000 serial (deferred)
92324000 9232d000 vmdebug (deferred)
9232d000 92340000 wanarp (deferred)
92340000 92350000 termdd (deferred)
92350000 92391000 rdbss (deferred)
92391000 9239b000 nsiproxy (deferred)
9239b000 923a2f00 npf (deferred)
923a3000 923ad000 mssmbios (deferred)
923ad000 923b9000 discache (deferred)
923b9000 923f2000 dxgmms1 (deferred)
923f2000 923fd000 hidusb (deferred)
9243a000 924bf000 HTTP (deferred)
924bf000 924d8000 bowser (deferred)
924d8000 924ea000 mpsdrv (deferred)
924ea000 9250d000 mrxsmb (deferred)
9250d000 92548000 mrxsmb10 (deferred)
92548000 92563000 mrxsmb20 (deferred)
92563000 9256a000 parvdm (deferred)
9256a000 9256be00 vmmemctl (deferred)
92606000 9266a000 csc (deferred)
9266a000 92682000 dfsc (deferred)
92682000 92690000 blbdrive (deferred)
92690000 926b1000 tunnel (deferred)
926b1000 926c9000 i8042prt (deferred)
926c9000 926d6000 kbdclass (deferred)
926d6000 926d7280 vmmouse (deferred)
926d8000 926e5000 mouclass (deferred)
926e5000 926fd000 parport (deferred)
926fd000 92707000 serenum (deferred)
92707000 92712000 fdc (deferred)
92712000 9271f600 vmci (deferred)
92720000 92734000 vm3dmp (deferred)
92734000 927eb000 dxgkrnl (deferred)
927eb000 927f6000 usbuhci (deferred)
927f6000 927fa800 vmaudio (deferred)
92800000 9280a000 Dxapi (deferred)
9280a000 9280b700 USBD (deferred)
9280f000 9283e000 portcls (deferred)
9283e000 92857000 drmk (deferred)
92857000 9288b000 ks (deferred)
9288b000 9289a000 usbehci (deferred)
9289a000 9289d700 CmBatt (deferred)
9289e000 928b0000 intelppm (deferred)
928b0000 928bd000 CompositeBus (deferred)
928bd000 928cf000 AgileVpn (deferred)
928cf000 928e7000 rasl2tp (deferred)
928e7000 928f2000 ndistapi (deferred)
928f2000 92914000 ndiswan (deferred)
92914000 9292c000 raspppoe (deferred)
9292c000 92943000 raspptp (deferred)
92943000 9295a000 rassstp (deferred)
9295a000 92964000 rdpbus (deferred)
92964000 92965380 swenum (deferred)
92966000 92974000 umbus (deferred)
92974000 9297e000 flpydisk (deferred)
9297e000 929c2000 usbhub (deferred)
929c2000 929d3000 NDProxy (deferred)
929d3000 929e0000 crashdmp (deferred)
929e0000 929ea000 dump_diskdump (deferred)
929ea000 929fb000 dump_dumpfve (deferred)
95f30000 9617a000 win32k (deferred)
96190000 96199000 TSDDD (deferred)
961c0000 961de000 cdd (deferred)
9740c000 974a3000 peauth (deferred)
974a3000 974ad000 secdrv (deferred)
974ad000 974ce000 srvnet (deferred)
974ce000 974db000 tcpipreg (deferred)
974db000 9752a000 srv2 (deferred)
9752a000 9757b000 srv (deferred)
975e5000 975ed000 SPRegFlt (deferred)
Unloaded modules:
9757b000 975e5000 spsys.sys
8be98000 8bea5000 crashdmp.sys
8bea5000 8beaf000 dump_storport.sys
8beaf000 8bec7000 dump_LSI_SAS.sys
8bec7000 8bed8000 dump_dumpfve.sys
kd> .reload /f sppsflt.sys
DBGHELP: d:\sym\sym_win\SPPsFltDrv.pdb\93597CC9B295424BBD730F24561F46E41\SPPsFltDrv.pdb - mismatched pdb
DBGHELP: d:\WaterBox\UEM8.0\Src\Client\pdb\SPPsFltDrv.pdb - file not found
DBGHELP: Couldn't load mismatched pdb for SPPsFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for SPPsFlt.sys
DBGHELP: SPPsFlt - no symbols loaded
kd> lmvm sppsflt
start end module name
8bc08000 8bc13000 SPPsFlt (no symbols)
Loaded symbol image file: SPPsFlt.sys
Image path: \SystemRoot\system32\SPPsFlt.sys
Image name: SPPsFlt.sys
Timestamp: Thu Jun 02 10:26:46 2011 (4DE6F4E6)
CheckSum: 0000B146
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
kd> .reload /f sppsflt.sys
DBGHELP: SPPsFlt - private symbols & lines
d:\sym\sym_win\SPPsFltDrv.pdb\93597CC9B295424BBD730F24561F46E41\SPPsFltDrv.pdb
kd> kv
ChildEBP RetAddr Args to Child
97203c58 83c5b5f8 00000000 99b4d000 00000000 nt!MmAccessFault+0x106
97203c58 83c2f8a7 00000000 99b4d000 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 97203c70)
97203ce4 8bc09f7e 99b4ced8 0000002e 013af4e0 nt!wcsrchr+0xa (FPO: [2,0,0])
97203d10 83c5842a 013af4e0 000f0005 00000000 SPPsFlt!NewZwCreateSection+0x5d
97203d10 773964f4 013af4e0 000f0005 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 97203d34)
WARNING: Frame IP not in any known module. Following frames may be wrong.
013af4c4 00000000 00000000 00000000 00000000 0x773964f4
cmd中md创建目录;看虚拟机或其他内核用Kernel Debug打开,看dump用Open Crash Dump.txt
1.File→Symbol File Path
srv*d:\Sym\sym_win*\\10.26.15.3\share\sym\sym_win*http://msdl.microsoft.com/download/symbols
2.kv
3.出现“*** WARNING: Unable to verify checksum for XXXXX”,则!sym noisy
4..reload /f XXXXX
5.cmd→md ,然后将需要的文件拷贝至此目录下
6.kv
7.如果没有Exception字样,则 ~*kv 查看所有线程
8.然后Ctrl+F,查找“Exception”,找到出问题的线程NUM
9.~NUM kv,继续找问题
10..kframes 100查看深度
Default stack trace depth is 0n256 frames
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了