参考来自:http://www.cnit.net.cn/?id=225
SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
ctrl + d to open dump_file
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Administrator\Desktop\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is availableSymbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600 Machine Name: Kernel base = 0xfffff800`0480b000 PsLoadedModuleList = 0xfffff800`04a4d750 Debug session time: Tue Aug 28 15:35:47.585 2018 (UTC + 8:00) System Uptime: 0 days 5:51:11.553 Loading Kernel Symbols ............................................................... ................................................................ ............................................... Loading User SymbolsLoading unloaded module list
....... ******************************************************************************* * * * Bugcheck Analysis * * * *******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck 18, {fffffa800c7bd230, fffffa800d201360, 1, 1}
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys Probably caused by : atikmdag.sys ( atikmdag+28710 )Followup: MachineOwner
---------0: kd> !analyze -v
******************************************************************************* * * * Bugcheck Analysis * * * *******************************************************************************REFERENCE_BY_POINTER (18)
Arguments: Arg1: fffffa800c7bd230, Object type of the object whose reference count is being lowered Arg2: fffffa800d201360, Object whose reference count is being lowered Arg3: 0000000000000001, Reserved Arg4: 0000000000000001, Reserved The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object the driver calls a kernel routine to increment the reference count of the object. When the driver is done with the pointer the driver calls another kernel routine to decrement the reference count. Drivers must match calls to the increment and decrement routines. This bugcheck can occur because an object's reference count goes to zero while there are still open handles to the object, in which case the fourth parameter indicates the number of opened handles. It may also occur when the objects reference count drops below zero whether or not there are open handles to the object, and in that case the fourth parameter contains the actual value of the pointer references count.Debugging Details:
------------------ DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULTBUGCHECK_STR: 0x18
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800048fc06d to fffff8000487be00
STACK_TEXT:
fffff800`05f818d8 fffff800`048fc06d : 00000000`00000018 fffffa80`0c7bd230 fffffa80`0d201360 00000000`00000001 : nt!KeBugCheckEx fffff800`05f818e0 fffff880`0fc62710 : 00000000`0000001f fffff880`0a7a10f8 fffffa80`0d201360 fffff880`0fc909eb : nt! ?? ::FNODOBFM::`string'+0x4160a fffff800`05f81940 fffff880`0fc64794 : fffffa80`110f3000 fffff800`04a07cc0 fffff800`05f81a80 00000000`00000000 : atikmdag+0x28710 fffff800`05f81980 fffff880`0fc71c20 : 00000000`00000000 fffffa80`1118d3d0 fffff880`0fe3a410 fffffa80`deadbeef : atikmdag+0x2a794 fffff800`05f819b0 fffff880`0fcbbf11 : 00000000`00000000 fffff800`05f81b30 fffffa80`1119e430 fffff880`0fc7594f : atikmdag+0x37c20 fffff800`05f819e0 fffff880`0fcbd5d6 : fffffa80`0feb2668 00000000`00000000 00000007`00000030 fffff880`00000008 : atikmdag+0x81f11 fffff800`05f81a60 fffff880`0fcbf2c4 : fffffa80`1118c000 fffffa80`1118d3d0 00000000`00000000 fffffa80`0c6e4720 : atikmdag+0x835d6 fffff800`05f81ae0 fffff880`0fcbf01f : fffffa80`1118c000 fffff800`04a07cc0 fffffa80`1118d3d0 00000000`00000000 : atikmdag+0x852c4 fffff800`05f81b10 fffff880`0fcb9fea : fffffa80`1118c000 fffffa80`0feb2040 fffffa80`0feb2668 00000000`00000003 : atikmdag+0x8501f fffff800`05f81bb0 fffff880`0fc5e864 : fffffa80`0f8901c0 00000000`00000002 00000000`00000000 00000000`00000000 : atikmdag+0x7ffea fffff800`05f81be0 fffff880`05eb4e75 : fffffa80`0f8b1d40 01d43ea1`bc9fc643 00000000`00000000 fffffa80`0feb2040 : atikmdag+0x24864 fffff800`05f81c10 fffff880`062af5b6 : 00000000`00000000 fffffa80`0feb2668 fffffa80`0f8b1d40 00000000`00000000 : atikmpag+0x9e75 fffff800`05f81c40 fffff800`048876ec : fffff800`049f9e80 0000000f`ce768dc5 0000000f`ce768b46 00000000`0000004b : dxgkrnl!DpiFdoDpcForIsr+0x2e fffff800`05f81c90 fffff800`04873b0a : fffff800`049f9e80 fffff800`04a07cc0 00000000`00000000 fffff880`062af588 : nt!KiRetireDpcList+0x1bc fffff800`05f81d40 00000000`00000000 : fffff800`05f82000 fffff800`05f7c000 fffff800`05f81d00 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kbFOLLOWUP_IP:
atikmdag+28710 fffff880`0fc62710 4883c710 add rdi,10hSYMBOL_STACK_INDEX: 2
SYMBOL_NAME: atikmdag+28710
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 55a70ac5
FAILURE_BUCKET_ID: X64_0x18_CORRUPT_REF_COUNT_atikmdag+28710
BUCKET_ID: X64_0x18_CORRUPT_REF_COUNT_atikmdag+28710
Followup: MachineOwner
---------0: kd> lmvm atikmdag
start end module name fffff880`0fc3a000 fffff880`11144000 atikmdag (no symbols) Loaded symbol image file: atikmdag.sys Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys Image name: atikmdag.sys Timestamp: Thu Jul 16 09:37:09 2015 (55A70AC5) CheckSum: 014A8B0F ImageSize: 0150A000 File version: 8.1.1.1500 Product version: 8.1.1.1500 File flags: 8 (Mask 3F) Private File OS: 40004 NT Win32 File type: 3.4 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Advanced Micro Devices, Inc. ProductName: ATI Radeon Family InternalName: atikmdag.sys OriginalFilename: atikmdag.sys ProductVersion: 8.01.01.1500 FileVersion: 8.01.01.1500 FileDescription: ATI Radeon Kernel Mode Driver LegalCopyright: Copyright (C) 1998-2012 Advanced Micro Devices, Inc.