一、前言
部分敏感信息已去除
我的工作电脑最近一直出现WHEA_UNCORRECTABLE_ERROR的蓝屏,可以确认是因为8月更新导致的硬盘损坏。我已经在8月8号卸载了更新,但是实际上在7号-18号一直存在不断蓝屏,直到 我换了硬盘后。拷数据的时候也有很多问题,这个下期说。
二、系统日志分析
部分的事件日志如下:
1 0 2 0 0 0x8000000000000002 283318 System xxx-computer-name
298 435045521002FFFFFFFF010001000000070000002A0100001B0A01000F0819143C60C1835215A74887D114D9467D7765000000000000000000000000000000008D7C2157665EFB4480339B74CACEDF5B03F83300702E884E992C6F26DAF3DB7AD0E94279E40CDC01080000000000000000000000000000000000000000000000C8000000620000000003020001000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000053544F52504F5254010062000000030001000500110000000947A4E2206EEE118D47806E6F6E6963730074006F0072006E0076006D006500000000000000000000000000000000004E564D652020202000534B2068796E6978205043383031204800
将raw-data 转成ascii后,可得:
CPERÿÿÿÿ*
<`ÁR§HÑÙF}we|!Wf^ûD3tÊÎß[ø3p.N,o&ÚóÛz=´ ÜÈbSTORPORTb G¤â nîGnonicstornvmeNVMe SK hynix PC801 H 大概可确定是硬盘问题。
三、对蓝屏的WHEA Dump分析
对相应WHEA的dump解析后,又发现可能是CPU问题引发。
6: kd> !analyze -v
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
…………………………………………………….
……………………………………………………….
………………………………………………………
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000d5`fb490018). Type ".hh dbgerr001" for details
Mini Kernel Dump does not contain unloaded driver list
*
Bugcheck Analysis *
*
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
nt!_WHEA_ERROR_RECORD structure that describes the error condition. Try !errrec Address of the nt!_WHEA_ERROR_RECORD structure to get more details.
Arguments:
Arg1: 0000000000000007, BOOT Error
Arg2: ffff9b02f3060030, Address of the nt!_WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
Mini Kernel Dump does not contain unloaded driver list
Mini Kernel Dump does not contain unloaded driver list
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 968
Key : Analysis.Elapsed.mSec
Value: 977
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 11
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 1562
Key : Analysis.Init.Elapsed.mSec
Value: 70404
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : Analysis.Version.DbgEng
Value: 10.0.27871.1001
Key : Analysis.Version.Description
Value: 10.2505.01.02 amd64fre
Key : Analysis.Version.Ext
Value: 1.2505.1.2
Key : Bugcheck.Code.LegacyAPI
Value: 0x124
Key : Bugcheck.Code.TargetModel
Value: 0x124
Key : Dump.Attributes.AsUlong
Value: 0x18
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: LKD_0x124_7_GenuineIntel__UNKNOWN_IMAGE_GenuineIntel.sys
Key : Failure.Hash
Value: {5ea80f6a-69bf-5d6f-8fd2-cd87deb91a03}
BUGCHECK_CODE: 124
BUGCHECK_P1: 7
BUGCHECK_P2: ffff9b02f3060030
BUGCHECK_P3: 0
BUGCHECK_P4: 0
FILE_IN_CAB: WHEA-20250812-1628.dmp
DUMP_FILE_ATTRIBUTES: 0x18
Kernel Generated Triage Dump
Live Generated Dump
FAULTING_THREAD: ffff9b02f4686080
PROCESS_NAME: smss.exe
STACK_TEXT:
ffffcb05ac2080d0 fffff8018535e15f : ffff9b02f3060010 0000000000000000 ffff9b02f3060030 0000000000000022 : nt!LkmdTelCreateReport+0x139
ffffcb05ac208610 fffff8018535e056 : ffff9b02f3060010 fffff80100000000 000000d500000000 000000d5fb77f9a0 : nt!WheapReportLiveDump+0x7b
ffffcb05ac208650 fffff801851d415d : 0000000000000001 ffffcb05ac208ac0 000000d5fb77f9a0 0000000000000318 : nt!WheapReportDeferredLiveDumps+0x7a
ffffcb05ac208680 fffff80185107b77 : 0000000000000000 0000000000000000 0000000000000000 fffff80100000000 : nt!WheaCrashDumpInitializationComplete+0x59
ffffcb05ac2086b0 fffff80184e11305 : ffff9b02f4680000 ffff9b02f29efcf0 ffffcb05ac208ac0 ffff9b0200000000 : nt!NtSetSystemInformation+0x1f7
ffffcb05ac208a40 00007ff960d50a64 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
000000d5fb77f948 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ff9`60d50a64
MODULE_NAME: GenuineIntel
IMAGE_NAME: GenuineIntel.sys
STACK_COMMAND: .process /r /p 0xffff9b02f5a89040; .thread 0xffff9b02f4686080 ; kb
FAILURE_BUCKET_ID: LKD_0x124_7_GenuineIntel__UNKNOWN_IMAGE_GenuineIntel.sys
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {5ea80f6a-69bf-5d6f-8fd2-cd87deb91a03}
Followup: MachineOwner
通过errrec进一步分析。
6: kd> !errrec ffff9b02f3060030
Common Platform Error Record @ ffff9b02f3060030
Record Id : 01dc0b6316f6d459
Severity : Fatal (1)
Length : 3408
Creator : Microsoft
Notify Type : BOOT Error Record
Timestamp : 8/12/2025 8:28:35 (UTC)
Flags : 0x00000002 PreviousError
===============================================================================
Section 0 : Firmware Error Record Reference
Descriptor @ ffff9b02f30600b0
Section @ ffff9b02f3060140
Offset : 272
Length : 2592
Flags : 0x00000000
Severity : Fatal
===============================================================================
Section 1 : Firmware Error Record Reference
Descriptor @ ffff9b02f30600f8
Section @ ffff9b02f3060b60
Offset : 2864
Length : 544
Flags : 0x00000000
Severity : Fatal
6: kd> !errrec ffff9b02f3060140 ===============================================================================
Common Platform Error Record @ ffff9b02f3060140
---------------------------------------------
Signature : *** INVALID ***
Revision : 0.0
Record Id : 002000201100009f
Severity : Recoverable (0)
Length : 1302251928
Creator : {00034448-3324-0002-0200-000000000200}
Notify Type : {0204c700-ff4f-f08f-09ff-63600af30060}
Platform Id : {01036302-0280-0000-39f2-e92400000000}
Flags : 0x01004000
6: kd> !errrec ffff9b02f3060b60 ===============================================================================
Common Platform Error Record @ ffff9b02f3060b60
-------------------------------------------------------------------------------
Signature : *** INVALID ***
Revision : 0.0
Record Id : 33ae2f73378fad3c
Severity : Recoverable (0)
Length : 1302251928
Creator : {378f9c2c-2304-0000-6f9f-8f3702230000}
Notify Type : {378fa060-2303-0000-f8a1-8f3705230000}
Platform Id : {11036101-0080-0000-0000-0000443c01fe}
Flags : 0x00002305
Recovered Simulated
6: kd> !errrec ffff9b02f30600f8 ===============================================================================
Common Platform Error Record @ ffff9b02f30600f8
-------------------------------------------------------------------------------
Signature : *** INVALID ***
Revision : 2.32
Record Id : 6d4f8c516560c4a0
Severity : Recoverable (0)
Length : 1234569709
Creator : {00000000-0000-0000-0202-000000000000}
Notify Type : {00000000-0000-0000-11f3-878f98c99e4d}
Timestamp : 142/156/23805 141:113:148 (UTC)
Platform Id : {00000001-0000-0000-0000-000000000000}
Flags : 0x01036302 PreviousError
6: kd> !errrec ffff9b02f3060b60 ===============================================================================
Common Platform Error Record @ ffff9b02f3060b60
-------------------------------------------------------------------------------
Signature : *** INVALID ***
Revision : 0.0
Record Id : 33ae2f73378fad3c
Severity : Recoverable (0)
Length : 1302251928
Creator : {378f9c2c-2304-0000-6f9f-8f3702230000}
Notify Type : {378fa060-2303-0000-f8a1-8f3705230000}
Platform Id : {11036101-0080-0000-0000-0000443c01fe}
Flags : 0x00002305 Recovered Simulated可以看到堆栈:
nt!LkmdTelCreateReport
nt!WheapReportLiveDump
nt!WheapReportDeferredLiveDumps
nt!WheaCrashDumpInitializationComplete
nt!NtSetSystemInformation到这一步,我基本排除了CPU的问题。估摸着应该是硬盘在启动时就损坏导致日志记录不完整和报硬件错误。
错误类型是报Intel的GenuineIntel.sys模块,启动时报的硬件错误 (BOOT Error, Parameter 1 = 0x7)。所有子错误记录显示"*** INVALID ***"签名,还有内存异常的长度值(1302251928, 1234569709)和无效的时间戳等等。
通过dump进一步检查硬件信息
6: kd> !sysinfo cpuinfo
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
6: kd> !sysinfo machineid
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
6: kd> vertarget
Windows 10 Kernel Version 19045 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`7ca00000 PsLoadedModuleList = 0xfffff802`7d62a3f0
Debug session time: Tue Aug 12 13:56:29.344 2025 (UTC + 8:00)
System Uptime: 0 days 0:00:14.123再看看蓝屏的whea sourcelog
6: kd> !whea
Error Source Table @ fffff8027d6db090
0 Error Sources看看内存
6: kd> !vm
fffff8027d6fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
GetUlongPtrFromAddress: unable to read from 0000000000000000
GetUlongPtrFromAddress: unable to read from 0000000000000000
GetUlongPtrFromAddress: unable to read from 0000000000000000
GetUlongPtrFromAddress: unable to read from 0000000000000000
GetUlongFromAddress: unable to read from 0000000000000000
0000000000000000: Unable to get paged pool info
GetUlongFromAddress: unable to read from 0000000000000000
GetUlongFromAddress: unable to read from 0000000000000000
GetUlongPtrFromAddress: unable to read from 0000000000000000
GetUlongPtrFromAddress: unable to read from 0000000000000000
unable to get nt!MmTotalPagesForPagingFile
GetUlongPtrFromAddress: unable to read from 0000000000000000
GetUlongPtrFromAddress: unable to read from 0000000000000000
************ NO PAGING FILE *********************
Physical Memory: 0 ( 0 Kb)
Available Pages: 0 ( 0 Kb)
ResAvail Pages: 0 ( 0 Kb)
********** Running out of physical memory **********
Locked IO Pages: 0 ( 0 Kb)
Free System PTEs: 0 ( 0 Kb)
********** Running out of system PTEs **************
Modified Pages: 0 ( 0 Kb)
Modified PF Pages: 0 ( 0 Kb)
Modified No Write Pages: 0 ( 0 Kb)
Failed to read pool stats
GetUlongFromAddress: unable to read from fffff8027d616b28
GetUlongFromAddress: unable to read from fffff8027d6fc404
Processor Commit: 0 ( 0 Kb)
Unable to read nt!_LIST_ENTRY.Flink at 0000000000000000
Shared Commit: 0 ( 0 Kb)
Kernel Stacks: 0 ( 0 Kb)
Pages For MDLs: 0 ( 0 Kb)
ContigMem Pages: 0 ( 0 Kb)
Partition Pages: 0 ( 0 Kb)
Pages For AWE: 0 ( 0 Kb)
NonPagedPool Commit: 0 ( 0 Kb)
PagedPool Commit: 0 ( 0 Kb)
Driver Commit: 0 ( 0 Kb)
SmallNonPagedPtesCommit: 0 ( 0 Kb)
SlabAllocatorPages: 0 ( 0 Kb)
SkPagesInUnchargedSlabs: 0 ( 0 Kb)
CrossPartitionCommit: 0 ( 0 Kb)
ProcessLockedFilePages: 0 ( 0 Kb)
Pagefile Hash Pages: 0 ( 0 Kb)
Sum System Commit: 0 ( 0 Kb)
********** Number of committed pages is near limit ********
Unable to read/NULL value _LIST_ENTRY @ fffff8027d61e200
ProcessCommitUsage could not be calculated
Committed pages: 0 ( 0 Kb)
Commit limit: 0 ( 0 Kb)
6: kd> !pfn
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
Unable to get PFN database address fffff8027d6fc510检查下cpu
6: kd> !cpuinfo
CP F/M/S Manufacturer MHz PRCB Signature MSR 8B Signature Features ArchitectureClass
6 6,186,2 GenuineIntel 2611 0000412800000000 3d1b3fff 1
6: kd> r cr4
cr4=0000000000350ef8最后是pci设备。但是因为whea蓝屏只能记录部分信息,估计是没有pci设备了
6: kd> !pci
This dump does not seem to contain PCI secondary dump data!
6: kd> lm m nt
Browse full module list
start end module name
fffff802`7ca00000 fffff802`7da46000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\495E39042A6983378CBD822FEB4E91ED1\ntkrnlmp.pdb
6: kd> lmD
start end module name
fffff0a1`55f60000 fffff0a1`55ffb000 win32k (deferred)
fffff802`789d0000 fffff802`78c5f000 mcupdate (deferred)
fffff802`78c60000 fffff802`78c66000 hal (deferred)
fffff802`78c70000 fffff802`78c7b000 kdcom (deferred)
fffff802`78c80000 fffff802`78ca8000 tm (deferred)
fffff802`78cb0000 fffff802`78d1e000 CLFS (deferred)
fffff802`78d20000 fffff802`78d3a000 PSHED # (pdb symbols) C:\ProgramData\Dbg\sym\pshed.pdb\BEBB43BEE110C16E1F5490CC2A9B1B0B1\pshed.pdb
fffff802`78d40000 fffff802`78d4b000 BOOTVID (deferred)
fffff802`78d50000 fffff802`78dbd000 FLTMGR (deferred)
fffff802`78dc0000 fffff802`78dcc000 ntosext (deferred)
fffff802`7ca00000 fffff802`7da46000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\495E39042A6983378CBD822FEB4E91ED1\ntkrnlmp.pdb
fffff802`7e200000 fffff802`7e317000 clipsp (deferred)
fffff802`7e320000 fffff802`7e34c000 ksecdd (deferred)
fffff802`7e350000 fffff802`7e3b2000 msrpc (deferred)
fffff802`7e3c0000 fffff802`7e3d0000 cmimcext (deferred)
fffff802`7e3e0000 fffff802`7e3f1000 werkernel # (pdb symbols) C:\ProgramData\Dbg\sym\WerKernel.pdb\86F55FEFF835FFD5A0CFB253EDDE741E1\WerKernel.pdb
fffff802`7e400000 fffff802`7e4ec000 CI (deferred)
fffff802`7e4f0000 fffff802`7e5ab000 cng (deferred)
fffff802`7e5b0000 fffff802`7e681000 Wdf01000 (deferred)
fffff802`7e690000 fffff802`7e6a3000 WDFLDR (deferred)
fffff802`7e6b0000 fffff802`7e6bf000 SleepStudyHelper (deferred)
fffff802`7e6c0000 fffff802`7e6d1000 WppRecorder (deferred)
fffff802`7e6e0000 fffff802`7e706000 acpiex (deferred)
fffff802`7e710000 fffff802`7e71e000 msseccore (deferred)
fffff802`7e720000 fffff802`7e7ec000 ACPI (deferred)
fffff802`7e7f0000 fffff802`7e7fc000 WMILIB (deferred)
fffff802`7e800000 fffff802`7e80b000 msisadrv (deferred)
fffff802`7e810000 fffff802`7e887000 pci (deferred)
fffff802`7e890000 fffff802`7e8d5000 tpm (deferred)
fffff802`7e910000 fffff802`7e97b000 intelpep (deferred)
fffff802`7e980000 fffff802`7e998000 WindowsTrustedRT (deferred)
fffff802`7e9a0000 fffff802`7e9ab000 IntelTA (deferred)
fffff802`7e9b0000 fffff802`7e9bb000 WindowsTrustedRTProxy (deferred)
fffff802`7e9c0000 fffff802`7e9d4000 pcw (deferred)
fffff802`7e9e0000 fffff802`7e9f5000 vdrvroot (deferred)
fffff802`7ea00000 fffff802`7ea30000 pdc (deferred)
fffff802`7ea40000 fffff802`7ea59000 CEA (deferred)
fffff802`7ea60000 fffff802`7ea91000 partmgr (deferred)
fffff802`7eaa0000 fffff802`7eb4b000 spaceport (deferred)
fffff802`7eb50000 fffff802`7eb69000 volmgr (deferred)
fffff802`7eb70000 fffff802`7ebd3000 volmgrx (deferred)
fffff802`7ebe0000 fffff802`7ebfe000 mountmgr (deferred)
fffff802`7ec00000 fffff802`7ec2f000 stornvme (deferred)
fffff802`7ec30000 fffff802`7ece5000 storport (deferred)
fffff802`7ecf0000 fffff802`7ed0c000 EhStorClass (deferred)
fffff802`7ed10000 fffff802`7ed2a000 fileinfo (deferred)
fffff802`7ed30000 fffff802`7ee49000 TsdEncrypt (deferred)
fffff802`7ee50000 fffff802`7ee59000 TNullFilter (deferred)
fffff802`7ee60000 fffff802`7eea0000 Wof (deferred)
fffff802`7eeb0000 fffff802`7efa9000 mfehidk (deferred)
fffff802`7efb0000 fffff802`7f287000 Ntfs (deferred)
fffff802`7f290000 fffff802`7f29d000 Fs_Rec (deferred)
fffff802`7f2a0000 fffff802`7f40f000 ndis (deferred)
fffff802`7f410000 fffff802`7f4ac000 NETIO (deferred)
fffff802`7f4b0000 fffff802`7f4e2000 ksecpkg (deferred)
fffff802`7f4f0000 fffff802`7f7dc000 tcpip (deferred)
fffff802`7f7e0000 fffff802`7f85f000 fwpkclnt (deferred)
fffff802`7f860000 fffff802`7f890000 wfplwfs (deferred)
fffff802`7f8a0000 fffff802`7f8f5000 mfewfpk (deferred)
fffff802`7f900000 fffff802`7f9cb000 fvevol (deferred)
fffff802`7f9d0000 fffff802`7f9ea000 mfedisk (deferred)
fffff802`7f9f0000 fffff802`7f9fb000 volume (deferred)
fffff802`7fa00000 fffff802`7fa6d000 volsnap (deferred)
fffff802`7fa70000 fffff802`7fac0000 rdyboost (deferred)
fffff802`7fad0000 fffff802`7faf7000 mup (deferred)
fffff802`7fb00000 fffff802`7fb12000 iorate (deferred)
fffff802`7fb40000 fffff802`7fb5d000 disk (deferred)
fffff802`7fb60000 fffff802`7fbd2000 CLASSPNP (deferred)
fffff802`93e40000 fffff802`93e70000 cdrom (deferred)
fffff802`93e80000 fffff802`93f8a000 TsdEncryptMF (deferred)
fffff802`93f90000 fffff802`93fa5000 filecrypt (deferred)
fffff802`93fb0000 fffff802`93fbe000 tbs (deferred)
fffff802`93fc0000 fffff802`93fe9000 hdlpflt (deferred)
fffff802`93ff0000 fffff802`93ffc000 hdlpevnt (deferred)
fffff802`94000000 fffff802`94015000 hdlpctrl (deferred)
fffff802`94020000 fffff802`9403d000 UCPD (deferred)
fffff802`94040000 fffff802`9404a000 Null (deferred)
fffff802`94050000 fffff802`9405a000 Beep (deferred)
fffff802`94060000 fffff802`9440a000 dxgkrnl (deferred)
fffff802`94410000 fffff802`94428000 watchdog (deferred)
fffff802`94430000 fffff802`94446000 BasicDisplay (deferred)
fffff802`94450000 fffff802`94462000 BasicRender (deferred)
fffff802`94470000 fffff802`9448c000 Npfs (deferred)
fffff802`94490000 fffff802`944a1000 Msfs (deferred)
fffff802`944b0000 fffff802`944ce000 CimFS (deferred)
fffff802`944d0000 fffff802`944f4000 tdx (deferred)
fffff802`94500000 fffff802`94510000 TDI (deferred)
fffff802`94560000 fffff802`9457e000 crashdmp (deferred)
fffff802`95600000 fffff802`956a7000 afd (deferred)
fffff802`956b0000 fffff802`956c4000 tnfcap (deferred)
fffff802`956d0000 fffff802`956f1000 TPacket7 (deferred)
fffff802`95700000 fffff802`95713000 npcap (deferred)
fffff802`95720000 fffff802`9573a000 vwififlt (deferred)
fffff802`95740000 fffff802`9576b000 pacer (deferred)
fffff802`95770000 fffff802`95784000 ndiscap (deferred)
fffff802`95790000 fffff802`957a4000 netbios (deferred)
fffff802`957b0000 fffff802`95851000 Vid (deferred)
fffff802`95860000 fffff802`95882000 winhvr (deferred)
fffff802`95890000 fffff802`958ab000 TIjtdrv64 (deferred)
fffff802`958b0000 fffff802`958c1000 THlpDrv64 (deferred)
fffff802`958d0000 fffff802`9594c000 rdbss (deferred)
fffff802`95950000 fffff802`959e5000 csc (deferred)
fffff802`959f0000 fffff802`95a2c000 OrayVGC (deferred)
fffff802`95a30000 fffff802`95a42000 nsiproxy (deferred)
fffff802`95a50000 fffff802`95a5e000 npsvctrig (deferred)
fffff802`95a60000 fffff802`95a70000 mssmbios # (pdb symbols) C:\ProgramData\Dbg\sym\mssmbios.pdb\53ADC03D875B3F78AC94CE4D75054C461\mssmbios.pdb
fffff802`95a80000 fffff802`95a8a000 gpuenergydrv (deferred)
fffff802`95a90000 fffff802`95abc000 dfsc (deferred)
fffff802`95ac0000 fffff802`95adc000 dam (deferred)
fffff802`95ae0000 fffff802`95b4d000 fastfat (deferred)
fffff802`95b50000 fffff802`95b67000 bam (deferred)
fffff802`95b70000 fffff802`95bc2000 ahcache (deferred)
fffff802`95c30000 fffff802`95c3c000 SdpVnic (deferred)
fffff802`95c40000 fffff802`95c52000 CompositeBus (deferred)
fffff802`95c60000 fffff802`95c6d000 kdnic (deferred)
fffff802`95cd0000 fffff802`95ce5000 umbus (deferred)
fffff802`95cf0000 fffff802`95d05000 CAD (deferred)
fffff802`95d10000 fffff802`95d1c000 wmiacpi (deferred)
fffff802`95d20000 fffff802`96037000 TbtBusDrv (deferred)
fffff802`96040000 fffff802`960e3000 UsbHub3 (deferred)
fffff802`960f0000 fffff802`9615c000 csaudio (deferred)
fffff802`96160000 fffff802`9629d000 IntcOED (deferred)
fffff802`962c0000 fffff802`96354000 sysdiag_win10 (deferred)
fffff802`96360000 fffff802`963bd000 netbt (deferred)
fffff802`963c0000 fffff802`963d4000 afunix (deferred)
fffff802`a1810000 fffff802`a527e000 igdkmdn64 (deferred)
fffff802`a5280000 fffff802`a531d000 USBXHCI (deferred)
fffff802`a5320000 fffff802`a5364000 ucx01000 (deferred)
fffff802`a5370000 fffff802`a537c000 MTConfig (deferred)
fffff802`a5380000 fffff802`a5396000 gna (deferred)
fffff802`b0200000 fffff802`b02f2000 wdiwifi (deferred)
fffff802`b0300000 fffff802`b030e000 vwifibus (deferred)
fffff802`b0310000 fffff802`b0344000 iaLPSS2_I2C_ADL (deferred)
fffff802`b0350000 fffff802`b036a000 SpbCx (deferred)
fffff802`b0370000 fffff802`b03c0000 TeeDriverW10x64 (deferred)
fffff802`b03d0000 fffff802`b041d000 iaLPSS2_UART2_ADL (deferred)
fffff802`b0420000 fffff802`b044e000 SerCx2 (deferred)
fffff802`b0450000 fffff802`b0478000 iaLPSS2_SPI_ADL (deferred)
fffff802`b0480000 fffff802`b0496000 ipf_acpi (deferred)
fffff802`b04a0000 fffff802`b04c1000 i8042prt (deferred)
fffff802`b04d0000 fffff802`b04df000 HpqKbFiltr (deferred)
fffff802`b04e0000 fffff802`b04f4000 kbdclass (deferred)
fffff802`b0500000 fffff802`b054e000 IntcAudioBus (deferred)
fffff802`b0550000 fffff802`b05b6000 portcls (deferred)
fffff802`b05c0000 fffff802`b05e1000 drmk (deferred)
fffff802`b05f0000 fffff802`b0668000 ks (deferred)
fffff802`b0670000 fffff802`b067f000 CmBatt (deferred)
fffff802`b0680000 fffff802`b0690000 BATTC (deferred)
fffff802`b06a0000 fffff802`b06ac000 acpitime (deferred)
fffff802`b06b0000 fffff802`b06d2000 iaLPSS2_GPIO2_ADL (deferred)
fffff802`b06e0000 fffff802`b0713000 msgpioclx (deferred)
fffff802`b0720000 fffff802`b0762000 intelppm (deferred)
fffff802`b0770000 fffff802`b077b000 acpipagr (deferred)
fffff802`b0780000 fffff802`b0790000 UcmUcsiAcpiClient (deferred)
fffff802`b07a0000 fffff802`b07c2000 UcmUcsiCx (deferred)
fffff802`b07d0000 fffff802`b07fc000 UcmCx (deferred)
fffff802`b0800000 fffff802`b0817000 HidEventFilter (deferred)
fffff802`b0820000 fffff802`b082b000 mshidkmdf (deferred)
fffff802`b0830000 fffff802`b0871000 HIDCLASS (deferred)
fffff802`b0880000 fffff802`b0893000 HIDPARSE (deferred)
fffff802`b08a0000 fffff802`b08a9000 hpcustomcapdriver (deferred)
fffff802`b08b0000 fffff802`b08be000 UEFI (deferred)
fffff802`b08c0000 fffff802`b08d1000 OrayUSBVHCI (deferred)
fffff802`b08e0000 fffff802`b08ee000 USBD (deferred)
fffff802`b08f0000 fffff802`b08fd000 NdisVirtualBus (deferred)
fffff802`b0900000 fffff802`b090c000 swenum (deferred)
fffff802`b0910000 fffff802`b091e000 rdpbus (deferred)
fffff802`b0920000 fffff802`b0931000 kbdhid (deferred)
fffff802`b0940000 fffff802`b0952000 buttonconverter (deferred)
fffff802`b0960000 fffff802`b0976000 hidi2c (deferred)
fffff802`b0980000 fffff802`b09b4000 WiManHu (deferred)
fffff802`b09c0000 fffff802`b09d1000 ksthunk (deferred)
fffff802`b09e0000 fffff802`b0fb2000 Netwtw14 (deferred)
fffff802`b0fc0000 fffff802`b0fd0000 mouhid (deferred)
fffff802`b0fe0000 fffff802`b0ff3000 mouclass (deferred)
fffff802`b2800000 fffff802`b28e5000 IntcUSB (deferred)
fffff802`b28f0000 fffff802`b29cf000 IntcBTAu (deferred)
fffff802`b29d0000 fffff802`b2a90000 IntcDMic (deferred)
fffff802`b2aa0000 fffff802`b2ad4000 usbccgp (deferred)
fffff802`b2b70000 fffff802`b2cf7000 BTHport (deferred)
fffff802`b2d00000 fffff802`b2d4c000 BthA2dp (deferred)
fffff802`b2d50000 fffff802`b2d7b000 bthhfenum (deferred)
fffff802`b2d80000 fffff802`b2dfb000 mfeaack (deferred)
fffff802`b2e00000 fffff802`b2e1d000 mfeplk (deferred)
fffff802`b2e20000 fffff802`b2e77000 mfeavfk (deferred)
fffff802`b2e80000 fffff802`b2ef4000 mfefirek (deferred)
fffff802`b2f00000 fffff802`b2f96000 mfencbdc (deferred)
fffff802`b30c0000 fffff802`b371c000 RTKVHD64 (deferred)
fffff802`b9200000 fffff802`b9255000 usbvideo (deferred)
fffff802`b9270000 fffff802`b9290000 WinUSB (deferred)
fffff802`b92a0000 fffff802`b92b2000 hidusb (deferred)
fffff802`b92c0000 fffff802`b92e2000 BthEnum (deferred)
fffff802`b92f0000 fffff802`b9311000 Microsoft_Bluetooth_Legacy_LEEnumerator (deferred)
fffff802`b9320000 fffff802`b9332000 btampm (deferred)
fffff802`b9340000 fffff802`baf94000 ibtusb (deferred)
fffff802`bafa0000 fffff802`bafc1000 BTHUSB (deferred)
fffff802`bafd0000 fffff802`bafe7000 Microsoft_Bluetooth_AvrcpTransport (deferred)
根据以上dump信息,我们可得知部分情况:
- 1、系统在启动的初始化阶段就发生了错误,运行时间只有14.123秒
- 2、WHEA错误记录显示为"Fatal"级别且标记为"PreviousError"。WHEA_UNCORRECTABLE_ERROR (0x124),根据标记应该是Boot Error,但错误源为0。
- 3、
!vm命令显示大量内存信息无法读取,这可以和之前!errrec命令输出后,很多签名显示Invalid对应上。 - 4、物理内存显示为0,提示"Running out of physical memory"和"Running out of system PTEs"。
- 5、无法获取页面池、非分页池等关键内存信息。
- 6、PCI设备信息完全缺失:"This dump does not seem to contain PCI secondary dump data!"
- 7、CPU信息显示为Intel 6,186,2架构,2.6GHz
四、总结
通过事件日志和Dump可以看出,大概率为硬盘损坏,可能的机制如下:
- 硬盘在启动过程中发生严重I/O错误
- 系统尝试从损坏扇区读取关键启动数据时失败
- 硬件抽象层(HAL)或存储控制器检测到不可恢复的错误
- 触发WHEA机制报告BOOT Error
那导致WHEA的BOOT error,但无法全部记录信息的原因就是:
- WHEA 发生在系统初始化的极早期阶段,此时存储驱动栈可能尚未完全初始化
- dump文件是"Kernel Generated Triage Dump",信息有限
- 硬盘I/O错误可能导致系统无法正常记录详细的硬件状态
Comments | NOTHING