码迷,mamicode.com
首页 > Windows程序 > 详细

Windows server 2012 R2服务器反复蓝屏

时间:2018-03-01 20:12:35      阅读:2579      评论:0      收藏:0      [点我收藏+]

标签:蓝屏srv.sys

===dump information===
2: kd> !mex.t
Process Thread CID UserTime KernelTime ContextSwitches Wait Reason Time State
System (ffffe0002ba30900) ffffe0002d5fc040 4.73c 0s 141ms 4564 Executive 0s Running on CPU 2

Child-SP Return Call Site Info
0 ffffd000d1f70498 fffff802d7e03bd2 nt!KeBugCheckEx+0x0
1 ffffd000d1f704a0 fffff802d7cdd2b9 nt!MiSystemFault+0x10a3d2
2 ffffd000d1f70540 fffff802d7ddfc2f nt!MmAccessFault+0x769
3 ffffd000d1f70700 fffff800facf7360 nt!KiPageFault+0x12f TrapFrame @ ffffd000d1f70700
4 ffffd000d1f70890 fffff800facf72a5 srv!SrvOs2FeaToNt+0x48
5 ffffd000d1f708c0 fffff800fad1869b srv!SrvOs2FeaListToNt+0x125
6 ffffd000d1f70910 fffff800fad218ba srv!SrvSmbOpen2+0xc3
7 ffffd000d1f709b0 fffff800fad24b2e srv!ExecuteTransaction+0x2ca
8 ffffd000d1f709f0 fffff800facb284f srv!SrvSmbTransactionSecondary+0x40b
9 ffffd000d1f70a90 fffff800facb2a20 srv!SrvProcessSmb+0x237
a ffffd000d1f70b10 fffff800facf1ac8 srv!SrvRestartReceive+0x114
b ffffd000d1f70b50 fffff802d819dd92 srv!WorkerThread+0x5248
c ffffd000d1f70bd0 fffff802d7d86c70 nt!IopThreadStart+0x26
d ffffd000d1f70c00 fffff802d7ddbfc6 nt!PspSystemThreadStartup+0x58
e ffffd000d1f70c60 0000000000000000 nt!KxStartSystemThread+0x16

2: kd> .trap ffffd000d1f70700
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe00030c94000
rdx=ffffc0013fdc709a rsi=0000000000000000 rdi=0000000000000000
rip=fffff800facf7360 rsp=ffffd000d1f70890 rbp=ffffc0013fdc7095
r8=0000000000000000 r9=0000000000000000 r10=0000000000000200
r11=ffffe00030c94000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
srv!SrvOs2FeaToNt+0x48:
fffff800facf7360 c60300 mov byte ptr [rbx],0 ds:0000000000000000=??

2: kd> lmvm srv
Browse full module list
start end module name
fffff800faca5000 fffff800fad33000 srv (private pdb symbols) c:\symbols\srv.pdb\665B8481A81740C59F71C54C0DD24E762\srv.pdb
Loaded symbol image file: srv.sys
Image path: \SystemRoot\System32\DRIVERS\srv.sys
Image name: srv.sys
Browse all global symbols functions data
Timestamp: Thu Jul 24 19:43:27 2014 (53D0F15F)
CheckSum: 0006F7BA
ImageSize: 0008E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

2: kd> vertarget
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 9600.17415.amd64fre.winblue_r4.141028-1500
Machine Name: "D0AP2002"
Kernel base = 0xfffff802d7c85000 PsLoadedModuleList = 0xfffff802d7f5e250
Debug session time: Wed Feb 28 11:22:40.306 2018 (UTC + 8:00)
System Uptime: 0 days 7:01:13.511

dump来看,服务器反复蓝屏是由于srv漏洞引起的。给所有的2012R2服务器安装KB4012213以修复漏洞,否则机器可能会感染wannacry病毒。

安装KB4012213
https://www.catalog.update.microsoft.com/Search.aspx?q=4012213

安装以上补丁可以解决反复蓝屏问题

Windows server 2012 R2服务器反复蓝屏

标签:蓝屏srv.sys

原文地址:http://blog.51cto.com/10981246/2074355

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!