作者neidhart (茫茫天数此中求)
看板Windows
标题[教学] Why Does Windows Crash?
时间Wed Feb 13 15:26:10 2008
刚好在整理 Windows Internals(4th edition)的读书笔记,
其Chapter 14. Crash Dump Analysis有一段很经典的叙述:
--
Why Does Windows Crash?...
Third-party device driver(70%), Unknown(15%),
Hardware error(10%), MS code (5%).
When a kernel-mode device driver or subsystem causes an illegal exception,
Windows faces a difficult dilemma.
It has detected that a part of the operating system
with the ability to access any hardware device
and any valid memory has done something it wasn't supposed to do.
--
换言之,当我们面对Windows crash (ex. blue screen)的时候,
除了Google其error code之外(微软网站有很庞大的FAQ资料库可解决问题)
我们可以做的额外检查就是:
1) 拆掉新硬体,连驱动程式都解除。因为写坏的kernel-mode device driver
很可能造成Windows crash。
2) 拆装记忆体(RAM)。如果记忆体功能出错,也可能导致上述
...a part of the operating system with the ability to access...
any valid memory has done something it wasn't supposed to do.
3) 拆掉新软体。因为有些软体(例如防毒软体)会安装kernel-mode driver,
可能导致新旧软体冲突、硬体冲突等等。
如果已经无法正常开机,就要进安全模式来拆掉它们了。
4) 重灌Windows。这是下下策了,然後一步步观察重装所有软硬体时,
发生冲突的因素为何。有时可能只是最近中了Windows病毒,
而像Rootkit这类病毒也会写入kernel-mode driver,
因此整个系统重灌也可解决问题。
--
※ 发信站: 批踢踢实业坊(ptt.cc)
◆ From: 125.225.64.240
1F:推 xchris:Unknown(15%)...!!遇到这个不就很惨 02/13 17:47
2F:推 zop:unknow...连log都没有? 02/13 23:20
3F:推 Aegisth:Because it's Windows? XD 02/13 23:44
4F:推 herman602:Welcome to Windows 02/13 23:46
5F:推 godjack0709:This is Windows!!!! 02/14 00:01
6F:推 tokyoto:其实要做这些事之前 如果还能进Windows 我会建议先看事件 02/14 01:37
7F:→ tokyoto:检视器的系统和应用程式这两栏 可能会有些蛛丝马迹 02/14 01:38
8F:→ xvid:this is a screensaver 02/14 17:10
9F:推 H264:MS code (5%) 我才不相信 02/14 21:01