作者neidhart (茫茫天數此中求)
看板Windows
標題[教學] Why Does Windows Crash?
時間Wed Feb 13 15:26:10 2008
剛好在整理 Windows Internals(4th edition)的讀書筆記,
其Chapter 14. Crash Dump Analysis有一段很經典的敘述:
--
Why Does Windows Crash?...
Third-party device driver(70%), Unknown(15%),
Hardware error(10%), MS code (5%).
When a kernel-mode device driver or subsystem causes an illegal exception,
Windows faces a difficult dilemma.
It has detected that a part of the operating system
with the ability to access any hardware device
and any valid memory has done something it wasn't supposed to do.
--
換言之,當我們面對Windows crash (ex. blue screen)的時候,
除了Google其error code之外(微軟網站有很龐大的FAQ資料庫可解決問題)
我們可以做的額外檢查就是:
1) 拆掉新硬體,連驅動程式都解除。因為寫壞的kernel-mode device driver
很可能造成Windows crash。
2) 拆裝記憶體(RAM)。如果記憶體功能出錯,也可能導致上述
...a part of the operating system with the ability to access...
any valid memory has done something it wasn't supposed to do.
3) 拆掉新軟體。因為有些軟體(例如防毒軟體)會安裝kernel-mode driver,
可能導致新舊軟體衝突、硬體衝突等等。
如果已經無法正常開機,就要進安全模式來拆掉它們了。
4) 重灌Windows。這是下下策了,然後一步步觀察重裝所有軟硬體時,
發生衝突的因素為何。有時可能只是最近中了Windows病毒,
而像Rootkit這類病毒也會寫入kernel-mode driver,
因此整個系統重灌也可解決問題。
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 125.225.64.240
1F:推 xchris:Unknown(15%)...!!遇到這個不就很慘 02/13 17:47
2F:推 zop:unknow...連log都沒有? 02/13 23:20
3F:推 Aegisth:Because it's Windows? XD 02/13 23:44
4F:推 herman602:Welcome to Windows 02/13 23:46
5F:推 godjack0709:This is Windows!!!! 02/14 00:01
6F:推 tokyoto:其實要做這些事之前 如果還能進Windows 我會建議先看事件 02/14 01:37
7F:→ tokyoto:檢視器的系統和應用程式這兩欄 可能會有些蛛絲馬跡 02/14 01:38
8F:→ xvid:this is a screensaver 02/14 17:10
9F:推 H264:MS code (5%) 我才不相信 02/14 21:01