bindflt.sys 造成的蓝屏,请求分析具体原因及解决方案,附dump文件
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 86%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
ELCAMX
0
信誉分
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 46
Microsoft (R) Windows Debugger Version 10.0.29482.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [I:\下载-游戏\120825-25734-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`0c000000 PsLoadedModuleList = 0xfffff802`0cc2a8e0
Debug session time: Mon Dec 8 12:21:54.514 2025 (UTC + 8:00)
System Uptime: 5 days 21:44:41.701
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
FLTMGR!FltGetStreamHandleContext+0x80:
fffff802`09453c60 488b4920 mov rcx,qword ptr [rcx+20h] ds:002b:fff78503`0a47da38=????????????????
2: kd> !analyze -v
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80209453c60, The address that the exception occurred at
Arg3: fffffe891e646a98, Exception Record Address
Arg4: fffffe891e6462d0, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Type
Value: Read
Key : Analysis.CPU.mSec
Value: 1234
Key : Analysis.Elapsed.mSec
Value: 7715
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 765
Key : Analysis.Init.Elapsed.mSec
Value: 76890
Key : Analysis.Memory.CommitPeak.Mb
Value: 91
Key : Analysis.Version.DbgEng
Value: 10.0.29482.1003
Key : Analysis.Version.Description
Value: 10.2509.29.03 amd64fre
Key : Analysis.Version.Ext
Value: 1.2509.29.3
Key : Bugcheck.Code.LegacyAPI
Value: 0x1000007e
Key : Bugcheck.Code.TargetModel
Value: 0x1000007e
Key : Dump.Attributes.AsUlong
Value: 0x8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: AV_bindflt!BfCheckAndSwitchTarget
Key : Failure.Exception.Code
Value: 0xc0000005
Key : Failure.Exception.IP.Address
Value: 0xfffff80209453c60
Key : Failure.Exception.IP.Module
Value: FLTMGR
Key : Failure.Exception.IP.Offset
Value: 0x3c60
Key : Failure.Exception.Record
Value: 0xfffffe891e646a98
Key : Failure.Hash
Value: {b3666804-a7a5-c68d-d0b7-68308b8ee18e}
Key : Faulting.IP.Type
Value: Paged
Key : WER.System.BIOSRevision
Value: 5.17.0.0
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80209453c60
BUGCHECK_P3: fffffe891e646a98
BUGCHECK_P4: fffffe891e6462d0
FILE_IN_CAB: 120825-25734-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: ffff850326aca040
EXCEPTION_RECORD: fffffe891e646a98 -- (.exr 0xfffffe891e646a98)
ExceptionAddress: fffff80209453c60 (FLTMGR!FltGetStreamHandleContext+0x0000000000000080)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffffe891e6462d0 -- (.cxr 0xfffffe891e6462d0)
rax=fff785030a47da18 rbx=ffff85031c1b09e0 rcx=fff785030a47da18
rdx=0000000000000001 rsi=ffff85030cc44ae0 rdi=0000000000000000
rip=fffff80209453c60 rsp=fffffe891e646cd0 rbp=0000000000000000
r8=fffffe891e646ce0 r9=7fffc584721051b8 r10=fffff8020c2cb240
r11=ffff92ff5ae00000 r12=fffffe891e646da8 r13=fffffe891e646f50
r14=ffff85031c1b0a28 r15=ffff8503092f5010
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
FLTMGR!FltGetStreamHandleContext+0x80:
fffff802`09453c60 488b4920 mov rcx,qword ptr [rcx+20h] ds:002b:fff78503`0a47da38=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1 (!blackboxwinlogon)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8020ccfb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p %s
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
EXCEPTION_STR: 0xc0000005
IP_IN_PAGED_CODE:
FLTMGR!FltGetStreamHandleContext+80
fffff802`09453c60 488b4920 mov rcx,qword ptr [rcx+20h]
STACK_TEXT:
fffffe89`1e646cd0 fffff802`07d85256 : ffff8503`1c1b09e0 ffff8503`01deb988 ffff8503`01deb988 fffff802`0c21ed5a : FLTMGR!FltGetStreamHandleContext+0x80
fffffe89`1e646d30 fffff802`07d94f14 : ffff8503`01deb988 00000000`00000000 fffffe89`1e646ea9 ffff8502`ed1ffbf0 : bindflt!BfCheckAndSwitchTarget+0x46
fffffe89`1e646da0 fffff802`094564cb : 00000000`00000000 00000000`00000000 00000000`00000000 ffff8503`092f5900 : bindflt!BfCommonPreOp+0x24
fffffe89`1e646df0 fffff802`09452844 : 00000000`00000000 00000000`000000fb fffffe89`1e647000 fffffe89`00000000 : FLTMGR!FltpPerformPreCallbacksWorker+0x36b
fffffe89`1e646f10 fffff802`0c2d75a7 : fffffe89`1e648000 00000000`00000000 fffffe89`1e641000 00000000`00000000 : FLTMGR!FltpPreFsFilterOperation+0x184
fffffe89`1e646fc0 fffff802`0c6c00c5 : fffff802`09458eb0 00000000`00000000 fffff802`0f675420 fffff802`094526c0 : nt!FsFilterPerformCallbacks+0xe7
fffffe89`1e647030 fffff802`0c33d838 : fffffe89`1e647360 fffffe89`1e6475c8 ffff8503`0cc44ae0 00000000`00000000 : nt!FsRtlAcquireFileForCcFlushEx+0x101
fffffe89`1e6472f0 fffff802`0c22c90e : 00000000`00000000 ffff8503`26aca040 00000000`00000000 00000000`00000000 : nt!MmFlushSection+0x12c
fffffe89`1e6473a0 fffff802`0c26fc3f : ffff8503`25dd8488 00000000`00000000 ffffc584`00000000 00000000`00000000 : nt!CcFlushCachePriv+0x3fe
fffffe89`1e6474f0 fffff802`0f705025 : 00000000`00000005 00000000`00000000 00000000`00000000 ffffc584`72105170 : nt!CcCoherencyFlushAndPurgeCache+0x6f
fffffe89`1e647540 fffff802`0f704d3b : ffffc584`72105170 fffff802`0f6285f0 ffffc584`72105001 fffffe89`1e647800 : Ntfs!NtfsCoherencyFlushAndPurgeCache+0x55
fffffe89`1e647580 fffff802`0f60a51f : fffffe89`1e647800 ffffc584`72105170 00000000`00000000 ffffc584`72105010 : Ntfs!NtfsFlushUserStream+0xdf
fffffe89`1e647610 fffff802`0f62892c : fffffe89`1e647800 ffff8502`f611c180 ffffc584`72105010 fffffe89`1e647784 : Ntfs!NtfsFlushVolumeFlushSingleFcb+0x56f
fffffe89`1e647750 fffff802`0c2418f5 : ffff8503`26aca040 ffff8503`26aca040 ffff8502`e94b0a20 00000000`00000000 : Ntfs!NtfsFlushVolumeMultiThreadFcbWalkerWorker+0x33c
fffffe89`1e647b30 fffff802`0c35d6e5 : ffff8503`26aca040 00000000`00000080 ffff8502`e94b7040 00000000`00000000 : nt!ExpWorkerThread+0x105
fffffe89`1e647bd0 fffff802`0c4065c8 : ffffa300`cdbd1180 ffff8503`26aca040 fffff802`0c35d690 00000000`00000246 : nt!PspSystemThreadStartup+0x55
fffffe89`1e647c20 00000000`00000000 : fffffe89`1e648000 fffffe89`1e641000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: bindflt!BfCheckAndSwitchTarget+46
MODULE_NAME: bindflt
IMAGE_NAME: bindflt.sys
IMAGE_VERSION: 10.0.19041.6578
STACK_COMMAND: .cxr 0xfffffe891e6462d0 ; kb
BUCKET_ID_FUNC_OFFSET: 46
FAILURE_BUCKET_ID: AV_bindflt!BfCheckAndSwitchTarget
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {b3666804-a7a5-c68d-d0b7-68308b8ee18e}
Followup: MachineOwner
---------
Windows 商业版 | Windows Server | 性能 | 系统性能
登录以回答