精华内容
下载资源
问答
  • NTOSKRNL
    2020-07-30 22:33:35
    #include <stdio.h>
    #include <tchar.h>
    #include <Shlobj.h>
    #include <string>
    #include <vector>
    #pragma comment(lib, "Shell32.lib")
    #pragma comment(lib, "Version.lib")
    
    #ifdef UNICODE
    typedef std::wstring	tstring;
    #else
    typedef std::string		tstring;
    #endif // UNICODE
    
    typedef struct __tagLANGANDCODEPAGE
    {
    	WORD   wLanguage;
    	WORD   wCodePage;
    }LANGANDCODEPAGE;
    typedef LANGANDCODEPAGE*		PLANGANDCODEPAGE;
    #define VERSION_UNKNOWN			TEXT("Unknown")
    #define VERSION_UNCORRECT		TEXT("Uncorrect")
    
    //校验 是否处于 WOW64模式下 
    //如果 是 WOW64 即 32位应用程序运行在 64位操作系统下,这时如果要获取 system32真实路径需要关闭 操作系统文件重定向功能
    //微软 提供两种 WOW64模式检测机制
    
    //IsWow64Process 方式
    BOOL IsWow64WithIsWow64Process(PBOOL bIsWow64)
    {
    	*bIsWow64 = FALSE;
    	HMODULE hKernel32 = NULL;
    	BOOL bRes = FALSE;
    
    	//IsWow64Process 最小支持的操作系统为 Windows XP with SP2 
    	//所以需要作出兼容性处理
    	typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
    	do 
    	{
    		//1.获取kernel32句柄
    		hKernel32 = ::LoadLibrary(TEXT("Kernel32.dll"));
    		if ( NULL == hKernel32 )
    		{
    			::OutputDebugStringA("--> IsWow64WithIsWow64Process Error 1");
    			break;
    		}
    
    		//2.获取 IsWow64Process 函数地址
    		LPFN_ISWOW64PROCESS lpIsWow64Process = (LPFN_ISWOW64PROCESS)::GetProcAddress(hKernel32, "IsWow64Process");
    		if ( NULL == lpIsWow64Process )
    		{
    			::OutputDebugStringA("--> IsWow64WithIsWow64Process Error 2");
    			break;
    		}
    
    		//3.调用 IsWow64Process
    		bRes = lpIsWow64Process(::GetCurrentProcess(), bIsWow64);
    		
    	} while (FALSE);
    	
    	if (NULL != hKernel32)
    	{
    		::FreeLibrary(hKernel32);
    		hKernel32 = NULL;
    	}
    
    	return bRes;
    }
    
    //GetNativeSystemInfo 方式
    BOOL IsWow64WithGetNativeSystemInfo(PBOOL bIsWow64)
    {
    	*bIsWow64 = FALSE;
    	HMODULE hKernel32 = NULL;
    	SYSTEM_INFO sysInfo = { 0 };
    	SYSTEM_INFO sysNativeInfo = { 0 };
    	BOOL bRes = FALSE;
    
    	//GetSystemInfo 最小要求系统为 Windows 2000 Professional 
    	//GetNativeSystemInfo 最小要求系统为 Windows XP 
    	//所以不需要作出任何兼容性处理,直接使用两个函数
    	typedef void (WINAPI *LPFN_GetNativeSystemInfo)(LPSYSTEM_INFO);
    
    	do 
    	{
    		//1.调用 GetSystemInfo
    		::GetSystemInfo(&sysInfo);
    
    		//2.调用 GetNativeSystemInfo获取kernel32句柄
    		hKernel32 = ::LoadLibrary(TEXT("Kernel32.dll"));
    		if ( NULL == hKernel32 )
    		{
    			::OutputDebugStringA("--> IsWow64WithGetNativeSystemInfo Error 1");
    			break;
    		}
    		
    		LPFN_GetNativeSystemInfo lpGetNativeSystemInfo = (LPFN_GetNativeSystemInfo)::GetProcAddress(hKernel32, "GetNativeSystemInfo");
    		if ( NULL == lpGetNativeSystemInfo )
    		{
    			::OutputDebugStringA("--> IsWow64WithGetNativeSystemInfo Error 2");
    			break;
    		}
    		lpGetNativeSystemInfo(&sysNativeInfo);
    
    		//3.分析
    		/*
    		根据MSDN的解释:SYSTEM_INFO 中的 wProcessorArchitecture 成员 此值为0时是 IA32,为9 时 是 AMD64
    		如果32位程序 在 win32系统中 运行,则两个值都是 0,如果在win64 系统运行,则是GetSystemInfo 返回0, 
    		GetNativeSystemInfo 返回9,简而言之 当着两个值不同时就认为程序在 win64系统上运行.
    		*/
    		if ( sysInfo.wProcessorArchitecture != sysNativeInfo.wProcessorArchitecture)
    		{
    			::OutputDebugStringA("IsWow64WithGetNativeSystemInfo --> WOW64!!");
    			*bIsWow64 = TRUE;
    		}
    		else
    		{
    			::OutputDebugStringA("IsWow64WithGetNativeSystemInfo --> NOT WOW64!!");
    			*bIsWow64 = FALSE;
    		}
    
    		bRes = TRUE;
    
    	} while (FALSE);
    
    	if (NULL != hKernel32)
    	{
    		::FreeLibrary(hKernel32);
    		hKernel32 = NULL;
    	}
    	
    	return bRes;
    }
    
    BOOL IsWow64(void)
    {
    	BOOL bIsWow64First = FALSE;
    	BOOL bIsWow64Second = FALSE;
    	BOOL bIsWow64 = FALSE;
    
    	//1.先使用第一种方式
    	BOOL bResFirst = IsWow64WithIsWow64Process(&bIsWow64First);
    
    	//2.第二种方式
    	BOOL bResSecond = IsWow64WithGetNativeSystemInfo(&bIsWow64Second);
    
    	//3.校验
    	if ( TRUE == bResFirst )
    	{
    		if ( bIsWow64First == bIsWow64Second )
    		{
    			::OutputDebugStringA("--> IsWow64 : The same results for the two time.");
    			bIsWow64 = bIsWow64First;
    		}
    		else
    		{//如果第一个函数执行成功,但是第一个函数返回的结果与第二个不一致时
             //以第二种方式检测为准
    			::OutputDebugStringA("--> IsWow64 : The two execution results are not the same, using the results of the second.");
    			bIsWow64 = bIsWow64Second;
    		}
    	}
    	else
    	{//如果第一个函数执行失败,直接使用第二种方式
    		::OutputDebugStringA("--> IsWow64 : The first failure, using the results of the second.");
    		bIsWow64 = bIsWow64Second;
    	}
    
    	return bIsWow64;
    }
    
    
    //文件重定向相关
    BOOL TWow64EnableWow64FsRedirection(BOOLEAN bWow64FsEnableRedirection)
    {
    	BOOL bRes = FALSE;
    	HMODULE hKernel32dll = NULL;
    	do 
    	{
    		//1.获取 Kernel32.dll 模块句柄
    		hKernel32dll = ::LoadLibraryA("Kernel32.dll");
    		if ( NULL == hKernel32dll )
    		{
    			::OutputDebugStringA("--> GetWow64EnableWow64FsRedirectionAddr. Get [Kernel32.dll] error.");
    			break;
    		}
    
    		//2.获取 Wow64EnableWow64FsRedirection 函数地址
    		typedef BOOLEAN(WINAPI *pFunWow64EnableWow64FsRedirection)(BOOLEAN);
    		pFunWow64EnableWow64FsRedirection	lpWow64EnableWow64FsRedirection = (pFunWow64EnableWow64FsRedirection)::GetProcAddress(hKernel32dll, "Wow64EnableWow64FsRedirection");
    		if ( NULL == lpWow64EnableWow64FsRedirection )
    		{
    			::OutputDebugStringA("--> GetWow64EnableWow64FsRedirectionAddr. Get [Wow64EnableWow64FsRedirection] error.");
    			break;
    		}
    
    		//3.执行
    		bRes = lpWow64EnableWow64FsRedirection(bWow64FsEnableRedirection);
    		if ( FALSE == bRes )
    		{
    			DWORD dwCode = ::GetLastError();
    			char szLog[512] = { 0 };
    			sprintf_s(szLog, 511, "--> TWow64EnableWow64FsRedirection Call API Error code = %u", dwCode);
    			::OutputDebugStringA(szLog);
    			break;
    		}
    
    		::OutputDebugStringA("--> TWow64EnableWow64FsRedirection End(ok)");
    
    	} while (FALSE);
    
    	if ( NULL != hKernel32dll )
    	{
    		::FreeLibrary(hKernel32dll);
    		hKernel32dll = NULL;
    	}
    
    	return bRes;
    }
    
    
    //获取 system32 文件夹 路径("C:\windows\system32")
    BOOL GetSystem32DirPath(LPTSTR lpFullPath, DWORD dwSize)
    {
    	TCHAR szBuf[MAX_PATH + 1] = { 0 };
    
    	do 
    	{
    		//0.GetSystemDirectory
    		if (0 != ::GetSystemDirectory(lpFullPath, dwSize))
    		{
    			::OutputDebugString(lpFullPath);
    
    			return TRUE;
    		}
    
    		//1.使用 SHGetSpecialFolderPath  //C:\windows
    		if (TRUE == ::SHGetSpecialFolderPath(NULL, szBuf, CSIDL_WINDOWS, FALSE))
    		{
    			::OutputDebugString(szBuf);
    			break;
    		}
    
    		//2.如果失败使用GetWindowsDirectory //C:\windows
    		if ( 0 != ::GetWindowsDirectory(szBuf, MAX_PATH) )
    		{
    			::OutputDebugString(szBuf);
    			break;
    		}
    
    		//3.如果都失败 直接认为 c:\\windows
    		::ZeroMemory(lpFullPath, (MAX_PATH+1)* sizeof(TCHAR));
    		_tcscpy_s(szBuf, MAX_PATH, TEXT("C:\\windows"));
    
    	} while (FALSE);
    
    	DWORD dwBufSize = _tcslen(szBuf);
    	if ( (NULL == lpFullPath) || ( dwSize < dwBufSize) )
    	{
    		TCHAR szLog[512] = { 0 };
    		_stprintf_s(szLog, 511, TEXT("GetSystem32DirPath Failed. Size=%d, OurSize=%d"), dwSize, dwBufSize);
    		::OutputDebugString(szLog);
    
    		return FALSE;
    	}
    
    	_stprintf_s(lpFullPath, dwSize - 1, TEXT("%s\\system32"), szBuf);
    	::OutputDebugString(lpFullPath);
    
    	return TRUE; 
    }
    
    
    //获取 ntoskrnl.exe 文件的 “产品版本号”
    tstring GetNtosKrnlFileVersion(LPCTSTR lpFullPath)
    {
    	DWORD dwHandle = 0;
    	DWORD dwFileInfoSize = ::GetFileVersionInfoSize(lpFullPath, &dwHandle);
    	if (0 == dwFileInfoSize)
    	{
    		return tstring(TEXT(""));
    	}
    
    	std::vector<char> sResult(dwFileInfoSize /** sizeof(WCHAR)*/, 0x00);
    	if (FALSE == ::GetFileVersionInfo(lpFullPath, 0, dwFileInfoSize, &sResult.front()))
    	{
    		return tstring(TEXT(""));
    	}
    
    	PLANGANDCODEPAGE lpTranslationPtr = NULL;
    	UINT uLen = 0;
    	if (FALSE == ::VerQueryValue(&sResult.front(), TEXT("VarFileInfo\\Translation"), (LPVOID*)&lpTranslationPtr, &uLen))
    	{
    		return tstring(TEXT(""));
    	}
    
    	TCHAR szVersionValue[512] = TEXT("");
    	_stprintf_s(szVersionValue, 511, TEXT("\\StringFileInfo\\%04x%04x\\ProductVersion"), lpTranslationPtr[0].wLanguage, lpTranslationPtr[0].wCodePage);
    
    	LPTSTR lpInformationPtr = NULL;
    	if (FALSE == ::VerQueryValue(&sResult.front(), szVersionValue, (LPVOID*)&lpInformationPtr, &uLen))
    	{
    		return tstring(TEXT(""));
    	}
    
    	if (_tcslen(lpInformationPtr) <= 0)
    	{
    		return tstring(TEXT(""));
    	}
    
    	return tstring(lpInformationPtr);
    }
    
    
    //根据 ntoskrnl产品版本号 获取 主版本号、次版本号、Build号
    BOOL GetVersionInfos(tstring tstrVer, LPDWORD lpdwMajorVersion, LPDWORD lpdwMinorVersion, LPDWORD lpdwBuildNumber)
    {
    	//1.主版本号
    	int nMajorVersionIndex = tstrVer.find(TEXT("."));
    	if ( tstring::npos == nMajorVersionIndex )
    	{
    		return FALSE;
    	}
    
    	tstring tstrMajorVersion = tstrVer.substr(0, nMajorVersionIndex);
    
    	//2.次版本号
    	tstrVer = tstrVer.substr(nMajorVersionIndex + 1);
    	int nMinorVersionIndex = tstrVer.find(TEXT("."));
    	if ( tstring::npos == nMinorVersionIndex )
    	{
    		return FALSE;
    	}
    
    	tstring tstrMinorVersion = tstrVer.substr(0, nMinorVersionIndex);
    
    	//3.Build号
    	tstrVer = tstrVer.substr(nMinorVersionIndex + 1);
    	int nBuildIndex = tstrVer.find(TEXT("."));
    	if ( tstring::npos == nBuildIndex )
    	{
    		return FALSE;
    	}
    
    	tstring tstrBuild = tstrVer.substr(0, nBuildIndex);
    
    	//4.生成
    	*lpdwMajorVersion = _ttoi(tstrMajorVersion.c_str());
    	*lpdwMinorVersion = _ttoi(tstrMinorVersion.c_str());
    	*lpdwBuildNumber = _ttoi(tstrBuild.c_str());
    
    	return TRUE;
    }
    
    
    //获取 ntoskrnl.exe 文件的 “产品版本号”
    BOOL GetNtosKrnlFileVersion(LPDWORD lpdwMajorVersion, LPDWORD lpdwMinorVersion, LPDWORD lpdwBuildNumber)
    {
    	BOOL bIsCloseWow64 = FALSE;
    	BOOL bRes = FALSE;
    
    	do 
    	{
    		//1.校验 WOW64模式
    		//2.如果处于WOW64模式,禁用文件重定向
    		if (TRUE == IsWow64())
    		{
    			if (FALSE == TWow64EnableWow64FsRedirection(FALSE))
    			{
    				break;
    			}
    
    			bIsCloseWow64 = TRUE;
    		}
    
    		//3.获取system32目录路径
    		TCHAR szPath[MAX_PATH + 1] = { 0 };
    		if (FALSE == GetSystem32DirPath(szPath, MAX_PATH) )
    		{
    			break;
    		}
    
    		tstring tstrNtosKrnl(szPath);
    		tstrNtosKrnl += TEXT("\\ntoskrnl.exe");
    		::OutputDebugString(tstrNtosKrnl.c_str());
    
    		//4.获取ntoskrnl版本号
    		tstring tstrResult = GetNtosKrnlFileVersion(tstrNtosKrnl.c_str());
    		if ((tstring(VERSION_UNKNOWN) == tstrResult) || (tstring(VERSION_UNCORRECT) == tstrResult))
    		{
    			break;
    		}
    
    		//
    		//5.读取 主版本号、次版本号、Build号
    		if (FALSE == GetVersionInfos(tstrResult, lpdwMajorVersion, lpdwMinorVersion, lpdwBuildNumber))
    		{
    			break;
    		}
    
    		//6. 成功 设置标记位
    		bRes = TRUE;
    
    		//LOG
    		TCHAR szLog[512] = { 0 };
    		_stprintf_s(szLog, 511, TEXT("Version: %d.%d  Build : %d"), *lpdwMajorVersion, *lpdwMinorVersion, *lpdwBuildNumber);
    		::OutputDebugString(szLog);
    	} while (FALSE);
    
    	if (TRUE == bIsCloseWow64)
    	{
    		TWow64EnableWow64FsRedirection(TRUE);
    	}
    
    	return  bRes;
    }
    
    
    // 获取 操作系统版本号
    DWORD GetVersion(void)
    {
    	OSVERSIONINFO osInfo = { 0 };
    	osInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
    	if (FALSE == GetVersionEx(&osInfo))
    	{
    		return ::GetVersion();
    	}
    	
    	DWORD dwMajorVersion = osInfo.dwMajorVersion & 0xFFFFFFFF;
    	DWORD dwMinorVersion = (osInfo.dwMinorVersion & 0xFFFFFFFF) << 8;
    	DWORD dwVerTemp = dwMajorVersion | dwMinorVersion;
    	DWORD dwBuild = (osInfo.dwBuildNumber & 0xFFFFFFFF) << 16;
    	
    	return (dwBuild | dwVerTemp);
    }
    

     

    更多相关内容
  • NTOSKRNL Emu_Extender Windows XP / 2003 / Vista / 7 NTOSKRNL.EXE缺少的功能的库 该项目旨在帮助从Windows 7/8 / 8.1 / 10移植驱动程序以用于Windows XP / 2003 / Vista / 7 如何: 编译源代码以制作ntoskrn8....
  • ntoskrnl.idb

    2020-05-29 00:12:49
    ntoskrnl.idb源自ntoskrnl.sys,分析了部分电源管理相关的内核函数 后续继续更新
  • ntoskrnl.exe

    2020-06-17 16:03:52
    蓝屏文件
  • xp ntoskrnl.zip

    2020-05-21 23:13:36
    windows xp ntoskrnl.sys/ntoskrnl.pdb/ntoskrnl.idb
  • ntoskrnl, Windows 研究内核( WRK ) Windows 研究内核 AKA WRK是实际 Windows NT 内核源代码的一部分。 WRK是专为学术用途和研究而设计的,无法用于商业用途。属性实际上,这是 Windows 内核的一部分,这意味着你...
  • ntoskrnl ntoskrnl.exe Win2003系统文件
  • ntoskrnl源码

    2015-06-12 11:40:43
    ntoskrnl源码,让你更了解内核原理。
  • Windows内核结构头文件 定义了所有Windows XP的内核结构
  • Ntoskrnl.exe win7蓝屏修复程序

    热门讨论 2013-03-28 13:06:19
    症状 假定您启用的计算机正在运行 Windows Server 2008 R2 中的 Hyper-V 角色。启用 Hyper-V 角色后重新启动计算机。但是,在重新启动操作...Ntoskrnl.exe 6.1.7600.20510 3,899,480 2009 年 8 月 20 日 05:54 不适用
  • 包含开机图像的exe文件 包含开机图像的exe文件 包含开机图像的exe文件
  • ntoskrnl.exe占用cpu

    2022-03-27 14:34:05
    system 里面的ntoskrnl.exe占用cpu到百分之10多 ,开机就会这样 什么都不做,往上找了各种方法均无成功解决,昨天晚上通宵搞了一个晚上到现在。 就是这个东西,我希望能找到解决办法
  • <Windows root>\system32\ntoskrnl.exe损坏或丢失_ 解决方案
  • windows server 2003未修改过的ntoskrnl.exe

    热门讨论 2013-01-20 18:14:03
    这是从Windows Server 2003安装光盘上提取到的原版ntoskrnl.exe,此文件在用户的windows\system32\下 此文件里面包含了引导开机的滚动条画面,可以修改。 您 下载到此文件,自行提取里面的2003开机画面,来替换你的...
  • * * using .sympath and .sympath+ * ********************************************************************* Unable to load p_w_picpath \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: ...

    前不久在HP ProLiant DL360 G6的服务器上面安装了Windows Server 2008 R2,系统一到晚上凌晨就出现蓝屏、重启现象,并且在 C:\Windows\Minidump 目录下面产生一些Dump文件,如下图所示:

    1edb42308946d5005d30564c91be3d32.png

    后面我用微软的Windbg程序查看了一下系统产生的Dump文件内容,分析一下文件日志,发现内容如下:

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:\新建文件夹\DMP\073110-13884-01.dmp]

    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***

    ****************************************************************************

    * Symbol loading may be unreliable without a symbol search path.           *

    * Use .symfix to have the debugger choose a symbol path.                   *

    * After setting your symbol path, use .reload to refresh symbol locations. *

    ****************************************************************************

    Executable search path is:

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Unable to load p_w_picpath \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2

    *** WARNING: Unable to verify timestamp for ntoskrnl.exe

    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

    Windows 7 Kernel Version 7600 MP (8 procs) Free x64

    Product: Server, suite: Enterprise TerminalServer SingleUserTS

    Built by: 7600.20655.amd64fre.win7_ldr.100226-1909

    Machine Name:

    Kernel base = 0xfffff800`0161c000 PsLoadedModuleList = 0xfffff800`01854e50

    Debug session time: Sat Jul 31 21:02:49.632 2010 (GMT+8)

    System Uptime: 2 days 10:42:35.740

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Unable to load p_w_picpath \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2

    *** WARNING: Unable to verify timestamp for ntoskrnl.exe

    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

    Loading Kernel Symbols

    ...............................................................

    ................................................................

    ..................

    Loading User Symbols

    Loading unloaded module list

    ...........

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 101, {19, 0, fffff88001c5d180, 2}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!KPRCB                                      ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!KPRCB                                      ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Probably caused by : ntoskrnl.exe

    Followup: MachineOwner

    ---------

    其中有一项Probably Caused by :ntoskrnl.exe,说明是ntoskrnl.exe造成的原因,后面在微软的网站上面,找了一下KB,在微软的Support站点上面找到了3个补丁:

    此KB:975530是修复:停止错误消息正在运行 Windows Server 2008 R2 和的一个英特尔至强 5500 系列处理器的计算机上已安装的 Hyper-V 角色:"0x00000101-CLOCK_WATCHDOG_TIMEOUT"

    此KB:982927修复:您会收到错误消息,指出文件系统已损坏或 Windows Server 2008 R2 中 Windows 7 的ntoskrnl.exe 。

    此KB:979444修复:正在运行 Windows 7 或 Windows Server 2008 R2 的计算机上的蓝色屏幕上的错误消息:"STOP: 0x0000000A"

    下图是我的打的补丁截图:

    45fa9a3688d4cf7de1c91d35423c3137.png

    之后也没有发生过蓝屏重启事件了!!!!!!!

    Windows Server 2008 R2常规安全设置及基本安全策略

    这篇文章主要介绍了Windows Web Server 2008 R2服务器简单安全设置,需要的朋友可以参考下 用的腾讯云最早选购的时候悲催的只有Windows Server 2008 R2的系统,原 ...

    如何在Windows Server 2008 R2没有磁盘清理工具的情况下使用系统提供的磁盘清理工具

    今天,刚好碰到服务器C盘空间满的情况,首先处理了临时文件和有关的日志文件后空间还是不够用,我知道清理C盘的方法有很多,但今天只分享一下如何在Windows Server 2008 R2没有磁盘清理工具 ...

    Windows Server 2008 R2 负载平衡入门篇

    一.简单介绍负载均衡 负载均衡也称负载共享,它是指负载均衡是指通过对系统负载情况进行动态调整,把负荷分摊到多个操作节点上执行,以减少系统中因各个节点负载不均衡所造成的影响,从而提高系统的工作效率.在常 ...

    Windows Server 2008 R2中的ASP&period;NET环境架设

    .NET Framework的部分功能在Windows Server 2008 R2得到支持,包括:.NET 2/3/3.5的子集和ASP.NET.另外,PowerShell也在Server Core ...

    Windows Server 2008 R2遗忘管理员密码后的解决方案

    在日常的工作中,对于一个网络管理员来讲最悲哀的事情莫过于在没有备用管理员账户和密码恢复盘的情况下遗忘了本地管理员账户密码. 在早期的系统中,遇到这种事情可以使用目前国内的很多Windows PE光盘来 ...

    Windows Server 2008 R2 64bit兼容Chrome浏览器

    近日更换系统Windows Server 2008 R2 64bit系统,发现谷歌浏览器插件无法正常运行,终于找到如下解决方案: 打开桌面谷歌浏览器属性,将target目标 C:\Users\Admi ...

    Windows Server 2008 R2 域控制器部署指南

    一.域控制器安装步骤: 1.装 Windows Server 2008 R2并配置计算机名称和IP地址(见 附录一) 2.点击“开始”,在“搜索程序和文件”中输入Dcpromo.exe后按回车键: 3 ...

    Windows Server 2008 R2 SP1 下载地址

    Windows Server 2008 R2 SP1 http://download.microsoft.com/download/0/A/F/0AFB5316-3062-494A-AB78-7FB0 ...

    在 Windows Server 2008 R2 上安装 IIS 7&period;5

    原文 在 Windows Server 2008 R2 上安装 IIS 7.5 默认情况下,Windows Server(R) 2008 R2 上不安装 IIS 7.5.可以使用服务器管理器中的“添加 ...

    随机推荐

    JSON 与 JSONP

    JSON (JavaScript Object Notation) is a lightweight data-interchange format. 即 JSON 是一种轻量级的数据交换格式. 1. ...

    巧用freemarker

    使用Freemarker宏进行可扩展式模块化编程 该文是转载而来,并非我本人所写,但是觉得真心不错,所以收藏一下 一.前言 今天的文章聊一下freemarker的一些特性:宏,我们将使用它写出一些模块 ...

    angularJs中的隐藏和显示

    展开全文
  • * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp ...

    服务器不明原因重启,已排除软件安装,

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:\Users\ibm\Desktop\091112-67002-01.dmp]

    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***

    ****************************************************************************

    * Symbol loading may be unreliable without a symbol search path.           *

    * Use .symfix to have the debugger choose a symbol path.                   *

    * After setting your symbol path, use .reload to refresh symbol locations. *

    ****************************************************************************

    Executable search path is:

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Unable to load image ntoskrnl.exe, Win32 error 0n2

    *** WARNING: Unable to verify timestamp for ntoskrnl.exe

    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

    Windows 7 Kernel Version 7600 MP (64 procs) Free x64

    Product: Server, suite: Enterprise TerminalServer SingleUserTS

    Machine Name:

    Kernel base = 0xfffff800`02c02000 PsLoadedModuleList = 0xfffff800`02e3fe70

    Debug session time: Tue Sep 11 01:36:03.975 2012 (GMT+8)

    System Uptime: 0 days 14:11:17.000

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Unable to load image ntoskrnl.exe, Win32 error 0n2

    *** WARNING: Unable to verify timestamp for ntoskrnl.exe

    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

    Loading Kernel Symbols

    ...............................................................

    ................................................................

    .............

    Loading User Symbols

    Loading unloaded module list

    ............

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {4, 2, 1, fffff80002c8413d}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!KPRCB                                      ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!KPRCB                                      ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *************************************************************************

    ***                                                                   ***

    ***                                                                   ***

    ***    Your debugger is not using the correct symbols                 ***

    ***                                                                   ***

    ***    In order for this command to work properly, your symbol path   ***

    ***    must point to .pdb files that have full type information.      ***

    ***                                                                   ***

    ***    Certain .pdb files (such as the public OS symbols) do not      ***

    ***    contain the required information.  Contact the group that      ***

    ***    provided you with these symbols if you need this command to    ***

    ***    work.                                                          ***

    ***                                                                   ***

    ***    Type referenced: nt!_KPRCB                                     ***

    ***                                                                   ***

    *************************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    *********************************************************************

    * Symbols can not be loaded because symbol path is not initialized. *

    *                                                                   *

    * The Symbol Path can be set by:                                    *

    *   using the _NT_SYMBOL_PATH environment variable.                 *

    *   using the -y argument when starting the debugger. *

    *   using .sympath and .sympath+                                    *

    *********************************************************************

    Probably caused by : ntoskrnl.exe ( nt+8213d )

    Followup: MachineOwner

    ---------

    展开全文
  • #今天进方舟生存进化显示您的电脑出现问题,收集错误中,前几天还能玩的,今天就不行了 #用windbg看到的是probably caused by :ntoskenl.exe(nt+3ddb60)
  • xp ntoskrnl 开机文件

    2013-06-18 21:22:27
    xp ntoskrnl 开机文件 用于开机系统文件缺失
  • ntoskrnl.exe蓝屏

    万次阅读 2020-07-13 13:07:50
    win10装完系统后频繁蓝屏,用bluescreen工具检测后,提示ntoskrnl.exe文件导致; 按照以下步骤处理: 1、在开始菜单上单击右键或按下win+x,点击命令提示符(管理员); 2、在zhi命令提示符中输入:chkdsk c: /...

    win10装完系统后频繁蓝屏,用bluescreen工具检测后,提示ntoskrnl.exe文件导致;

    按照以下步骤处理:

    1、在开始菜单上单击右键或按下win+x,点击命令提示符(管理员);

    2、在命令提示符中输入: chkdsk c: /f 按下回车键,会弹出如下提示:

    3、提示:是否计划在下次系统重新启动时检查这个卷”的提示输入:Y,回车,WINDOWS自修复,重新启动电脑不要进行任何操作,让电脑自己完全启动并修复即可!

    ntoskrnl.exe


    ntoskrnl.exe 是 Windows 操作系统的一个重要内核程序文件,里面存储了大量的二进制内核代码,用于调度系统。在系统经过预启动和启动阶段后进入内核调用阶段时由 Ntldr 调用 ntoskrnl.exe, 在 Windows XP 系统中 ntoskrnl.exe 存储了启动 logo 画面。 调用 ntoskrnl.exe 文件时将由 ntdetect.com 收集的硬件信息传递给它

    展开全文
  • 查看80端口被ntoskrnl.exe占用,无法找到具体的程序 打开sqlserver 配置管理器,停止实例或者管理sqlserver reporting services服务 解决问题
  • ntoskrnl.exe原因造成的 蓝屏

    千次阅读 2021-06-28 23:51:21
    组装电脑出现蓝屏 下载bluescreenview蓝屏分析器后,分析出现时ntoskrnl.exe造成的错误
  • 发现是ntoskrnl占用比较多(这是还原后的ntoskrnl.exe,所以更新日期为2020年2月23号) 查看性能发现是磁盘100% 然后按着网上资料下载了各种驱动,驱动精灵、鲁大师、360全都整了,还是不行,后来就尝试更新系统...
  • 1、netstat -ano,列出所有端口的情况。在列表中我们观察被占用的端口 2、查看被占用端口对应的PID,输入命令:netstat -aon|findstr “80” 3、继续输入tasklist|findstr “PID编号”,回车,查看是哪个进程或者...
  • windows xp 原版ntoskrnl.exe

    热门讨论 2013-01-20 18:51:43
    windows xp原版的ntoskrnl.exe,提取他原版的开机图片替换到你的SERVER2003系统

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 5,768
精华内容 2,307
关键字:

NTOSKRNL

友情链接: textures.rar