所以我有一台运行Windows Server 2008 64位的打印服务器 . 它为各种打印机提供水晶报告,有些是旧的,有些是新的 . 这意味着那里有几个不同的驱动程序 . 最近我们开始遇到splWOW64进程将挂起并且所有打印都将备份的问题 . 如果我们终止该进程,则队列正常打印 . 每当我们看到什么打印机和什么报告打印时,看看看起来像挂起的打印作业,但它从来都不是相同的报告或打印机 . 我们已经完全转储了splwow64进程,并被告知HP通用打印驱动程序PCL5导致了这个问题 . 多年来它一直在为我们的大多数打印机工作,没有任何问题 . 所以我们删除了那个驱动器并开始为每种型号的打印机使用单独的驱动程序,如果我们可以在microsoft驱动程序数据库中找到它们,则所有PCL6 . 这些都没有解决问题 . 它仍然每天发生2-3次,具体取决于它的繁忙程度 . 我从来没有使用windbg来调试任何东西,我的结果低于!analyze -v -hang的最近转储 . 这一刻对我来说是胡言乱语 . 也许那里有人可以看到明显错误的东西?
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000000000000 rbx=0000000000000000 rcx=00000000004486f8
rdx=00000000ffffffff rsi=00000000ffffffff rdi=0000000000000088
rip=0000000076d812fa rsp=000000000028f708 rbp=0000000000000001
r8=000000000028f7d8 r9=0000000000000001 r10=0000000000000000
r11=0000000000000202 r12=0000000000000000 r13=00000000ff963440
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForSingleObject+0xa:
00000000`76d812fa c3 ret
FAULTING_THREAD: 0000000000000000
BUGCHECK_STR: HANG
DEFAULT_BUCKET_ID: APPLICATION_HANG
PROCESS_NAME: splwow64.exe
ERROR_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: splwow64.exe
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
0 b68.19bc Unknown
WAIT_CHAIN_COMMAND: ~0s;k;;
BLOCKING_THREAD: 00000000000019bc
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG
LAST_CONTROL_TRANSFER: from 000007fefcfa10dc to 0000000076d812fa
STACK_TEXT:
00000000`0028f708 000007fe`fcfa10dc : 00000000`0044d000 00000000`00400000 00000000`0044cff0 00000000`76d840fd : ntdll!NtWaitForSingleObject+0xa
00000000`0028f710 000007fe`fd2ed95d : 00000000`004485f0 00000000`0000000a 00000000`00000000 00000000`00000088 : KERNELBASE!WaitForSingleObjectEx+0x79
00000000`0028f7b0 000007fe`fd36f42c : 00000000`00000000 00000000`00000000 00000000`004485f0 000007fe`fd2ff74e : rpcrt4!EVENT::Wait+0xd
00000000`0028f7e0 000007fe`fd33a879 : 00000000`004485f0 00000000`004485f0 00000000`00000000 00000000`00000001 : rpcrt4!RPC_SERVER::WaitForStopServerListening+0x1c
00000000`0028f810 000007fe`fd2ffa49 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : rpcrt4!Invoke+0x13e46
00000000`0028f850 00000000`ff966b98 : 00000000`00000000 00000000`0000000a 00000000`0000000a 00000000`000004d2 : rpcrt4!RpcServerListen+0x49
00000000`0028f880 00000000`ff9671f1 : 00000000`00000000 00000000`0028fa20 00000000`00187c90 00000000`00003000 : splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+0x19c
00000000`0028f9d0 00000000`ff967fb2 : 00000000`00187c90 00000000`00003000 00000000`00001a20 00000000`00003000 : splwow64!TLoad64BitDllsMgr::Run+0x4d
00000000`0028fa10 00000000`ff96d095 : 00000000`00000000 00000000`00000000 00000000`00187d20 00000000`00000000 : splwow64!wmain+0x1ae
00000000`0028fa50 00000000`76b2652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : splwow64!ConvertStringSecurityDescriptorToSecurityDescriptorW+0x19b
00000000`0028fa90 00000000`76d5c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0028fac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
FOLLOWUP_IP:
splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c
00000000`ff966b98 8bd8 mov ebx,eax
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: splwow64
IMAGE_NAME: splwow64.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4f35fbfe
STACK_COMMAND: ~0s ; kb
BUCKET_ID: X64_HANG_splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c
FAILURE_BUCKET_ID: APPLICATION_HANG_cfffffff_splwow64.exe!TLoad64BitDllsMgr::StartLdrRPCServer
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:application_hang_cfffffff_splwow64.exe!tload64bitdllsmgr::startldrrpcserver
FAILURE_ID_HASH: {369fae16-3854-e2c0-c756-fdab044a0958}
Followup: MachineOwner
1 回答
你应该进行内核转储(参见:http://support.microsoft.com/kb/244139)
然后你应该这样做:
搜索你的进程!进程0 0 splwow64
切换到找到的进程.process / p addr
列出找到进程的所有线程!进程addr 17
找到你的主题
在堆栈中找到ALPC句柄并找到一个内核对象:!handle handle
打印ALPC端口对象!alpc ob_addr
找到打印对应的服务器端口
如果您已完成这些步骤,则必须知道挂起RPC请求的RPC服务器进程