Shadowsocks-windows: Windows10启动Shadowsocks系统蓝屏重启

Created on 4 Aug 2018 · 6Comments · Source: shadowsocks/shadowsocks-windows

Shadowsocks is an open source project for noneprofit. If you bought the service from a provider, please contact them. / 影梭（Shadowsocks）是一个开源非盈利项目，不提供任何托管服务。如果你是从服务提供商购买的服务，请联系他们
If you have questions rather than Shadowsocks Windows client, please go to / 如果你有非影梭Windows客户端相关的问题，请去 https://github.com/shadowsocks
Please read Wiki carefully, especially / 提问前请先阅读wiki https://github.com/shadowsocks/shadowsocks-windows/wiki/Troubleshooting.
Or search from Issue Board / 或在Issue Board中搜索 https://github.com/shadowsocks/shadowsocks-windows/issues?utf8=%E2%9C%93&q=is%3Aissue
Please answer the following questions before submission. Questions lack of details will be closed. / 请按照以下格式描述你的问题，描述不清的问题将会被关闭

Shadowsocks version / 影梭版本

版本是4.09和4.10

Environment(Operating system, .NET Framework, etc) / 使用环境（操作系统，.NET Framework等）

系统是Windows 10，Microsoft Visual C++ 2015 Redistributable ，.NET Framework 4.7

Steps you have tried / 操作步骤

启动Shadowsocks.exe，系统就会蓝屏，然后系统重启。

What did you expect to see? / 期望的结果

What did you see instead? / 实际结果

Config and error log in detail (with all sensitive info masked) / 配置文件和日志文件（请隐去敏感信息）

Source

Andr-Robot

Most helpful comment

你的问题是由于一个名为“NETIO.SYS”的内核驱动导致的，这是一个Windows自带的网络读写子系统驱动。

MODULE_NAME: NETIO
IMAGE_NAME:  NETIO.SYS
……
3: kd> lmvm NETIO
Browse full module list
start             end                 module name
fffff80b`65540000 fffff80b`655c9000   NETIO    # (pdb symbols)          d:\symbols\netio.pdb\F85B663A5F22D452D2AF7C3A604D45691\netio.pdb
    Loaded symbol image file: NETIO.SYS
    Mapped memory image file: d:\symbols\NETIO.SYS\62E4197B89000\NETIO.SYS
    Image path: \SystemRoot\system32\drivers\NETIO.SYS
    Image name: NETIO.SYS
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        62E4197B (This is a reproducible build file hash, not a timestamp)
    CheckSum:         0008A494
    ImageSize:        00089000
    File version:     10.0.17134.165
    Product version:  10.0.17134.165
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.6 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     netio.sys
        OriginalFilename: netio.sys
        ProductVersion:   10.0.17134.165
        FileVersion:      10.0.17134.165 (WinBuild.160101.0800)
        FileDescription:  Network I/O Subsystem
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

该驱动在尝试在调用TCP/IP协议的TcpPortPoolQueryLocalAddressFunction接口时出错：

FAULTING_IP: 
tcpip!TcpPortPoolQueryLocalAddressFunction+69e36
fffff80b`646d6bf6 488b08          mov     rcx,qword ptr [rax]

CONTEXT:  ffffed8dd49276d0 -- (.cxr 0xffffed8dd49276d0)
rax=000100010001001f rbx=ffff9f071565b000 rcx=ffff9f071e147ba8
rdx=0000000000000003 rsi=ffff9f071cbc40c8 rdi=0000000000003608
rip=fffff80b646d6bf6 rsp=ffffed8dd49280c8 rbp=ffffed8dd49281d0
 r8=ffffed8dd492810c  r9=0000000000000100 r10=ffffed8dd49281b8
r11=ffff9f0716c3b9c0 r12=0000000000000002 r13=ffff9f071565b0d8
r14=ffff9f0716c3b9c0 r15=ffff9f071cbc40c0
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
tcpip!TcpPortPoolQueryLocalAddressFunction+0x69e36:
fffff80b`646d6bf6 488b08          mov     rcx,qword ptr [rax] ds:002b:00010001`0001001f=????????????????
Resetting default scope

该问题是在 Shadowsocks.exe 的调用该接口的过程中，由于 NETIO.SYS 出错导致的，可能是由于 Shadowsocks.exe 尝试获取当前计算机上所有的本机IP地址时出错。

CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  Shadowsocks.exe
CURRENT_IRQL:  2

目前看来，有两种可能导致该问题。
１.你的系统补丁可能什么地方有问题，请检查你的Windows Update系统更新补丁是否已经安装齐了，或者你使用的是否为正式版（非预览版）的系统，因为在我的系统上， NETIO.SYS 的版本是10.0.17134.1，但是你在你的系统上，该文件的版本是 10.0.17134.165 。

２.该问题可能和TCP/IP协议栈或Winsocks损坏有关，请以管理员身份启动命令提示符，然后执行以下四行命令：

netsh interface ipv4 reset
netsh interface ipv6 reset
netsh interface tcp reset
netsh winsock reset

一行一回车，四行执行完毕后重新启动计算机即可，如果你的计算机是手动指定IP才能上网的，重启后需要再手动指定一次，如果是DHCP自动分配，则无需进行此操作。

EDIT：还有一种可能，你的系统是否有使用免费WiFi或者WiFi助手之类用于创建热点给其他设备上网的硬件或软件？或者，是否有其他的VPN或者拨号软件？

chenshaoju on 5 Aug 2018

👍5

All 6 comments

请提供你蓝屏的代码，和影梭的运行日志，以便帮你找到原因所在

juanyilxc on 4 Aug 2018

在 C:\WindowsMinidump\ 目录下会有一些类似于 100517-50513-01(.dmp) 的文件，请按日期排序，挑选一个最近一次蓝屏的文件打包成zip，上传上来看看。

chenshaoju on 5 Aug 2018

080418-8765-01.zip

Andr-Robot on 5 Aug 2018

因为一点击.exe文件电脑就直接蓝屏了，所以我在shadowsocks.log这个文件中没有找到蓝屏那个时间点的日志信息。

Andr-Robot on 5 Aug 2018

你的问题是由于一个名为“NETIO.SYS”的内核驱动导致的，这是一个Windows自带的网络读写子系统驱动。

MODULE_NAME: NETIO
IMAGE_NAME:  NETIO.SYS
……
3: kd> lmvm NETIO
Browse full module list
start             end                 module name
fffff80b`65540000 fffff80b`655c9000   NETIO    # (pdb symbols)          d:\symbols\netio.pdb\F85B663A5F22D452D2AF7C3A604D45691\netio.pdb
    Loaded symbol image file: NETIO.SYS
    Mapped memory image file: d:\symbols\NETIO.SYS\62E4197B89000\NETIO.SYS
    Image path: \SystemRoot\system32\drivers\NETIO.SYS
    Image name: NETIO.SYS
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        62E4197B (This is a reproducible build file hash, not a timestamp)
    CheckSum:         0008A494
    ImageSize:        00089000
    File version:     10.0.17134.165
    Product version:  10.0.17134.165
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.6 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     netio.sys
        OriginalFilename: netio.sys
        ProductVersion:   10.0.17134.165
        FileVersion:      10.0.17134.165 (WinBuild.160101.0800)
        FileDescription:  Network I/O Subsystem
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

该驱动在尝试在调用TCP/IP协议的TcpPortPoolQueryLocalAddressFunction接口时出错：

FAULTING_IP: 
tcpip!TcpPortPoolQueryLocalAddressFunction+69e36
fffff80b`646d6bf6 488b08          mov     rcx,qword ptr [rax]

CONTEXT:  ffffed8dd49276d0 -- (.cxr 0xffffed8dd49276d0)
rax=000100010001001f rbx=ffff9f071565b000 rcx=ffff9f071e147ba8
rdx=0000000000000003 rsi=ffff9f071cbc40c8 rdi=0000000000003608
rip=fffff80b646d6bf6 rsp=ffffed8dd49280c8 rbp=ffffed8dd49281d0
 r8=ffffed8dd492810c  r9=0000000000000100 r10=ffffed8dd49281b8
r11=ffff9f0716c3b9c0 r12=0000000000000002 r13=ffff9f071565b0d8
r14=ffff9f0716c3b9c0 r15=ffff9f071cbc40c0
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
tcpip!TcpPortPoolQueryLocalAddressFunction+0x69e36:
fffff80b`646d6bf6 488b08          mov     rcx,qword ptr [rax] ds:002b:00010001`0001001f=????????????????
Resetting default scope

该问题是在 Shadowsocks.exe 的调用该接口的过程中，由于 NETIO.SYS 出错导致的，可能是由于 Shadowsocks.exe 尝试获取当前计算机上所有的本机IP地址时出错。

CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  Shadowsocks.exe
CURRENT_IRQL:  2

２.该问题可能和TCP/IP协议栈或Winsocks损坏有关，请以管理员身份启动命令提示符，然后执行以下四行命令：

netsh interface ipv4 reset
netsh interface ipv6 reset
netsh interface tcp reset
netsh winsock reset

EDIT：还有一种可能，你的系统是否有使用免费WiFi或者WiFi助手之类用于创建热点给其他设备上网的硬件或软件？或者，是否有其他的VPN或者拨号软件？

chenshaoju on 5 Aug 2018

👍5

@chenshaoju 非常详尽的分析

celeron533 on 5 Aug 2018

😄2

Was this page helpful?

0 / 5 - 0 ratings

Related issues

请问你们现在最新的域名是什么

DonClaud · 4Comments

最近不能上网的先别上了，抽空多学学八荣八耻吧

lmshao · 4Comments

希望推出最后一项AEAD

Galaxy0419 · 4Comments

forward proxy with authorization, username:password@my_company_proxy.com seems not work?

spectereye · 4Comments

Registry Value for Automatic startup

xmha97 · 3Comments