************* Preparing the environment for Debug...

Question

************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false

-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true

Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 44

Loading Dump File [C:\Users\xiaos\Desktop\052225-6812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 26100 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0xfffff802e1a00000 PsLoadedModuleList = 0xfffff802e28f4770
Debug session time: Thu May 22 23:04:53.802 2025 (UTC + 8:00)
System Uptime: 0 days 0:35:13.652
Loading Kernel Symbols
...............................................................
................................................................
................................................................

Loading User Symbols
PEB is paged out (Peb.Ldr = 000000000028d018). Type ".hh dbgerr001" for details Loading unloaded module list ....................... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff802e1eb8b00 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef06`2510dc80=000000000000003b
10: kd> !analyze -v
Loading Kernel Symbols
...............................................................
................................................................
................................................................

Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0028d018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......................

                   Bugcheck Analysis                                    *

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80276c95e08, Address of the instruction which caused the BugCheck
Arg3: ffffef062510e5c0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:

KEY_VALUES_STRING: 1

text
Key  : Analysis.CPU.mSec
Value: 1328

Key  : Analysis.Elapsed.mSec
Value: 55675

Key  : Analysis.IO.Other.Mb
Value: 12

Key  : Analysis.IO.Read.Mb
Value: 23

Key  : Analysis.IO.Write.Mb
Value: 38

Key  : Analysis.Init.CPU.mSec
Value: 671

Key  : Analysis.Init.Elapsed.mSec
Value: 46024

Key  : Analysis.Memory.CommitPeak.Mb
Value: 121

Key  : Analysis.Version.DbgEng
Value: 10.0.27829.1001

Key  : Analysis.Version.Description
Value: 10.2503.24.01 amd64fre

Key  : Analysis.Version.Ext
Value: 1.2503.24.1

Key  : Bugcheck.Code.LegacyAPI
Value: 0x3b

Key  : Bugcheck.Code.TargetModel
Value: 0x3b

Key  : Dump.Attributes.AsUlong
Value: 0x21808

Key  : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key  : Dump.Attributes.ErrorCode
Value: 0x0

Key  : Dump.Attributes.KernelGeneratedTriageDump
Value: 1

Key  : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key  : Dump.Attributes.ProgressPercentage
Value: 0

Key  : Failure.Bucket
Value: AV_win32kfull!xxxDCEWindowHitTestIndirect

Key  : Failure.Exception.IP.Address
Value: 0xfffff80276c95e08

Key  : Failure.Exception.IP.Module
Value: win32kfull

Key  : Failure.Exception.IP.Offset
Value: 0x15e08

Key  : Failure.Hash
Value: {5d941488-e21c-8711-1613-dba5de1978bf}

Key  : Hypervisor.Enlightenments.ValueHex
Value: 0x7497cf94

Key  : Hypervisor.Flags.AnyHypervisorPresent
Value: 1

Key  : Hypervisor.Flags.ApicEnlightened
Value: 1

Key  : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0

Key  : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key  : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key  : Hypervisor.Flags.CpuManager
Value: 1

Key  : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key  : Hypervisor.Flags.DynamicCpuDisabled
Value: 1

Key  : Hypervisor.Flags.Epf
Value: 0

Key  : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1

Key  : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key  : Hypervisor.Flags.MaxBankNumber
Value: 0

Key  : Hypervisor.Flags.MemoryZeroingControl
Value: 0

Key  : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key  : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1

Key  : Hypervisor.Flags.Phase0InitDone
Value: 1

Key  : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key  : Hypervisor.Flags.RootScheduler
Value: 0

Key  : Hypervisor.Flags.SynicAvailable
Value: 1

Key  : Hypervisor.Flags.UseQpcBias
Value: 0

Key  : Hypervisor.Flags.Value
Value: 38408431

Key  : Hypervisor.Flags.ValueHex
Value: 0x24a10ef

Key  : Hypervisor.Flags.VpAssistPage
Value: 1

Key  : Hypervisor.Flags.VsmAvailable
Value: 1

Key  : Hypervisor.RootFlags.AccessStats
Value: 1

Key  : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1

Key  : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key  : Hypervisor.RootFlags.HostTimelineSync
Value: 1

Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key  : Hypervisor.RootFlags.IsHyperV
Value: 1

Key  : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1

Key  : Hypervisor.RootFlags.MceEnlightened
Value: 1

Key  : Hypervisor.RootFlags.Nested
Value: 0

Key  : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1

Key  : Hypervisor.RootFlags.Value
Value: 1015

Key  : Hypervisor.RootFlags.ValueHex
Value: 0x3f7

BUGCHECK_CODE: 3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff80276c95e08

BUGCHECK_P3: ffffef062510e5c0

BUGCHECK_P4: 0

FILE_IN_CAB: 052225-6812-01.dmp

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x21808
Kernel Generated Triage Dump

FAULTING_THREAD: ffffde8a6c154080

CONTEXT: ffffef062510e5c0 -- (.cxr 0xffffef062510e5c0)
rax=ffffffffffffffff rbx=0000000000000000 rcx=ffff9208ae513680
rdx=ffffffffffffffff rsi=0000008600000000 rdi=0000000000000000
rip=fffff80276c95e08 rsp=ffffef062510f010 rbp=ffffef062510f110
r8=fffff8027700aa68 r9=0000000000000000 r10=fffff802769ae990
r11=ffffef062510f348 r12=ffff9208ae513680 r13=ffffef062510f330
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
win32kfull!xxxDCEWindowHitTestIndirect+0x258:
fffff80276c95e08 488b4008 mov rax,qword ptr [rax+8] ds:002b:0000000000000007=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: VALORANT-Win64

STACK_TEXT:
ffffef062510f010 fffff80276c9474e : ffff550404e14933 fffff80276737879 0000008600000000 0000000023c7b0a0 : win32kfull!xxxDCEWindowHitTestIndirect+0x258
ffffef062510f310 fffff80276c94339 : 0000000000000000 fffff802769572d8 ffffde8a6d374490 ffffde8a654bd000 : win32kfull!xxxDCEWindowHitTest+0x5a
ffffef062510f380 fffff80276c93ef1 : 0000008600000000 0000008600000000 ffffef062510f4e0 0000000023a33f10 : win32kfull!xxxWindowFromPoint+0x125
ffffef062510f400 fffff80276723d77 : 0000000000000001 ffffef062510f4e0 0000000023a33f10 0000000000000020 : win32kfull!NtUserWindowFromPhysicalPoint+0x21
ffffef062510f430 fffff802e2086658 : ffffde8a6c154080 00000001ff5c3dc0 ffffde8a6c154080 0000000023a33f10 : win32k!NtUserWindowFromPoint+0x37
ffffef062510f460 00007ffc12b114d4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28
0000000000f7e968 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffc`12b114d4

SYMBOL_NAME: win32kfull!xxxDCEWindowHitTestIndirect+258

MODULE_NAME: win32kfull

IMAGE_NAME: win32kfull.sys

IMAGE_VERSION: 10.0.26100.1742

STACK_COMMAND: .cxr 0xffffef062510e5c0 ; kb

BUCKET_ID_FUNC_OFFSET: 258

FAILURE_BUCKET_ID: AV_win32kfull!xxxDCEWindowHitTestIndirect

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {5d941488-e21c-8711-1613-dba5de1978bf}

Followup: MachineOwner

这个蓝屏代码怎么解决？

Answer 1

问题摘要：
蓝屏 SYSTEM_SERVICE_EXCEPTION (0x3B) 表明 Windows 在从用户态切换到内核态的系统调用过程中发生了异常。转储里指出的故障模块是 win32kfull.sys，具体函数 xxxDCEWindowHitTestIndirect 位于图形子系统的窗口命中测试路径，通常与 图形驱动、叠加层（overlay）、或像 Riot Vanguard 这类反作弊内核驱动 的冲突有关。游戏 VALORANT 正好在崩溃前运行，进一步印证了这一点。Microsoft Learn Microsoft Learn

常见诱因

类型	说明
显卡/显示驱动	过期或 Insider 版驱动与新内核（26100 系列）不兼容。
反作弊或叠加层	Valorant Vanguard、Discord/NVIDIA Overlay、MSI Afterburner 等会注入窗口命中测试逻辑。KeenGamer Microsoft Answers
系统文件损坏	`win32kfull.sys` 及其依赖损坏或版本不匹配。
硬件/内存错误	访问违规也可能由内存条错误导致。

分步排查与修复

建议按序逐步进行，完成一步后观察是否再蓝屏，再继续下一步。

确认 Windows 版本是否稳定
- 如果你运行的是 Windows 10/11 Insider（Build 26100 属于 24H2 预览），优先回滚到正式版 23H2 或等待新补丁。预览版对第三方内核驱动兼容性较差。
彻底更新或重装显卡驱动
1. 用 DDU（Display Driver Uninstaller）在安全模式下卸载旧驱动。
2. 安装 GPU 官方最新 WHQL 驱动，而非 beta/Insider 版。
重新部署 Valorant 与 Vanguard
- 在“应用和功能”里先卸载 Riot Vanguard，再卸载 VALORANT。
- 重新下载官方安装包并安装，它会自动部署最新内核驱动。
- 安装后先别启动游戏，先做完后续系统修复步骤。
关闭所有第三方叠加层/监控工具
- Discord Overlay、GeForce Experience Overlay、Steam Overlay、RivaTuner/Afterburner 等都暂时关闭或退出。
修复系统文件
```
powershell
DISM /Online /Cleanup-Image /RestoreHealth
sfc /scannow
```
两条命令都显示“未找到完整性冲突”后再继续。Tom's Hardware
运行内存和磁盘检测
- Windows Memory Diagnostic 或 MemTest86（≥4 pass）。
- chkdsk C: /f /r，重启后完成扫描。
使用 Driver Verifier（高级）
- 只选中 非 Microsoft 驱动，尤其是 vgk.sys、显卡驱动等。
- 出现循环蓝屏可在安全模式 verifier /reset 撤销。
关闭 Memory Integrity / VBS（可选）
某些系统在开启核心隔离时会与 Vanguard 冲突。可在 Windows 安全中心 → 设备安全性 → 核心隔离 里关闭后测试。MiniTool
更新 BIOS/固件
板厂近期 BIOS 多针对 24H2 新内核修复兼容性，尤其是针对 AMD AGESA 或 Intel microcode。

何时考虑其他方案？

多款游戏/程序均触发相同蓝屏 → 更像驱动/硬件层问题。
只在 Valorant 中崩溃 且前述步骤无效 → 向 Riot 提交最新 minidump，或等待官方/Windows 更新。
内存检测不通过 → 更换/重新插拔内存条后复测。

小结

大多数 win32kfull.sys + 0x3B 蓝屏最终都与 显卡链路或叠加驱动 有关。
依次更新/重装驱动 → 修复系统文件 → 排除叠加层 通常能解决问题。如仍复现，可提供最新 *.dmp 便于进一步符号跟踪。祝你早日摆脱蓝屏！

************* Preparing the environment for Debug...

سؤال

Debugging Details:

Followup: MachineOwner

الفكرة

Explaining SYSTEM_SERVICE_EXCEPTION

الإجابة

常见诱因

分步排查与修复

何时考虑其他方案？

مشاركة هذا السؤال والجواب