如何解读 SFC 生成的损坏文件信息?

tag-icon tag-icon windows debug
如何解读 SFC 生成的损坏文件信息?

使用 SFC(系统文件检查器)运行扫描会在 CBS.log 文件中生成条目。

sfc /scannow

Microsoft 建议使用 c 开关运行 findstr(查找字符串)命令,该命令会在日志文件中搜索指定的字符串。结果将输出到当前用户桌面上的新文件中。

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log

现在,这就是我得到的。

2013-06-13 18:50:15, Info                  CSI    00000006 [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:50:15, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2013-06-13 18:50:17, Info                  CSI    00000009 [SR] Verify complete

ROWS THAT I SKIPPED (NO CORRUPTED FILES)

2013-06-13 18:53:43, Info                  CSI    000000d1 [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:53:43, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2013-06-13 18:53:47, Info                  CSI    000000d4 [SR] Verify complete
2013-06-13 18:53:47, Info                  CSI    000000d5 [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:53:47, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2013-06-13 18:53:51, Info                  CSI    000000d8 [SR] Verify complete

ROWS THAT I SKIPPED (NO CORRUPTED FILES)

2013-06-13 18:58:25, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:58:25, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2013-06-13 18:58:35, Info                  CSI    0000016e [SR] Verify complete
2013-06-13 18:58:36, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:58:36, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2013-06-13 18:58:43, Info                  CSI    00000172 [SR] Verify complete
2013-06-13 18:58:44, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:58:44, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2013-06-13 18:58:50, Info                  CSI    00000176 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\sv-SE"\[l:20{10}]"secpol.msc" from store
2013-06-13 18:58:51, Info                  CSI    00000179 [SR] Verify complete
2013-06-13 18:58:52, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 18:58:52, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2013-06-13 18:59:07, Info                  CSI    0000017d [SR] Verify complete

ROWS THAT I SKIPPED (NO CORRUPTED FILES)

2013-06-13 19:00:38, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 19:00:38, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2013-06-13 19:00:44, Info                  CSI    000001ae [SR] Verify complete
2013-06-13 19:00:45, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 19:00:45, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2013-06-13 19:00:50, Info                  CSI    000001b2 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-06-13 19:00:50, Info                  CSI    000001b4 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-06-13 19:00:51, Info                  CSI    000001b8 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-06-13 19:00:51, Info                  CSI    000001ba [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-06-13 19:00:53, Info                  CSI    000001bf [SR] Verify complete
2013-06-13 19:00:53, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 19:00:53, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2013-06-13 19:01:01, Info                  CSI    000001c3 [SR] Verify complete

ROWS THAT I SKIPPED (NO CORRUPTED FILES)

2013-06-13 19:08:58, Info                  CSI    0000034d [SR] Verifying 100 (0x0000000000000064) components
2013-06-13 19:08:58, Info                  CSI    0000034e [SR] Beginning Verify and Repair transaction
2013-06-13 19:09:06, Info                  CSI    00000350 [SR] Verify complete
2013-06-13 19:09:06, Info                  CSI    00000351 [SR] Verifying 81 (0x0000000000000051) components
2013-06-13 19:09:06, Info                  CSI    00000352 [SR] Beginning Verify and Repair transaction
2013-06-13 19:09:10, Info                  CSI    00000354 [SR] Verify complete
2013-06-13 19:09:10, Info                  CSI    00000355 [SR] Repairing 3 components
2013-06-13 19:09:10, Info                  CSI    00000356 [SR] Beginning Verify and Repair transaction
2013-06-13 19:09:10, Info                  CSI    00000358 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-06-13 19:09:10, Info                  CSI    0000035a [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-06-13 19:09:10, Info                  CSI    0000035e [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\sv-SE"\[l:20{10}]"secpol.msc" from store
2013-06-13 19:09:11, Info                  CSI    00000361 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-06-13 19:09:11, Info                  CSI    00000363 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-06-13 19:09:11, Info                  CSI    00000367 [SR] Repair complete
2013-06-13 19:09:11, Info                  CSI    00000368 [SR] Committing transaction
2013-06-13 19:09:11, Info                  CSI    00000369 [SR] Cannot commit interactively, there are boot critical components being repaired
2013-06-13 19:09:11, Info                  CSI    0000036a [SR] Repairing 3 components
2013-06-13 19:09:11, Info                  CSI    0000036b [SR] Beginning Verify and Repair transaction
2013-06-13 19:09:11, Info                  CSI    0000036d [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-06-13 19:09:11, Info                  CSI    0000036f [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-06-13 19:09:11, Info                  CSI    00000373 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\sv-SE"\[l:20{10}]"secpol.msc" from store
2013-06-13 19:09:11, Info                  CSI    00000376 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-06-13 19:09:11, Info                  CSI    00000378 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-06-13 19:09:12, Info                  CSI    0000037c [SR] Repair complete

我该如何解释下面这一行:

Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\sv-SE"\[l:20{10}]"secpol.msc" from store

什么是毫升, 是什么表示什么?为什么搜索路径前有两个双问号?SR 代表什么?“store”是什么意思?

如果您知道 TechNet 或 MSDN 文章或其他网页可以解决此问题,请发布链接。

答案1

您所要求的部分信息已在微机控制知识库

CBS.log 不仅由 sfc.exe 使用,因此 sfc.exe 会将[SR]作为标记添加到其写入的所有行。这样您就可以识别哪些行是由 sfc.exe 写入的。

日志文件中给出的路径是对象管理器知道如何处理的低级文件系统路径/对象名称。这\??\是对象管理器为设备名称创建的对象目录。在此对象目录中,Windows 子系统为 C: 创建指向安装为 C: 的硬盘的符号链接。您可以找到更多信息这里这里SysInternals 在其网页您可以在其中查看所有对象。

“存储”曾经是文件夹 %SystemRoot%\System32\DllCache,请参阅微机控制知识库,由于 Windows Vista 中它位于 %WinDir%\WinSxS\Backup,另请参阅维基百科

我不知道毫升代表,但在 ml 和 l 之后给出的值表明它们是后面字符串的长度信息('l:<字节长度>{<Unicode 字符长度>}“字符串”')。

相关内容