06-03-2008, 11:08
|
|
|
חבר מתאריך: 15.02.08
הודעות: 53
|
|
הופעה של מסכים כחולים - פירוט קבצי דאמפ
קוד:
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini030608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 6 08:45:56.687 2008 (GMT+2)
System Uptime: 0 days 0:00:46.421
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..........
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 804e5701, b6440768, 0}
*** ERROR: Symbol file could not be found. Defaulted to export symbols for halmacpi.dll -
Probably caused by : Sandbox.SYS ( Sandbox+3572b )
Followup: MachineOwner
---------
1: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804e5701, The address that the exception occurred at
Arg3: b6440768, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!__InterlockedDecrement+5
804e5701 f00fc101 lock xadd dword ptr [ecx],eax
TRAP_FRAME: b6440768 -- (.trap 0xffffffffb6440768)
ErrCode = 00000002
eax=ffffffff ebx=b6ae5470 ecx=0000eeec edx=e2d4e1a8 esi=011eed8c edi=b6440d64
eip=804e5701 esp=b64407dc ebp=b64407f0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!__InterlockedDecrement+0x5:
804e5701 f00fc101 lock xadd dword ptr [ecx],eax ds:0023:0000eeec=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from b6b1472b to 804e5701
STACK_TEXT:
b64407d8 b6b1472b e2d4e2c8 b64407f0 b6ae06bc nt!__InterlockedDecrement+0x5
WARNING: Stack unwind information not available. Following frames may be wrong.
b64407f0 b6afbfe9 0000ef00 e2d4e1a8 00000000 Sandbox+0x3572b
b6440808 b6afc120 b644082c b6afbf38 e2d4e1a8 Sandbox+0x1cfe9
b6440810 b6afbf38 e2d4e1a8 00000038 00000000 Sandbox+0x1d120
b644082c b6afc56e 00000003 e18532a4 e179097c Sandbox+0x1cf38
b6440850 b6afb7b5 b6440894 e179097c 44414544 Sandbox+0x1d56e
b6440864 b6b03117 b6440894 e179097c 00000016 Sandbox+0x1c7b5
b6440878 b6b02c25 b64409b8 b6440894 b6440890 Sandbox+0x24117
b6440898 b6b022af b64409b8 b64408e4 b64408b8 Sandbox+0x23c25
b64408e8 b6afe593 b6440a00 b64409b8 86d9d800 Sandbox+0x232af
b6440a48 b6ae5a9c b6440ce4 00000000 00000001 Sandbox+0x1f593
b6440d48 804dd99f 000005c8 011eedb4 011eed8c Sandbox+0x6a9c
b6440d48 7c90eb94 000005c8 011eedb4 011eed8c nt!KiFastCallEntry+0xfc
011eed6c 7c90e5e5 7c831c76 000005c8 011eedb4 0x7c90eb94
011eedbc 7e42392b 000005c8 00000000 011eede0 0x7c90e5e5
011eedc0 00000000 00000000 011eede0 00000000 0x7e42392b
STACK_COMMAND: kb
FOLLOWUP_IP:
Sandbox+3572b
b6b1472b ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Sandbox+3572b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Sandbox
IMAGE_NAME: Sandbox.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 457fe2b2
FAILURE_BUCKET_ID: 0x8E_Sandbox+3572b
BUCKET_ID: 0x8E_Sandbox+3572b
Followup: MachineOwner
---------
קוד:
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini030608-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 6 08:47:05.109 2008 (GMT+2)
System Uptime: 0 days 0:00:40.828
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..........
Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, bf81fb90, b5eaaa80, 0}
Map tcpip.sys:
Image region 4ed80:5980 does not fit in mapping
Unable to load image Sandbox.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
Probably caused by : Sandbox.SYS ( Sandbox+13468 )
Followup: MachineOwner
---------
0: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf81fb90, The address that the exception occurred at
Arg3: b5eaaa80, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k+1fb90
bf81fb90 3b7624 cmp esi,dword ptr [esi+24h]
TRAP_FRAME: b5eaaa80 -- (.trap 0xffffffffb5eaaa80)
ErrCode = 00000000
eax=bc675198 ebx=00000000 ecx=87ca1b38 edx=bc640178 esi=0000cc00 edi=bc675198
eip=bf81fb90 esp=b5eaaaf4 ebp=b5eaab00 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k+0x1fb90:
bf81fb90 3b7624 cmp esi,dword ptr [esi+24h] ds:0023:0000cc24=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: rundll32.exe
LAST_CONTROL_TRANSFER: from bf81fb7a to bf81fb90
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5eaab00 bf81fb7a bc675198 e1e65ca8 e1e65d30 win32k+0x1fb90
b5eaab1c bf87b055 e1e65d30 89b10de8 e2ce85a8 win32k+0x1fb7a
b5eaab30 bf876cac e1e65ca8 87a92da8 00000000 win32k+0x7b055
b5eaab58 bf819e58 00000001 b5eaab80 bf819f1c win32k+0x76cac
b5eaab64 bf819f1c 87a92da8 00000001 00000000 win32k+0x19e58
b5eaab80 8056fc07 87a92da8 00000001 87a92da8 win32k+0x19f1c
b5eaac0c 805739b4 00000000 87a92da8 00000000 nt!PspExitThread+0x3cc
b5eaac2c 8058e369 87a92da8 00000000 b5eaad64 nt!PspTerminateThreadByPointer+0x52
b5eaac58 b6af2468 00000000 00000000 b5eaad64 nt!NtTerminateProcess+0x118
b5eaad2c b6ccead1 ffffffff 00000000 b5eaad64 Sandbox+0x13468
b5eaad54 804dd99f ffffffff 00000000 0007ff58 FILTNT+0x13ad1
b5eaad54 7c90eb94 ffffffff 00000000 0007ff58 nt!KiFastCallEntry+0xfc
0007ff58 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Sandbox+13468
b6af2468 ?? ???
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: Sandbox+13468
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Sandbox
IMAGE_NAME: Sandbox.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 457fe2b2
FAILURE_BUCKET_ID: 0x8E_Sandbox+13468
BUCKET_ID: 0x8E_Sandbox+13468
Followup: MachineOwner
---------
קוד:
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini030608-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 6 08:48:15.000 2008 (GMT+2)
System Uptime: 0 days 0:00:43.734
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..........
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {1c, 2, 1, 8053fa25}
Map tcpip.sys:
Image region 4ed80:5980 does not fit in mapping
Probably caused by : memory_corruption ( nt!MiDecrementCloneBlockReference+a )
Followup: MachineOwner
---------
1: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8053fa25, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 0000001c
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiDecrementCloneBlockReference+a
8053fa25 ff4b1c dec dword ptr [ebx+1Ch]
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: dwwin.exe
LAST_CONTROL_TRANSFER: from 80529fcb to 8053fa25
STACK_TEXT:
b5f32b4c 80529fcb 00000000 e1000400 87a7da40 nt!MiDecrementCloneBlockReference+0xa
b5f32b84 804f11e3 c0004188 01062000 00000000 nt!MiDeletePte+0x324
b5f32c48 804f521d e1987450 0108afff 00000000 nt!MiDeleteVirtualAddresses+0x162
b5f32cf4 8057f380 87a7da40 87b22cb0 b5f32d64 nt!MiRemoveMappedView+0x211
b5f32d38 8057f42c 879c4528 87a7d520 00000000 nt!MiUnmapViewOfSection+0x12b
b5f32d54 804dd99f ffffffff 87a7da40 00f2d8e8 nt!NtUnmapViewOfSection+0x54
b5f32d54 7c90eb94 ffffffff 87a7da40 00f2d8e8 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00f2d8e8 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiDecrementCloneBlockReference+a
8053fa25 ff4b1c dec dword ptr [ebx+1Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiDecrementCloneBlockReference+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 45e550ef
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+a
BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+a
Followup: MachineOwner
---------
מה ניתן לעשות ?
|