0x00000050 PAGE_FAULT_IN_NONPAGED_AREA
Błąd oprogramowania, które zażądało dostępu do danych, których nie ma (lub podał zły adres). Urządzenie sprzętowe lub usługa systemowa zażądała danych, które nie znajdowały się w pamięci, powodując błąd wyjątku. Przyczyną może być wadliwa pamięć fizyczna lub niekompatybilne oprogramowanie, w szczególności programy zdalnego dostępu oraz antywirusowe.
Podejrzany sterownik grafiki.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\043013-4882-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0405b000 PsLoadedModuleList = 0xfffff800`0429e670
Debug session time: Tue Apr 30 07: 36: 01.926 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 02: 00.723
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff88042fb8ae1, 1, fffff880077ddb98, 5}
Unable to load image \SystemRoot\system32\DRIVERS\igdkmd64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for igdkmd64.sys
*** ERROR: Module load completed but symbols could not be loaded for igdkmd64.sys
Could not read faulting driver name
Probably caused by : igdkmd64.sys ( igdkmd64+105b98 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88042fb8ae1, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff880077ddb98, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80004308100
fffff88042fb8ae1
FAULTING_IP:
igdkmd64+105b98
fffff880`077ddb98 41898a418b5140 mov dword ptr [r10+40518B41h],ecx
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88004941ab0 -- (.trap 0xfffff88004941ab0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000023004400 rbx=0000000000000000 rcx=0000000023004400
rdx=fffffa8008899208 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880077ddb98 rsp=fffff88004941c40 rbp=fffff88004941c40
r8=0000000000000000 r9=fffff88004941cd0 r10=fffff88002a9ffa0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
igdkmd64+0x105b98:
fffff880`077ddb98 41898a418b5140 mov dword ptr [r10+40518B41h],ecx ds: fffff880`42fb8ae1=?
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000414d5a3 to fffff800040d0c00
STACK_TEXT:
fffff880`04941948 fffff800`0414d5a3 : 00000000`00000050 fffff880`42fb8ae1 00000000`00000001 fffff880`04941ab0 : nt!KeBugCheckEx
fffff880`04941950 fffff800`040ced2e : 00000000`00000001 fffff880`42fb8ae1 fffff880`02a9fd00 fffff880`077ddab0 : nt! ? : FNODOBFM: `string'+0x43801
fffff880`04941ab0 fffff880`077ddb98 : fffff880`04941ca0 fffff880`077d49c1 fffffa80`08898770 fffff880`04941cd0 : nt!KiPageFault+0x16e
fffff880`04941c40 fffff880`04941ca0 : fffff880`077d49c1 fffffa80`08898770 fffff880`04941cd0 fffff880`04941cb8 : igdkmd64+0x105b98
fffff880`04941c48 fffff880`077d49c1 : fffffa80`08898770 fffff880`04941cd0 fffff880`04941cb8 fffff900`00001600 : 0xfffff880`04941ca0
fffff880`04941c50 fffffa80`08898770 : fffff880`04941cd0 fffff880`04941cb8 fffff900`00001600 fffff880`04941ca0 : igdkmd64+0xfc9c1
fffff880`04941c58 fffff880`04941cd0 : fffff880`04941cb8 fffff900`00001600 fffff880`04941ca0 fffff880`077d3b57 : 0xfffffa80`08898770
fffff880`04941c60 fffff880`04941cb8 : fffff900`00001600 fffff880`04941ca0 fffff880`077d3b57 fffffa80`08dd6470 : 0xfffff880`04941cd0
fffff880`04941c68 fffff900`00001600 : fffff880`04941ca0 fffff880`077d3b57 fffffa80`08dd6470 00000000`00000000 : 0xfffff880`04941cb8
fffff880`04941c70 fffff880`04941ca0 : fffff880`077d3b57 fffffa80`08dd6470 00000000`00000000 00000000`00000001 : 0xfffff900`00001600
fffff880`04941c78 fffff880`077d3b57 : fffffa80`08dd6470 00000000`00000000 00000000`00000001 00000000`00000000 : 0xfffff880`04941ca0
fffff880`04941c80 fffffa80`08dd6470 : 00000000`00000000 00000000`00000001 00000000`00000000 fffff880`04941d50 : igdkmd64+0xfbb57
fffff880`04941c88 00000000`00000000 : 00000000`00000001 00000000`00000000 fffff880`04941d50 fffff880`077d3d9f : 0xfffffa80`08dd6470
STACK_COMMAND: kb
FOLLOWUP_IP:
igdkmd64+105b98
fffff880`077ddb98 41898a418b5140 mov dword ptr [r10+40518B41h],ecx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: igdkmd64+105b98
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: igdkmd64
IMAGE_NAME: igdkmd64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 51493a45
FAILURE_BUCKET_ID: X64_0x50_igdkmd64+105b98
BUCKET_ID: X64_0x50_igdkmd64+105b98
Followup: MachineOwner
---------
0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Komunikat wyświetlany jest, gdy sterownik próbuje uzyskać dostęp do niewłaściwego adresu pamięci. Należy zwrócić uwagę na nie podpisane sterowniki oraz ostatnio instalowane lub aktualizowane programy antywirusowe, narzędzia dyskowe oraz programy do tworzenia kopii zapasowych, te programy w szczególności mogły zainstalować wadliwy sterownik.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\043013-9157-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0404d000 PsLoadedModuleList = 0xfffff800`04290670
Debug session time: Tue Apr 30 16: 02: 17.857 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 00: 41.028
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {932f10, 2, 1, fffff88007607d22}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000932f10, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88007607d22, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800042fa100
0000000000932f10
CURRENT_IRQL: 2
FAULTING_IP:
dxgmms1!VidSchiSendToExecutionQueue+82e
fffff880`07607d22 088b052f9300 or byte ptr [rbx+932F05h],cl
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88003ddb6f0 -- (.trap 0xfffff88003ddb6f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000001f rbx=0000000000000000 rcx=fffffa800864e7a0
rdx=fffff88003ddb8e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88007607d22 rsp=fffff88003ddb880 rbp=fffffa800866e000
r8=fffffa800866e000 r9=0000000000000000 r10=fffff8800760c244
r11=fffff88003ddb850 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
dxgmms1!VidSchiSendToExecutionQueue+0x82e:
fffff880`07607d22 088b052f9300 or byte ptr [rbx+932F05h],cl ds: 0002: 00000000`00932f05=?
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800040c21a9 to fffff800040c2c00
STACK_TEXT:
fffff880`03ddb5a8 fffff800`040c21a9 : 00000000`0000000a 00000000`00932f10 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`03ddb5b0 fffff800`040c0e20 : 00000000`00000000 00000000`00000000 fffffa80`0864e010 00000000`0000000b : nt!KiBugCheckDispatch+0x69
fffff880`03ddb6f0 fffff880`07607d22 : 00000000`0000000b fffffa80`0866e000 00000000`0000000b fffffa80`0866f750 : nt!KiPageFault+0x260
fffff880`03ddb880 fffff880`07639e65 : fffffa80`0866e001 fffffa80`00000001 00000000`00000000 fffffa80`0866e000 : dxgmms1!VidSchiSendToExecutionQueue+0x82e
fffff880`03ddb980 fffff880`07639346 : fffffa80`0864e010 fffffa80`0864e010 fffffa80`066f4d50 fffffa80`08663af0 : dxgmms1!VidSchiSendToExecutionQueueWithWait+0x179
fffff880`03ddba80 fffff880`0760b303 : fffffa80`0864e010 fffffa80`0919e8e0 fffffa80`091a0ad0 fffffa80`091a0ad0 : dxgmms1!VidSchiSubmitPreemptionCommand+0x8a
fffff880`03ddbab0 fffff880`07637e7a : 00000000`00000000 fffffa80`08f65c00 00000000`00000080 fffffa80`0864e010 : dxgmms1!VidSchiScheduleCommandToRun+0x217
fffff880`03ddbbc0 fffff800`04360ede : 00000000`00e75e1e fffffa80`0865cb50 fffffa80`066eb040 fffffa80`0865cb50 : dxgmms1!VidSchiWorkerThread+0xba
fffff880`03ddbc00 fffff800`040b3906 : fffff800`0423de80 fffffa80`0865cb50 fffff800`0424bcc0 fffff880`013ce7cb : nt!PspSystemThreadStartup+0x5a
fffff880`03ddbc40 00000000`00000000 : fffff880`03ddc000 fffff880`03dd6000 fffff880`03ddb540 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !dxgmms1
fffff88007607d22 - dxgmms1!VidSchiSendToExecutionQueue+82e
[ 48: 08 ]
1 error : !dxgmms1 (fffff88007607d22)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: ONE_BIT
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
Followup: memory_corruption
---------
0x000000FC ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
Tutaj widzę przyplątał sie dodatkowo Avast.
Nastąpiła próba uruchomienia kodu przez sterownik z części pamięci nie przeznaczonej do tego celu.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\050113-3338-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`04000000 PsLoadedModuleList = 0xfffff800`04243670
Debug session time: Wed May 1 11: 11: 17.812 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 00: 07.982
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck FC, {fffff88007bb0c78, 80000002105bb963, fffff88009976450, 2}
Unable to load image \?\C: \Windows\system32\drivers\aswMonFlt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswMonFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for aswMonFlt.sys
Probably caused by : aswMonFlt.sys ( aswMonFlt+ec78 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory. The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff88007bb0c78, Virtual address for the attempted execute.
Arg2: 80000002105bb963, PTE contents.
Arg3: fffff88009976450, (reserved)
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xFC
PROCESS_NAME: iSCTAgent.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88009976450 -- (.trap 0xfffff88009976450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88009976678 rbx=0000000000000000 rcx=fffffa8008091c60
rdx=fffffa8006f06010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88007bb0c78 rsp=fffff880099765e8 rbp=0000000000000002
r8=fffffa80092312d0 r9=fffff88009976728 r10=fffff80004000000
r11=0000000000000429 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
aswMonFlt+0xec78:
fffff880`07bb0c78 43004f00 add byte ptr [r15],cl ds: 0001: 00000000`00000000=?
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800040f38a8 to fffff80004075c00
STACK_TEXT:
fffff880`099762e8 fffff800`040f38a8 : 00000000`000000fc fffff880`07bb0c78 80000002`105bb963 fffff880`09976450 : nt!KeBugCheckEx
fffff880`099762f0 fffff800`04073d2e : 00000000`00000008 fffff880`07bb0c78 00000000`00000700 fffffa80`094b9300 : nt! ? : FNODOBFM: `string'+0x44dfc
fffff880`09976450 fffff880`07bb0c78 : 00000000`00000000 fffff8a0`0ac10010 fffff8a0`0ac10030 fffff880`09976700 : nt!KiPageFault+0x16e
fffff880`099765e8 00000000`00000000 : fffff8a0`0ac10010 fffff8a0`0ac10030 fffff880`09976700 00000000`00000002 : aswMonFlt+0xec78
STACK_COMMAND: kb
FOLLOWUP_IP:
aswMonFlt+ec78
fffff880`07bb0c78 43004f00 add byte ptr [r15],cl
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: aswMonFlt+ec78
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswMonFlt
IMAGE_NAME: aswMonFlt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5137cfa0
FAILURE_BUCKET_ID: X64_0xFC_aswMonFlt+ec78
BUCKET_ID: X64_0xFC_aswMonFlt+ec78
Followup: MachineOwner
---------
0x00000019 BAD_POOL_HEADER
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\050113-3900-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0404a000 PsLoadedModuleList = 0xfffff800`0428d670
Debug session time: Wed May 1 18: 09: 51.772 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 06: 13.709
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffff8a0114cc750, fffff8a0114ccf50, 58004c0}
Probably caused by : fileinfo.sys ( fileinfo!FIStreamGetInfo+11f )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffff8a0114cc750, The pool entry we were looking for within the page.
Arg3: fffff8a0114ccf50, The next pool entry.
Arg4: 00000000058004c0, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff800042f7100
fffff8a0114cc750
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800041f2cae to fffff800040bfc00
STACK_TEXT:
fffff880`0a6209a8 fffff800`041f2cae : 00000000`00000019 00000000`00000020 fffff8a0`114cc750 fffff8a0`114ccf50 : nt!KeBugCheckEx
fffff880`0a6209b0 fffff880`012e407a : fffffa80`03eee180 00000000`00000001 fffff8a0`6446744e 00000000`00000009 : nt!ExDeferredFreePool+0x12da
fffff880`0a620a60 fffff880`012eb41c : fffffa80`070c3860 fffff8a0`003f5140 fffff8a0`003f5010 fffffa80`03eee180 : Ntfs!NtfsCommonClose+0x43a
fffff880`0a620b30 fffff880`00daa6af : fffff8a0`00001701 fffffa80`076dfc60 fffffa80`0774fa00 00000000`00000003 : Ntfs!NtfsFsdClose+0x2dc
fffff880`0a620c30 fffff800`043be4ae : fffffa80`0774fb10 fffffa80`03dea820 fffffa80`036b3040 fffffa80`03e18de0 : fltmgr!FltpDispatch+0x9f
fffff880`0a620c90 fffff800`040c8e44 : fffff880`00000400 fffffa80`070d9740 fffffa80`036c5c90 fffffa80`07686268 : nt!IopDeleteFile+0x11e
fffff880`0a620d20 fffff800`043b82d4 : fffffa80`070d9740 00000000`00000000 fffffa80`03a34060 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`0a620d80 fffff800`043b8884 : 00000000`00006628 fffffa80`070d9740 fffff8a0`00001760 00000000`00006628 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`0a620e10 fffff800`040bee93 : fffffa80`03a34060 fffff880`0a620ee0 fffffa80`076861c0 fffffa80`0774fb10 : nt!ObpCloseHandle+0x94
fffff880`0a620e60 fffff800`040bb450 : fffff880`00dccc33 00000000`00000017 00000000`00000038 fffffa80`076861c0 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0a620ff8 fffff880`00dccc33 : 00000000`00000017 00000000`00000038 fffffa80`076861c0 00000000`00000038 : nt!KiServiceLinkage
fffff880`0a621000 fffff880`00dcdf81 : fffffa80`0000003f 00000000`0000003f 00000000`00000039 00000000`00000000 : fltmgr!FltpExpandShortNames+0x283
fffff880`0a621060 fffff880`00dcde1e : fffffa80`076861c0 fffff880`00dc0000 00000000`00000000 00000000`00000000 : fltmgr!FltpGetNormalizedFileNameWorker+0xc1
fffff880`0a6210a0 fffff880`00daf4fb : fffffa80`0390b180 00000000`00000000 fffffa80`07761a00 fffff880`0a622000 : fltmgr!FltpCreateFileNameInformation+0xee
fffff880`0a621100 fffff880`00dbab44 : 00000000`00008000 fffffa80`07761a00 00000000`00000000 00000000`00000401 : fltmgr!FltpGetFileNameInformation+0x26b
fffff880`0a621180 fffff880`00fd736b : fffffa80`076861c0 fffff8a0`0e470a20 00000000`00000001 fffff880`0a6212b0 : fltmgr!FltGetFileNameInformation+0x184
fffff880`0a621210 fffff880`00fd5bdb : fffff140`22930f27 00000000`00000001 00000000`00000000 00000000`00010dae : fileinfo!FIStreamGetInfo+0x11f
fffff880`0a621290 fffff880`00dad288 : 00000000`00000000 fffff8a0`0e470a20 fffffa80`06a09f70 00000000`00000000 : fileinfo!FIPostCreateCallback+0x1c7
fffff880`0a621320 fffff880`00dabd1b : fffffa80`03eee030 fffffa80`039c2550 fffffa80`036dd010 fffffa80`036dd230 : fltmgr!FltpPerformPostCallbacks+0x368
fffff880`0a6213f0 fffff880`00dcb2b9 : fffffa80`06a09c60 fffffa80`03eec010 fffffa80`06a09c00 fffffa80`03e18de0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x39b
fffff880`0a621480 fffff800`043c0fdc : 00000000`00000045 fffffa80`07683cc8 fffffa80`05accc80 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`0a621530 fffff800`043bc958 : fffffa80`03de7a50 fffff800`00000000 fffffa80`07683b10 fffff800`00000001 : nt!IopParseDevice+0x14d3
fffff880`0a621690 fffff800`043bdb76 : 00000000`00000000 fffffa80`07683b10 fffff8a0`117b5210 fffffa80`036c5c90 : nt!ObpLookupObjectName+0x588
fffff880`0a621780 fffff800`0439bbe6 : fffff8a0`117b51e0 00000000`0118e238 00000000`00000001 00000002`00000000 : nt!ObOpenObjectByName+0x306
fffff880`0a621850 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtQueryAttributesFile+0x145
STACK_COMMAND: kb
FOLLOWUP_IP:
fileinfo!FIStreamGetInfo+11f
fffff880`00fd736b 85c0 test eax,eax
SYMBOL_STACK_INDEX: 10
SYMBOL_NAME: fileinfo!FIStreamGetInfo+11f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc481
FAILURE_BUCKET_ID: X64_0x19_20_fileinfo!FIStreamGetInfo+11f
BUCKET_ID: X64_0x19_20_fileinfo!FIStreamGetInfo+11f
Followup: MachineOwner
---------
0x0000003B: SYSTEM_SERVICE_EXCEPTION
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\050113-4414-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`04068000 PsLoadedModuleList = 0xfffff800`042ab670
Debug session time: Wed May 1 11: 03: 50.374 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 05: 34.171
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800043de97d, fffff8800576bb50, 0}
Probably caused by : ntkrnlmp.exe ( nt!IopParseDevice+e74 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800043de97d, Address of the instruction which caused the bugcheck
Arg3: fffff8800576bb50, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
nt!IopParseDevice+e74
fffff800`043de97d c6470300 mov byte ptr [rdi+3],0
CONTEXT: fffff8800576bb50 -- (.cxr 0xfffff8800576bb50)
rax=0000000000200000 rbx=0000000000000045 rcx=fffdba813a72a5e0
rdx=0000000000000080 rsi=0000000000000001 rdi=fffdba813a72a598
rip=fffff800043de97d rsp=fffff8800576c530 rbp=fffffa80067ac778
r8=0000000000000000 r9=0000000000000000 r10=fffff8000426d588
r11=0000000000000006 r12=fffff8800576c8a0 r13=fffffa8009aecc60
r14=fffffa8006e19880 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010292
nt!IopParseDevice+0xe74:
fffff800`043de97d c6470300 mov byte ptr [rdi+3],0 ds: 002b: fffdba81`3a72a59b=?
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: ComCenService.
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800043de97d
STACK_TEXT:
fffff880`0576c530 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopParseDevice+0xe74
FOLLOWUP_IP:
nt!IopParseDevice+e74
fffff800`043de97d c6470300 mov byte ptr [rdi+3],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!IopParseDevice+e74
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6
STACK_COMMAND: .cxr 0xfffff8800576bb50 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!IopParseDevice+e74
BUCKET_ID: X64_0x3B_nt!IopParseDevice+e74
Followup: MachineOwner
---------
0x1000007E SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\050113-5101-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0405f000 PsLoadedModuleList = 0xfffff800`042a2670
Debug session time: Wed May 1 10: 52: 39.128 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 05: 25.299
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff800042076fb, fffff880033d9708, fffff880033d8f60}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ca7 )
Followup: Pool_corruption
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800042076fb, The address that the exception occurred at
Arg3: fffff880033d9708, Exception Record Address
Arg4: fffff880033d8f60, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
nt!ExDeferredFreePool+ca7
fffff800`042076fb 488b00 mov rax,qword ptr [rax]
EXCEPTION_RECORD: fffff880033d9708 -- (.exr 0xfffff880033d9708)
ExceptionAddress: fffff800042076fb (nt!ExDeferredFreePool+0x0000000000000ca7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000
CONTEXT: fffff880033d8f60 -- (.cxr 0xfffff880033d8f60)
rax=0000000000000000 rbx=0000000000000001 rcx=fffffa8006674290
rdx=0000000000000003 rsi=0000000000000000 rdi=fffff8a0100d0540
rip=fffff800042076fb rsp=fffff880033d9940 rbp=0000000000000000
r8=fffff8a00fbaa110 r9=000000000008d109 r10=0000000000000001
r11=fffff8a00fbaa110 r12=fffffa8006674140 r13=0000000000000000
r14=0000000000000018 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
nt!ExDeferredFreePool+0xca7:
fffff800`042076fb 488b00 mov rax,qword ptr [rax] ds: 002b: 00000000`00000000=?
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000430c100
0000000000000000
FOLLOWUP_IP:
nt!ExDeferredFreePool+ca7
fffff800`042076fb 488b00 mov rax,qword ptr [rax]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff800042084f1 to fffff800042076fb
STACK_TEXT:
fffff880`033d9940 fffff800`042084f1 : 0000555f`d89f2ec1 fffff8a0`100d04f0 00000000`00000000 00000000`00000001 : nt!ExDeferredFreePool+0xca7
fffff880`033d99d0 fffff800`043bb470 : fffff800`042da600 00000000`00000282 fffff880`624e4d43 00000000`00000018 : nt!ExFreePoolWithTag+0x411
fffff880`033d9a80 fffff800`043bb504 : fffff8a0`106e0de8 00000000`99f00de7 fffff8a0`00e62410 ffffffff`ffffffff : nt!CmpDereferenceNameControlBlockWithLock+0xdc
fffff880`033d9ab0 fffff800`0439a82f : fffff8a0`106e0de8 fffff800`043b9b0f 00000000`624e4d43 00000000`00000000 : nt!CmpCleanUpKcbCacheWithLock+0x34
fffff880`033d9ae0 fffff800`043b9c61 : fffff8a0`106e0de8 00000000`ae297ec2 fffff8a0`00e62410 00000000`00000000 : nt!CmpDereferenceKeyControlBlockWithLock+0x13f
fffff880`033d9b10 fffff800`040de251 : fffff800`0427a2d8 fffffa80`066fe040 00000000`00000000 fffffa80`09ded168 : nt!CmpDelayDerefKCBWorker+0x1f1
fffff880`033d9b70 fffff800`04372ede : 00000000`00000000 fffffa80`066fe040 00000000`00000080 fffffa80`066ea040 : nt!ExpWorkerThread+0x111
fffff880`033d9c00 fffff800`040c5906 : fffff880`03165180 fffffa80`066fe040 fffff880`0316ffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033d9c40 00000000`00000000 : fffff880`033da000 fffff880`033d4000 fffff880`033d9850 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+ca7
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .cxr 0xfffff880033d8f60 ; kb
FAILURE_BUCKET_ID: X64_0x7E_nt!ExDeferredFreePool+ca7
BUCKET_ID: X64_0x7E_nt!ExDeferredFreePool+ca7
Followup: Pool_corruption
---------
(03.05.2013 21:08)graby0 napisał(a): - sterowniki chyba najnowsze (włącznie z tymi ze strony producenta takie jak usb3.0 czy hd4000)
Chyba czy na pewno ? Robi sporą różnicę
Cytat:sigverif.exe i verifier.exe – 0 błędów
Jakim cudem już uznałeś za OK skoro weryfikację sterowników robi się przynajmniej przez kilka godzin pracując na sprzęcie ? Jest to nawet napisane w opisie. Przyłóż się bardziej.
Dopisałem do listy sprawdzenia kości ram - czy są w 100% kompatybilne z płytą bo nie wszystko wchodzi na listę QVL. Był już na forum taki przypadek - zero błędów memtesta a dopiero zmiana na certyfikowane rozwiązała problemy.
Jak sobie nie poradzisz to zrobiłbym, reinstalację i tylko sterowniki (bez badziewnego oprogramowania). Na to dopiero punkt przywracania i kopia zapasowa (jako dobry punkt powrotu) a dopiero potem poprawki i wszelkiej maści aplikacje.
Post: #4![[Obrazek: 2089620800_1406976151.png]](http://obrazki.elektroda.pl/2089620800_1406976151.png)
