Będę debugował bsody po kolei ale trochę minie czasu.
Na pierwszy ogień proszę wykonać:
- aktualizacja bios
- sprawdzenie czy pamięci RAM znajdują sięna liście QVL płyty głównej
- sprawdzenie w bios czy mają ustawione domyślne timingi jakie zadeklarowano
- aktualizacja firmware dysku ssd
- odwiedzenie strony producenta płyty głównej i zainstalowanie sterowników
- sprawdzenie podpisów sterowników (sigverif.exe) jak i przeprowadzenie weryfikacji (verifier.exe - opis podawany nie raz na forum, poszukaj).
Ponadto wykonane tylko 4 przejścia pętli dla RAM memtestem to stanowczo za mało.
Część wspólna czyli sterowniki firm trzecich (sterowniki niesystemowe).
Kod:
WinRing0x64.sys Sat Jul 26 15: 29: 37 2008 (488B26C1)
Biblioteki WinRing - mogą powodować bsody korzysta z tego RealTemp Corsair Link2 GameBooster
intelppm.sys Tue Jul 14 01: 19: 25 2009 (4A5BC0FD)
Intel Processor driver
MBfilt64.sys Fri Jul 31 05: 40: 32 2009 (4A7267B0)
Realtek HiDefinition Audio driver (Creative Audio Driver)
Do aktualizacji
athurx.sys Tue Jan 5 04: 23: 16 2010 (4B42B0A4)
Atheros AR9271 Wireless Network Adapter
Do aktualizacji
iaStorV.sys Fri Jun 11 02: 46: 19 2010 (4C11875B)
Rapid Storage Technology (RST) driver
Do aktualizacji
WPRO_41_2001.sys Mon Nov 7 22: 04: 48 2011 (4EB847F0)
CACE Technologies WinPcap Packet Driver
Do aktualizacji
dtsoftbus01.sys Fri Jan 13 14: 45: 46 2012 (4F10358A)
Daemon Tools
Do wywalenia i zastąpienia np PowerISO, często powoduje bsody
Wskazana aktualizacja kontrolera usb 3.0
iusb3hub.sys Mon May 21 09: 21: 36 2012 (4FB9ED00)
Intel(R) USB 3.0 Hub Driver
iusb3xhc.sys Mon May 21 09: 21: 40 2012 (4FB9ED04)
Intel(R) USB 3.0 eXtensible Host Controller Driver
iusb3hcs.sys Mon May 21 09: 23: 42 2012 (4FB9ED7E)
Intel(R) USB 3.0 Host Controller Switch Driver
Tu bym się zatrzymał i na jakiś czas wywalił Nortona (wszystkie pakiety Internet Security oraz Anti-Virus 2012 - może to zmieszanie z 2 naraz powoduje też bsody) do wyjaśnienia sytuacji, zamienić na razie np na Nod32 trial.
SYMEVENT64x86.SYS Thu May 24 02: 52: 24 2012 (4FBD8648)
Norton Internet Security
SYMNETS.SYS Sat Jul 21 04: 07: 07 2012 (500A0ECB)
Symantec/ Norton NIS/ N360 driver
Ironx64.SYS Tue Jul 24 02: 34: 50 2012 (500DEDAA)
Symantec/ Norton NIS/ N360 driver
EraserUtilRebootDrv.sys Wed Aug 1 01: 36: 50 2012 (50186C12)
Symantec /Norton
eeCtrl64.sys Wed Aug 1 01: 36: 51 2012 (50186C13)
Symantec Eraser Control driver
ccSetx64.sys Thu Aug 16 23: 18: 11 2012 (502D6393)
Symantec/ Norton Common Client Settings Driver
IDSvia64.sys Wed Aug 29 04: 48: 40 2012 (503D8308)
Norton Internet Security
EX64.SYS Thu Dec 20 10: 22: 39 2012 (50D2D8DF)
Norton Anti-Virus
ENG64.SYS Thu Dec 20 10: 24: 21 2012 (50D2D945)
Norton Anti-Virus
SYMDS64.SYS Thu Jan 17 02: 56: 45 2013 (50F75A5D)
Symantec/ Norton NIS/ N360 driver
SYMEFA64.SYS Sat Jan 19 01: 31: 37 2013 (50F9E969)
Symantec Extended File Attributes
SRTSP64.SYS Fri Jan 25 22: 26: 16 2013 (5102F878)
Symantec Real Time Storage Protection
SRTSPX64.SYS Fri Jan 25 22: 30: 05 2013 (5102F95D)
Symantec Real Time Storage Protection (PEL) x64
BHDrvx64.sys Wed Apr 10 07: 39: 03 2013 (5164FAF7)
Symantec Heuristics Driver
NTIOLib_X64.sys Fri Oct 26 04: 11: 43 2012 (5089F15F)
MSI Afterburner driver (powoduje bsody z Windows 7) może być częścią of MSI Live Update 5
Jeśli się da to odinstalować.
Grafika intelowska, zainstalować sterowniki na razie tylko ze strony msi
IntcDAud.sys Fri Jan 11 14: 55: 16 2013 (50F019C4)
Intel Graphics Media Accelerator HD Driver
igdkmd64.sys Wed Mar 20 05: 25: 41 2013 (51493A45)
Intel Graphics driver
RTKVHD64.sys Tue Jan 15 17: 51: 52 2013 (50F58928)
Realtek High Definition Audio Function Driver
Wskazana aktualizacja
0x0000001A MEMORY_MANAGEMENT
Najczęściej powoduje go sterownik, uszkodzenie fizyczne pamięci, błędy jądra systemowego. Tutaj jest inicjowany przez różne aplikacje (nie są źródłem problemów).
Nie znalazłem nigdzie w manualach MSDN czym jest argument pod postacią 41201.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c: \symbols*http: //msdl.microsoft.com/download/symbols;symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`04055000 PsLoadedModuleList = 0xfffff800`04298670
Debug session time: Sat Apr 27 15: 01: 25.383 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 01: 55.179
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41201, fffff683ff7eed48, 811000018781d025, fffffa800920a5c0}
Probably caused by : ntkrnlmp.exe ( nt! ? : FNODOBFM: `string'+13702 )
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041201, The subtype of the bugcheck.
Arg2: fffff683ff7eed48
Arg3: 811000018781d025
Arg4: fffffa800920a5c0
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41201
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: lsass.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800041269ee to fffff800040cac00
STACK_TEXT:
fffff880`08dd3878 fffff800`041269ee : 00000000`0000001a 00000000`00041201 fffff683`ff7eed48 81100001`8781d025 : nt!KeBugCheckEx
fffff880`08dd3880 fffff800`04095b61 : 00000000`00000000 fffffa80`0694a060 00000000`00000000 81100001`8781d025 : nt! ? : FNODOBFM: `string'+0x13702
fffff880`08dd38c0 fffff800`040957fa : fffffa80`0920a5c0 fffffa80`0920bb30 fffffa80`0920bb30 000007fe`fdda9000 : nt!MiQueryAddressState+0x2b1
fffff880`08dd3910 fffff800`043a58d4 : fffff880`00000002 000007fe`fddaa000 fffffa80`0920a5c0 00000000`00000000 : nt!MiQueryAddressSpan+0xaa
fffff880`08dd3980 fffff800`040c9e93 : 00000000`0000016c fffffa80`0694a060 fffff880`08dd3a88 00000000`0026aa28 : nt!NtQueryVirtualMemory+0x382
fffff880`08dd3a70 00000000`77c1154a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0026aa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c1154a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ? : FNODOBFM: `string'+13702
fffff800`041269ee cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ? : FNODOBFM: `string'+13702
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6
FAILURE_BUCKET_ID: X64_0x1a_41201_nt!_??_: FNODOBFM: _string_+13702
BUCKET_ID: X64_0x1a_41201_nt!_??_: FNODOBFM: _string_+13702
Followup: MachineOwner
---------
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
start end module name
fffff880`00f8d000 fffff880`00fe4000 ACPI ACPI.sys Sat Nov 20 10: 19: 16 2010 (4CE79294)
fffff880`06e00000 fffff880`06e89000 afd afd.sys Wed Dec 28 04: 59: 20 2011 (4EFA9418)
fffff880`07f7a000 fffff880`07f90000 AgileVpn AgileVpn.sys Tue Jul 14 02: 10: 24 2009 (4A5BCCF0)
fffff880`011bf000 fffff880`011ca000 amdxata amdxata.sys Fri Mar 19 17: 18: 18 2010 (4BA3A3CA)
fffff880`01171000 fffff880`0117a000 atapi atapi.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`0117a000 fffff880`011a4000 ataport ataport.SYS Sat Nov 20 10: 19: 15 2010 (4CE79293)
fffff880`04823000 fffff880`049eb000 athurx athurx.sys Tue Jan 05 04: 23: 16 2010 (4B42B0A4)
fffff880`00e68000 fffff880`00e74000 BATTC BATTC.SYS Tue Jul 14 01: 31: 01 2009 (4A5BC3B5)
fffff880`07109000 fffff880`07110000 Beep Beep.SYS Tue Jul 14 02: 00: 13 2009 (4A5BCA8D)
fffff880`078a5000 fffff880`079fc000 BHDrvx64 BHDrvx64.sys Wed Apr 10 07: 39: 03 2013 (5164FAF7)
fffff880`075af000 fffff880`075c0000 blbdrive blbdrive.sys Tue Jul 14 01: 35: 59 2009 (4A5BC4DF)
fffff880`04800000 fffff880`0481e000 bowser bowser.sys Wed Feb 23 05: 55: 04 2011 (4D649328)
fffff880`04137000 fffff880`04165000 ccSetx64 ccSetx64.sys Thu Aug 16 23: 18: 11 2012 (502D6393)
fffff960`00690000 fffff960`006b7000 cdd cdd.dll unavailable (00000000)
fffff880`076ac000 fffff880`076d6000 cdrom cdrom.sys Sat Nov 20 10: 19: 20 2010 (4CE79298)
fffff880`00cd7000 fffff880`00d97000 CI CI.dll Sat Nov 20 14: 12: 36 2010 (4CE7C944)
fffff880`01400000 fffff880`01430000 CLASSPNP CLASSPNP.SYS Sat Nov 20 10: 19: 23 2010 (4CE7929B)
fffff880`00c79000 fffff880`00cd7000 CLFS CLFS.SYS Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`01772000 fffff880`017e4000 cng cng.sys Fri Aug 24 17: 47: 16 2012 (5037A204)
fffff880`00e5f000 fffff880`00e68000 compbatt compbatt.sys Tue Jul 14 01: 31: 02 2009 (4A5BC3B6)
fffff880`07f6a000 fffff880`07f7a000 CompositeBus CompositeBus.sys Sat Nov 20 11: 33: 17 2010 (4CE7A3ED)
fffff880`08673000 fffff880`08681000 crashdmp crashdmp.sys Tue Jul 14 02: 01: 01 2009 (4A5BCABD)
fffff880`0750e000 fffff880`07591000 csc csc.sys Sat Nov 20 10: 27: 12 2010 (4CE79470)
fffff880`07591000 fffff880`075af000 dfsc dfsc.sys Sat Nov 20 10: 26: 31 2010 (4CE79447)
fffff880`074ff000 fffff880`0750e000 discache discache.sys Tue Jul 14 01: 37: 18 2009 (4A5BC52E)
fffff880`0188f000 fffff880`018a5000 disk disk.sys Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`0863d000 fffff880`0865f000 drmk drmk.sys Tue Jul 14 03: 01: 25 2009 (4A5BD8E5)
fffff880`040c4000 fffff880`0410d000 dtsoftbus01 dtsoftbus01.sys Fri Jan 13 14: 45: 46 2012 (4F10358A)
fffff880`08681000 fffff880`0868d000 dump_dumpata dump_dumpata.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`089c4000 fffff880`089d7000 dump_dumpfve dump_dumpfve.sys Tue Jul 14 01: 21: 51 2009 (4A5BC18F)
fffff880`0868d000 fffff880`08698000 dump_msahci dump_msahci.sys Sat Nov 20 11: 33: 58 2010 (4CE7A416)
fffff880`089d7000 fffff880`089e3000 Dxapi Dxapi.sys Tue Jul 14 01: 38: 28 2009 (4A5BC574)
fffff880`02ea7000 fffff880`02f9b000 dxgkrnl dxgkrnl.sys Sat Nov 20 10: 50: 50 2010 (4CE799FA)
fffff880`02f9b000 fffff880`02fe1000 dxgmms1 dxgmms1.sys Sat Nov 20 10: 49: 53 2010 (4CE799C1)
fffff880`0745f000 fffff880`074d9000 eeCtrl64 eeCtrl64.sys Wed Aug 01 01: 36: 51 2012 (50186C13)
fffff880`070de000 fffff880`07100000 ENG64 ENG64.SYS Thu Dec 20 10: 24: 21 2012 (50D2D945)
fffff880`074d9000 fffff880`074ff000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Aug 01 01: 36: 50 2012 (50186C12)
fffff880`06edb000 fffff880`070de000 EX64 EX64.SYS Thu Dec 20 10: 22: 39 2012 (50D2D8DF)
fffff880`012bc000 fffff880`012d0000 fileinfo fileinfo.sys Tue Jul 14 01: 34: 25 2009 (4A5BC481)
fffff880`01000000 fffff880`0104c000 fltmgr fltmgr.sys Sat Nov 20 10: 19: 24 2010 (4CE7929C)
fffff880`017f5000 fffff880`017ff000 Fs_Rec Fs_Rec.sys Thu Mar 01 04: 41: 06 2012 (4F4EEFD2)
fffff880`01855000 fffff880`0188f000 fvevol fvevol.sys Thu Jan 24 04: 11: 24 2013 (5100A65C)
fffff880`01949000 fffff880`01992000 fwpkclnt fwpkclnt.sys Thu Jan 03 04: 06: 48 2013 (50E4F5C8)
fffff800`0400c000 fffff800`04055000 hal hal.dll Sat Nov 20 14: 00: 25 2010 (4CE7C669)
fffff880`02e56000 fffff880`02e7a000 HDAudBus HDAudBus.sys Sat Nov 20 11: 43: 42 2010 (4CE7A65E)
fffff880`02fe3000 fffff880`02ff6000 HECIx64 HECIx64.sys Fri Jul 13 04: 18: 26 2012 (4FFF8572)
fffff880`099a4000 fffff880`099bd000 HIDCLASS HIDCLASS.SYS Sat Nov 20 11: 43: 49 2010 (4CE7A665)
fffff880`09915000 fffff880`0991d080 HIDPARSE HIDPARSE.SYS Tue Jul 14 02: 06: 17 2009 (4A5BCBF9)
fffff880`09996000 fffff880`099a4000 hidusb hidusb.sys Sat Nov 20 11: 43: 49 2010 (4CE7A665)
fffff880`03ac7000 fffff880`03b90000 HTTP HTTP.sys Sat Nov 20 10: 24: 30 2010 (4CE793CE)
fffff880`0184c000 fffff880`01855000 hwpolicy hwpolicy.sys Sat Nov 20 10: 18: 54 2010 (4CE7927E)
fffff880`07ac5000 fffff880`07ae3000 i8042prt i8042prt.sys Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`01053000 fffff880`01171000 iaStorV iaStorV.sys Fri Jun 11 02: 46: 19 2010 (4C11875B)
fffff880`04000000 fffff880`04082000 IDSvia64 IDSvia64.sys Wed Aug 29 04: 48: 40 2012 (503D8308)
fffff880`07aef000 fffff880`07f42200 igdkmd64 igdkmd64.sys Wed Mar 20 05: 25: 41 2013 (51493A45)
fffff880`02e8d000 fffff880`02e97000 ikbevent ikbevent.sys Tue Jan 08 20: 34: 06 2013 (50EC74AE)
fffff880`099d8000 fffff880`099e2000 imsevent imsevent.sys Tue Jan 08 20: 33: 33 2013 (50EC748D)
fffff880`07733000 fffff880`077a6000 IntcDAud IntcDAud.sys Fri Jan 11 14: 55: 16 2013 (50F019C4)
fffff880`07f43000 fffff880`07f59000 intelppm intelppm.sys Tue Jul 14 01: 19: 25 2009 (4A5BC0FD)
fffff880`06d70000 fffff880`06da9000 Ironx64 Ironx64.SYS Tue Jul 24 02: 34: 50 2012 (500DEDAA)
fffff880`07f59000 fffff880`07f6a000 ISCTD64 ISCTD64.sys Tue Nov 27 20: 52: 34 2012 (50B51A02)
fffff880`00e40000 fffff880`00e4a000 iusb3hcs iusb3hcs.sys Mon May 21 09: 23: 42 2012 (4FB9ED7E)
fffff880`076d6000 fffff880`07733000 iusb3hub iusb3hub.sys Mon May 21 09: 21: 36 2012 (4FB9ED00)
fffff880`07a00000 fffff880`07ac5000 iusb3xhc iusb3xhc.sys Mon May 21 09: 21: 40 2012 (4FB9ED04)
fffff880`02e97000 fffff880`02ea6000 kbdclass kbdclass.sys Tue Jul 14 01: 19: 50 2009 (4A5BC116)
fffff880`099bd000 fffff880`099cb000 kbdhid kbdhid.sys Sat Nov 20 11: 33: 25 2010 (4CE7A3F5)
fffff800`00baa000 fffff800`00bb4000 kdcom kdcom.dll Sat Feb 05 17: 52: 49 2011 (4D4D8061)
fffff880`07400000 fffff880`07443000 ks ks.sys Sat Nov 20 11: 33: 23 2010 (4CE7A3F3)
fffff880`01757000 fffff880`01772000 ksecdd ksecdd.sys Sat Jun 02 04: 50: 23 2012 (4FC97F6F)
fffff880`0191e000 fffff880`01949000 ksecpkg ksecpkg.sys Fri Aug 24 17: 48: 29 2012 (5037A24D)
fffff880`0866d000 fffff880`08672200 ksthunk ksthunk.sys Tue Jul 14 02: 00: 19 2009 (4A5BCA93)
fffff880`077c9000 fffff880`077de000 lltdio lltdio.sys Tue Jul 14 02: 08: 50 2009 (4A5BCC92)
fffff880`077a6000 fffff880`077c9000 luafv luafv.sys Tue Jul 14 01: 26: 13 2009 (4A5BC295)
fffff880`0865f000 fffff880`0866d000 MBfilt64 MBfilt64.sys Fri Jul 31 05: 40: 32 2009 (4A7267B0)
fffff880`00c16000 fffff880`00c65000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 14: 03: 51 2010 (4CE7C737)
fffff880`099f0000 fffff880`099fe000 monitor monitor.sys Tue Jul 14 01: 38: 52 2009 (4A5BC58C)
fffff880`0787c000 fffff880`0788b000 mouclass mouclass.sys Tue Jul 14 01: 19: 50 2009 (4A5BC116)
fffff880`099cb000 fffff880`099d8000 mouhid mouhid.sys Tue Jul 14 02: 00: 20 2009 (4A5BCA94)
fffff880`00e89000 fffff880`00ea3000 mountmgr mountmgr.sys Sat Nov 20 10: 19: 21 2010 (4CE79299)
fffff880`03b90000 fffff880`03ba8000 mpsdrv mpsdrv.sys Tue Jul 14 02: 08: 25 2009 (4A5BCC79)
fffff880`03ba8000 fffff880`03bd5000 mrxsmb mrxsmb.sys Wed Apr 27 04: 40: 38 2011 (4DB78226)
fffff880`056d9000 fffff880`05727000 mrxsmb10 mrxsmb10.sys Sat Jul 09 04: 46: 28 2011 (4E17C104)
fffff880`05727000 fffff880`0574b000 mrxsmb20 mrxsmb20.sys Wed Apr 27 04: 39: 37 2011 (4DB781E9)
fffff880`011a4000 fffff880`011af000 msahci msahci.sys Sat Nov 20 11: 33: 58 2010 (4CE7A416)
fffff880`0716e000 fffff880`07179000 Msfs Msfs.SYS Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`00fed000 fffff880`00ff7000 msisadrv msisadrv.sys Tue Jul 14 01: 19: 26 2009 (4A5BC0FE)
fffff880`016f9000 fffff880`01757000 msrpc msrpc.sys Sat Nov 20 10: 21: 56 2010 (4CE79334)
fffff880`071f5000 fffff880`07200000 mssmbios mssmbios.sys Tue Jul 14 01: 31: 10 2009 (4A5BC3BE)
fffff880`0183a000 fffff880`0184c000 mup mup.sys Tue Jul 14 01: 23: 45 2009 (4A5BC201)
fffff880`01600000 fffff880`016f2000 ndis ndis.sys Wed Aug 22 17: 11: 46 2012 (5034F6B2)
fffff880`07fb4000 fffff880`07fc0000 ndistapi ndistapi.sys Tue Jul 14 02: 10: 00 2009 (4A5BCCD8)
fffff880`03a9c000 fffff880`03aaf000 ndisuio ndisuio.sys Sat Nov 20 11: 50: 08 2010 (4CE7A7E0)
fffff880`07fc0000 fffff880`07fef000 ndiswan ndiswan.sys Sat Nov 20 11: 52: 32 2010 (4CE7A870)
fffff880`07697000 fffff880`076ac000 NDProxy NDProxy.SYS Sat Nov 20 11: 52: 20 2010 (4CE7A864)
fffff880`06de1000 fffff880`06df0000 netbios netbios.sys Tue Jul 14 02: 09: 26 2009 (4A5BCCB6)
fffff880`06e89000 fffff880`06ece000 netbt netbt.sys Sat Nov 20 10: 23: 18 2010 (4CE79386)
fffff880`018be000 fffff880`0191e000 NETIO NETIO.SYS Wed Aug 22 17: 11: 28 2012 (5034F6A0)
fffff880`07179000 fffff880`0718a000 Npfs Npfs.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`06c80000 fffff880`06c8c000 nsiproxy nsiproxy.sys Tue Jul 14 01: 21: 02 2009 (4A5BC15E)
fffff800`04055000 fffff800`0463b000 nt ntkrnlmp.exe Tue Mar 19 04: 21: 42 2013 (5147D9C6)
fffff880`01435000 fffff880`015d7000 Ntfs Ntfs.sys Fri Apr 12 13: 54: 36 2013 (5167F5FC)
fffff880`09943000 fffff880`0994a000 NTIOLib_X64 NTIOLib_X64.sys Fri Oct 26 04: 11: 43 2012 (5089F15F)
fffff880`0994a000 fffff880`09951000 NTIOLib_X64_fffff8800994a000 NTIOLib_X64.sys Fri Oct 26 03: 46: 44 2012 (5089EB84)
fffff880`09951000 fffff880`09958000 NTIOLib_X64_fffff88009951000 NTIOLib_X64.sys Tue Sep 20 05: 09: 19 2011 (4E7803DF)
fffff880`09958000 fffff880`0995f000 NTIOLib_X64_fffff88009958000 NTIOLib_X64.sys Mon Oct 05 03: 28: 48 2009 (4AC94BD0)
fffff880`0995f000 fffff880`09966000 NTIOLib_X64_fffff8800995f000 NTIOLib_X64.sys Thu Oct 25 13: 46: 40 2012 (508926A0)
fffff880`07100000 fffff880`07109000 Null Null.SYS Tue Jul 14 01: 19: 37 2009 (4A5BC109)
fffff880`03a49000 fffff880`03a9c000 nwifi nwifi.sys Tue Jul 14 02: 07: 23 2009 (4A5BCC3B)
fffff880`071b9000 fffff880`071df000 pacer pacer.sys Sat Nov 20 11: 52: 18 2010 (4CE7A862)
fffff880`00e4a000 fffff880`00e5f000 partmgr partmgr.sys Sat Mar 17 06: 06: 09 2012 (4F641BC1)
fffff880`00e00000 fffff880`00e33000 pci pci.sys Sat Nov 20 10: 19: 11 2010 (4CE7928F)
fffff880`011af000 fffff880`011bf000 PCIIDEX PCIIDEX.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`017e4000 fffff880`017f5000 pcw pcw.sys Tue Jul 14 01: 19: 27 2009 (4A5BC0FF)
fffff880`0574b000 fffff880`057f1000 peauth peauth.sys Tue Jul 14 03: 01: 19 2009 (4A5BD8DF)
fffff880`08600000 fffff880`0863d000 portcls portcls.sys Tue Jul 14 02: 06: 27 2009 (4A5BCC03)
fffff880`00c65000 fffff880`00c79000 PSHED PSHED.dll Tue Jul 14 03: 32: 23 2009 (4A5BE027)
fffff880`07f90000 fffff880`07fb4000 rasl2tp rasl2tp.sys Sat Nov 20 11: 52: 34 2010 (4CE7A872)
fffff880`07826000 fffff880`07841000 raspppoe raspppoe.sys Tue Jul 14 02: 10: 17 2009 (4A5BCCE9)
fffff880`07841000 fffff880`07862000 raspptp raspptp.sys Sat Nov 20 11: 52: 31 2010 (4CE7A86F)
fffff880`07862000 fffff880`0787c000 rassstp rassstp.sys Tue Jul 14 02: 10: 25 2009 (4A5BCCF1)
fffff880`06c2f000 fffff880`06c80000 rdbss rdbss.sys Sat Nov 20 10: 27: 51 2010 (4CE79497)
fffff880`07fef000 fffff880`07ffa000 rdpbus rdpbus.sys Tue Jul 14 02: 17: 46 2009 (4A5BCEAA)
fffff880`07153000 fffff880`0715c000 RDPCDD RDPCDD.sys Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`0715c000 fffff880`07165000 rdpencdd rdpencdd.sys Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`07165000 fffff880`0716e000 rdprefmp rdprefmp.sys Tue Jul 14 02: 16: 35 2009 (4A5BCE63)
fffff880`01800000 fffff880`0183a000 rdyboost rdyboost.sys Sat Nov 20 10: 43: 10 2010 (4CE7982E)
fffff880`03aaf000 fffff880`03ac7000 rspndr rspndr.sys Tue Jul 14 02: 08: 50 2009 (4A5BCC92)
fffff880`086a1000 fffff880`089c3b80 RTKVHD64 RTKVHD64.sys Tue Jan 15 17: 51: 52 2013 (50F58928)
fffff880`057f1000 fffff880`057fc000 secdrv secdrv.SYS Wed Sep 13 15: 18: 38 2006 (4508052E)
fffff880`019ee000 fffff880`019f6000 spldr spldr.sys Mon May 11 18: 56: 27 2009 (4A0858BB)
fffff880`06c94000 fffff880`06d5a000 SRTSP64 SRTSP64.SYS Fri Jan 25 22: 26: 16 2013 (5102F878)
fffff880`06d5a000 fffff880`06d70000 SRTSPX64 SRTSPX64.SYS Fri Jan 25 22: 30: 05 2013 (5102F95D)
fffff880`09839000 fffff880`098d1000 srv srv.sys Fri Apr 29 05: 06: 06 2011 (4DBA2B1E)
fffff880`0564a000 fffff880`056b3000 srv2 srv2.sys Fri Apr 29 05: 05: 46 2011 (4DBA2B0A)
fffff880`05600000 fffff880`05631000 srvnet srvnet.sys Fri Apr 29 05: 05: 35 2011 (4DBA2AFF)
fffff880`02e7a000 fffff880`02e7b480 swenum swenum.sys Tue Jul 14 02: 00: 18 2009 (4A5BCA92)
fffff880`0123e000 fffff880`012bc000 SYMDS64 SYMDS64.SYS Thu Jan 17 02: 56: 45 2013 (50F75A5D)
fffff880`012d0000 fffff880`013eb000 SYMEFA64 SYMEFA64.SYS Sat Jan 19 01: 31: 37 2013 (50F9E969)
fffff880`06da9000 fffff880`06de1000 SYMEVENT64x86 SYMEVENT64x86.SYS Thu May 24 02: 52: 24 2012 (4FBD8648)
fffff880`04165000 fffff880`041d7000 SYMNETS SYMNETS.SYS Sat Jul 21 04: 07: 07 2012 (500A0ECB)
fffff880`01a00000 fffff880`01c00000 tcpip tcpip.sys Thu Jan 03 04: 11: 48 2013 (50E4F6F4)
fffff880`05631000 fffff880`05643000 tcpipreg tcpipreg.sys Wed Oct 03 18: 07: 26 2012 (506C62BE)
fffff880`071ac000 fffff880`071b9000 TDI TDI.SYS Sat Nov 20 10: 22: 06 2010 (4CE7933E)
fffff880`0718a000 fffff880`071ac000 tdx tdx.sys Sat Nov 20 10: 21: 54 2010 (4CE79332)
fffff880`06c1b000 fffff880`06c2f000 termdd termdd.sys Sat Nov 20 12: 03: 40 2010 (4CE7AB0C)
fffff960`00410000 fffff960`0041a000 TSDDD TSDDD.dll Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`07800000 fffff880`07826000 tunnel tunnel.sys Sat Nov 20 11: 51: 50 2010 (4CE7A846)
fffff880`0788b000 fffff880`0789d000 umbus umbus.sys Sat Nov 20 11: 44: 37 2010 (4CE7A695)
fffff880`09979000 fffff880`09996000 usbccgp usbccgp.sys Fri Mar 25 04: 29: 14 2011 (4D8C0C0A)
fffff880`02fe1000 fffff880`02fe2f00 USBD USBD.SYS Fri Mar 25 04: 28: 59 2011 (4D8C0BFB)
fffff880`02e7c000 fffff880`02e8d000 usbehci usbehci.sys Fri Mar 25 04: 29: 04 2011 (4D8C0C00)
fffff880`0763d000 fffff880`07697000 usbhub usbhub.sys Fri Mar 25 04: 29: 25 2011 (4D8C0C15)
fffff880`02e00000 fffff880`02e56000 USBPORT USBPORT.SYS Fri Mar 25 04: 29: 12 2011 (4D8C0C08)
fffff880`00e33000 fffff880`00e40000 vdrvroot vdrvroot.sys Tue Jul 14 02: 01: 31 2009 (4A5BCADB)
fffff880`07110000 fffff880`0711e000 vga vga.sys Tue Jul 14 01: 38: 47 2009 (4A5BC587)
fffff880`0711e000 fffff880`07143000 VIDEOPRT VIDEOPRT.SYS Tue Jul 14 01: 38: 51 2009 (4A5BC58B)
fffff880`01992000 fffff880`019a2000 vmstorfl vmstorfl.sys Sat Nov 20 10: 57: 30 2010 (4CE79B8A)
fffff880`00e74000 fffff880`00e89000 volmgr volmgr.sys Sat Nov 20 10: 19: 28 2010 (4CE792A0)
fffff880`00d97000 fffff880`00df3000 volmgrx volmgrx.sys Sat Nov 20 10: 20: 43 2010 (4CE792EB)
fffff880`019a2000 fffff880`019ee000 volsnap volsnap.sys Sat Nov 20 10: 20: 08 2010 (4CE792C8)
fffff880`049eb000 fffff880`049f8000 vwifibus vwifibus.sys Tue Jul 14 02: 07: 21 2009 (4A5BCC39)
fffff880`071df000 fffff880`071f5000 vwififlt vwififlt.sys Tue Jul 14 02: 07: 22 2009 (4A5BCC3A)
fffff880`06c00000 fffff880`06c1b000 wanarp wanarp.sys Sat Nov 20 11: 52: 36 2010 (4CE7A874)
fffff880`07143000 fffff880`07153000 watchdog watchdog.sys Tue Jul 14 01: 37: 35 2009 (4A5BC53F)
fffff880`00ebb000 fffff880`00f7d000 Wdf01000 Wdf01000.sys Thu Jul 26 04: 25: 13 2012 (5010AA89)
fffff880`00f7d000 fffff880`00f8d000 WDFLDR WDFLDR.SYS Thu Jul 26 04: 29: 04 2012 (5010AB70)
fffff880`06ece000 fffff880`06ed7000 wfplwf wfplwf.sys Tue Jul 14 02: 09: 26 2009 (4A5BCCB6)
fffff960`000a0000 fffff960`003b6000 win32k win32k.sys Fri Mar 01 04: 35: 34 2013 (51302206)
fffff880`05643000 fffff880`0564a000 WinRing0x64 WinRing0x64.sys Sat Jul 26 15: 29: 37 2008 (488B26C1)
fffff880`02ff6000 fffff880`02fff000 wmiacpi wmiacpi.sys Tue Jul 14 01: 31: 02 2009 (4A5BC3B6)
fffff880`00fe4000 fffff880`00fed000 WMILIB WMILIB.SYS Tue Jul 14 01: 19: 51 2009 (4A5BC117)
fffff880`0996d000 fffff880`09979000 WPRO_41_2001 WPRO_41_2001.sys Mon Nov 07 22: 04: 48 2011 (4EB847F0)
fffff880`089e3000 fffff880`089fc000 WudfPf WudfPf.sys Thu Jul 26 04: 26: 45 2012 (5010AAE5)
Unloaded modules:
fffff880`099e2000 fffff880`099f0000 monitor.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`098d1000 fffff880`098ee000 usbccgp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0001D000
fffff880`098fc000 fffff880`09915000 HIDCLASS.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00019000
fffff880`098ee000 fffff880`098fc000 hidusb.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`0991e000 fffff880`0992c000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`09966000 fffff880`0996d000 NTIOLib_X64.
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00007000
fffff880`09939000 fffff880`09943000 imsevent.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000A000
fffff880`0992c000 fffff880`09939000 mouhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000D000
fffff880`018a5000 fffff880`018b3000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`015d7000 fffff880`015e3000 dump_pciidex
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff880`018b3000 fffff880`018be000 dump_msahci.
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000B000
fffff880`015e3000 fffff880`015f6000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00013000
fffff880`02e00000 fffff880`02e7c000 e1c62x64.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0007C000
fffff880`0410d000 fffff880`04137000 cdrom.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002A000
0x0000004E: PFN_LIST_CORRUPT
Ogólnie widać, że coś ryje niepostrzeżenie po liście PFN (page frame number list) i z tego tytułu rodzą się błędy kiedy poszczególne sterowniki czy moduły systemu próbują odczytać to co zarezerwowały w pamięci RAM.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\042813-4071-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0405d000 PsLoadedModuleList = 0xfffff800`042a0670
Debug session time: Sun Apr 28 16: 08: 03.138 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 26: 23.037
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {99, 46d64, 0, 46ee4}
Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000046d64, page frame number
Arg3: 0000000000000000, current page state
Arg4: 0000000000046ee4, 0
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80004161a0c to fffff800040d2c00
STACK_TEXT:
fffff880`0b3f8e18 fffff800`04161a0c : 00000000`0000004e 00000000`00000099 00000000`00046d64 00000000`00000000 : nt!KeBugCheckEx
fffff880`0b3f8e20 fffff800`0407eee2 : 00000000`00000000 fffff680`00387108 00000000`00000002 00000000`00000001 : nt!MiBadShareCount+0x4c
fffff880`0b3f8e60 fffff800`040a27a3 : fffffa80`06a554f0 fffff700`00000397 0000007f`fffffff8 fffff8a0`006ba2b0 : nt! ? : FNODOBFM: `string'+0x3242a
fffff880`0b3f8ef0 fffff800`040a3872 : fffffa80`06a554f0 fffffa80`00000000 fffff880`000000da fffff800`00000000 : nt!MiDeleteAddressesInWorkingSet+0x307
fffff880`0b3f97a0 fffff800`043a8cba : fffff8a0`03ca4a30 fffff880`0b3f9ae0 00000000`00000000 fffffa80`06ba8550 : nt!MmCleanProcessAddressSpace+0x96
fffff880`0b3f97f0 fffff800`0438edbd : 00000000`c0000005 00000000`00000001 00000000`7efd8000 fffffa80`09648b50 : nt!PspExitThread+0x56a
fffff880`0b3f98f0 fffff800`040c571a : fffffa80`06ba8550 fffff800`040c5651 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffff880`0b3f9920 fffff800`040c5a60 : 00000000`00000246 fffff880`0b3f99a0 fffff800`0438ed30 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`0b3f99a0 fffff800`040d1f37 : 00000000`00000001 00000000`00b3fb60 ffffffff`fffb6c20 00000000`00b3f888 : nt!KiInitiateUserApc+0x70
fffff880`0b3f9ae0 00000000`738a2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`008fedb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x738a2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`04161a0c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
Followup: MachineOwner
---------
0x00000109: CRITICAL_STRUCTURE_CORRUPTION
Trzy elementy które mogą go powodować:
- sterownik urządzenia zmieniający kod jądra
- nieprawidłowe breakpointy wstawiane przez programistę w kodzie oprogramowania
- fizycznie niepoprawna praca pamięci RAM
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\042813-4336-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`04000000 PsLoadedModuleList = 0xfffff800`04243670
Debug session time: Sun Apr 28 15: 40: 46.829 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 02: 00.625
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a039d89840ca88, b3b7465eeabd99de, fffff8000427d000, 1}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http: //www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89840ca88, Reserved
Arg2: b3b7465eeabd99de, Reserved
Arg3: fffff8000427d000, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80004075c00
STACK_TEXT:
fffff880`033f5498 00000000`00000000 : 00000000`00000109 a3a039d8`9840ca88 b3b7465e`eabd99de fffff800`0427d000 : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: BAD_STACK
Followup: MachineOwner
---------
0x00000024: NTFS_FILE_SYSTEM
http://windows7forum.pl/o-wiele-wolniejs...#pid160868
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\448\minidump\042913-5974-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`0400e000 PsLoadedModuleList = 0xfffff800`04251670
Debug session time: Mon Apr 29 20: 51: 51.200 2013 (UTC + 2: 00)
System Uptime: 0 days 0: 03: 01.371
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880073b97d8, fffff880073b9030, fffff8800170da53}
Probably caused by : Ntfs.sys ( Ntfs!NtfsFcbTableCompare+3 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880073b97d8
Arg3: fffff880073b9030
Arg4: fffff8800170da53
Debugging Details:
------------------
EXCEPTION_RECORD: fffff880073b97d8 -- (.exr 0xfffff880073b97d8)
ExceptionAddress: fffff8800170da53 (Ntfs!NtfsFcbTableCompare+0x0000000000000003)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880073b9030 -- (.cxr 0xfffff880073b9030)
rax=000100000000167f rbx=0033006200660033 rcx=fffffa8006f1b640
rdx=fffff880073b9b10 rsi=fffff880073b9b10 rdi=fffffa8006f1b640
rip=fffff8800170da53 rsp=fffff880073b9a18 rbp=fffff880073b9ae0
r8=0033006200660053 r9=0000ffffffffffff r10=fffff880016b7180
r11=fffff880073b9b58 r12=fffff880073b9bb4 r13=0000000000000000
r14=fffffa8006f1b180 r15=fffffa8006f1b180
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
Ntfs!NtfsFcbTableCompare+0x3:
fffff880`0170da53 498b08 mov rcx,qword ptr [r8] ds: 002b: 00330062`00660053=?
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TrustedInstall
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800042bb100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsFcbTableCompare+3
fffff880`0170da53 498b08 mov rcx,qword ptr [r8]
FAULTING_IP:
Ntfs!NtfsFcbTableCompare+3
fffff880`0170da53 498b08 mov rcx,qword ptr [r8]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff800040acdcd to fffff8800170da53
STACK_TEXT:
fffff880`073b9a18 fffff800`040acdcd : fffff880`073b9b58 fffffa80`06fc2f20 00000000`00000001 fffffa80`06a1e060 : Ntfs!NtfsFcbTableCompare+0x3
fffff880`073b9a20 fffff800`040ace45 : fffff880`073b9b90 fffffa80`0a18ca30 fffffa80`09fe0611 fffff880`073b9b10 : nt!FindNodeOrParent+0x3d
fffff880`073b9a50 fffff880`0170bf95 : 00010000`0000167f fffff980`2e47ec00 00000000`00000000 fffff880`01708c45 : nt!RtlLookupElementGenericTableFullAvl+0x15
fffff880`073b9a80 fffff880`016ddd2b : fffffa80`09fe06e0 fffffa80`06f1b180 fffffa80`09fe06e0 00010000`0000167f : Ntfs!NtfsCreateFcb+0x79
fffff880`073b9b60 fffff880`01701f69 : fffff880`0728a390 fffffa80`0a18ca30 fffffa80`09fe06e0 00000000`00000000 : Ntfs!NtfsOpenFile+0x1cb
fffff880`073b9d50 fffff880`0166b40d : fffffa80`09fe06e0 fffffa80`0a18ca30 fffff880`0728a390 fffffa80`06a1e000 : Ntfs!NtfsCommonCreate+0xc49
fffff880`073b9f30 fffff800`0407b6f7 : fffff880`0728a300 0001151f`0001151f 0001141e`0001141e 0000141e`0001141e : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`073b9f60 fffff800`0407b6b8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`0728a1d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsFcbTableCompare+3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5167f5fc
STACK_COMMAND: .cxr 0xfffff880073b9030 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsFcbTableCompare+3
BUCKET_ID: X64_0x24_Ntfs!NtfsFcbTableCompare+3
Followup: MachineOwner
---------
0: kd> .cxr 0xfffff880073b9030
rax=000100000000167f rbx=0033006200660033 rcx=fffffa8006f1b640
rdx=fffff880073b9b10 rsi=fffff880073b9b10 rdi=fffffa8006f1b640
rip=fffff8800170da53 rsp=fffff880073b9a18 rbp=fffff880073b9ae0
r8=0033006200660053 r9=0000ffffffffffff r10=fffff880016b7180
r11=fffff880073b9b58 r12=fffff880073b9bb4 r13=0000000000000000
r14=fffffa8006f1b180 r15=fffffa8006f1b180
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
Ntfs!NtfsFcbTableCompare+0x3:
fffff880`0170da53 498b08 mov rcx,qword ptr [r8] ds: 002b: 00330062`00660053=?
0: kd> kb
*** Stack trace for last set context - .thread/.cxr resets it
RetAddr : Args to Child : Call Site
fffff800`040acdcd : fffff880`073b9b58 fffffa80`06fc2f20 00000000`00000001 fffffa80`06a1e060 : Ntfs!NtfsFcbTableCompare+0x3
fffff800`040ace45 : fffff880`073b9b90 fffffa80`0a18ca30 fffffa80`09fe0611 fffff880`073b9b10 : nt!FindNodeOrParent+0x3d
fffff880`0170bf95 : 00010000`0000167f fffff980`2e47ec00 00000000`00000000 fffff880`01708c45 : nt!RtlLookupElementGenericTableFullAvl+0x15
fffff880`016ddd2b : fffffa80`09fe06e0 fffffa80`06f1b180 fffffa80`09fe06e0 00010000`0000167f : Ntfs!NtfsCreateFcb+0x79
fffff880`01701f69 : fffff880`0728a390 fffffa80`0a18ca30 fffffa80`09fe06e0 00000000`00000000 : Ntfs!NtfsOpenFile+0x1cb
fffff880`0166b40d : fffffa80`09fe06e0 fffffa80`0a18ca30 fffff880`0728a390 fffffa80`06a1e000 : Ntfs!NtfsCommonCreate+0xc49
fffff800`0407b6f7 : fffff880`0728a300 0001151f`0001151f 0001141e`0001141e 0000141e`0001141e : Ntfs!NtfsCommonCreateCallout+0x1d
fffff800`0407b6b8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
Post: #2![[Obrazek: 2089620800_1406976151.png]](http://obrazki.elektroda.pl/2089620800_1406976151.png)
