SYSTEM_SERVICE_EXCEPTION (3b)
W tym wypadku po podstawowym przejrzeniu dochodzi do wycieku pamięci tzw memory leak.
Wynika to z zauważonej funkcji nt!ObReferenceObjectByHandleWithTag
Najprościej pisząc dochodzi do nieprawidłowego zwalniania referencji do stworzonego obiektu przez sterownik. Nie zgadza się ilość referencji i dereferencji. Zajęta pamięć wirtualna z danymi sobie wisi nie wiedząc jaki proces ją używał.
Procesem który zainicjował wyjątek był audiodg który jako, że obsługuje sprzęt musi mieć dostęp do jądra systemowego (ntkrnlmp.exe - wersja jądra dl systemów z procesorami wielordzeniowymi).
Żebyśmy się zrozumieli, problemem nie jest samo jądro czyli nie podmieniamy pliku bo to nic nie da. Muszę poświęcić czas na rozgryzienie dlaczego sterownik nie zwalnia poprawnie utworzonych referencji do obiektów jaki utworzył.
Dla bardziej zainteresowanych link
http://msdn.microsoft.com/en-us/library/...85%29.aspx
Zapuść dla pewności weryfikację sterowników (verifier) do sprawdzenia poprawności ich działania. W przypadku błędów będą pokazywać się bsody bardziej dokładne. Poszukaj sobie w wyszukiwarce forumowej o tym testowaniu.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\100\071814-43883-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`02e68000 PsLoadedModuleList = 0xfffff800`030ab670
Debug session time: Fri Jul 18 23: 10: 24.914 2014 (UTC + 2: 00)
System Uptime: 0 days 7: 27: 03.726
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800031d5407, fffff8800b5f3ec0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ObReferenceObjectByHandleWithTag+e7 )
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800031d5407, Address of the instruction which caused the bugcheck
Arg3: fffff8800b5f3ec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
nt!ObReferenceObjectByHandleWithTag+e7
fffff800`031d5407 488b03 mov rax,qword ptr [rbx]
CONTEXT: fffff8800b5f3ec0 -- (.cxr 0xfffff8800b5f3ec0)
rax=00fff8a0012a1000 rbx=00fff8a0012a1f60 rcx=00000000000003d8
rdx=0000000000000002 rsi=fffff8a001296c90 rdi=fffffa80094afb50
rip=fffff800031d5407 rsp=fffff8800b5f48a0 rbp=fffff8800b5f4b00
r8=fffff8a00166a000 r9=0000000000000000 r10=0000000000000000
r11=fffff8800b5f4a98 r12=0000000000000000 r13=00000000000003d8
r14=0000000000000001 r15=fffffa8008e45730
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!ObReferenceObjectByHandleWithTag+0xe7:
fffff800`031d5407 488b03 mov rax,qword ptr [rbx] ds: 002b: 00fff8a0`012a1f60=?
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: audiodg.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800031d5407
STACK_TEXT:
fffff880`0b5f48a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObReferenceObjectByHandleWithTag+0xe7
FOLLOWUP_IP:
nt!ObReferenceObjectByHandleWithTag+e7
fffff800`031d5407 488b03 mov rax,qword ptr [rbx]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObReferenceObjectByHandleWithTag+e7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6
STACK_COMMAND: .cxr 0xfffff8800b5f3ec0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ObReferenceObjectByHandleWithTag+e7
BUCKET_ID: X64_0x3B_nt!ObReferenceObjectByHandleWithTag+e7
Followup: MachineOwner
---------
rax=fffff8800b5f3700 rbx=fffff8000302d6c4 rcx=000000000000003b
rdx=00000000c0000005 rsi=fffff80002e68000 rdi=0000000000000000
rip=fffff80002eddc00 rsp=fffff8800b5f35f8 rbp=0000000000000000
r8=fffff800031d5407 r9=fffff8800b5f3ec0 r10=0000000000000000
r11=fffff8800b5f37f8 r12=fffff80002edce93 r13=fffff800030ebb10
r14=fffff80002edca80 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000286
nt!KeBugCheckEx:
fffff800`02eddc00 48894c2408 mov qword ptr [rsp+8],rcx ss: 0018: fffff880`0b5f3600=000000000000003b
Child-SP RetAddr : Args to Child : Call Site
fffff880`0b5f35f8 fffff800`02edd1a9 : 00000000`0000003b 00000000`c0000005 fffff800`031d5407 fffff880`0b5f3ec0 : nt!KeBugCheckEx
fffff880`0b5f3600 fffff800`02edcafc : fffff880`0b5f4668 fffff880`0b5f3ec0 00000000`00000000 fffff800`02f08c50 : nt!KiBugCheckDispatch+0x69
fffff880`0b5f3740 fffff800`02f0875d : fffff800`030e6e60 00000000`00000000 fffff800`02e68000 fffff880`0b5f4668 : nt!KiSystemServiceHandler+0x7c
fffff880`0b5f3780 fffff800`02f07535 : fffff800`0302d6c4 fffff880`0b5f37f8 fffff880`0b5f4668 fffff800`02e68000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0b5f37b0 fffff800`02f184d1 : fffff880`0b5f4668 fffff880`0b5f3ec0 fffff880`00000000 fffffa80`094afb50 : nt!RtlDispatchException+0x415
fffff880`0b5f3e90 fffff800`02edd282 : fffff880`0b5f4668 00fff8a0`012a1f60 fffff880`0b5f4710 fffff8a0`01296c90 : nt!KiDispatchException+0x135
fffff880`0b5f4530 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
start end module name
fffff800`00bac000 fffff800`00bb6000 kdcom kdcom.dll Sat Feb 05 17: 52: 49 2011 (4D4D8061)
fffff800`02e1f000 fffff800`02e68000 hal hal.dll Sat Nov 20 14: 00: 25 2010 (4CE7C669)
fffff800`02e68000 fffff800`0344e000 nt ntkrnlmp.exe Tue Mar 19 04: 21: 42 2013 (5147D9C6)
fffff880`00c00000 fffff880`00c72000 cng cng.sys Sat Jun 02 05: 25: 51 2012 (4FC987BF)
fffff880`00c92000 fffff880`00ce1000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 14: 03: 51 2010 (4CE7C737)
fffff880`00ce1000 fffff880`00cf5000 PSHED PSHED.dll Tue Jul 14 03: 32: 23 2009 (4A5BE027)
fffff880`00cf5000 fffff880`00d53000 CLFS CLFS.SYS Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`00d53000 fffff880`00db1000 msrpc msrpc.sys Sat Nov 20 10: 21: 56 2010 (4CE79334)
fffff880`00db1000 fffff880`00dfd000 volsnap volsnap.sys Sat Nov 20 10: 20: 08 2010 (4CE792C8)
fffff880`00e00000 fffff880`00e2a000 ataport ataport.SYS Sat Nov 20 10: 19: 15 2010 (4CE79293)
fffff880`00e2a000 fffff880`00e76000 fltmgr fltmgr.sys Sat Nov 20 10: 19: 24 2010 (4CE7929C)
fffff880`00e89000 fffff880`00f49000 CI CI.dll Sat Nov 20 14: 12: 36 2010 (4CE7C944)
fffff880`00f49000 fffff880`00fa5000 volmgrx volmgrx.sys Sat Nov 20 10: 20: 43 2010 (4CE792EB)
fffff880`00fa5000 fffff880`00fe1000 vmbus vmbus.sys Sat Nov 20 10: 57: 29 2010 (4CE79B89)
fffff880`00fe1000 fffff880`00ff5000 fileinfo fileinfo.sys Tue Jul 14 01: 34: 25 2009 (4A5BC481)
fffff880`01000000 fffff880`01009000 WMILIB WMILIB.SYS Tue Jul 14 01: 19: 51 2009 (4A5BC117)
fffff880`01009000 fffff880`01013000 msisadrv msisadrv.sys Tue Jul 14 01: 19: 26 2009 (4A5BC0FE)
fffff880`01013000 fffff880`01046000 pci pci.sys Sat Nov 20 10: 19: 11 2010 (4CE7928F)
fffff880`01046000 fffff880`01053000 vdrvroot vdrvroot.sys Tue Jul 14 02: 01: 31 2009 (4A5BCADB)
fffff880`01053000 fffff880`01068000 partmgr partmgr.sys Sat Mar 17 06: 06: 09 2012 (4F641BC1)
fffff880`01068000 fffff880`0107d000 volmgr volmgr.sys Sat Nov 20 10: 19: 28 2010 (4CE792A0)
fffff880`0107d000 fffff880`01084000 pciide pciide.sys Tue Jul 14 01: 19: 49 2009 (4A5BC115)
fffff880`01084000 fffff880`01094000 PCIIDEX PCIIDEX.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`01094000 fffff880`010ae000 mountmgr mountmgr.sys Sat Nov 20 10: 19: 21 2010 (4CE79299)
fffff880`010ae000 fffff880`010c2000 winhv winhv.sys Sat Nov 20 10: 20: 02 2010 (4CE792C2)
fffff880`010c2000 fffff880`010cb000 atapi atapi.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`010cb000 fffff880`010d6000 amdxata amdxata.sys Fri Mar 19 17: 18: 18 2010 (4BA3A3CA)
fffff880`010d6000 fffff880`01198000 Wdf01000 Wdf01000.sys Thu Jul 26 04: 25: 13 2012 (5010AA89)
fffff880`01198000 fffff880`011a8000 WDFLDR WDFLDR.SYS Thu Jul 26 04: 29: 04 2012 (5010AB70)
fffff880`011a8000 fffff880`011ff000 ACPI ACPI.sys Sat Nov 20 10: 19: 16 2010 (4CE79294)
fffff880`01216000 fffff880`013bf000 Ntfs Ntfs.sys Fri Jan 24 02: 14: 50 2014 (52E1BE8A)
fffff880`013bf000 fffff880`013da000 ksecdd ksecdd.sys Sat Jun 02 04: 50: 23 2012 (4FC97F6F)
fffff880`013da000 fffff880`013eb000 pcw pcw.sys Tue Jul 14 01: 19: 27 2009 (4A5BC0FF)
fffff880`013eb000 fffff880`013f5000 Fs_Rec Fs_Rec.sys Thu Mar 01 04: 41: 06 2012 (4F4EEFD2)
fffff880`0141c000 fffff880`0150f000 ndis ndis.sys Sat Nov 20 10: 23: 30 2010 (4CE79392)
fffff880`0150f000 fffff880`0156f000 NETIO NETIO.SYS Wed Aug 22 17: 11: 28 2012 (5034F6A0)
fffff880`0156f000 fffff880`01599000 ksecpkg ksecpkg.sys Sat Jun 02 05: 27: 11 2012 (4FC9880F)
fffff880`01599000 fffff880`015e2000 fwpkclnt fwpkclnt.sys Thu Jan 03 04: 06: 48 2013 (50E4F5C8)
fffff880`015e2000 fffff880`015f2000 vmstorfl vmstorfl.sys Sat Nov 20 10: 57: 30 2010 (4CE79B8A)
fffff880`015f2000 fffff880`015fa000 spldr spldr.sys Mon May 11 18: 56: 27 2009 (4A0858BB)
fffff880`01600000 fffff880`01800000 tcpip tcpip.sys Thu Jan 03 04: 11: 48 2013 (50E4F6F4)
fffff880`01800000 fffff880`01848000 dtsoftbus01 dtsoftbus01.sys Fri Feb 21 10: 49: 36 2014 (53072130)
fffff880`01848000 fffff880`01872000 cdrom cdrom.sys Sat Nov 20 10: 19: 20 2010 (4CE79298)
fffff880`01872000 fffff880`0187f000 TDI TDI.SYS Sat Nov 20 10: 22: 06 2010 (4CE7933E)
fffff880`01880000 fffff880`018ba000 rdyboost rdyboost.sys Sat Nov 20 10: 43: 10 2010 (4CE7982E)
fffff880`018ba000 fffff880`018cc000 mup mup.sys Tue Jul 14 01: 23: 45 2009 (4A5BC201)
fffff880`018cc000 fffff880`018d5000 hwpolicy hwpolicy.sys Sat Nov 20 10: 18: 54 2010 (4CE7927E)
fffff880`018d5000 fffff880`0190f000 fvevol fvevol.sys Thu Jan 24 04: 11: 24 2013 (5100A65C)
fffff880`0190f000 fffff880`01925000 disk disk.sys Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`01925000 fffff880`01955000 CLASSPNP CLASSPNP.SYS Sat Nov 20 10: 19: 23 2010 (4CE7929B)
fffff880`01955000 fffff880`0198a000 aswVmm aswVmm.sys Thu Apr 17 13: 04: 55 2014 (534FB557)
fffff880`0198a000 fffff880`0199d000 aswRvrt aswRvrt.sys Thu Apr 17 13: 04: 41 2014 (534FB549)
fffff880`019d3000 fffff880`019f5000 tdx tdx.sys Sat Nov 20 10: 21: 54 2010 (4CE79332)
fffff880`03e00000 fffff880`03e0e000 vga vga.sys Tue Jul 14 01: 38: 47 2009 (4A5BC587)
fffff880`03e0e000 fffff880`03e33000 VIDEOPRT VIDEOPRT.SYS Tue Jul 14 01: 38: 51 2009 (4A5BC58B)
fffff880`03e33000 fffff880`03e43000 watchdog watchdog.sys Tue Jul 14 01: 37: 35 2009 (4A5BC53F)
fffff880`03e43000 fffff880`03e4c000 RDPCDD RDPCDD.sys Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`03e4c000 fffff880`03e55000 rdpencdd rdpencdd.sys Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`03e55000 fffff880`03e5e000 rdprefmp rdprefmp.sys Tue Jul 14 02: 16: 35 2009 (4A5BCE63)
fffff880`03e5e000 fffff880`03e69000 Msfs Msfs.SYS Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`03e69000 fffff880`03e7a000 Npfs Npfs.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`03e80000 fffff880`03f81000 aswSnx aswSnx.sys Mon May 05 10: 04: 42 2014 (5367461A)
fffff880`03f81000 fffff880`03fee000 aswSP aswSP.sys Mon May 05 10: 11: 11 2014 (5367479F)
fffff880`03fee000 fffff880`03ff7000 Null Null.SYS Tue Jul 14 01: 19: 37 2009 (4A5BC109)
fffff880`03ff7000 fffff880`03ffe000 Beep Beep.SYS Tue Jul 14 02: 00: 13 2009 (4A5BCA8D)
fffff880`06c00000 fffff880`06c51000 rdbss rdbss.sys Sat Nov 20 10: 27: 51 2010 (4CE79497)
fffff880`06c51000 fffff880`06c5d000 nsiproxy nsiproxy.sys Tue Jul 14 01: 21: 02 2009 (4A5BC15E)
fffff880`06c5d000 fffff880`06c68000 mssmbios mssmbios.sys Tue Jul 14 01: 31: 10 2009 (4A5BC3BE)
fffff880`06c68000 fffff880`06c77000 discache discache.sys Tue Jul 14 01: 37: 18 2009 (4A5BC52E)
fffff880`06c79000 fffff880`06d02000 afd afd.sys Wed Dec 28 04: 59: 20 2011 (4EFA9418)
fffff880`06d02000 fffff880`06d1c000 aswRdr2 aswRdr2.sys Thu Apr 17 13: 02: 56 2014 (534FB4E0)
fffff880`06d1c000 fffff880`06d61000 netbt netbt.sys Sat Nov 20 10: 23: 18 2010 (4CE79386)
fffff880`06d61000 fffff880`06d6a000 wfplwf wfplwf.sys Tue Jul 14 02: 09: 26 2009 (4A5BCCB6)
fffff880`06d6a000 fffff880`06d90000 pacer pacer.sys Sat Nov 20 11: 52: 18 2010 (4CE7A862)
fffff880`06d90000 fffff880`06d9f000 netbios netbios.sys Tue Jul 14 02: 09: 26 2009 (4A5BCCB6)
fffff880`06d9f000 fffff880`06dbc000 serial serial.sys Tue Jul 14 02: 00: 40 2009 (4A5BCAA8)
fffff880`06dbc000 fffff880`06dd7000 wanarp wanarp.sys Sat Nov 20 11: 52: 36 2010 (4CE7A874)
fffff880`06dd7000 fffff880`06deb000 termdd termdd.sys Sat Nov 20 12: 03: 40 2010 (4CE7AB0C)
fffff880`06e00000 fffff880`06ea3000 atikmpag atikmpag.sys Fri Apr 18 03: 07: 07 2014 (53507ABB)
fffff880`06ea8000 fffff880`06f2b000 csc csc.sys Sat Nov 20 10: 27: 12 2010 (4CE79470)
fffff880`06f2b000 fffff880`06f49000 dfsc dfsc.sys Sat Nov 20 10: 26: 31 2010 (4CE79447)
fffff880`06f49000 fffff880`06f5a000 blbdrive blbdrive.sys Tue Jul 14 01: 35: 59 2009 (4A5BC4DF)
fffff880`06f5a000 fffff880`06f80000 tunnel tunnel.sys Sat Nov 20 11: 51: 50 2010 (4CE7A846)
fffff880`06f80000 fffff880`06f9b000 raspppoe raspppoe.sys Tue Jul 14 02: 10: 17 2009 (4A5BCCE9)
fffff880`06f9b000 fffff880`06fbc000 raspptp raspptp.sys Sat Nov 20 11: 52: 31 2010 (4CE7A86F)
fffff880`06fbc000 fffff880`06fd6000 rassstp rassstp.sys Tue Jul 14 02: 10: 25 2009 (4A5BCCF1)
fffff880`06fd6000 fffff880`06fe5000 kbdclass kbdclass.sys Tue Jul 14 01: 19: 50 2009 (4A5BC116)
fffff880`06fe5000 fffff880`06ff4000 mouclass mouclass.sys Tue Jul 14 01: 19: 50 2009 (4A5BC116)
fffff880`07200000 fffff880`07246000 dxgmms1 dxgmms1.sys Wed Apr 10 05: 27: 15 2013 (5164DC13)
fffff880`07246000 fffff880`0726a000 HDAudBus HDAudBus.sys Sat Nov 20 11: 43: 42 2010 (4CE7A65E)
fffff880`0726a000 fffff880`0727b000 usbehci usbehci.sys Fri Mar 25 04: 29: 04 2011 (4D8C0C00)
fffff880`0727b000 fffff880`072d1000 USBPORT USBPORT.SYS Fri Mar 25 04: 29: 12 2011 (4D8C0C08)
fffff880`072d1000 fffff880`072dd000 serenum serenum.sys Tue Jul 14 02: 00: 33 2009 (4A5BCAA1)
fffff880`072e0000 fffff880`073d4000 dxgkrnl dxgkrnl.sys Thu Aug 01 09: 58: 53 2013 (51FA153D)
fffff880`073d4000 fffff880`073ea000 intelppm intelppm.sys Tue Jul 14 01: 19: 25 2009 (4A5BC0FD)
fffff880`073ea000 fffff880`073fa000 CompositeBus CompositeBus.sys Sat Nov 20 11: 33: 17 2010 (4CE7A3ED)
fffff880`073fa000 fffff880`073fb480 swenum swenum.sys Tue Jul 14 02: 00: 18 2009 (4A5BCA92)
fffff880`07451000 fffff880`07494000 ks ks.sys Sat Nov 20 11: 33: 23 2010 (4CE7A3F3)
fffff880`07494000 fffff880`074a6000 umbus umbus.sys Sat Nov 20 11: 44: 37 2010 (4CE7A695)
fffff880`074a6000 fffff880`07500000 usbhub usbhub.sys Fri Mar 25 04: 29: 25 2011 (4D8C0C15)
fffff880`07500000 fffff880`07515000 NDProxy NDProxy.SYS Sat Nov 20 11: 52: 20 2010 (4CE7A864)
fffff880`07515000 fffff880`07530000 AtihdW76 AtihdW76.sys Fri Dec 20 04: 15: 49 2013 (52B3B665)
fffff880`07530000 fffff880`0756d000 portcls portcls.sys Tue Jul 14 02: 06: 27 2009 (4A5BCC03)
fffff880`0756d000 fffff880`0758f000 drmk drmk.sys Tue Jul 14 03: 01: 25 2009 (4A5BD8E5)
fffff880`0758f000 fffff880`07594200 ksthunk ksthunk.sys Tue Jul 14 02: 00: 19 2009 (4A5BCA93)
fffff880`08000000 fffff880`08024000 mrxsmb20 mrxsmb20.sys Wed Apr 27 04: 39: 37 2011 (4DB781E9)
fffff880`08024000 fffff880`0802e000 aswHwid aswHwid.sys Tue Apr 08 17: 43: 26 2014 (5344191E)
fffff880`08072000 fffff880`0813b000 HTTP HTTP.sys Sat Nov 20 10: 24: 30 2010 (4CE793CE)
fffff880`0813b000 fffff880`08159000 bowser bowser.sys Wed Feb 23 05: 55: 04 2011 (4D649328)
fffff880`08159000 fffff880`08171000 mpsdrv mpsdrv.sys Tue Jul 14 02: 08: 25 2009 (4A5BCC79)
fffff880`08171000 fffff880`0819e000 mrxsmb mrxsmb.sys Wed Apr 27 04: 40: 38 2011 (4DB78226)
fffff880`0819e000 fffff880`081ec000 mrxsmb10 mrxsmb10.sys Sat Jul 09 04: 46: 28 2011 (4E17C104)
fffff880`08200000 fffff880`08222000 aswMonFlt aswMonFlt.sys Thu Apr 17 13: 04: 01 2014 (534FB521)
fffff880`08222000 fffff880`0823b000 WudfPf WudfPf.sys Thu Jul 26 04: 26: 45 2012 (5010AAE5)
fffff880`0823b000 fffff880`08253000 aswStm aswStm.sys Mon May 05 10: 11: 48 2014 (536747C4)
fffff880`08253000 fffff880`08268000 lltdio lltdio.sys Tue Jul 14 02: 08: 50 2009 (4A5BCC92)
fffff880`08268000 fffff880`08280000 rspndr rspndr.sys Tue Jul 14 02: 08: 50 2009 (4A5BCC92)
fffff880`082a0000 fffff880`084f3700 RTKVHD64 RTKVHD64.sys Wed Jul 28 12: 01: 36 2010 (4C500000)
fffff880`084f4000 fffff880`08511000 cdfs cdfs.sys Tue Jul 14 01: 19: 46 2009 (4A5BC112)
fffff880`08511000 fffff880`0851f000 crashdmp crashdmp.sys Tue Jul 14 02: 01: 01 2009 (4A5BCABD)
fffff880`0851f000 fffff880`0852b000 dump_dumpata dump_dumpata.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`0852b000 fffff880`08534000 dump_atapi dump_atapi.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`08534000 fffff880`08547000 dump_dumpfve dump_dumpfve.sys Tue Jul 14 01: 21: 51 2009 (4A5BC18F)
fffff880`08547000 fffff880`08555000 hidusb hidusb.sys Sat Nov 20 11: 43: 49 2010 (4CE7A665)
fffff880`08555000 fffff880`0856e000 HIDCLASS HIDCLASS.SYS Sat Nov 20 11: 43: 49 2010 (4CE7A665)
fffff880`0856e000 fffff880`08576080 HIDPARSE HIDPARSE.SYS Tue Jul 14 02: 06: 17 2009 (4A5BCBF9)
fffff880`08577000 fffff880`08578f00 USBD USBD.SYS Fri Mar 25 04: 28: 59 2011 (4D8C0BFB)
fffff880`08579000 fffff880`08585000 Dxapi Dxapi.sys Tue Jul 14 01: 38: 28 2009 (4A5BC574)
fffff880`08585000 fffff880`08592000 mouhid mouhid.sys Tue Jul 14 02: 00: 20 2009 (4A5BCA94)
fffff880`08592000 fffff880`085af000 usbccgp usbccgp.sys Fri Mar 25 04: 29: 14 2011 (4D8C0C0A)
fffff880`085af000 fffff880`085bd000 kbdhid kbdhid.sys Sat Nov 20 11: 33: 25 2010 (4CE7A3F5)
fffff880`085bd000 fffff880`085cb000 monitor monitor.sys Tue Jul 14 01: 38: 52 2009 (4A5BC58C)
fffff880`085cb000 fffff880`085ee000 luafv luafv.sys Tue Jul 14 01: 26: 13 2009 (4A5BC295)
fffff880`09600000 fffff880`09669000 srv2 srv2.sys Fri Apr 29 05: 05: 46 2011 (4DBA2B0A)
fffff880`096b7000 fffff880`0975d000 peauth peauth.sys Tue Jul 14 03: 01: 19 2009 (4A5BD8DF)
fffff880`0975d000 fffff880`09768000 secdrv secdrv.SYS Wed Sep 13 15: 18: 38 2006 (4508052E)
fffff880`09768000 fffff880`09799000 srvnet srvnet.sys Fri Apr 29 05: 05: 35 2011 (4DBA2AFF)
fffff880`09799000 fffff880`097ab000 tcpipreg tcpipreg.sys Sat Nov 20 11: 51: 48 2010 (4CE7A844)
fffff880`0a668000 fffff880`0a700000 srv srv.sys Fri Apr 29 05: 06: 06 2011 (4DBA2B1E)
fffff880`0a700000 fffff880`0a70b000 hamachi hamachi.sys Thu Feb 19 11: 36: 41 2009 (499D3639)
fffff880`0f000000 fffff880`0f02f000 ndiswan ndiswan.sys Sat Nov 20 11: 52: 32 2010 (4CE7A870)
fffff880`0f02f000 fffff880`0f03c000 tap0901t tap0901t.sys Wed Sep 16 08: 02: 43 2009 (4AB07F83)
fffff880`0f03e000 fffff880`0ff4e000 atikmdag atikmdag.sys Fri Apr 18 04: 13: 16 2014 (53508A3C)
fffff880`0ff4e000 fffff880`0ffa4000 Rt64win7 Rt64win7.sys Wed Jun 23 11: 10: 45 2010 (4C21CF95)
fffff880`0ffa4000 fffff880`0ffba000 AgileVpn AgileVpn.sys Tue Jul 14 02: 10: 24 2009 (4A5BCCF0)
fffff880`0ffba000 fffff880`0ffde000 rasl2tp rasl2tp.sys Sat Nov 20 11: 52: 34 2010 (4CE7A872)
fffff880`0ffde000 fffff880`0ffea000 ndistapi ndistapi.sys Tue Jul 14 02: 10: 00 2009 (4A5BCCD8)
fffff880`0fff5000 fffff880`10000000 rdpbus rdpbus.sys Tue Jul 14 02: 17: 46 2009 (4A5BCEAA)
fffff960`00010000 fffff960`00326000 win32k win32k.sys Fri Mar 01 04: 35: 34 2013 (51302206)
fffff960`00410000 fffff960`0041a000 TSDDD TSDDD.dll Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff960`00750000 fffff960`00777000 cdd cdd.dll unavailable (00000000)
fffff960`00970000 fffff960`009d1000 ATMFD ATMFD.DLL unavailable (00000000)
Unloaded modules:
fffff880`0ffea000 fffff880`0fff5000 hamachi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000B000
fffff880`0199d000 fffff880`019ab000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`019ab000 fffff880`019b7000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff880`019b7000 fffff880`019c0000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00009000
fffff880`019c0000 fffff880`019d3000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00013000
Bugcheck code 0000003B
3: kd> ln fffff800031d5407
(fffff800`031d5320) nt!ObReferenceObjectByHandleWithTag+0xe7 | (fffff800`031d5700) nt!NtWaitForSingleObject
Kolejny z serii 0x3b SYSTEM_SERVICE_EXCEPTION
Tutaj wyjątek powstał w momencie grania w CS GO.
Nie wiadomo dlaczego zrzut jądra wskazuje na sterownik atikmdag.sys (ATI Radeon Kernel Mode Driver) i co było faktycznym powodem. Nie zawsze jest to wina sterownika.
Dla świętego spokoju pomierzyłbym jeszcze napięcia na zasilaczu,podmienił na coś innego albo po prostu grafikę potestował na innym sprzęcie z czystym testowym systemem.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\100\071814-30217-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`02e0c000 PsLoadedModuleList = 0xfffff800`0304f670
Debug session time: Fri Jul 18 02: 13: 43.668 2014 (UTC + 2: 00)
System Uptime: 0 days 0: 15: 50.480
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8800f0715c0, fffff8800a572610, 0}
Unable to load image \SystemRoot\system32\DRIVERS\atikmdag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by : atikmdag.sys ( atikmdag+f5c0 )
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8800f0715c0, Address of the instruction which caused the bugcheck
Arg3: fffff8800a572610, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
atikmdag+f5c0
fffff880`0f0715c0 8b4108 mov eax,dword ptr [rcx+8]
CONTEXT: fffff8800a572610 -- (.cxr 0xfffff8800a572610)
rax=fffff8a009fe33d8 rbx=00fff8a00c5a8740 rcx=00fff8a00c5a8740
rdx=fffff8a009fe3000 rsi=0000000000000000 rdi=fffffa80078d0040
rip=fffff8800f0715c0 rsp=fffff8800a572ff8 rbp=fffff8a0161c0298
r8=0000000000000029 r9=fffff8a009fe3000 r10=fffffa8008bac240
r11=fffff8800a573068 r12=0000000000000000 r13=0000000000000029
r14=fffff8a009fe33d8 r15=fffff8a0161c0290
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
atikmdag+0xf5c0:
fffff880`0f0715c0 8b4108 mov eax,dword ptr [rcx+8] ds: 002b: 00fff8a0`0c5a8748=?
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: csgo.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8800f1217ef to fffff8800f0715c0
STACK_TEXT:
fffff880`0a572ff8 fffff880`0f1217ef : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : atikmdag+0xf5c0
fffff880`0a573000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : atikmdag+0xbf7ef
FOLLOWUP_IP:
atikmdag+f5c0
fffff880`0f0715c0 8b4108 mov eax,dword ptr [rcx+8]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: atikmdag+f5c0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 53508a3c
STACK_COMMAND: .cxr 0xfffff8800a572610 ; kb
FAILURE_BUCKET_ID: X64_0x3B_atikmdag+f5c0
BUCKET_ID: X64_0x3B_atikmdag+f5c0
Followup: MachineOwner
---------
Post: #4![[Obrazek: 2089620800_1406976151.png]](http://obrazki.elektroda.pl/2089620800_1406976151.png)
