Cytat:O dziwo znalazłam dwa pliki dump z tą samą datą i godziną, jeden z błędem w katalogu Minidump ntoskrnl.exe (nt+75b50), a drugi znajdujący się tylko w katalogu Windows MEMORY.DMP ważący ponad 300Mb Wdf01000.sys (Wdf01000+1264c).
Jeden to mały zrzut, drugi zrzut pamięci jadra systemowego.
Jak Ci dam opis postępowania analizy w przypadku poniższego błędu to szczena opada (to jeszcze i tak jest lajtowo)
http://blogs.technet.com/b/marcelofartur...ndled.aspx
Niżej nawet do błędu nie przekazano argumentów Arg1-Arg4 więc nie mam punktów zaczepienia.
Jedynie co znalazłem to
AtiPcie.sys Tue May 5 17:00:22 2009 (4A005486)
ATI PCIE Driver for ATI PCIE chipset lub ATI PCI Express (3GIO) Filter
Znalazłem też Kasperskiego - proszę przynajmniej na jakiś czas odinstalować go i zastanowić nad inną ochroną.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Mini Kernel Dump File: Only registers and stack trace are available
Mini Kernel Dump does not have process information
Symbol search path is: srv*c: \symbols*http: //msdl.microsoft.com/download/symbols;symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18229.amd64fre.win7sp1_gdr.130801-1533
Machine Name:
Kernel base = 0xfffff800`0321c000 PsLoadedModuleList = 0xfffff800`0345f6d0
Debug session time: Sun Feb 2 23: 36: 16.330 2014 (UTC + 1: 00)
System Uptime: 0 days 5: 35: 20.612
Loading Kernel Symbols
..................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : Wdf01000.sys ( Wdf01000!FxPoolFree+3c )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'AtiPcie' and 'Unknown_Module_5559d069`00000807' overlap
EXCEPTION_CODE: (Win32) 0 (0) - Operacja uko czona pomy lnie.
FAULTING_IP:
+4142faf0013d914
00000000`00000000 ? ?
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff880009b0988 -- (.exr 0xfffff880009b0988)
.exr 0xfffff880009b0988
ExceptionAddress: fffff88000eb964c (Wdf01000!FxPoolFree+0x000000000000003c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff880009b0a30 -- (.trap 0xfffff880009b0a30)
.trap 0xfffff880009b0a30
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffbfa800597dd70 rbx=0000000000000000 rcx=fffffa8004069650
rdx=fffffa8004069650 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000eb964c rsp=fffff880009b0bc0 rbp=fffff880009b0c80
r8=fffffa800935ce18 r9=fffffa80071122a0 r10=fffffa8007112298
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
Wdf01000!FxPoolFree+0x3c:
fffff880`00eb964c 80b8f000000000 cmp byte ptr [rax+0F0h],0 ds: 5ec0: fffbfa80`0597de60=?
.trap
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000328957e to fffff80003291b50
STACK_TEXT:
fffff880`009afa68 fffff800`0328957e : 00000000`00000000 fffff880`034d9bf9 fffff880`009b01e0 fffff800`032bca90 : nt!KeBugCheck
fffff880`009afa70 fffff800`032bc75d : fffff800`034a0374 fffff800`033dd260 fffff800`0321c000 fffff880`009b0988 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`009afaa0 fffff800`032bb535 : fffff800`033e0f64 fffff880`009afb18 fffff880`009b0988 fffff800`0321c000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`009afad0 fffff800`032cc4e1 : fffff880`009b0988 fffff880`009b01e0 fffff880`00000000 00000000`0000100e : nt!RtlDispatchException+0x415
fffff880`009b01b0 fffff800`03291202 : fffff880`009b0988 fffffa80`04069640 fffff880`009b0a30 fffff880`009b0d02 : nt!KiDispatchException+0x135
fffff880`009b0850 fffff800`0328fb0a : fffffa80`04209d40 fffffa80`054f81a0 fffffa80`094cbeb0 fffff800`033c530d : nt!KiExceptionDispatch+0xc2
fffff880`009b0a30 fffff880`00eb964c : fffffa80`04209d00 00000000`00000001 fffffa80`00000001 fffff880`00000001 : nt!KiGeneralProtectionFault+0x10a
fffff880`009b0bc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Wdf01000!FxPoolFree+0x3c
STACK_COMMAND: kb
FOLLOWUP_IP:
Wdf01000!FxPoolFree+3c
fffff880`00eb964c 80b8f000000000 cmp byte ptr [rax+0F0h],0
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: Wdf01000!FxPoolFree+3c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 51c51641
FAILURE_BUCKET_ID: X64_0x1E_0_Wdf01000!FxPoolFree+3c
BUCKET_ID: X64_0x1E_0_Wdf01000!FxPoolFree+3c
Followup: MachineOwner
---------
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
start end module name
fffff880`00f79000 fffff880`00fd0000 ACPI ACPI.sys Sat Nov 20 10: 19: 16 2010 (4CE79294)
fffff880`018a3000 fffff880`018ae000 amdxata amdxata.sys Fri Mar 19 17: 18: 18 2010 (4BA3A3CA)
fffff880`017f3000 fffff880`017fc000 atapi atapi.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`00e6a000 fffff880`00e94000 ataport ataport.SYS Mon Aug 05 03: 02: 45 2013 (51FEF9B5)
fffff880`020e1000 fffff880`020e9000 AtiPcie AtiPcie.sys Tue May 05 17: 00: 22 2009 (4A005486)
fffff880`00cab000 fffff880`00d6b000 CI CI.dll Sat Nov 20 14: 12: 36 2010 (4CE7C944)
fffff880`020b1000 fffff880`020e1000 CLASSPNP CLASSPNP.SYS Sat Nov 20 10: 19: 23 2010 (4CE7929B)
fffff880`00c4d000 fffff880`00cab000 CLFS CLFS.SYS Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`0196c000 fffff880`019de000 cng cng.sys Wed Aug 01 17: 48: 07 2012 (50194FB7)
fffff880`0209b000 fffff880`020b1000 disk disk.sys Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`018fa000 fffff880`0190e000 fileinfo fileinfo.sys Tue Jul 14 01: 34: 25 2009 (4A5BC481)
fffff880`018ae000 fffff880`018fa000 fltmgr fltmgr.sys Sat Nov 20 10: 19: 24 2010 (4CE7929C)
fffff880`01a00000 fffff880`01a0a000 Fs_Rec Fs_Rec.sys unavailable (00000000)
fffff880`02061000 fffff880`0209b000 fvevol fvevol.sys Thu Jan 24 04: 11: 24 2013 (5100A65C)
fffff880`01c8b000 fffff880`01cd4000 fwpkclnt fwpkclnt.sys Thu Jan 03 04: 06: 48 2013 (50E4F5C8)
fffff800`03802000 fffff800`0384b000 hal hal.dll Sat Nov 20 14: 00: 25 2010 (4CE7C669)
fffff880`02058000 fffff880`02061000 hwpolicy hwpolicy.sys Sat Nov 20 10: 18: 54 2010 (4CE7927E)
fffff800`00b96000 fffff800`00ba0000 kdcom kdcom.dll Sat Feb 05 17: 52: 49 2011 (4D4D8061)
fffff880`0107f000 fffff880`017de000 kl1 kl1.sys Fri Oct 18 11: 18: 22 2013 (5260FCDE)
fffff880`01bcd000 fffff880`01be8000 ksecdd ksecdd.sys Wed Sep 25 03: 03: 28 2013 (52423660)
fffff880`01c60000 fffff880`01c8b000 ksecpkg ksecpkg.sys Wed Sep 25 03: 20: 07 2013 (52423A47)
fffff880`00c2c000 fffff880`00c39000 mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Tue Jul 14 03: 29: 09 2009 (4A5BDF65)
fffff880`00e50000 fffff880`00e6a000 mountmgr mountmgr.sys Sat Nov 20 10: 19: 21 2010 (4CE79299)
fffff880`00fd9000 fffff880`00fe3000 msisadrv msisadrv.sys Tue Jul 14 01: 19: 26 2009 (4A5BC0FE)
fffff880`0190e000 fffff880`0196c000 msrpc msrpc.sys unavailable (00000000)
fffff880`02046000 fffff880`02058000 mup mup.sys Tue Jul 14 01: 23: 45 2009 (4A5BC201)
fffff880`00d6b000 fffff880`00df7000 mv91xx mv91xx.sys Fri Dec 25 07: 45: 39 2009 (4B345F93)
fffff880`0189b000 fffff880`018a3000 mvxxmm mvxxmm.sys Fri Dec 25 07: 45: 15 2009 (4B345F7B)
fffff880`01ce6000 fffff880`01dd8000 ndis ndis.sys Wed Aug 22 17: 11: 46 2012 (5034F6B2)
fffff880`01c00000 fffff880`01c60000 NETIO NETIO.SYS Wed Aug 22 17: 11: 28 2012 (5034F6A0)
fffff800`0321c000 fffff800`03802000 nt ntkrnlmp.exe Fri Aug 02 03: 09: 33 2013 (51FB06CD)
fffff880`01a2b000 fffff880`01bcd000 Ntfs Ntfs.sys Fri Apr 12 13: 54: 36 2013 (5167F5FC)
fffff880`017de000 fffff880`017f3000 partmgr partmgr.sys Sat Mar 17 06: 06: 09 2012 (4F641BC1)
fffff880`00e00000 fffff880`00e33000 pci pci.sys Sat Nov 20 10: 19: 11 2010 (4CE7928F)
fffff880`01071000 fffff880`01078000 pciide pciide.sys Tue Jul 14 01: 19: 49 2009 (4A5BC115)
fffff880`00e40000 fffff880`00e50000 PCIIDEX PCIIDEX.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`01be8000 fffff880`01bf9000 pcw pcw.sys Tue Jul 14 01: 19: 27 2009 (4A5BC0FF)
fffff880`00c39000 fffff880`00c4d000 PSHED PSHED.dll Tue Jul 14 03: 32: 23 2009 (4A5BE027)
fffff880`0200c000 fffff880`02046000 rdyboost rdyboost.sys Sat Nov 20 10: 43: 10 2010 (4CE7982E)
fffff880`0186c000 fffff880`0189b000 SCSIPORT SCSIPORT.SYS Sat Nov 20 11: 34: 01 2010 (4CE7A419)
fffff880`01dd8000 fffff880`01de0000 spldr spldr.sys Mon May 11 18: 56: 27 2009 (4A0858BB)
fffff880`01e01000 fffff880`02000000 tcpip tcpip.sys Sun Sep 08 03: 11: 52 2013 (522BCED8)
90000002`82000000 90000003`12000002 Unknown_Module_90000002_82000000 Unknown_Module_90000002`82000000 unavailable (00000000)
fffff880`00e33000 fffff880`00e40000 vdrvroot vdrvroot.sys Tue Jul 14 02: 01: 31 2009 (4A5BCADB)
fffff880`01cd4000 fffff880`01ce4000 vmstorfl vmstorfl.sys unavailable (00000000)
fffff880`01000000 fffff880`01015000 volmgr volmgr.sys Sat Nov 20 10: 19: 28 2010 (4CE792A0)
fffff880`01015000 fffff880`01071000 volmgrx volmgrx.sys unavailable (00000000)
fffff880`01800000 fffff880`0184c000 volsnap volsnap.sys Sat Nov 20 10: 20: 08 2010 (4CE792C8)
fffff880`00ea7000 fffff880`00f69000 Wdf01000 Wdf01000.sys Sat Jun 22 05: 13: 05 2013 (51C51641)
fffff880`00f69000 fffff880`00f79000 WDFLDR WDFLDR.SYS Thu Jul 26 04: 29: 04 2012 (5010AB70)
fffff880`00fd0000 fffff880`00fd9000 WMILIB WMILIB.SYS Tue Jul 14 01: 19: 51 2009 (4A5BC117)
Unloaded modules:
5559d069`00000807 5559d069`00000807 Unknown_Module_5559d069`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
7ff29176`00000807 7ff29176`00000807 Unknown_Module_7ff29176`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
01588b54`00000807 01588b54`00000a07 Unknown_Module_01588b54`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000200
cb38cb40`00000810 cb38cb41`00000807 Unknown_Module_cb38cb40`00000810
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: FFFFFFF7
0f3f5901`00000807 0f3f5901`00000807 Unknown_Module_0f3f5901`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
07f4d651`00000807 07f4d651`00000807 Unknown_Module_07f4d651`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
88cd73e1`00000810 88cd73e2`00000807 Unknown_Module_88cd73e1`00000810
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: FFFFFFF7
16a869fd`00000807 16a869fd`00000807 Unknown_Module_16a869fd`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
41c1f79e`00000807 41c1f79e`00000807 Unknown_Module_41c1f79e`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
57797854`00000807 57797854`00000807 Unknown_Module_57797854`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
04eec4e5`00000807 04eec4e5`00000807 Unknown_Module_04eec4e5`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
85f9c5ce`00000807 85f9c5ce`00000807 Unknown_Module_85f9c5ce`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
0fb5d2bf`00000807 0fb5d2bf`00000807 Unknown_Module_0fb5d2bf`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
528870e3`00000807 528870e3`00000807 Unknown_Module_528870e3`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
c75bafe7`00000807 c75bafe7`00000807 Unknown_Module_c75bafe7`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
599e3ebc`00000807 599e3ebc`00000807 Unknown_Module_599e3ebc`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
42d54e13`00000807 42d54e13`00000807 Unknown_Module_42d54e13`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
ac3cd67f`00000807 ac3cd67f`00000807 Unknown_Module_ac3cd67f`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
0068ff60`00000807 0068ff60`00000807 Unknown_Module_0068ff60`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
0579907a`00000807 0579907a`00000807 Unknown_Module_0579907a`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
4aaf75a7`00000807 4aaf75a7`00000807 Unknown_Module_4aaf75a7`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
805df8e3`00000807 805df8e3`00000807 Unknown_Module_805df8e3`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
54a560aa`00000807 54a560aa`00000807 Unknown_Module_54a560aa`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
c55a669d`00000807 c55a669d`00000807 Unknown_Module_c55a669d`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
452f23b4`00000807 452f23b4`00000807 Unknown_Module_452f23b4`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
5370b92a`00000807 5370b92a`00000807 Unknown_Module_5370b92a`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
0834f043`00000807 0834f043`00000807 Unknown_Module_0834f043`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
849acafd`00000807 849acafd`00000807 Unknown_Module_849acafd`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
bcfdaf0f`00000807 bcfdaf0f`00000807 Unknown_Module_bcfdaf0f`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
4b3cdf5d`00000807 4b3cdf5d`00000807 Unknown_Module_4b3cdf5d`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
4de0c658`00000807 4de0c658`00000807 Unknown_Module_4de0c658`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
fc276260`00000805 fc276260`00000807 Unknown_Module_fc276260`00000805
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000002
eef0dd04`00000807 eef0dd04`00000807 Unknown_Module_eef0dd04`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
54be9f46`00000807 54be9f46`00000807 Unknown_Module_54be9f46`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
7ff291bc`00000807 7ff291bc`00000807 Unknown_Module_7ff291bc`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
6efd92a0`00000807 6efd92a0`00000807 Unknown_Module_6efd92a0`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
05d80580`00000807 05d80580`00000807 Unknown_Module_05d80580`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
1943e94c`00000810 1943e94d`00000807 Unknown_Module_1943e94c`00000810
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: FFFFFFF7
555a3536`00000807 555a3536`00000807 Unknown_Module_555a3536`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
89c1b909`00000807 89c1b909`00000807 Unknown_Module_89c1b909`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
ebbefac3`00000907 ebbefac3`00000907 Unknown_Module_ebbefac3`00000907
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
c6c3c03f`00000807 c6c3c03f`00000807 Unknown_Module_c6c3c03f`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
aa3b6352`00000807 aa3b6352`00000807 Unknown_Module_aa3b6352`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
01588b9e`00000807 01588b9f`00000805 Unknown_Module_01588b9e`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: FFFFFFFE
fff6afc8`00000810 fff6afc9`00000807 Unknown_Module_fff6afc8`00000810
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: FFFFFFF7
ca1109b3`00000807 ca1109b3`00000810 Unknown_Module_ca1109b3`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000009
7a3e4919`00000807 7a3e4919`00000807 Unknown_Module_7a3e4919`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
ddddddb2`00000807 ddddddb2`00000807 Unknown_Module_ddddddb2`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
85125a0e`00000807 85125a0e`00000807 Unknown_Module_85125a0e`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
078e4eeb`00000807 078e4eeb`00000807 Unknown_Module_078e4eeb`00000807
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00000000
Post: #6![[Obrazek: 2089620800_1406976151.png]](http://obrazki.elektroda.pl/2089620800_1406976151.png)
