Hjelp meg med å tolke windbg resultat?

[Olemann89]

Jeg har en forholdsvis ny bærbar(<1år) som får bsod på tilfeldige tidspunkter, men ofte. På alle har det stått IRQL_NOT_LESS_OR_EQUAL. Jeg har ikke brukt Windbg før, så jeg klarer ikke tolke mitt resultat:

Loading Dump File [C:\WINDOWS\Minidump\Mini061808-07.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16584.x86fre.vista_gdr.071023-1545

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10

Debug session time: Wed Jun 18 13:35:38.782 2008 (GMT+2)

System Uptime: 0 days 5:18:04.630

Loading Kernel Symbols

..........................................................................................

....................................................................

Loading User Symbols

Loading unloaded module list

......

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 4E, {99, 277c7, 3, 6ab7}

 

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS

*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS

Probably caused by : memory_corruption ( nt!MiBadShareCount+24 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

PFN_LIST_CORRUPT (4e)

Typically caused by drivers passing bad memory descriptor lists (ie: calling

MmUnlockPages twice with the same list, etc). If a kernel debugger is

available get the stack trace.

Arguments:

Arg1: 00000099, A PTE or PFN is corrupt

Arg2: 000277c7, page frame number

Arg3: 00000003, current page state

Arg4: 00006ab7, 0

 

Debugging Details:

------------------

 

 

BUGCHECK_STR: 0x4E_99

 

CUSTOMER_CRASH_COUNT: 7

 

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

 

PROCESS_NAME: dwm.exe

 

CURRENT_IRQL: 2

 

LAST_CONTROL_TRANSFER: from 81ce388b to 81cd8681

 

STACK_TEXT:

aae7d9e0 81ce388b 0000004e 00000099 000277c7 nt!KeBugCheckEx+0x1e

aae7d9f8 81c409ce 00000000 c0044338 c0045000 nt!MiBadShareCount+0x24

aae7da28 81c40566 c0044338 8392ad90 00000000 nt!MiDeletePte+0x393

aae7db58 81cc1217 08850002 08c37fff 8392ad90 nt!MiDeleteVirtualAddresses+0x8a1

aae7dc28 81cc0d50 8392ad90 83c1aa30 8393eae8 nt!MiRemoveMappedView+0x4a1

aae7dc50 81de0e15 8393eae8 00000000 c0000001 nt!MiRemoveVadAndView+0xe3

aae7dcb0 81de0ba1 8392ad90 08850000 00000000 nt!MiUnmapViewOfSection+0x256

aae7dcd0 8bdac1c9 ffffffff 08850000 a9314500 nt!NtUnmapViewOfSection+0x55

WARNING: Stack unwind information not available. Following frames may be wrong.

aae7dd54 81c8caaa ffffffff 08850000 0154fb60 SYMEVENT+0x141c9

aae7dd54 05f61d40 ffffffff 08850000 0154fb60 nt!KiFastCallEntry+0x12a

0000003b 00000000 00000000 00000000 00000000 0x5f61d40

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!MiBadShareCount+24

81ce388b cc int 3

 

SYMBOL_STACK_INDEX: 1

 

SYMBOL_NAME: nt!MiBadShareCount+24

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: nt

 

DEBUG_FLR_IMAGE_TIMESTAMP: 471ea39c

 

IMAGE_NAME: memory_corruption

 

FAILURE_BUCKET_ID: 0x4E_99_nt!MiBadShareCount+24

 

BUCKET_ID: 0x4E_99_nt!MiBadShareCount+24

EDIT:

 

Enda en:

Loading Dump File [C:\WINDOWS\Minidump\Mini061808-06.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16584.x86fre.vista_gdr.071023-1545

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10

Debug session time: Wed Jun 18 08:11:37.549 2008 (GMT+2)

System Uptime: 0 days 0:00:40.206

Loading Kernel Symbols

..........................................................................................

..............................................................

Loading User Symbols

Loading unloaded module list

..

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck A, {16e0, 2, 1, 81c1dc2e}

 

Probably caused by : memory_corruption ( nt!MiRestoreTransitionPte+11d )

 

Followup: MachineOwner

---------

 

0: kd> !analyse -v

No export analyse found

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 000016e0, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, bitfield :

bit 0 : value 0 = read operation, 1 = write operation

bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)

Arg4: 81c1dc2e, address which referenced memory

 

Debugging Details:

------------------

 

 

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac

Unable to read MiSystemVaType memory at 81d117e0

000016e0

 

CURRENT_IRQL: 2

 

FAULTING_IP:

nt!MiRestoreTransitionPte+11d

81c1dc2e ff4910 dec dword ptr [ecx+10h]

 

CUSTOMER_CRASH_COUNT: 6

 

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

 

BUGCHECK_STR: 0xA

 

PROCESS_NAME: ccSvcHst.exe

 

TRAP_FRAME: a7fb7c3c -- (.trap 0xffffffffa7fb7c3c)

ErrCode = 00000000

eax=04301000 ebx=8bc73d78 ecx=00001000 edx=fffff000 esi=041cb000 edi=04301000

eip=81e89510 esp=a7fb7cb0 ebp=a7fb7cb8 iopl=0 nv up ei ng nz na pe cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287

nt!ProbeForWrite+0x39:

81e89510 8a06 mov al,byte ptr [esi] ds:0023:041cb000=??

Resetting default scope

 

LAST_CONTROL_TRANSFER: from 81c1dc2e to 81c8fd84

 

STACK_TEXT:

a7fb7abc 81c1dc2e badb0d00 00000000 81d121a0 nt!KiTrap0E+0x2ac

a7fb7b64 81c11896 82ca42c0 ffffffff 00000019 nt!MiRestoreTransitionPte+0x11d

a7fb7b78 81c117eb 832f1740 ffffffff 832f1a40 nt!MiRemoveStandbyPage+0x88

a7fb7b88 81caee46 00000000 00000019 00000000 nt!MiRemoveLowestPriorityStandbyPage+0x24

a7fb7bbc 81cabaca 00000019 041cb000 041cb000 nt!MiRemovePageZeroPreferred+0x1a8

a7fb7c24 81c8fbb4 00000000 041cb000 00000000 nt!MmAccessFault+0x1cd8

a7fb7c24 81e89510 00000000 041cb000 00000000 nt!KiTrap0E+0xdc

a7fb7cb8 81d93084 04100200 00200000 00000001 nt!ProbeForWrite+0x39

a7fb7d38 81c8caaa 851f5870 00000420 00000000 nt!NtReadFile+0x91

a7fb7d38 77100f34 851f5870 00000420 00000000 nt!KiFastCallEntry+0x12a

WARNING: Frame IP not in any known module. Following frames may be wrong.

0100ee40 00000000 00000000 00000000 00000000 0x77100f34

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!MiRestoreTransitionPte+11d

81c1dc2e ff4910 dec dword ptr [ecx+10h]

 

SYMBOL_STACK_INDEX: 1

 

SYMBOL_NAME: nt!MiRestoreTransitionPte+11d

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: nt

 

DEBUG_FLR_IMAGE_TIMESTAMP: 471ea39c

 

IMAGE_NAME: memory_corruption

 

FAILURE_BUCKET_ID: 0xA_W_nt!MiRestoreTransitionPte+11d

 

BUCKET_ID: 0xA_W_nt!MiRestoreTransitionPte+11d

 

Followup: MachineOwner

---------

"Probably caused by : memory_corruption" - må jeg da kjøpe ny?

Endret 18. juni 2008 av Olemann89

[Olemann89]

Nå fikk jeg en jeg ikke har lagt merke til før, Memory_Management;

Microsoft ® Windows Debugger Version 6.9.0003.113 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\Minidump\Mini061808-08.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16584.x86fre.vista_gdr.071023-1545

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10

Debug session time: Wed Jun 18 15:02:14.511 2008 (GMT+2)

System Uptime: 0 days 1:24:09.581

Loading Kernel Symbols

..........................................................................................

....................................................................

Loading User Symbols

Loading unloaded module list

...

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 1A, {403, c0044fb0, 322e1867, c0040fb0}

 

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS

*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS

Probably caused by : SYMEVENT.SYS ( SYMEVENT+141f9 )

 

Followup: MachineOwner

---------

 

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

MEMORY_MANAGEMENT (1a)

# Any other values for parameter 1 must be individually examined.

Arguments:

Arg1: 00000403, The subtype of the bugcheck.

Arg2: c0044fb0

Arg3: 322e1867

Arg4: c0040fb0

 

Debugging Details:

------------------

 

 

BUGCHECK_STR: 0x1a_403

 

CUSTOMER_CRASH_COUNT: 8

 

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

 

PROCESS_NAME: firefox.exe

 

CURRENT_IRQL: 2

 

LAST_CONTROL_TRANSFER: from 81c40566 to 81c4099b

 

STACK_TEXT:

b60899a8 81c40566 c0044fb0 83b5d020 84f33238 nt!MiDeletePte+0x360

b6089adc 81cbf1bd 08840000 08a00fff b6082034 nt!MiDeleteVirtualAddresses+0x8a1

b6089b74 8bda81f9 ffffffff b6089cfc b6089d08 nt!NtFreeVirtualMemory+0x655

WARNING: Stack unwind information not available. Following frames may be wrong.

b6089c08 81c8caaa ffffffff b6089cfc b6089d08 SYMEVENT+0x141f9

b6089c08 fe9f0030 ffffffff b6089cfc b6089d08 nt!KiFastCallEntry+0x12a

00000001 00000000 00000000 00000000 00000000 0xfe9f0030

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

SYMEVENT+141f9

8bda81f9 ?? ???

 

SYMBOL_STACK_INDEX: 3

 

SYMBOL_NAME: SYMEVENT+141f9

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: SYMEVENT

 

IMAGE_NAME: SYMEVENT.SYS

 

DEBUG_FLR_IMAGE_TIMESTAMP: 483df97c

 

FAILURE_BUCKET_ID: 0x1a_403_SYMEVENT+141f9

 

BUCKET_ID: 0x1a_403_SYMEVENT+141f9

 

Followup: MachineOwner

---------

Hva er symevent.sys? o.O

EDIT: symevent.sys - Symantec Event Library

Endret 18. juni 2008 av Olemann89

[Olemann89]

kvantitet>kvalitet?

 

Loading Dump File [C:\WINDOWS\Minidump\Mini061808-09.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16584.x86fre.vista_gdr.071023-1545

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10

Debug session time: Wed Jun 18 17:07:50.665 2008 (GMT+2)

System Uptime: 0 days 2:04:17.890

Loading Kernel Symbols

..........................................................................................

.................................................................

Loading User Symbols

Loading unloaded module list

....

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck A, {0, 1b, 1, 81ca90b0}

 

*** WARNING: Unable to verify timestamp for iaStor.sys

*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys

Probably caused by : iaStor.sys ( iaStor+39b03 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 00000000, memory referenced

Arg2: 0000001b, IRQL

Arg3: 00000001, bitfield :

bit 0 : value 0 = read operation, 1 = write operation

bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)

Arg4: 81ca90b0, address which referenced memory

 

Debugging Details:

------------------

 

 

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac

Unable to read MiSystemVaType memory at 81d117e0

00000000

 

CURRENT_IRQL: 1b

 

FAULTING_IP:

nt!KiUnwaitThread+19

81ca90b0 890a mov dword ptr [edx],ecx

 

CUSTOMER_CRASH_COUNT: 9

 

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

 

BUGCHECK_STR: 0xA

 

PROCESS_NAME: Idle

 

TRAP_FRAME: 82405a94 -- (.trap 0xffffffff82405a94)

ErrCode = 00000002

eax=84133e30 ebx=00000001 ecx=00000000 edx=00000000 esi=84137d78 edi=84137974

eip=81ca90b0 esp=82405b08 ebp=82405b1c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206

nt!KiUnwaitThread+0x19:

81ca90b0 890a mov dword ptr [edx],ecx ds:0023:00000000=????????

Resetting default scope

 

LAST_CONTROL_TRANSFER: from 81ca90b0 to 81c8fd84

 

STACK_TEXT:

82405a94 81ca90b0 badb0d00 00000000 a9773787 nt!KiTrap0E+0x2ac

82405b1c 81c2876b 00000000 84137948 81c28703 nt!KiUnwaitThread+0x19

82405b3c 806f0b03 84137902 00000000 00000000 nt!KeSetEvent+0x68

WARNING: Stack unwind information not available. Following frames may be wrong.

82405b60 806bbeb2 84137008 84138000 81c8197c iaStor+0x39b03

82405c3c 806bc384 84138000 82405c58 84137738 iaStor+0x4eb2

82405cd8 806f6b6b 84138000 00000000 82405d50 iaStor+0x5384

82405ce8 81ca93ae 84137738 84137008 00000000 iaStor+0x3fb6b

82405d50 81c913ee 00000000 0000000e ffffefff nt!KiRetireDpcList+0x147

82405d54 00000000 0000000e ffffefff ffffffff nt!KiIdleLoop+0x46

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

iaStor+39b03

806f0b03 ?? ???

 

SYMBOL_STACK_INDEX: 3

 

SYMBOL_NAME: iaStor+39b03

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: iaStor

 

IMAGE_NAME: iaStor.sys

 

DEBUG_FLR_IMAGE_TIMESTAMP: 46018619

 

FAILURE_BUCKET_ID: 0xA_W_iaStor+39b03

 

BUCKET_ID: 0xA_W_iaStor+39b03

 

Followup: MachineOwner

---------

 

1: kd> lmvm iaStor

start end module name

806b7000 8077e000 iaStor T (no symbols)

Loaded symbol image file: iaStor.sys

Image path: \SystemRoot\system32\DRIVERS\iaStor.sys

Image name: iaStor.sys

Timestamp: Wed Mar 21 20:23:05 2007 (46018619)

CheckSum: 000501EB

ImageSize: 000C7000

Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

 

Loading Dump File [C:\WINDOWS\Minidump\Mini061808-10.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16584.x86fre.vista_gdr.071023-1545

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10

Debug session time: Wed Jun 18 17:18:26.093 2008 (GMT+2)

System Uptime: 0 days 0:07:24.875

Loading Kernel Symbols

..........................................................................................

................................................................

Loading User Symbols

Loading unloaded module list

...

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck D1, {81a08d34, 2, 8, 81a08d34}

 

*** WARNING: Unable to verify timestamp for iaStor.sys

*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys

Probably caused by : crcdisk.sys ( crcdisk!_NULL_IMPORT_DESCRIPTOR+c64 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 81a08d34, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000008, value 0 = read operation, 1 = write operation

Arg4: 81a08d34, address which referenced memory

 

Debugging Details:

------------------

 

 

READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac

Unable to read MiSystemVaType memory at 81d117e0

81a08d34

 

CURRENT_IRQL: 2

 

FAULTING_IP:

crcdisk!_NULL_IMPORT_DESCRIPTOR+c64

81a08d34 ?? ???

 

CUSTOMER_CRASH_COUNT: 10

 

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

 

BUGCHECK_STR: 0xD1

 

PROCESS_NAME: Idle

 

TRAP_FRAME: 82405a4c -- (.trap 0xffffffff82405a4c)

ErrCode = 00000010

eax=83a227b4 ebx=841b55b8 ecx=83a22600 edx=001e0005 esi=83a226d8 edi=83a22793

eip=81a08d34 esp=82405ac0 ebp=82405af0 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246

crcdisk!_NULL_IMPORT_DESCRIPTOR+0xc64:

81a08d34 ?? ???

Resetting default scope

 

LAST_CONTROL_TRANSFER: from 81a08d34 to 81c8fd84

 

FAILED_INSTRUCTION_ADDRESS:

crcdisk!_NULL_IMPORT_DESCRIPTOR+c64

81a08d34 ?? ???

 

STACK_TEXT:

82405a4c 81a08d34 badb0d00 001e0005 82415120 nt!KiTrap0E+0x2ac

82405abc 81cacb3b 841b55b8 83a226d8 841b5670 crcdisk!_NULL_IMPORT_DESCRIPTOR+0xc64

82405af0 806f6b16 84138000 904b4b54 84138640 nt!IopfCompleteRequest+0x13d

WARNING: Stack unwind information not available. Following frames may be wrong.

82405b5c 806bbebe 84137008 904b4b54 84138000 iaStor+0x3fb16

82405c3c 806bc384 84138000 82405c58 84137738 iaStor+0x4ebe

82405cd8 806f6b6b 84138000 00000000 82405d50 iaStor+0x5384

82405ce8 81ca93ae 84137738 84137008 00000000 iaStor+0x3fb6b

82405d50 81c913ee 00000000 0000000e ffffefff nt!KiRetireDpcList+0x147

82405d54 00000000 0000000e ffffefff ffffdfff nt!KiIdleLoop+0x46

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

crcdisk!_NULL_IMPORT_DESCRIPTOR+c64

81a08d34 ?? ???

 

SYMBOL_STACK_INDEX: 1

 

SYMBOL_NAME: crcdisk!_NULL_IMPORT_DESCRIPTOR+c64

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: crcdisk

 

IMAGE_NAME: crcdisk.sys

 

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b1cb

 

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_crcdisk!_NULL_IMPORT_DESCRIPTOR+c64

 

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_crcdisk!_NULL_IMPORT_DESCRIPTOR+c64

 

Followup: MachineOwner

---------

 

Microsoft ® Windows Debugger Version 6.9.0003.113 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\Minidump\Mini061808-11.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Executable search path is: srv*c:\symbols*http://msdl.microsoft.com/downloads/symbols

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16584.x86fre.vista_gdr.071023-1545

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10

Debug session time: Wed Jun 18 23:20:57.252 2008 (GMT+2)

System Uptime: 0 days 5:56:16.102

Loading Kernel Symbols

..........................................................................................

................................................................

Loading User Symbols

Loading unloaded module list

...

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 1000008E, {c0000005, 81ce88d9, a91ff974, 0}

 

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1d5 )

 

Followup: Pool_corruption

---------

 

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: 81ce88d9, The address that the exception occurred at

Arg3: a91ff974, Trap Frame

Arg4: 00000000

 

Debugging Details:

------------------

 

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i 0x%08lx refererte minne ved adressen 0x%08lx. Minnet kunne ikke v re %s.

 

FAULTING_IP:

nt!ExDeferredFreePool+1d5

81ce88d9 891e mov dword ptr [esi],ebx

 

TRAP_FRAME: a91ff974 -- (.trap 0xffffffffa91ff974)

ErrCode = 00000002

eax=861b9550 ebx=00000000 ecx=000001ff edx=00000001 esi=00000000 edi=83320034

eip=81ce88d9 esp=a91ff9e8 ebp=a91ffa24 iopl=0 nv up ei ng nz ac pe cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297

nt!ExDeferredFreePool+0x1d5:

81ce88d9 891e mov dword ptr [esi],ebx ds:0023:00000000=????????

Resetting default scope

 

CUSTOMER_CRASH_COUNT: 11

 

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

 

BUGCHECK_STR: 0x8E

 

PROCESS_NAME: svchost.exe

 

CURRENT_IRQL: 0

 

LAST_CONTROL_TRANSFER: from 81ce8322 to 81ce88d9

 

STACK_TEXT:

a91ffa24 81ce8322 83320034 00000000 87594a90 nt!ExDeferredFreePool+0x1d5

a91ffa88 81df4ad3 ad8d15d8 00000000 8332a9d0 nt!ExFreePoolWithTag+0x7b8

a91ffaa4 81e500da ad8d15d8 a91ffb34 a91ffaf0 nt!ObAssignObjectSecurityDescriptor+0x34

a91ffab4 81df4d36 87594a90 00000003 00000000 nt!SeDefaultObjectMethod+0x32

a91ffaf0 81df78a4 a91ffb00 00000001 87594a90 nt!ObAssignSecurity+0x7a

a91ffc20 81e40321 87594a90 00000000 00000000 nt!ObInsertObject+0x4e6

a91ffc6c 81e4c12d a71c4468 00000002 a91ffc9c nt!SeCopyClientToken+0x5a

a91ffc88 81e4c1bd a71c4468 00000000 00000001 nt!SepCreateClientSecurity+0x76

a91ffcb8 81dca033 9132db00 a91ffd10 00000000 nt!SeCreateClientSecurity+0x39

a91ffce8 81dca329 83c40848 00000001 a91ffd10 nt!AlpcpCreateSecurityContext+0xaf

a91ffd50 81c8caaa 0000066c 00000001 01baa7f0 nt!NtAlpcCreateSecurityContext+0x104

a91ffd50 76fb0f34 0000066c 00000001 01baa7f0 nt!KiFastCallEntry+0x12a

WARNING: Frame IP not in any known module. Following frames may be wrong.

0127f174 00000000 00000000 00000000 00000000 0x76fb0f34

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!ExDeferredFreePool+1d5

81ce88d9 891e mov dword ptr [esi],ebx

 

SYMBOL_STACK_INDEX: 0

 

SYMBOL_NAME: nt!ExDeferredFreePool+1d5

 

FOLLOWUP_NAME: Pool_corruption

 

IMAGE_NAME: Pool_Corruption

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

MODULE_NAME: Pool_Corruption

 

FAILURE_BUCKET_ID: 0x8E_nt!ExDeferredFreePool+1d5

 

BUCKET_ID: 0x8E_nt!ExDeferredFreePool+1d5

 

Followup: Pool_corruption

---------

Mye rart her :/..

iaStor.sys file information

 

The process Intel Application Accelerator driver or Intel Matrix Storage Manager driver or Intel Matrix Storage Manager driver - ia or Intel Matrix Storage Manager driver - x belongs to the software Intel RAID Controller or Intel Integrated RAID or Intel AHCI Controller or Intel Matrix Storage Manager driver or iaStor by Intel Corporation (www.intel.com).

 

Description: File iaStor.sys is located in the folder C:\Windows\System32\drivers. Known file sizes on Windows XP are 874240 bytes (40% of all occurrence), 872064 bytes, 274816 bytes, 467200 bytes, 870912 bytes, 250368 bytes, 201088 bytes, 277784 bytes, 477952 bytes, 871040 bytes.

The driver can be started or stopped from Services in the Control Panel or by other programs. The program has no visible window. The service has no detailed description. iaStor.sys is not a Windows core file. File iaStor.sys is a Microsoft signed file. iaStor.sys seems to be a compressed file. Therefore the technical security rating is 24% dangerous, however also read the users reviews.

 

Important: Some malware camouflage themselves as iaStor.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the iaStor.sys process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

Pc'en er forsåvidt en hp compaq 6710b. Si ifra hvis mer info trengs :3.

[maedox]

Ja, her var det jammen meg mye rart.

 

Jeg har ikke lest alt nøye, men ser fort at det står 'memory corruption' flere plasser. Det i tillegg til IRQ_NOT_LESS_OR_EQUAL og PFN_LIST_CORRUPT kan vitne om RAM-problemer.

 

Prøv å kjøre memtest86, evt. kjør HPs egne verktøy om de har noe sånt. Memtest86 finner du på en ubuntu live-cd eller flere forskjellige recovery og boot-cd-er.

 

 

Om du ikke finner minnefeil bør du oppdatere alle drivere du kan, og reinstallere resten. I verste fall bør du reinstallere Windows.

 

Siden maskinen er under 1 år gammel, er det helt klart en sak for HP support om du ikke får hjelp her.