Jump to content

civi1ian

Member
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    United States

About civi1ian

civi1ian's Achievements

0

Reputation

  1. civi1ian
    I have more memory dumps. Should I post them or go elsewhere for help? Thanks.
  2. civi1ian
    Please let me know if this link works. Thanks.
  3. civi1ian
    I must have done something wrong. The dump is 3.24 GB yet this is all that comes up in the debugger: Microsoft ® Windows Debugger Version 6.9.0003.113 X86 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\zioberd\Desktop\MEMORY.DMP] Kernel Complete Dump File: Full address space is available Symbol search path is: C:\symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930 Kernel base = 0x82019000 PsLoadedModuleList = 0x82130c70 Debug session time: Thu Oct 9 11:17:10.989 2008 (GMT-4) System Uptime: 1 days 0:42:25.910 Loading Kernel Symbols .................................................................................................... ................................................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7E, {c0000005, 821af90b, 8bd67a24, 8bd67720} Probably caused by : ntkrpamp.exe ( nt!CmpFreeView+21 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 821af90b, The address that the exception occurred at Arg3: 8bd67a24, Exception Record Address Arg4: 8bd67720, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!CmpFreeView+21 821af90b 897204 mov dword ptr [edx+4],esi EXCEPTION_RECORD: 8bd67a24 -- (.exr 0xffffffff8bd67a24) ExceptionAddress: 821af90b (nt!CmpFreeView+0x00000021) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000004 Attempt to write to address 00000004 CONTEXT: 8bd67720 -- (.cxr 0xffffffff8bd67720) eax=b72acdb8 ebx=bf47a9b8 ecx=bf47a688 edx=00000000 esi=b2d92c98 edi=00000000 eip=821af90b esp=8bd67aec ebp=8bd67b04 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 nt!CmpFreeView+0x21: 821af90b 897204 mov dword ptr [edx+4],esi ds:0023:00000004=???????? Resetting default scope PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. WRITE_ADDRESS: 00000004 BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from 821af897 to 821af90b STACK_TEXT: 8bd67af0 821af897 bf47ac4c 00000000 8bd67b60 nt!CmpFreeView+0x21 8bd67b04 821a2626 00000000 8bd67c60 80001864 nt!CmpDestroyHiveViewList+0x86 8bd67b60 821a0224 8bd67bb4 00000005 00000000 nt!CmpInitializeHive+0x3de 8bd67bd8 821998c5 8bd67c60 00000000 8bd67c4c nt!CmpInitHiveFromFile+0x19e 8bd67c18 82197d4c 8bd67c60 00000000 8bd67c7b nt!CmpCmdHiveOpen+0x36 8bd67d14 82197f81 00000005 8211159c 00000005 nt!CmpFlushBackupHive+0x2fd 8bd67d38 82272eb7 8211b13c 84b50580 8205141d nt!CmpSyncBackupHives+0x90 8bd67d44 8205141d 00000000 00000000 84b50580 nt!CmpPeriodicBackupFlushWorker+0x32 8bd67d7c 821eeb18 00000000 9e187ca6 00000000 nt!ExpWorkerThread+0xfd 8bd67dc0 82047a3e 82051320 00000001 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 FOLLOWUP_IP: nt!CmpFreeView+21 821af90b 897204 mov dword ptr [edx+4],esi SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!CmpFreeView+21 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrpamp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd71 STACK_COMMAND: .cxr 0xffffffff8bd67720 ; kb FAILURE_BUCKET_ID: 0x7E_nt!CmpFreeView+21 BUCKET_ID: 0x7E_nt!CmpFreeView+21 Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 821af90b, The address that the exception occurred at Arg3: 8bd67a24, Exception Record Address Arg4: 8bd67720, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!CmpFreeView+21 821af90b 897204 mov dword ptr [edx+4],esi EXCEPTION_RECORD: 8bd67a24 -- (.exr 0xffffffff8bd67a24) ExceptionAddress: 821af90b (nt!CmpFreeView+0x00000021) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000004 Attempt to write to address 00000004 CONTEXT: 8bd67720 -- (.cxr 0xffffffff8bd67720) eax=b72acdb8 ebx=bf47a9b8 ecx=bf47a688 edx=00000000 esi=b2d92c98 edi=00000000 eip=821af90b esp=8bd67aec ebp=8bd67b04 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 nt!CmpFreeView+0x21: 821af90b 897204 mov dword ptr [edx+4],esi ds:0023:00000004=???????? Resetting default scope PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. WRITE_ADDRESS: 00000004 BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from 821af897 to 821af90b STACK_TEXT: 8bd67af0 821af897 bf47ac4c 00000000 8bd67b60 nt!CmpFreeView+0x21 8bd67b04 821a2626 00000000 8bd67c60 80001864 nt!CmpDestroyHiveViewList+0x86 8bd67b60 821a0224 8bd67bb4 00000005 00000000 nt!CmpInitializeHive+0x3de 8bd67bd8 821998c5 8bd67c60 00000000 8bd67c4c nt!CmpInitHiveFromFile+0x19e 8bd67c18 82197d4c 8bd67c60 00000000 8bd67c7b nt!CmpCmdHiveOpen+0x36 8bd67d14 82197f81 00000005 8211159c 00000005 nt!CmpFlushBackupHive+0x2fd 8bd67d38 82272eb7 8211b13c 84b50580 8205141d nt!CmpSyncBackupHives+0x90 8bd67d44 8205141d 00000000 00000000 84b50580 nt!CmpPeriodicBackupFlushWorker+0x32 8bd67d7c 821eeb18 00000000 9e187ca6 00000000 nt!ExpWorkerThread+0xfd 8bd67dc0 82047a3e 82051320 00000001 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 FOLLOWUP_IP: nt!CmpFreeView+21 821af90b 897204 mov dword ptr [edx+4],esi SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!CmpFreeView+21 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrpamp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd71 STACK_COMMAND: .cxr 0xffffffff8bd67720 ; kb FAILURE_BUCKET_ID: 0x7E_nt!CmpFreeView+21 BUCKET_ID: 0x7E_nt!CmpFreeView+21 Followup: MachineOwner --------- 0: kd> .exr 0xffffffff8bd67a24 ExceptionAddress: 821af90b (nt!CmpFreeView+0x00000021) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000004 Attempt to write to address 00000004
  4. civi1ian
    Okay so I have a complete memory dump, 3.24 GB worth. What's next? Thanks once again for your help cluberti!
  5. civi1ian
    Thank you so much for your help. I will go ahead and configure for a complete memory dump. Thanks again!
  6. civi1ian
    I'm averaging a BSOD every day on my Vista Business machine. The problem started back in July but the blue screens weren't everyday then. They became more frequent in August and in September they were nearly daily. I haven't made any harware changes in more than 6 months. I've run a bunch of tests on my memory but it tests okay. I've also tried updating all of my drivers but that hasn't helped. I'm having a hard time interpreting the minidumps. A couple are a little different but most are pretty much the same. Below are some of the highlights. BAD_POOL_CALLER (c2) The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc. Arguments: Arg1: 00000007, Attempt to free pool which was already freed Arg2: 0000110b, (reserved) Arg3: 0a070203, Memory contents of the pool block Arg4: 8f575670, Address of the block of pool being deallocated DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT Any help diagnosing this problem would be much appreciated. Thanks! Minidump.rar
×
×
  • Create New...