Jump to content

Black Hibernate


MtK

Recommended Posts

as long as you know what ur doing...

Microsoft (R) Windows Debugger  Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\mtk\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x82400000 PsLoadedModuleList = 0x82508ab0
Debug session time: Wed Sep 19 22:17:50.716 2007 (GMT+2)
System Uptime: 0 days 3:08:28.865
Loading Kernel Symbols
....................................................................................................
............................................................
Loading User Symbols
....................................................................................................
................
Loading unloaded module list
.....Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck E2, {0, 0, 0, 0}

Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+255 )

Followup: MachineOwner
---------

0: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks...............................................................................................
....................................................................................................
............................................

Resource @ 0x88c55f80 Shared 1 owning threads
Contention Count = 1
Threads: 8893bd78-01<*>
KD: Scanning for held locks...............................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
......................
34080 total locks, 1 locks currently held
0: kd> .thread 8893bd78
Implicit thread is now 8893bd78
0: kd> .reload /user
Loading User Symbols
....................................................................................................
................
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
0: kd> !thread 8893bd78
THREAD 8893bd78 Cid 0470.0f44 Teb: 7ff8a000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
9b096c64 NotificationEvent
IRP List:
86db1de0: (0006,0220) Flags: 00020900 Mdl: 00000000
86cff100: (0006,0220) Flags: 00000884 Mdl: 00000000
Impersonation token: a0512360 (Level Impersonation)
Owning Process 88eda550 Image: svchost.exe
Wait Start TickCount 724917 Ticks: 5 (0:00:00:00.078)
Context Switch Count 115839
UserTime 00:00:00.0374
KernelTime 00:00:28.0969
Win32 Start Address sysmain!PfRbPrefetchWorker (0x6f524b78)
Stack Init 9b098000 Current 9b096a38 Base 9b098000 Limit 9b095000 Call 0
Priority 9 BasePriority 7 PriorityDecrement 1
*** ERROR: Module load completed but symbols could not be loaded for amon.sys
ChildEBP RetAddr Args to Child
9b096a50 824697c6 8893be00 8893bd78 8893be30 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
9b096a8c 8246721c 8893bd78 9b096b14 9b096d10 nt!KiSwapThread+0x36d
9b096ae8 830bed88 9b096c64 00000000 00000000 nt!KeWaitForSingleObject+0x414
9b096b08 830ba3a6 9b096d10 00000000 00000000 Ntfs!NtfsWaitOnIo+0x1c (FPO: [Non-Fpo])
9b096c2c 830b6241 9b096d10 86cd8cf8 a2d3a610 Ntfs!NtfsNonCachedIo+0x402 (FPO: [Non-Fpo])
9b096d00 830b5282 9b096d10 86cd8cf8 00c0070a Ntfs!NtfsCommonRead+0xefd (FPO: [Non-Fpo])
9b096e38 82467928 8654f498 86cd8cf8 86cd8cf8 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b096e50 8332ca5c 86548438 86cd8cf8 00000000 nt!IofCallDriver+0x63
9b096e74 8332cc18 9b096e94 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b096eac 82467928 86548438 86cd8cf8 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b096ec4 982a96b6 00000000 8715b2a8 82467928 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9b096ee8 8249ab0e 8a24ba34 8a24ba54 8893bd78 amon+0x46b6
9b096f04 82459a11 00000043 8893bd78 8a24ba60 nt!IoPageRead+0x176
9b096fb8 82457f18 c4b80000 b732a5f0 00000000 nt!MiDispatchFault+0xbde
9b097028 82497b7d 00000000 c4b80000 00000000 nt!MmAccessFault+0xe36
9b097070 825d77f1 c4b80000 00000000 9b09cbbc nt!MmCheckCachedPageState+0x69b
9b0970fc 830b4c8c 86b2c028 9b097140 000001ff nt!CcCopyRead+0x417
9b097128 830b62a7 86b9b760 86b2c028 86db1de0 Ntfs!NtfsCachedRead+0x11e (FPO: [Non-Fpo])
9b097204 830b5282 86b9b760 86db1de0 9b8a7ca0 Ntfs!NtfsCommonRead+0xf63 (FPO: [Non-Fpo])
9b097274 82467928 8654f498 86db1de0 86db1de0 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b09728c 8332ca5c 86548438 86db1de0 00000000 nt!IofCallDriver+0x63
9b0972b0 8332cc18 9b0972d0 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b0972e8 82467928 86548438 86db1de0 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b097300 982a96b6 86b2c028 8715b2a8 82467928 nt!IofCallDriver+0x63
9b097324 825c80bb 86db1de0 86db1fdc 86b2c028 amon+0x46b6
9b097344 825e084b 8715b2a8 86b2c028 00000001 nt!IopSynchronousServiceTail+0x1e0
9b0973d0 82445f7a 8715b2a8 86db1de0 00000000 nt!NtReadFile+0x646
9b0973d0 82444959 8715b2a8 86db1de0 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9b0973fc)
9b09746c 982aa26c 000007c8 00000000 00000000 nt!ZwReadFile+0x11 (FPO: [9,0,0])
9b0974a8 982aac7e 000007c8 890e2308 000001ff amon+0x526c
9b0974cc 982a92c7 890e22e8 00000000 00000000 amon+0x5c7e
9b097518 82467928 8715b2a8 86cff100 88ec0bb4 amon+0x42c7
9b097530 825c8e87 9b09cea8 88fe4c10 86475d20 nt!IofCallDriver+0x63
9b0975e8 8261857b 8715b2a8 00000000 86c7f008 nt!IopParseDevice+0xcff
9b097620 825da839 88fe4c10 00000000 86c7f008 nt!IopParseFile+0x46
9b0976b0 825cc97e 80000810 9b097708 00000240 nt!ObpLookupObjectName+0x13e
9b097710 825f1f9c 9b09795c 00000000 8654f500 nt!ObOpenObjectByName+0x13c
9b097784 8261c4fc 9b097938 00000081 9b09795c nt!IopCreateFile+0x5ec
9b0977e0 83340c2a 9b097938 00000081 9b09795c nt!IoCreateFileEx+0x9d
9b097864 83321042 85b81530 00000000 9b097938 fltmgr!FltCreateFileEx2+0xae (FPO: [Non-Fpo])

0: kd> !irp 86db1de0
Irp is active with 12 stacks 11 is current (= 0x86db1fb8)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
>[ 3, 0] 0 e0 8654f498 86b2c028 8332c44a-867c4a68 Success Error Cancel
\FileSystem\Ntfs fltmgr!FltpPassThroughCompletion
Args: 000001ff 00000000 00000000 00000000
[ 3, 0] 0 1 86548438 86b2c028 00000000-00000000 pending
\FileSystem\FltMgr
Args: 000001ff 00000000 00000000 00000000
0: kd> !irp 86cff100
Irp is active with 12 stacks 12 is current (= 0x86cff2fc)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
>[ 0, 0] 8 0 8715b2a8 88ec0b58 00000000-00000000
\Driver\AMON
Args: 9b097548 01000160 00070080 00000000
0: kd> lmvm amon
start end module name
982a5000 9831f8c0 amon (no symbols)
Loaded symbol image file: amon.sys
Image path: \SystemRoot\system32\drivers\amon.sys
Image name: amon.sys
Timestamp: Thu May 03 17:27:44 2007 (4639F160)
CheckSum: 000885D4
ImageSize: 0007A8C0
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Link to comment
Share on other sites


Microsoft (R) Windows Debugger  Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\mtk\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x82400000 PsLoadedModuleList = 0x82508ab0
Debug session time: Wed Sep 19 22:17:50.716 2007 (GMT+2)
System Uptime: 0 days 3:08:28.865
Loading Kernel Symbols
....................................................................................................
............................................................
Loading User Symbols
....................................................................................................
................
Loading unloaded module list
.....Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck E2, {0, 0, 0, 0}

Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+255 )

Followup: MachineOwner
---------

0: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks...............................................................................................
....................................................................................................
............................................

Resource @ 0x88c55f80 Shared 1 owning threads
Contention Count = 1
Threads: 8893bd78-01<*>
KD: Scanning for held locks...............................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
......................
34080 total locks, 1 locks currently held
0: kd> .thread 8893bd78
Implicit thread is now 8893bd78
0: kd> .reload /user
Loading User Symbols
....................................................................................................
................
0: kd> !thread 8893bd78
THREAD 8893bd78 Cid 0470.0f44 Teb: 7ff8a000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
9b096c64 NotificationEvent
IRP List:
86db1de0: (0006,0220) Flags: 00020900 Mdl: 00000000
86cff100: (0006,0220) Flags: 00000884 Mdl: 00000000
Impersonation token: a0512360 (Level Impersonation)
Owning Process 88eda550 Image: svchost.exe
Wait Start TickCount 724917 Ticks: 5 (0:00:00:00.078)
Context Switch Count 115839
UserTime 00:00:00.0374
KernelTime 00:00:28.0969
Win32 Start Address sysmain!PfRbPrefetchWorker (0x6f524b78)
Stack Init 9b098000 Current 9b096a38 Base 9b098000 Limit 9b095000 Call 0
Priority 9 BasePriority 7 PriorityDecrement 1
*** ERROR: Module load completed but symbols could not be loaded for amon.sys
ChildEBP RetAddr Args to Child
9b096a50 824697c6 8893be00 8893bd78 8893be30 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
9b096a8c 8246721c 8893bd78 9b096b14 9b096d10 nt!KiSwapThread+0x36d
9b096ae8 830bed88 9b096c64 00000000 00000000 nt!KeWaitForSingleObject+0x414
9b096b08 830ba3a6 9b096d10 00000000 00000000 Ntfs!NtfsWaitOnIo+0x1c (FPO: [Non-Fpo])
9b096c2c 830b6241 9b096d10 86cd8cf8 a2d3a610 Ntfs!NtfsNonCachedIo+0x402 (FPO: [Non-Fpo])
9b096d00 830b5282 9b096d10 86cd8cf8 00c0070a Ntfs!NtfsCommonRead+0xefd (FPO: [Non-Fpo])
9b096e38 82467928 8654f498 86cd8cf8 86cd8cf8 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b096e50 8332ca5c 86548438 86cd8cf8 00000000 nt!IofCallDriver+0x63
9b096e74 8332cc18 9b096e94 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b096eac 82467928 86548438 86cd8cf8 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b096ec4 982a96b6 00000000 8715b2a8 82467928 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9b096ee8 8249ab0e 8a24ba34 8a24ba54 8893bd78 amon+0x46b6
9b096f04 82459a11 00000043 8893bd78 8a24ba60 nt!IoPageRead+0x176
9b096fb8 82457f18 c4b80000 b732a5f0 00000000 nt!MiDispatchFault+0xbde
9b097028 82497b7d 00000000 c4b80000 00000000 nt!MmAccessFault+0xe36
9b097070 825d77f1 c4b80000 00000000 9b09cbbc nt!MmCheckCachedPageState+0x69b
9b0970fc 830b4c8c 86b2c028 9b097140 000001ff nt!CcCopyRead+0x417
9b097128 830b62a7 86b9b760 86b2c028 86db1de0 Ntfs!NtfsCachedRead+0x11e (FPO: [Non-Fpo])
9b097204 830b5282 86b9b760 86db1de0 9b8a7ca0 Ntfs!NtfsCommonRead+0xf63 (FPO: [Non-Fpo])
9b097274 82467928 8654f498 86db1de0 86db1de0 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b09728c 8332ca5c 86548438 86db1de0 00000000 nt!IofCallDriver+0x63
9b0972b0 8332cc18 9b0972d0 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b0972e8 82467928 86548438 86db1de0 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b097300 982a96b6 86b2c028 8715b2a8 82467928 nt!IofCallDriver+0x63
9b097324 825c80bb 86db1de0 86db1fdc 86b2c028 amon+0x46b6
9b097344 825e084b 8715b2a8 86b2c028 00000001 nt!IopSynchronousServiceTail+0x1e0
9b0973d0 82445f7a 8715b2a8 86db1de0 00000000 nt!NtReadFile+0x646
9b0973d0 82444959 8715b2a8 86db1de0 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9b0973fc)
9b09746c 982aa26c 000007c8 00000000 00000000 nt!ZwReadFile+0x11 (FPO: [9,0,0])
9b0974a8 982aac7e 000007c8 890e2308 000001ff amon+0x526c
9b0974cc 982a92c7 890e22e8 00000000 00000000 amon+0x5c7e
9b097518 82467928 8715b2a8 86cff100 88ec0bb4 amon+0x42c7
9b097530 825c8e87 9b09cea8 88fe4c10 86475d20 nt!IofCallDriver+0x63
9b0975e8 8261857b 8715b2a8 00000000 86c7f008 nt!IopParseDevice+0xcff
9b097620 825da839 88fe4c10 00000000 86c7f008 nt!IopParseFile+0x46
9b0976b0 825cc97e 80000810 9b097708 00000240 nt!ObpLookupObjectName+0x13e
9b097710 825f1f9c 9b09795c 00000000 8654f500 nt!ObOpenObjectByName+0x13c
9b097784 8261c4fc 9b097938 00000081 9b09795c nt!IopCreateFile+0x5ec
9b0977e0 83340c2a 9b097938 00000081 9b09795c nt!IoCreateFileEx+0x9d
9b097864 83321042 85b81530 00000000 9b097938 fltmgr!FltCreateFileEx2+0xae (FPO: [Non-Fpo])

0: kd> !irp 86db1de0
Irp is active with 12 stacks 11 is current (= 0x86db1fb8)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
>[ 3, 0] 0 e0 8654f498 86b2c028 8332c44a-867c4a68 Success Error Cancel
\FileSystem\Ntfs fltmgr!FltpPassThroughCompletion
Args: 000001ff 00000000 00000000 00000000
[ 3, 0] 0 1 86548438 86b2c028 00000000-00000000 pending
\FileSystem\FltMgr
Args: 000001ff 00000000 00000000 00000000
0: kd> !irp 86cff100
Irp is active with 12 stacks 12 is current (= 0x86cff2fc)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
>[ 0, 0] 8 0 8715b2a8 88ec0b58 00000000-00000000
\Driver\AMON
Args: 9b097548 01000160 00070080 00000000
0: kd> lmvm amon
start end module name
982a5000 9831f8c0 amon (no symbols)
Loaded symbol image file: amon.sys
Image path: \SystemRoot\system32\drivers\amon.sys
Image name: amon.sys
Timestamp: Thu May 03 17:27:44 2007 (4639F160)
CheckSum: 000885D4
ImageSize: 0007A8C0
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
0: kd> !fileobj 86b2c028

\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002

Device Object: 0x865224a0 \Driver\volmgr
Vpb: 0x8656c070
Access: Read SharedRead SharedWrite SharedDelete

Flags: 0x40042
Synchronous IO
Cache Supported
Handle Created

File Object is currently busy and has 0 waiters.

FsContext: 0xa2d3a610 FsContext2: 0xa2d3a768
Private Cache Map: 0x86d57c68
CurrentByteOffset: 0
Cache Data:
Section Object Pointers: 8a7fa8bc
Shared Cache Map: 86d57b90 File Offset: 0 in VACB number 0
Vacb: 85770e90
Your data is at: c4b80000
0: kd> !fileobj 88ec0b58

WINDOWS\SYSTEM32\MSDTC\KTMRMTMCONTAINER00000000000000000002

Related File Object: 0x88fe4c10

Device Object: 0x865224a0 \Driver\volmgr
Vpb is NULL

Flags: 0x2
Synchronous IO

CurrentByteOffset: 0

Link to comment
Share on other sites

The first IRP shows us trying to write to the file on the filesystem, but we also see a second IRP in the antivirus driver which is working on the file at the same time.

Have we tried completely removing NOD32 to see if the behavior changes at all?

Link to comment
Share on other sites

Yeah, I'd put it back. I just wanted to make sure it wasn't interfering. At this point, it's hard to say what the problem is, other than it appears that we're in Ntfs waiting on I/O to a file (WINDOWS\SYSTEM32\MSDTC\KTMRMTMCONTAINER00000000000000000002) and an event has been signaled we're waiting on. Usually cases like these end up being more of a live debug, so I'm thinking that if you can reproduce the problem after running msconfig to disable everything non-Microsoft, that it'll be something at the actual driver level (underneath Windows) that will be very difficult to catch. At least I can say with a fair amount of certainty that it'll be down in an actual device driver (likely the disk controller).

Link to comment
Share on other sites

I thought this would be an easy task, but first let me state this:

1. I have another PC (not notebook) with Vista with the same problem.

2. neither of these 2 installation had a working progress bar when hibernating.

I'm guess this must be something from MS.

NOD32 was a good guess since it is installed in both computers...

To your request, I did remove every non-MS service & startup item (I also tried a Diagnostic Boot), but after I restarted I tried to Hibernate but could not start the Dump process. (on a regular boot it works fine)

any minimum requirements that I should know of...?

Link to comment
Share on other sites

Not really, just a regular boot. I guess it's good nothing is technically broken, but it's gotta be a little frustrating.

As to it being a Windows problem, it is possible. However, I have 4 laptops, 2 IBM/Lenovo Thinkpads, a Dell, and a Compaq x64, and none of these have the issue. It is possible it's a Windows problem, yes, but it's more likely it's a hardware driver issue - if it really was a Windows problem, it should happen to everyone :).

Link to comment
Share on other sites

  • 1 month later...

Hi,

after the long waited Format - I did it.

The results are as bad as expected.

I Formatted & reInstalled Vista Enterprice x32.

I did a first Restart, just to check every thing is OK, I didn't install any updates, not even LAN Drivers.

Hibernate = BLACK.

I have now just installed the needed LAN Drivers, & going forward to Windows Update...

Link to comment
Share on other sites

i guess i don't get the big deal about this issue except for you people wanting to know when it is done going into hibernate mode. Personally i have seen this problem but of coruse with my laptop i have to auto hibernate when i close my lid it has worked everytime i do this primarly for school i can pop it out look at something real quick and then close it. You people really get in a bind with ultimate or home editions. thats what i have seen through out the forums. I have the business ed. because that what the government decided to go with and it was free so i guess it woulds better to research the os before you buy or get it. I personnally have a few issue with business but i wait for sp1 before making big changes to the code of the os to see how to fix the issue. wait unsee what happen with sp1 before making big changes.

Link to comment
Share on other sites

Sorry, but this wasn't very helpfull to the discussion.

I'm not planning to site & wait for a solution, because that's the whole idea behind Helping & Sharing (see some open-source for reference).

Besides, if no one knows about this problem I doubt it would be fixed by itself in SP1.

I take this forum very seriously & the people helping here will know what to do with it when fix/problem is found...

Link to comment
Share on other sites

Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.

You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.

Link to comment
Share on other sites

Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.

First time I hear this...

You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.

The Hibernate does finish this is totally about the progress bar...

Link to comment
Share on other sites

Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.

First time I hear this...

You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.

The Hibernate does finish this is totally about the progress bar...

As far as I know there isn't an option for a hibernation progress bar. Every computer I have vista on doesn't have the progress bar when hibernating.

Link to comment
Share on other sites

Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.

First time I hear this...

You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.

The Hibernate does finish this is totally about the progress bar...

There is no progress bar in Vista. None. Nada. It is non-existant. You will not find one anywhere. If you want a progress bar you are out of luck.

The black screen is completely normal. Every Vista machine looks like that when going into hibernation.

If the hibernate is finishing fine then I don't get what you're complaining about, there's no problem.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...