andtrds Posted October 31, 2008 Share Posted October 31, 2008 Hello all,i would like to ask for your help/opinion about a problem that i am having.I setup a new pc with win xp pro sp3 and i having random restarts.i am trying to see the.dmp file but i cant configure what is wrong.Could you please help guys?my configuration is Asus P5k-Vm board, Core2duo cpu,2X1gb ram(800) and i am using the onboard vga.i have try clean install,with latest drivers and all of the windows updates.thank you,any help will great!! Link to comment Share on other sites More sharing options...
cluberti Posted October 31, 2008 Share Posted October 31, 2008 Configure the system for a complete dump file, then reboot. The next time the machine crashes, you should have a memory.dmp file in %windir%\ on the system. That can be looked at to see what's happening. Link to comment Share on other sites More sharing options...
andtrds Posted October 31, 2008 Author Share Posted October 31, 2008 hello clubertithanks for the quick reply here is my dmp file if you can figure out whats going wrong.. Microsoft ® Windows Debugger Version 6.9.0003.113 X86Copyright © Microsoft Corporation. All rights reserved.Loading Dump File [C:\Users\at\Desktop\Mini103108-01.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: C:\Windows\symbolsExecutable search path is: Unable to load image ntoskrnl.exe, Win32 error 0n2*** WARNING: Unable to verify timestamp for ntoskrnl.exe*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exeWindows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSKernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720Debug session time: Fri Oct 31 16:53:32.656 2008 (GMT+2)System Uptime: 0 days 0:02:30.338Unable to load image ntoskrnl.exe, Win32 error 0n2*** WARNING: Unable to verify timestamp for ntoskrnl.exe*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exeLoading Kernel Symbols..................................................................................................................Loading User SymbolsLoading unloaded module list.......******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 1000000A, {c0e12438, 1, 0, 80505f17}***** Kernel symbols are WRONG. Please fix symbols to do analysis.*** WARNING: Unable to verify timestamp for Ntfs.sys**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ****************************************************************************Probably caused by : ntoskrnl.exe ( nt+2ef17 )Followup: MachineOwner---------0: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************IRQL_NOT_LESS_OR_EQUAL (a)An attempt was made to access a pageable (or completely invalid) address at aninterrupt request level (IRQL) that is too high. This is usuallycaused by drivers using improper addresses.If a kernel debugger is available get the stack backtrace.Arguments:Arg1: c0e12438, memory referencedArg2: 00000001, IRQLArg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)Arg4: 80505f17, address which referenced memoryDebugging Details:------------------***** Kernel symbols are WRONG. Please fix symbols to do analysis.**************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: nt!_KPRCB ****** ****************************************************************************MODULE_NAME: ntFAULTING_MODULE: 804d7000 ntDEBUG_FLR_IMAGE_TIMESTAMP: 48a3fbd9READ_ADDRESS: unable to get nt!MmSpecialPoolStartunable to get nt!MmSpecialPoolEndunable to get nt!MmPoolCodeStartunable to get nt!MmPoolCodeEnd c0e12438 CURRENT_IRQL: 1FAULTING_IP: nt+2ef1780505f17 8b0c81 mov ecx,dword ptr [ecx+eax*4]CUSTOMER_CRASH_COUNT: 1DEFAULT_BUCKET_ID: WRONG_SYMBOLSBUGCHECK_STR: 0xALAST_CONTROL_TRANSFER: from 8051af5d to 80505f17STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong.a8b0c404 8051af5d c0e0003c 898f8da8 00000000 nt+0x2ef17a8b0c458 804e2480 c6e34000 00000000 a8b0c584 nt+0x43f5da8b0c4a0 804e3f0a 89ba0008 a8b0c4e0 00001000 nt+0xb480a8b0c534 8056a5ab 89ba7258 a8b0c574 00001000 nt+0xcf0aa8b0c5a8 b9e67bc3 89ba7258 a8b0c5e8 00001000 nt+0x935aba8b0c628 b9e67d21 e13da830 e100fb50 00000028 Ntfs!NtfsRepairItem+0x2f1a8b0c63c b9e679a2 e13da830 00000010 e100fb50 Ntfs!NtfsRepairItem+0x44fa8b0c66c b9e676d6 e13da830 e100fb50 00000001 Ntfs!NtfsRepairItem+0xd0a8b0c748 b9e671ff e100fb50 00000001 a8b0c808 Ntfs!NtfsVerifyAndFixFileRecord+0xa08a8b0c8cc b9e6759a 89ae3a40 89b9b320 00000000 Ntfs!NtfsVerifyAndFixFileRecord+0x531a8b0c92c b9e70ffc 89ae3a40 e15d3988 e15d3a50 Ntfs!NtfsVerifyAndFixFileRecord+0x8cca8b0c940 b9e71f46 89ae3a40 89ae3a40 e15d3a50 Ntfs!TxfFsctlRollforwardUndo+0x1e2a8b0ca14 b9e71d6b 89ae3a40 898fc6f0 89423b40 Ntfs!TxfHandleRecoveryError+0x32aa8b0ca84 b9e49b3b 89ae3a40 89423b40 898fc6f0 Ntfs!TxfHandleRecoveryError+0x14fa8b0caec 804ef19f 89ba5020 89423b40 89423b50 Ntfs!WPP_SF_D+0x13a8b0cb84 8054162c 80000638 a8b0cc38 a8b0cc48 nt+0x1819fa8b0cba0 80500ecd badb0d00 a8b0cc18 ffffffff nt+0x6a62ca8b0cc50 8063b454 e150b700 00000001 00000400 nt+0x29ecda8b0ccd8 8063b8ce e150b758 00000000 e150b758 nt+0x164454a8b0ccf0 80632a96 e150b701 e13dd5c8 00000000 nt+0x1648cea8b0cd04 8062452e e150b758 00000120 a8b0cd64 nt+0x15ba96a8b0cd58 8054162c 000000fc 00a8f770 7c91e4f4 nt+0x14d52ea8b0cd64 7c91e4f4 badb0d00 00a8f758 00000000 nt+0x6a62ca8b0cd68 badb0d00 00a8f758 00000000 00000000 0x7c91e4f4a8b0cd6c 00a8f758 00000000 00000000 00000000 0xbadb0d00a8b0cd70 00000000 00000000 00000000 00000000 0xa8f758STACK_COMMAND: kbFOLLOWUP_IP: nt+2ef1780505f17 8b0c81 mov ecx,dword ptr [ecx+eax*4]SYMBOL_STACK_INDEX: 0SYMBOL_NAME: nt+2ef17FOLLOWUP_NAME: MachineOwnerIMAGE_NAME: ntoskrnl.exeBUCKET_ID: WRONG_SYMBOLSFollowup: MachineOwner--------- Link to comment Share on other sites More sharing options...
cluberti Posted November 1, 2008 Share Posted November 1, 2008 No, I don't need the !analyze -v output, I need the .dmp file . Link to comment Share on other sites More sharing options...
MCT Posted November 1, 2008 Share Posted November 1, 2008 (edited) do u have vmware-authd.exe running? for some reason i was getting BSODs & random restarts when it was running.. i havent gotten any since i upgraded to the latest version tho.. maybe this works for u too?EDIT: did u check your event logs? Edited November 1, 2008 by MCT Link to comment Share on other sites More sharing options...
andtrds Posted November 1, 2008 Author Share Posted November 1, 2008 hello i just upload my dmp filethanksMini103108_01.rar Link to comment Share on other sites More sharing options...
andtrds Posted November 1, 2008 Author Share Posted November 1, 2008 ...also i dont have vmware-authd.exe installed.. Link to comment Share on other sites More sharing options...
cluberti Posted November 2, 2008 Share Posted November 2, 2008 Well, I was hoping for a complete dump file, as a minidump in this case is fairly useless (I need the memory addresses and loaded module lists, which are not captured in a minidump - there is a reason the instructions I mentioned were for a *complete* memory dump). However, I've seen this particular callstack before:0: kd> !threadGetPointerFromAddress: unable to read from 80562134THREAD 898f8da8 Cid 0240.0288 Teb: 7ffd7000 Win32Thread: e21bc490 RUNNING on processor 0IRP List: Unable to read nt!_IRP @ 89423b40Not impersonatingGetUlongFromAddress: unable to read from 805621ccOwning Process 89b27568 Image: lsass.exeAttached Process N/A Image: N/Affdf0000: Unable to get shared dataWait Start TickCount 9621 Context Switch Count 1914 LargeStackReadMemory error: Cannot get nt!KeMaximumIncrement value.UserTime 00:00:00.000KernelTime 00:00:00.000Win32 Start Address 0x77e56c7dStart Address 0x7c8106e9Stack Init a8b0d000 Current a8b0c860 Base a8b0d000 Limit a8b09000 Call 0Priority 9 BasePriority 9 PriorityDecrement 0 DecrementCount 16ChildEBP RetAddr Args to Child a8b0c404 8051af5d c0e0003c 898f8da8 00000000 nt!MiLocateAndReserveWsle+0x51 (FPO: [Non-Fpo])a8b0c458 804e2480 c6e34000 00000000 a8b0c584 nt!MmCheckCachedPageState+0x4ed (FPO: [Non-Fpo])a8b0c4a0 804e3f0a 89ba0008 a8b0c4e0 00001000 nt!CcMapAndRead+0x86 (FPO: [Non-Fpo])a8b0c534 8056a5ab 89ba7258 a8b0c574 00001000 nt!CcPinFileData+0x204 (FPO: [Non-Fpo])a8b0c5a8 b9e67bc3 89ba7258 a8b0c5e8 00001000 nt!CcPreparePinWrite+0x93 (FPO: [Non-Fpo])a8b0c628 b9e67d21 e13da830 e100fb50 00000028 Ntfs!LfsGetLbcb+0x5b (FPO: [Non-Fpo])a8b0c63c b9e679a2 e13da830 00000010 e100fb50 Ntfs!LfsPrepareLfcbForLogRecord+0x4a (FPO: [Non-Fpo])a8b0c66c b9e676d6 e13da830 e100fb50 00000001 Ntfs!LfsWriteLogRecordIntoLogPage+0x5c (FPO: [Non-Fpo])a8b0c748 b9e671ff e100fb50 00000001 a8b0c808 Ntfs!LfsWrite+0x2f7 (FPO: [Non-Fpo])a8b0c8cc b9e6759a 89ae3a40 89b9b320 00000000 Ntfs!NtfsWriteLog+0x6a2 (FPO: [Non-Fpo])a8b0c92c b9e70ffc 89ae3a40 e15d3988 e15d3a50 Ntfs!NtfsCommitCurrentTransaction+0x197 (FPO: [Non-Fpo])a8b0c940 b9e71f46 89ae3a40 89ae3a40 e15d3a50 Ntfs!NtfsCheckpointCurrentTransaction+0x21 (FPO: [Non-Fpo])a8b0ca14 b9e71d6b 89ae3a40 898fc6f0 89423b40 Ntfs!NtfsSetEndOfFileInfo+0x5ec (FPO: [Non-Fpo])a8b0ca84 b9e49b3b 89ae3a40 89423b40 898fc6f0 Ntfs!NtfsCommonSetInformation+0x477 (FPO: [Non-Fpo])a8b0caec 804ef19f 89ba5020 89423b40 89423b50 Ntfs!NtfsFsdSetInformation+0xa3 (FPO: [Non-Fpo])a8b0cafc 8057b543 a8b0cba0 a8b0cc2c 8057b010 nt!IopfCallDriver+0x31 (FPO: [0,0,0])a8b0cb84 8054162c 80000638 a8b0cc38 a8b0cc48 nt!NtSetInformationFile+0x533 (FPO: [Non-Fpo])a8b0cb84 80500ecd 80000638 a8b0cc38 a8b0cc48 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a8b0cba0)a8b0cc10 8063bffa 80000638 a8b0cc38 a8b0cc48 nt!ZwSetInformationFile+0x11 (FPO: [5,0,0])a8b0cc50 8063b454 e150b700 00000001 00000400 nt!CmpDoFileSetSize+0x5e (FPO: [Non-Fpo])a8b0ccd8 8063b8ce e150b758 00000000 e150b758 nt!HvpDoWriteHive+0x42a (FPO: [Non-Fpo])a8b0ccf0 80632a96 e150b701 e13dd5c8 00000000 nt!HvSyncHive+0x88 (FPO: [Non-Fpo])a8b0cd04 8062452e e150b758 00000120 a8b0cd64 nt!CmFlushKey+0x94 (FPO: [Non-Fpo])a8b0cd58 8054162c 000000fc 00a8f770 7c91e4f4 nt!NtFlushKey+0x88 (FPO: [Non-Fpo])a8b0cd58 7c91e4f4 000000fc 00a8f770 7c91e4f4 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ a8b0cd64)WARNING: Frame IP not in any known module. Following frames may be wrong.00a8f770 00000000 00000000 00000000 00000000 0x7c91e4f4I've not seen this dump in a while, but knowing what is happening here, it appears to be memory corruption. So, either it's a device driver on the system, or you have faulty memory on the system (RAM, L2 CPU Cache, or Video RAM). I don't see us working in win32k.sys, so no GDI is being used, so that probably rules out the video card or driver. That leaves either your system's disk chipset driver, or the RAM or CPU cache as problematic. I'd start checking your RAM with memtest86 though, as a first. Link to comment Share on other sites More sharing options...
andtrds Posted November 3, 2008 Author Share Posted November 3, 2008 no errors with memtest86... Link to comment Share on other sites More sharing options...
cluberti Posted November 3, 2008 Share Posted November 3, 2008 That would indicate then it's a driver, most likely. Link to comment Share on other sites More sharing options...
andtrds Posted November 3, 2008 Author Share Posted November 3, 2008 ..but cluberti i am using the latest drivers for all devices ...do you have anything else on you r mind for troubleshooting?thanks again Link to comment Share on other sites More sharing options...
cluberti Posted November 3, 2008 Share Posted November 3, 2008 Just because you have the latest drivers doesn't mean they're working properly . Does the issue reproduce when using safe mode, or safe mode w/networking? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now