About Terrible Minidump files

**msimsek** · June 28, 2006

Hello guys. I'm from Turkey and this is my first post. I have some problems with blue screens. Sometimes, my xp is closed with blue scrrens ( with most time DRIVER_NOT_EQUAL ) . I used microsoft's debugger with my minidump files but i couldn't understand . Can you help me?

I uploaded My mini dump files at :

http://www.hemenpaylas.com/download/107695...nidump.rar.html

Please click "Dosyayı İndir" to download mini dump files.

My configuration is Prescott 3.0 , Asus P4C800 E-Deluxe,A-Data DDR-600, 40 GB Quantum IDEand 160 GB Samsung Sata, Audigy Es (updated to Audigy 4 with hacked driver ),32 MB S3 Savage4 graphic card and Enermax Liberty 500 Watt power supply.

Thaks a lot of from now.....

**cluberti** · June 28, 2006

OK, here goes:

Mini062706-01.dmp
----------------------
Stop 0x8E (KERNEL_MODE_EXCEPTION_NOT_HANDLED_M)

A driver on the system caused an access violation while you were running an application's setup.exe file.  The driver appears to have tried to do an ObfDereferenceObject command through a kernel-level driver (the fault occurred while code was executing in ntkrnlmp), which ultimately caused a bugcheck in the PspExitProcess function at offset 8c.  I would need to know what you were actually attempting to install at the time of the bugcheck.


Mini062706-02.dmp
----------------------
Stop 0x19 (BAD_POOL_HEADER)

It appears that the klif.sys driver file attempted to free kernel pool memory allocated, and the virtual memory block attempted to be freed was either invalid or contained corrupt data, causing the bugcheck.  Since a !pool of the address referenced is unknown, it is likely that the driver attempted a free on a block that was unallocated or already freed - I also noticed that the driver attempted to free an allocation size larger than the other allocations in this region, which would also have caused a bugcheck or at least a serious error, had there actually been a memory block to free.  This would indicate an issue with the klif.sys driver file - note klif.sys belongs to Kapersky's Antivirus package.


Mini062806-01.dmp
----------------------
Stop 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL)

This one is a mystery, but it does show a pattern - a driver belonging to a non-Microsoft application running inside a svchost.exe process (an application that has a service associated with it) tried to read a memory address that was invalid, and it also did so at an invalid IRQL (IRQ Level) - so if the memory address HAD been valid, the driver still would've bugchecked.  I can't tell what driver it was in a minidump, because the driver attempted to reference the memory address it was loaded in (causing corruption, and thus I cannot read anything but ???? in that address).


Mini062806-02.dmp
----------------------
Stop 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL)

This one was easy, as there was no memory corruption - the Intel e1000 NIC driver attempted to write to a kernel memory address using an IRQL that was too high, causing a system bugcheck.  I know it was the Intel from the stack on processor 0, showing the bugcheck:

ChildEBP RetAddr  Args to Child			  
WARNING: Frame IP not in any known module. Following frames may be wrong.
819717c7 f309ec1d 8189faa8 00000016 f8962738 0xf8962843
f8962754 f309eecb fe9ac3a8 2660a853 0400000a tcpip!FindListenConn+0x305
f89627f8 f3094ef9 816f4008 0400000a 2660a853 tcpip!TCPRcv+0x2ff
f8962858 f3094b19 00000020 816f4008 f3097076 tcpip!DeliverToUser+0x18e
f89628d4 f3094836 f30d4210 816f4008 fec71008 tcpip!DeliverToUserEx+0x95f
f896298c f3093922 816f4008 fec7101c 0000001c tcpip!IPRcvPacket+0x6cb
f89629cc f309817b 00000000 fec71008 fed33720 tcpip!ARPRcvIndicationNew+0x149
f89629fc 8198f095 fed34d68 fec71008 fed33720 tcpip!ARPRcv+0x42
f8962a94 f837088f fed34d68 81607560 815ee00a 0x8198f095
f8962a60 81990329 fe95401c 00000000 00000000 NDIS!ethFilterDprIndicateReceivePacket+0x347
f8962a94 f837088f fed34d68 81607560 815ee00a 0x81990329
f8962afc f4eca01d 00796c78 813e8508 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x347
f8962b10 f4eca1b4 81777ad0 813e8508 00000001 psched!PsFlushReceiveQueue+0x15
f8962b34 f4eca5f9 813e4568 00000000 81777ad0 psched!PsEnqueueReceivePacket+0xda
f8962b4c f836fd40 813e4560 816a7008 00000001 psched!ClReceiveComplete+0x13
f8962b9c f828e5aa 00796c78 f8962bdc 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
f8962cec f828f367 006a7008 f8962d1b 8185ea50 e1000325+0x5aa
f8962d10 f8365f09 006a7008 80562f00 f87cf9c0 e1000325+0x1367
f8962d28 804dd26b 816a7470 816a745c 00000000 NDIS!ndisMDpcX+0x21
f8962d50 804dd14b 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61

1: kd> db 8189faa8 
8189faa8  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189fab8  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189fac8  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189fad8  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189fae8  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189faf8  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189fb08  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
8189fb18  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????

start	end		module name
f828e000 f82abc00   e1000325   (no symbols)		   
	Loaded symbol image file: e1000325.sys
	Mapped memory image file: C:\symbols\e1000325.sys\3ECB56BA1dc00\e1000325.sys
	Image path: e1000325.sys
	Image name: e1000325.sys
	Timestamp:		Wed May 21 06:36:42 2003 (3ECB56BA)
	CheckSum:		 0001EFDA
	ImageSize:		0001DC00
	File version:	 7.0.37.0
	Product version:  5.1.2600.0
	File flags:	   8 (Mask 3F) Private
	File OS:		  40004 NT Win32
	File type:		3.6 Driver
	File date:		00000000.00000000
	Translations:	 0000.04b0
	CompanyName:	  Intel Corporation
	ProductName:	  Intel(R) PRO/1000 Adapter
	InternalName:	 E1000325.SYS
	OriginalFilename: E1000325.SYS
	ProductVersion:   7.0.37.0
	FileVersion:	  7.0.37.0 built by: WinDDK
	FileDescription:  Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver
	LegalCopyright:   1998-2003, Intel Corporation All Rights Reserved.

At least that one wasn't corrupted all to hell.


Mini062806-03.dmp
----------------------
Stop 0x8E (KERNEL_MODE_EXCEPTION_NOT_HANDLED_M)

Another relatively easy one; a litte corrupt, but still has salvageable data.  A kernel mode driver attempted to access a portion of memory that it was not allowed to, causing an unhandled exception in the kernel.  This driver appears to have been called by alg.exe, which is the application layer gateway service.  This is another error related to the network stack, and since a kernel driver is involved, the only kernel driver here in the dump on the network stack is the Intel driver... (see a pattern???)


Mini062806-04.dmp
----------------------
Stop 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL)

Yet another Stop 0xD1 caused by the Intel e1000 driver.  I'd say you've either got issues with your RAM, or the Intel driver is buggy - and no, the below is not a copy and paste of the above 0xD1:

ChildEBP RetAddr  Args to Child			  
WARNING: Frame IP not in any known module. Following frames may be wrong.
f8962a94 f837088f ff16a110 81631a38 8161b00a 0x8198926e
f8962afc f339901d 006e8408 ff6ba760 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x347
f8962b10 f33991b4 81871ad0 ff6ba760 00000001 psched!PsFlushReceiveQueue+0x15
f8962b34 f33995f9 81892dc0 00000000 81871ad0 psched!PsEnqueueReceivePacket+0xda
f8962b4c f836fd40 81892db8 81892008 00000001 psched!ClReceiveComplete+0x13
f8962b9c f79c25aa 006e8408 f8962bdc 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
f8962cec f79c3367 00892008 f8962d1b 8183d130 e1000325+0x5aa
f8962d10 f8365f09 00892008 80562f00 f87cf9c0 e1000325+0x1367
f8962d28 804dd26b 81892470 8189245c 00000000 NDIS!ndisMDpcX+0x21
f8962d50 804dd14b 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
f8962d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28

1: kd> db ff16a110
ff16a110  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a120  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a130  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a140  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a150  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a160  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a170  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
ff16a180  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????

start	end		module name
f79c2000 f79dfc00   e1000325   (no symbols)		   
	Loaded symbol image file: e1000325.sys
	Mapped memory image file: C:\symbols\e1000325.sys\3ECB56BA1dc00\e1000325.sys
	Image path: e1000325.sys
	Image name: e1000325.sys
	Timestamp:		Wed May 21 06:36:42 2003 (3ECB56BA)
	CheckSum:		 0001EFDA
	ImageSize:		0001DC00
	File version:	 7.0.37.0
	Product version:  5.1.2600.0
	File flags:	   8 (Mask 3F) Private
	File OS:		  40004 NT Win32
	File type:		3.6 Driver
	File date:		00000000.00000000
	Translations:	 0000.04b0
	CompanyName:	  Intel Corporation
	ProductName:	  Intel(R) PRO/1000 Adapter
	InternalName:	 E1000325.SYS
	OriginalFilename: E1000325.SYS
	ProductVersion:   7.0.37.0
	FileVersion:	  7.0.37.0 built by: WinDDK
	FileDescription:  Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver
	LegalCopyright:   1998-2003, Intel Corporation All Rights Reserved.

The pattern is staggering - what happens if you uninstall the Intel software and disable or remove the NIC? I'd bet the problem would go away...

Edited June 28, 2006 by cluberti

**xtremee** · June 29, 2006

@cluberti,

HOW u can Know the contains of this files?

i.e. how u cinvert them and wat is the program u use?

Regards,

Xtremee

**cluberti** · June 29, 2006

1. I work as a debugger (amongst other things) at Microsoft.

2. I use windbg, one of the debuggers in the Debugging Tools for Windows package.

Edit - The debugging tools are here:

http://www.microsoft.com/whdc/devtools/deb...ng/default.mspx

Edited June 29, 2006 by cluberti

**xtremee** · June 29, 2006

Thanx alot

**msimsek** · June 29, 2006

All these fault depends to ethernet driver? I use ethernet with my modem ( zoom X4 ) . I can't uninstall these drivers but i can update. And please for give me but I don't know what the NIC is?

**trickytwista** · June 29, 2006

hi. the NIC is your intel network card

**msimsek** · June 29, 2006

As i said i use NIC ( i learned it ) for my ADSL Modem. I updated its driver tonight ( driver's date is 06.01.2006, old driver's date was 2003) . I hope this will solve my problem. But if this doesn't solve problem i will use my modem with USB and i will uninstall ny ethernet. But this is very very silly event. I bought a very well board but i can't use its ethernet I will write result here.

My last question, Sometimes i see some errors about IDE Controller at Event Logger. My mobo ( P4C800 E-Deluxe) uses WinXP Promise SATA378 IDE Controller. ı searched new drivers but i couldn't find. Is there any new drivers for this controller? And my mobo has not another controller for SATA?

Great thanks for everything...

( sory for my English, i try to develop my English ) ( or i should write "i try developing my English" ? )

**msimsek** · June 30, 2006

i have no new minidumps since last night )

**cluberti** · June 30, 2006

**msimsek** · July 1, 2006

Thanks cluberti, your solution %100 works. I have no problem now

**bledd** · July 1, 2006

thanks for the info cluberti

Sign In

About Terrible Minidump files

Recommended Posts

msimsek

cluberti

xtremee

cluberti

xtremee

msimsek

trickytwista

msimsek

msimsek

cluberti

msimsek

bledd

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Activity

Browse