פורסם 2008 במרץ 617 שנים Microsoft (R) Windows Debugger Version 6.8.0004.0 X86Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\WINDOWS\Minidump\Mini030608-01.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: C:\websymbolsExecutable search path is: Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp_sp2_qfe.070227-2300Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0Debug session time: Thu Mar 6 08:45:56.687 2008 (GMT+2)System Uptime: 0 days 0:00:46.421Loading Kernel Symbols...Loading User SymbolsLoading unloaded module list..........*** WARNING: Unable to verify timestamp for Sandbox.SYS*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 1000008E, {c0000005, 804e5701, b6440768, 0}*** ERROR: Symbol file could not be found. Defaulted to export symbols for halmacpi.dll - Probably caused by : Sandbox.SYS ( Sandbox+3572b )Followup: MachineOwner---------1: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)This is a very common bugcheck. Usually the exception address pinpointsthe driver/function that caused the problem. Always note this addressas well as the link date of the driver/image that contains this address.Some common problems are exception code 0x80000003. This means a hardcoded breakpoint or assertion was hit, but this system was booted/NODEBUG. This is not supposed to happen as developers should never havehardcoded breakpoints in retail code, but ...If this happens, make sure a debugger gets connected, and thesystem is booted /DEBUG. This will let us see why this breakpoint ishappening.Arguments:Arg1: c0000005, The exception code that was not handledArg2: 804e5701, The address that the exception occurred atArg3: b6440768, Trap FrameArg4: 00000000Debugging Details:------------------EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".FAULTING_IP: nt!__InterlockedDecrement+5804e5701 f00fc101 lock xadd dword ptr [ecx],eaxTRAP_FRAME: b6440768 -- (.trap 0xffffffffb6440768)ErrCode = 00000002eax=ffffffff ebx=b6ae5470 ecx=0000eeec edx=e2d4e1a8 esi=011eed8c edi=b6440d64eip=804e5701 esp=b64407dc ebp=b64407f0 iopl=0 nv up ei pl nz na po nccs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202nt!__InterlockedDecrement+0x5:804e5701 f00fc101 lock xadd dword ptr [ecx],eax ds:0023:0000eeec=????????Resetting default scopeCUSTOMER_CRASH_COUNT: 1DEFAULT_BUCKET_ID: DRIVER_FAULTBUGCHECK_STR: 0x8EPROCESS_NAME: explorer.exeLAST_CONTROL_TRANSFER: from b6b1472b to 804e5701STACK_TEXT: b64407d8 b6b1472b e2d4e2c8 b64407f0 b6ae06bc nt!__InterlockedDecrement+0x5WARNING: Stack unwind information not available. Following frames may be wrong.b64407f0 b6afbfe9 0000ef00 e2d4e1a8 00000000 Sandbox+0x3572bb6440808 b6afc120 b644082c b6afbf38 e2d4e1a8 Sandbox+0x1cfe9b6440810 b6afbf38 e2d4e1a8 00000038 00000000 Sandbox+0x1d120b644082c b6afc56e 00000003 e18532a4 e179097c Sandbox+0x1cf38b6440850 b6afb7b5 b6440894 e179097c 44414544 Sandbox+0x1d56eb6440864 b6b03117 b6440894 e179097c 00000016 Sandbox+0x1c7b5b6440878 b6b02c25 b64409b8 b6440894 b6440890 Sandbox+0x24117b6440898 b6b022af b64409b8 b64408e4 b64408b8 Sandbox+0x23c25b64408e8 b6afe593 b6440a00 b64409b8 86d9d800 Sandbox+0x232afb6440a48 b6ae5a9c b6440ce4 00000000 00000001 Sandbox+0x1f593b6440d48 804dd99f 000005c8 011eedb4 011eed8c Sandbox+0x6a9cb6440d48 7c90eb94 000005c8 011eedb4 011eed8c nt!KiFastCallEntry+0xfc011eed6c 7c90e5e5 7c831c76 000005c8 011eedb4 0x7c90eb94011eedbc 7e42392b 000005c8 00000000 011eede0 0x7c90e5e5011eedc0 00000000 00000000 011eede0 00000000 0x7e42392bSTACK_COMMAND: kbFOLLOWUP_IP: Sandbox+3572bb6b1472b ?? ???SYMBOL_STACK_INDEX: 1SYMBOL_NAME: Sandbox+3572bFOLLOWUP_NAME: MachineOwnerMODULE_NAME: SandboxIMAGE_NAME: Sandbox.SYSDEBUG_FLR_IMAGE_TIMESTAMP: 457fe2b2FAILURE_BUCKET_ID: 0x8E_Sandbox+3572bBUCKET_ID: 0x8E_Sandbox+3572bFollowup: MachineOwner---------Microsoft (R) Windows Debugger Version 6.8.0004.0 X86Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\WINDOWS\Minidump\Mini030608-02.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: C:\websymbolsExecutable search path is: Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp_sp2_qfe.070227-2300Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0Debug session time: Thu Mar 6 08:47:05.109 2008 (GMT+2)System Uptime: 0 days 0:00:40.828Loading Kernel Symbols...Loading User SymbolsLoading unloaded module list..........Unable to load image win32k.sys, Win32 error 0n2*** WARNING: Unable to verify timestamp for win32k.sys*** ERROR: Module load completed but symbols could not be loaded for win32k.sys******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 1000008E, {c0000005, bf81fb90, b5eaaa80, 0}Map tcpip.sys: Image region 4ed80:5980 does not fit in mappingUnable to load image Sandbox.SYS, Win32 error 0n2*** WARNING: Unable to verify timestamp for Sandbox.SYS*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS*** WARNING: Unable to verify timestamp for FILTNT.SYS*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYSProbably caused by : Sandbox.SYS ( Sandbox+13468 )Followup: MachineOwner---------0: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)This is a very common bugcheck. Usually the exception address pinpointsthe driver/function that caused the problem. Always note this addressas well as the link date of the driver/image that contains this address.Some common problems are exception code 0x80000003. This means a hardcoded breakpoint or assertion was hit, but this system was booted/NODEBUG. This is not supposed to happen as developers should never havehardcoded breakpoints in retail code, but ...If this happens, make sure a debugger gets connected, and thesystem is booted /DEBUG. This will let us see why this breakpoint ishappening.Arguments:Arg1: c0000005, The exception code that was not handledArg2: bf81fb90, The address that the exception occurred atArg3: b5eaaa80, Trap FrameArg4: 00000000Debugging Details:------------------EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".FAULTING_IP: win32k+1fb90bf81fb90 3b7624 cmp esi,dword ptr [esi+24h]TRAP_FRAME: b5eaaa80 -- (.trap 0xffffffffb5eaaa80)ErrCode = 00000000eax=bc675198 ebx=00000000 ecx=87ca1b38 edx=bc640178 esi=0000cc00 edi=bc675198eip=bf81fb90 esp=b5eaaaf4 ebp=b5eaab00 iopl=0 nv up ei pl zr na pe nccs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246win32k+0x1fb90:bf81fb90 3b7624 cmp esi,dword ptr [esi+24h] ds:0023:0000cc24=????????Resetting default scopeCUSTOMER_CRASH_COUNT: 2DEFAULT_BUCKET_ID: DRIVER_FAULTBUGCHECK_STR: 0x8EPROCESS_NAME: rundll32.exeLAST_CONTROL_TRANSFER: from bf81fb7a to bf81fb90STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong.b5eaab00 bf81fb7a bc675198 e1e65ca8 e1e65d30 win32k+0x1fb90b5eaab1c bf87b055 e1e65d30 89b10de8 e2ce85a8 win32k+0x1fb7ab5eaab30 bf876cac e1e65ca8 87a92da8 00000000 win32k+0x7b055b5eaab58 bf819e58 00000001 b5eaab80 bf819f1c win32k+0x76cacb5eaab64 bf819f1c 87a92da8 00000001 00000000 win32k+0x19e58b5eaab80 8056fc07 87a92da8 00000001 87a92da8 win32k+0x19f1cb5eaac0c 805739b4 00000000 87a92da8 00000000 nt!PspExitThread+0x3ccb5eaac2c 8058e369 87a92da8 00000000 b5eaad64 nt!PspTerminateThreadByPointer+0x52b5eaac58 b6af2468 00000000 00000000 b5eaad64 nt!NtTerminateProcess+0x118b5eaad2c b6ccead1 ffffffff 00000000 b5eaad64 Sandbox+0x13468b5eaad54 804dd99f ffffffff 00000000 0007ff58 FILTNT+0x13ad1b5eaad54 7c90eb94 ffffffff 00000000 0007ff58 nt!KiFastCallEntry+0xfc0007ff58 00000000 00000000 00000000 00000000 0x7c90eb94STACK_COMMAND: kbFOLLOWUP_IP: Sandbox+13468b6af2468 ?? ???SYMBOL_STACK_INDEX: 9SYMBOL_NAME: Sandbox+13468FOLLOWUP_NAME: MachineOwnerMODULE_NAME: SandboxIMAGE_NAME: Sandbox.SYSDEBUG_FLR_IMAGE_TIMESTAMP: 457fe2b2FAILURE_BUCKET_ID: 0x8E_Sandbox+13468BUCKET_ID: 0x8E_Sandbox+13468Followup: MachineOwner---------Microsoft (R) Windows Debugger Version 6.8.0004.0 X86Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\WINDOWS\Minidump\Mini030608-03.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: C:\websymbolsExecutable search path is: Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp_sp2_qfe.070227-2300Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0Debug session time: Thu Mar 6 08:48:15.000 2008 (GMT+2)System Uptime: 0 days 0:00:43.734Loading Kernel Symbols...Loading User SymbolsLoading unloaded module list..........******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 1000000A, {1c, 2, 1, 8053fa25}Map tcpip.sys: Image region 4ed80:5980 does not fit in mappingProbably caused by : memory_corruption ( nt!MiDecrementCloneBlockReference+a )Followup: MachineOwner---------1: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************IRQL_NOT_LESS_OR_EQUAL (a)An attempt was made to access a pageable (or completely invalid) address at aninterrupt request level (IRQL) that is too high. This is usuallycaused by drivers using improper addresses.If a kernel debugger is available get the stack backtrace.Arguments:Arg1: 0000001c, memory referencedArg2: 00000002, IRQLArg3: 00000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)Arg4: 8053fa25, address which referenced memoryDebugging Details:------------------WRITE_ADDRESS: 0000001c CURRENT_IRQL: 2FAULTING_IP: nt!MiDecrementCloneBlockReference+a8053fa25 ff4b1c dec dword ptr [ebx+1Ch]CUSTOMER_CRASH_COUNT: 3DEFAULT_BUCKET_ID: DRIVER_FAULTBUGCHECK_STR: 0xAPROCESS_NAME: dwwin.exeLAST_CONTROL_TRANSFER: from 80529fcb to 8053fa25STACK_TEXT: b5f32b4c 80529fcb 00000000 e1000400 87a7da40 nt!MiDecrementCloneBlockReference+0xab5f32b84 804f11e3 c0004188 01062000 00000000 nt!MiDeletePte+0x324b5f32c48 804f521d e1987450 0108afff 00000000 nt!MiDeleteVirtualAddresses+0x162b5f32cf4 8057f380 87a7da40 87b22cb0 b5f32d64 nt!MiRemoveMappedView+0x211b5f32d38 8057f42c 879c4528 87a7d520 00000000 nt!MiUnmapViewOfSection+0x12bb5f32d54 804dd99f ffffffff 87a7da40 00f2d8e8 nt!NtUnmapViewOfSection+0x54b5f32d54 7c90eb94 ffffffff 87a7da40 00f2d8e8 nt!KiFastCallEntry+0xfcWARNING: Frame IP not in any known module. Following frames may be wrong.00f2d8e8 00000000 00000000 00000000 00000000 0x7c90eb94STACK_COMMAND: kbFOLLOWUP_IP: nt!MiDecrementCloneBlockReference+a8053fa25 ff4b1c dec dword ptr [ebx+1Ch]SYMBOL_STACK_INDEX: 0SYMBOL_NAME: nt!MiDecrementCloneBlockReference+aFOLLOWUP_NAME: MachineOwnerMODULE_NAME: ntDEBUG_FLR_IMAGE_TIMESTAMP: 45e550efIMAGE_NAME: memory_corruptionFAILURE_BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+aBUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+aFollowup: MachineOwner---------מה ניתן לעשות ?
פורסם 2008 במרץ 617 שנים תריץ בדיקה של MEMTEST, למשך שלוש שעות לפחות.יש לך במקרה תוכנה שנקראת Sandbox? מחק אותה.
פורסם 2008 במרץ 617 שנים Sandbox.sys , הוא מפיירוול שנקרא OUTPOSTאם אתה מכבה אותו ... נראה לי שזה יפתור את הבעיהאני אחפש אם יש איזו פתרון לבעיה הזו..בינתיים חפש לך פיירוול אחר..
פורסם 2008 במרץ 717 שנים מחבר החלפתי FW והבעייה עדין לא נפתרה .להלן פירוט קובץ דאמפ חדש : Microsoft (R) Windows Debugger Version 6.8.0004.0 X86Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\WINDOWS\Minidump\Mini030708-01.dmp]Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: C:\websymbolsExecutable search path is: Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp_sp2_qfe.070227-2300Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0Debug session time: Fri Mar 7 08:56:31.296 2008 (GMT+2)System Uptime: 0 days 0:01:45.015Loading Kernel Symbols...Loading User SymbolsLoading unloaded module list...........******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 1000008E, {c0000005, 805502e0, b6729ac4, 0}Unable to load image klif.sys, Win32 error 0n2*** WARNING: Unable to verify timestamp for klif.sys*** ERROR: Module load completed but symbols could not be loaded for klif.sysMap tcpip.sys: Image region 4ed80:5980 does not fit in mappingProbably caused by : Pool_Corruption ( nt!ExFreePool+f )Followup: Pool_corruption---------0: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)This is a very common bugcheck. Usually the exception address pinpointsthe driver/function that caused the problem. Always note this addressas well as the link date of the driver/image that contains this address.Some common problems are exception code 0x80000003. This means a hardcoded breakpoint or assertion was hit, but this system was booted/NODEBUG. This is not supposed to happen as developers should never havehardcoded breakpoints in retail code, but ...If this happens, make sure a debugger gets connected, and thesystem is booted /DEBUG. This will let us see why this breakpoint ishappening.Arguments:Arg1: c0000005, The exception code that was not handledArg2: 805502e0, The address that the exception occurred atArg3: b6729ac4, Trap FrameArg4: 00000000Debugging Details:------------------EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".FAULTING_IP: nt!ExFreePoolWithTag+43c805502e0 668b4b04 mov cx,word ptr [ebx+4]TRAP_FRAME: b6729ac4 -- (.trap 0xffffffffb6729ac4)ErrCode = 00000000eax=ffdff120 ebx=00000000 ecx=00000000 edx=00000000 esi=e2d10068 edi=80569a20eip=805502e0 esp=b6729b38 ebp=b6729b6c iopl=0 nv up ei pl zr na pe nccs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246nt!ExFreePoolWithTag+0x43c:805502e0 668b4b04 mov cx,word ptr [ebx+4] ds:0023:00000004=????Resetting default scopeCUSTOMER_CRASH_COUNT: 1DEFAULT_BUCKET_ID: DRIVER_FAULTBUGCHECK_STR: 0x8EPROCESS_NAME: svchost.exeLAST_CONTROL_TRANSFER: from 805503e3 to 805502e0STACK_TEXT: b6729b6c 805503e3 e2d10070 00000000 87ce8bc8 nt!ExFreePoolWithTag+0x43cb6729b7c b6a9a6bc e2d10070 00000000 00000002 nt!ExFreePool+0xfWARNING: Stack unwind information not available. Following frames may be wrong.b6729bb0 805507b9 00000000 ffdff120 89a111bc klif+0xe6bc80569a20 00000000 00092142 0008352b 0000140e nt!ExAllocatePoolWithTag+0x7a9STACK_COMMAND: kbFOLLOWUP_IP: nt!ExFreePool+f805503e3 5d pop ebpSYMBOL_STACK_INDEX: 1SYMBOL_NAME: nt!ExFreePool+fFOLLOWUP_NAME: Pool_corruptionIMAGE_NAME: Pool_CorruptionDEBUG_FLR_IMAGE_TIMESTAMP: 0MODULE_NAME: Pool_CorruptionFAILURE_BUCKET_ID: 0x8E_nt!ExFreePool+fBUCKET_ID: 0x8E_nt!ExFreePool+fFollowup: Pool_corruption---------אגב לא יודע אם זה קשור אך לאחר 2-3 מסכים לאחר הפעלת המחשב הבעיה נפתרת מעצמה .מה ניתן עוד לעשות ?
פורסם 2008 במרץ 717 שנים אחי , נראה לי שיש לך איזה דרייבר שעושה לך בעיות הייתי ממליץ לך לבדוק עדכונים לדרייברים הקיימים
פורסם 2008 במרץ 817 שנים מחבר עדכנתי דרייברים ועדין מופיעים מסכים כחולים . klif.systcip.sysclasspnp.sysהקבצים הנ"ל מופיעים במסכים הכחולים , על מה הם מעידים ?
פורסם 2008 במרץ 817 שנים klif.sys - קספרסקי אנטי וירוסtcpip.sys - הדרייבר של פורוטוקל ה TCP/IPclasspnp.sys - משהו קשור ל PLUG N' PLAY , תוודא שהוא מאופשר בביוסמה המפרט שלך ?
פורסם 2008 במרץ 1017 שנים מחבר klif.sys - קספרסקי אנטי וירוסtcpip.sys - הדרייבר של פורוטוקל ה TCP/IPclasspnp.sys - משהו קשור ל PLUG N' PLAY , תוודא שהוא מאופשר בביוסמה המפרט שלך ? amd 4600 d.c2gb ocz 667gf 8500mdi k9n ultaf 580אם אני אעבור למערכת הפעלה של Vista הבעיה תעלם ?
פורסם 2008 במרץ 1017 שנים amd 4600 d.c2gb ocz 667gf 8500mdi k9n ultaf 580אם אני אעבור למערכת הפעלה של Vista הבעיה תעלם ?זה אותו דבר אם תעשה פורמט..קיצר תנסה לעלות דרך SAFEmode נראה שזה לא בעיה חומרתית (אם לא יהיו בעיות)אם יהיו בעיות כניראה הבעיה היא חומרתית...למרות שאני ממליץ על פורמט למחשב שלך יש יותר מדי בעיות שכבר עדיף פורמט
פורסם 2008 במרץ 1317 שנים מחבר זה אותו דבר אם תעשה פורמט..קיצר תנסה לעלות דרך SAFEmode נראה שזה לא בעיה חומרתית (אם לא יהיו בעיות)אם יהיו בעיות כניראה הבעיה היא חומרתית...למרות שאני ממליץ על פורמט למחשב שלך יש יותר מדי בעיות שכבר עדיף פורמטבמצב של Safe Mode לא קופצים מסכים כחולים . ניתן להסיק שמקור הבעיה בדרייברים/תוכנות ?
ארכיון
דיון זה הועבר לארכיון ולא ניתן להוסיף בו תגובות חדשות.