עבור לתוכן

הופעה של מסכים כחולים - פירוט קבצי דאמפ

Featured Replies

פורסם



Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini030608-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 6 08:45:56.687 2008 (GMT+2)
System Uptime: 0 days 0:00:46.421
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..........
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 804e5701, b6440768, 0}

*** ERROR: Symbol file could not be found. Defaulted to export symbols for halmacpi.dll -


Probably caused by : Sandbox.SYS ( Sandbox+3572b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 804e5701, The address that the exception occurred at
Arg3: b6440768, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!__InterlockedDecrement+5
804e5701 f00fc101 lock xadd dword ptr [ecx],eax

TRAP_FRAME: b6440768 -- (.trap 0xffffffffb6440768)
ErrCode = 00000002
eax=ffffffff ebx=b6ae5470 ecx=0000eeec edx=e2d4e1a8 esi=011eed8c edi=b6440d64
eip=804e5701 esp=b64407dc ebp=b64407f0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!__InterlockedDecrement+0x5:
804e5701 f00fc101 lock xadd dword ptr [ecx],eax ds:0023:0000eeec=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from b6b1472b to 804e5701

STACK_TEXT:
b64407d8 b6b1472b e2d4e2c8 b64407f0 b6ae06bc nt!__InterlockedDecrement+0x5
WARNING: Stack unwind information not available. Following frames may be wrong.
b64407f0 b6afbfe9 0000ef00 e2d4e1a8 00000000 Sandbox+0x3572b
b6440808 b6afc120 b644082c b6afbf38 e2d4e1a8 Sandbox+0x1cfe9
b6440810 b6afbf38 e2d4e1a8 00000038 00000000 Sandbox+0x1d120
b644082c b6afc56e 00000003 e18532a4 e179097c Sandbox+0x1cf38
b6440850 b6afb7b5 b6440894 e179097c 44414544 Sandbox+0x1d56e
b6440864 b6b03117 b6440894 e179097c 00000016 Sandbox+0x1c7b5
b6440878 b6b02c25 b64409b8 b6440894 b6440890 Sandbox+0x24117
b6440898 b6b022af b64409b8 b64408e4 b64408b8 Sandbox+0x23c25
b64408e8 b6afe593 b6440a00 b64409b8 86d9d800 Sandbox+0x232af
b6440a48 b6ae5a9c b6440ce4 00000000 00000001 Sandbox+0x1f593
b6440d48 804dd99f 000005c8 011eedb4 011eed8c Sandbox+0x6a9c
b6440d48 7c90eb94 000005c8 011eedb4 011eed8c nt!KiFastCallEntry+0xfc
011eed6c 7c90e5e5 7c831c76 000005c8 011eedb4 0x7c90eb94
011eedbc 7e42392b 000005c8 00000000 011eede0 0x7c90e5e5
011eedc0 00000000 00000000 011eede0 00000000 0x7e42392b


STACK_COMMAND: kb

FOLLOWUP_IP:
Sandbox+3572b
b6b1472b ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: Sandbox+3572b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Sandbox

IMAGE_NAME: Sandbox.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 457fe2b2

FAILURE_BUCKET_ID: 0x8E_Sandbox+3572b

BUCKET_ID: 0x8E_Sandbox+3572b

Followup: MachineOwner
---------




Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini030608-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 6 08:47:05.109 2008 (GMT+2)
System Uptime: 0 days 0:00:40.828
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..........
Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf81fb90, b5eaaa80, 0}

Map tcpip.sys:
Image region 4ed80:5980 does not fit in mapping
Unable to load image Sandbox.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS


Probably caused by : Sandbox.SYS ( Sandbox+13468 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf81fb90, The address that the exception occurred at
Arg3: b5eaaa80, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
win32k+1fb90
bf81fb90 3b7624 cmp esi,dword ptr [esi+24h]

TRAP_FRAME: b5eaaa80 -- (.trap 0xffffffffb5eaaa80)
ErrCode = 00000000
eax=bc675198 ebx=00000000 ecx=87ca1b38 edx=bc640178 esi=0000cc00 edi=bc675198
eip=bf81fb90 esp=b5eaaaf4 ebp=b5eaab00 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k+0x1fb90:
bf81fb90 3b7624 cmp esi,dword ptr [esi+24h] ds:0023:0000cc24=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: rundll32.exe

LAST_CONTROL_TRANSFER: from bf81fb7a to bf81fb90

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5eaab00 bf81fb7a bc675198 e1e65ca8 e1e65d30 win32k+0x1fb90
b5eaab1c bf87b055 e1e65d30 89b10de8 e2ce85a8 win32k+0x1fb7a
b5eaab30 bf876cac e1e65ca8 87a92da8 00000000 win32k+0x7b055
b5eaab58 bf819e58 00000001 b5eaab80 bf819f1c win32k+0x76cac
b5eaab64 bf819f1c 87a92da8 00000001 00000000 win32k+0x19e58
b5eaab80 8056fc07 87a92da8 00000001 87a92da8 win32k+0x19f1c
b5eaac0c 805739b4 00000000 87a92da8 00000000 nt!PspExitThread+0x3cc
b5eaac2c 8058e369 87a92da8 00000000 b5eaad64 nt!PspTerminateThreadByPointer+0x52
b5eaac58 b6af2468 00000000 00000000 b5eaad64 nt!NtTerminateProcess+0x118
b5eaad2c b6ccead1 ffffffff 00000000 b5eaad64 Sandbox+0x13468
b5eaad54 804dd99f ffffffff 00000000 0007ff58 FILTNT+0x13ad1
b5eaad54 7c90eb94 ffffffff 00000000 0007ff58 nt!KiFastCallEntry+0xfc
0007ff58 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
Sandbox+13468
b6af2468 ?? ???

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: Sandbox+13468

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Sandbox

IMAGE_NAME: Sandbox.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 457fe2b2

FAILURE_BUCKET_ID: 0x8E_Sandbox+13468

BUCKET_ID: 0x8E_Sandbox+13468

Followup: MachineOwner
---------



Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini030608-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 6 08:48:15.000 2008 (GMT+2)
System Uptime: 0 days 0:00:43.734
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {1c, 2, 1, 8053fa25}

Map tcpip.sys:
Image region 4ed80:5980 does not fit in mapping


Probably caused by : memory_corruption ( nt!MiDecrementCloneBlockReference+a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8053fa25, address which referenced memory

Debugging Details:
------------------




WRITE_ADDRESS: 0000001c

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiDecrementCloneBlockReference+a
8053fa25 ff4b1c dec dword ptr [ebx+1Ch]

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: dwwin.exe

LAST_CONTROL_TRANSFER: from 80529fcb to 8053fa25

STACK_TEXT:
b5f32b4c 80529fcb 00000000 e1000400 87a7da40 nt!MiDecrementCloneBlockReference+0xa
b5f32b84 804f11e3 c0004188 01062000 00000000 nt!MiDeletePte+0x324
b5f32c48 804f521d e1987450 0108afff 00000000 nt!MiDeleteVirtualAddresses+0x162
b5f32cf4 8057f380 87a7da40 87b22cb0 b5f32d64 nt!MiRemoveMappedView+0x211
b5f32d38 8057f42c 879c4528 87a7d520 00000000 nt!MiUnmapViewOfSection+0x12b
b5f32d54 804dd99f ffffffff 87a7da40 00f2d8e8 nt!NtUnmapViewOfSection+0x54
b5f32d54 7c90eb94 ffffffff 87a7da40 00f2d8e8 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00f2d8e8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiDecrementCloneBlockReference+a
8053fa25 ff4b1c dec dword ptr [ebx+1Ch]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiDecrementCloneBlockReference+a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45e550ef

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+a

BUCKET_ID: 0xA_W_nt!MiDecrementCloneBlockReference+a

Followup: MachineOwner
---------

מה ניתן לעשות ?

פורסם

תריץ בדיקה של MEMTEST, למשך שלוש שעות לפחות.

יש לך במקרה תוכנה שנקראת Sandbox? מחק אותה.

פורסם

יש לך תוכנת פיירוול של Outpost ?

פורסם

Sandbox.sys , הוא מפיירוול שנקרא OUTPOST

אם אתה מכבה אותו ... נראה לי שזה יפתור את הבעיה

אני אחפש אם יש איזו פתרון לבעיה הזו..

בינתיים חפש לך פיירוול אחר..

פורסם
  • מחבר

הרצתי בדיקות זכרון והכל תקין .

לגבי הפירוול - מה הכי מומלץ ?

פורסם
  • מחבר

החלפתי FW והבעייה עדין לא נפתרה .

להלן פירוט קובץ דאמפ חדש :



Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini030708-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\websymbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Mar 7 08:56:31.296 2008 (GMT+2)
System Uptime: 0 days 0:01:45.015
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 805502e0, b6729ac4, 0}

Unable to load image klif.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Map tcpip.sys:
Image region 4ed80:5980 does not fit in mapping


Probably caused by : Pool_Corruption ( nt!ExFreePool+f )

Followup: Pool_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805502e0, The address that the exception occurred at
Arg3: b6729ac4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExFreePoolWithTag+43c
805502e0 668b4b04 mov cx,word ptr [ebx+4]

TRAP_FRAME: b6729ac4 -- (.trap 0xffffffffb6729ac4)
ErrCode = 00000000
eax=ffdff120 ebx=00000000 ecx=00000000 edx=00000000 esi=e2d10068 edi=80569a20
eip=805502e0 esp=b6729b38 ebp=b6729b6c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExFreePoolWithTag+0x43c:
805502e0 668b4b04 mov cx,word ptr [ebx+4] ds:0023:00000004=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: svchost.exe

LAST_CONTROL_TRANSFER: from 805503e3 to 805502e0

STACK_TEXT:
b6729b6c 805503e3 e2d10070 00000000 87ce8bc8 nt!ExFreePoolWithTag+0x43c
b6729b7c b6a9a6bc e2d10070 00000000 00000002 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
b6729bb0 805507b9 00000000 ffdff120 89a111bc klif+0xe6bc
80569a20 00000000 00092142 0008352b 0000140e nt!ExAllocatePoolWithTag+0x7a9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePool+f
805503e3 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePool+f

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0x8E_nt!ExFreePool+f

BUCKET_ID: 0x8E_nt!ExFreePool+f

Followup: Pool_corruption
---------

אגב לא יודע אם זה קשור אך לאחר 2-3 מסכים לאחר הפעלת המחשב הבעיה נפתרת מעצמה .

מה ניתן עוד לעשות ?

פורסם

אחי , נראה לי שיש לך איזה דרייבר שעושה לך בעיות

הייתי ממליץ לך לבדוק עדכונים לדרייברים הקיימים

פורסם
  • מחבר

עדכנתי דרייברים ועדין מופיעים מסכים כחולים .

klif.sys

tcip.sys

classpnp.sys

הקבצים הנ"ל מופיעים במסכים הכחולים , על מה הם מעידים ?

פורסם

klif.sys - קספרסקי אנטי וירוס

tcpip.sys - הדרייבר של פורוטוקל ה TCP/IP

classpnp.sys - משהו קשור ל PLUG N' PLAY , תוודא שהוא מאופשר בביוס

מה המפרט שלך ?

פורסם
  • מחבר

klif.sys - קספרסקי אנטי וירוס

tcpip.sys - הדרייבר של פורוטוקל ה TCP/IP

classpnp.sys - משהו קשור ל PLUG N' PLAY , תוודא שהוא מאופשר בביוס

מה המפרט שלך ?

amd 4600 d.c

2gb ocz 667

gf 8500

mdi k9n ultaf 580

אם אני אעבור למערכת הפעלה של Vista הבעיה תעלם ?

פורסם

amd 4600 d.c

2gb ocz 667

gf 8500

mdi k9n ultaf 580

אם אני אעבור למערכת הפעלה של Vista הבעיה תעלם ?

זה אותו דבר אם תעשה פורמט..

קיצר תנסה לעלות דרך SAFEmode נראה שזה לא בעיה חומרתית (אם לא יהיו בעיות)

אם יהיו בעיות כניראה הבעיה היא חומרתית...

למרות שאני ממליץ על פורמט למחשב שלך יש יותר מדי בעיות שכבר עדיף פורמט

פורסם
  • מחבר

זה אותו דבר אם תעשה פורמט..

קיצר תנסה לעלות דרך SAFEmode נראה שזה לא בעיה חומרתית (אם לא יהיו בעיות)

אם יהיו בעיות כניראה הבעיה היא חומרתית...

למרות שאני ממליץ על פורמט למחשב שלך יש יותר מדי בעיות שכבר עדיף פורמט

במצב של Safe Mode לא קופצים מסכים כחולים . ניתן להסיק שמקור הבעיה בדרייברים/תוכנות ?

ארכיון

דיון זה הועבר לארכיון ולא ניתן להוסיף בו תגובות חדשות.

דיונים חדשים