ich hoffe, ihr könnt mir weiterhelfen. Ich habe hier eine Laptop, bei dem ich einen Bluescreen erhalte. Ich habe den minidump schon ausgelsen und es sieht nach einem Treiberproblem aus. Leider komme ich nicht weiter. Den Rechner kann ich nur im abgesicherten Modus starten. Zurück setzen habe ich schon versucht, allerdings lag der letzte Punkt nur 3 Tage zurück. Anbei die Auswertung des Dump:
Microsoft ® Windows Debugger Version 6.4.0007.2 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [D:\Mini010101-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntkrnlpa.exe *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe Windows Longhorn Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Kernel base = 0x8201b000 PsLoadedModuleList = 0x82132c70 Debug session time: Mon Jan 1 04:42:42.567 2001 (GMT+1) System Uptime: 0 days 0:04:34.588 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntkrnlpa.exe *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe Loading Kernel Symbols ...................................................................................................................................................... Loading unloaded module list .... Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {b306dff0, 0, 82762be4, 2} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 2 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Unable to load image \SystemRoot\system32\drivers\fltmgr.sys, Win32 error 2 *** WARNING: Unable to verify timestamp for fltmgr.sys *** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys Probably caused by : MpFilter.sys ( MpFilter+23be4 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: b306dff0, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: 82762be4, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000002, (reserved) Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* FAULTING_MODULE: 8201b000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 5632f79c READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd unable to get nt!MiSessionPoolStart unable to get nt!MiSessionPoolEnd b306dff0 FAULTING_IP: MpFilter+23be4 82762be4 ?? ? MM_INTERNAL_CODE: 2 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x50 LAST_CONTROL_TRANSFER: from 82068d74 to 820b326e STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 9e3fe904 82068d74 00000000 b306dff0 00000000 nt+0x9826e 9e3fe91c 82762be4 badb0d00 9e3fe9a0 85275898 nt+0x4dd74 9e3fe9b8 8275f8cf 9e3feac0 9e3feb1c 853579e0 MpFilter+0x23be4 9e3fe9d0 8274e05c 7e1be425 9c8c34b8 85571450 MpFilter+0x208cf 9e3feb1c 827041ad 8556f534 00000020 00000020 MpFilter+0xf05c 9e3feb68 8271921a 81d17028 0269d8d0 00000020 fltmgr+0x71ad 9e3feb9c 8271962b 81d17000 85255800 0269d8d0 fltmgr+0x1c21a 9e3febe0 82702cd5 8553c998 852558a0 81d17028 fltmgr+0x1c62b 9e3fec0c 8205f99a 8553c998 852558a0 852558a0 fltmgr+0x5cd5 9e3fec24 82262301 00000000 852558a0 85255910 nt+0x4499a 9e3fec44 82262c14 8553c998 81d17028 0269d800 nt+0x247301 9e3fed00 82263cde 00000240 00000004 00000000 nt+0x247c14 9e3fed34 82065c26 00000240 00000000 00000000 nt+0x248cde 9e3fed64 77a05dd4 badb0d00 0269d714 00000000 nt+0x4ac26 0269d770 00000000 00000000 00000000 00000000 0x77a05dd4 FOLLOWUP_IP: MpFilter+23be4 82762be4 ?? ? SYMBOL_STACK_INDEX: 2 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: MpFilter+23be4 MODULE_NAME: MpFilter IMAGE_NAME: MpFilter.sys STACK_COMMAND: kb BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner ---------
Hat jemand eine Idee, wie ich vorgehen könnte? Vielen Dank!