WinFuture-Forum.de: Bluescreen - Analyse Mit Bugcheck Frage Zum Ergebniss - WinFuture-Forum.de

Zum Inhalt wechseln

Alle Informationen in unserem Special: Windows Vista.
Seite 1 von 1

Bluescreen - Analyse Mit Bugcheck Frage Zum Ergebniss Kann jemand mit den Ergebnissen etwas anfangen?


#1 Mitglied ist offline   DKStone 

  • Gruppe: aktive Mitglieder
  • Beiträge: 243
  • Beigetreten: 03. Oktober 06
  • Reputation: 2

geschrieben 17. Juni 2008 - 17:12

Hallo zusammen,

bisher hat mir das Bugcheck tool (Windbg) von MS immer helfen können indem es auf eine *.sys Datei oder ähnliches verwiesen hat. Heute bin ich aber ratlos! Hab seit ner Woche ca. nu 64 bit drauf.

Hier die Auswertung:

Followup: MachineOwner
---------

0: kd> !analyze -v
**************************************************
*****************************
* *
* Bugcheck Analysis *
* *
**************************************************
*****************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80001cc6195, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

**************************************************
***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************************************
***********************

MODULE_NAME: nt

FAULTING_MODULE: fffff80001c58000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 479192b7

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
unable to get nt!MiSessionPoolStart
unable to get nt!MiSessionPoolEnd
0000000000000000

CURRENT_IRQL: 2

FAULTING_IP:
nt+6e195
fffff800`01cc6195 ? ?

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from fffff80001cad12e to fffff80001cad390

STACK_TEXT:
fffffa60`019ab848 fffff800`01cad12e : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt+0x55390
fffffa60`019ab850 00000000`0000000a : 00000000`00000000 00000000`00000002 00000000`00000001 fffff800`01cc6195 : nt+0x5512e
fffffa60`019ab858 00000000`00000000 : 00000000`00000002 00000000`00000001 fffff800`01cc6195 fffffa80`046a8180 : 0xa
fffffa60`019ab860 00000000`00000002 : 00000000`00000001 fffff800`01cc6195 fffffa80`046a8180 00000000`00000000 : 0x0
fffffa60`019ab868 00000000`00000001 : fffff800`01cc6195 fffffa80`046a8180 00000000`00000000 00000000`00000000 : 0x2
fffffa60`019ab870 fffff800`01cc6195 : fffffa80`046a8180 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
fffffa60`019ab878 fffffa80`046a8180 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x6e195
fffffa60`019ab880 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`046a8180
fffffa60`019ab888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab890 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab8f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab900 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`019ab908 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff680`00000000 : 0x0
fffffa60`019ab910 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff680`00000000 00000000`00000000 : 0x0
fffffa60`019ab918 00000000`00000000 : 00000000`00000000 fffff680`00000000 00000000`00000000 00000980`00000000 : 0x0
fffffa60`019ab920 00000000`00000000 : fffff680`00000000 00000000`00000000 00000980`00000000 0000007f`fffffff8 : 0x0
fffffa60`019ab928 fffff680`00000000 : 00000000`00000000 00000980`00000000 0000007f`fffffff8 fffffa80`046a5330 : 0x0
fffffa60`019ab930 00000000`00000000 : 00000980`00000000 0000007f`fffffff8 fffffa80`046a5330 fffffa80`02282ec0 : 0xfffff680`00000000
fffffa60`019ab938 00000980`00000000 : 0000007f`fffffff8 fffffa80`046a5330 fffffa80`02282ec0 fffffa80`02282ee8 : 0x0
fffffa60`019ab940 0000007f`fffffff8 : fffffa80`046a5330 fffffa80`02282ec0 fffffa80`02282ee8 fffffa80`02282ed0 : 0x980`00000000
fffffa60`019ab948 fffffa80`046a5330 : fffffa80`02282ec0 fffffa80`02282ee8 fffffa80`02282ed0 00000000`00000000 : 0x7f`fffffff8
fffffa60`019ab950 fffffa80`02282ec0 : fffffa80`02282ee8 fffffa80`02282ed0 00000000`00000000 00000000`00000000 : 0xfffffa80`046a5330
fffffa60`019ab958 fffffa80`02282ee8 : fffffa80`02282ed0 00000000`00000000 00000000`00000000 fffffa80`022ed600 : 0xfffffa80`02282ec0
fffffa60`019ab960 fffffa80`02282ed0 : 00000000`00000000 00000000`00000000 fffffa80`022ed600 00000000`00000001 : 0xfffffa80`02282ee8
fffffa60`019ab968 00000000`00000000 : 00000000`00000000 fffffa80`022ed600 00000000`00000001 fffff800`01cac00b : 0xfffffa80`02282ed0
fffffa60`019ab970 00000000`00000000 : fffffa80`022ed600 00000000`00000001 fffff800`01cac00b 00000000`00000001 : 0x0
fffffa60`019ab978 fffffa80`022ed600 : 00000000`00000001 fffff800`01cac00b 00000000`00000001 fffffa80`0214eba0 : 0x0
fffffa60`019ab980 00000000`00000001 : fffff800`01cac00b 00000000`00000001 fffffa80`0214eba0 fffffa80`046a9600 : 0xfffffa80`022ed600
fffffa60`019ab988 fffff800`01cac00b : 00000000`00000001 fffffa80`0214eba0 fffffa80`046a9600 fffffa80`02282ec0 : 0x1
fffffa60`019ab990 00000000`00000001 : fffffa80`0214eba0 fffffa80`046a9600 fffffa80`02282ec0 fffffa80`0214eb80 : nt+0x5400b
fffffa60`019ab998 fffffa80`0214eba0 : fffffa80`046a9600 fffffa80`02282ec0 fffffa80`0214eb80 00001f80`01010001 : 0x1
fffffa60`019ab9a0 fffffa80`046a9600 : fffffa80`02282ec0 fffffa80`0214eb80 00001f80`01010001 00000000`00000000 : 0xfffffa80`0214eba0
fffffa60`019ab9a8 fffffa80`02282ec0 : fffffa80`0214eb80 00001f80`01010001 00000000`00000000 00000000`00000000 : 0xfffffa80`046a9600
fffffa60`019ab9b0 fffffa80`0214eb80 : 00001f80`01010001 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`02282ec0
fffffa60`019ab9b8 00001f80`01010001 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0255d990 : 0xfffffa80`0214eb80
fffffa60`019ab9c0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0255d990 500045da`b4000000 : 0x1f80`01010001
fffffa60`019ab9c8 00000000`00000000 : 00000000`00000000 fffffa80`0255d990 500045da`b4000000 500045da`b5260048 : 0x0
fffffa60`019ab9d0 00000000`00000000 : fffffa80`0255d990 500045da`b4000000 500045da`b5260048 fffffa60`019abb78 : 0x0


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_NAME: MachineOwner

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
0

Anzeige



#2 Mitglied ist offline   Thomynator 

  • Gruppe: aktive Mitglieder
  • Beiträge: 2.484
  • Beigetreten: 20. Februar 08
  • Reputation: 36
  • Geschlecht:Männlich
  • Wohnort:Traunreut

geschrieben 17. Juni 2008 - 18:25

Beitrag anzeigenZitat (DKStone: 17.06.2008, 18:12)

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


da hast du die Antwort.

Hast sie dir quasi schon selbst gegeben.

Du hast di falschen Symbole für dein Windwos heruntergeladen. deshalb kannst dua cuh ncihts auslesen.

Anleitung, das isn How-To und da steht auch noch mal der korrekte File Path drin:

Zitat

SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols


MfG

Tommy
0

#3 Mitglied ist offline   DKStone 

  • Gruppe: aktive Mitglieder
  • Beiträge: 243
  • Beigetreten: 03. Oktober 06
  • Reputation: 2

geschrieben 17. Juni 2008 - 22:28

Vielen Dank für den Hinweis hatte ich ganz übersehen!!


Anbei nochmal die jetzige Auswertung zum Thema:

Microsoft ® Windows Debugger Version 6.4.0007.2
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Dominik Kraffner\Desktop\Minidump\Mini061708-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Longhorn Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18000.amd64fre.longhorn_rtm.080118-1840
Kernel base = 0xfffff800`01c58000 PsLoadedModuleList = 0xfffff800`01e1ddb0
Debug session time: Tue Jun 17 17:12:22.298 2008 (GMT+2)
System Uptime: 0 days 0:03:02.099
Loading Kernel Symbols
..................................................
...................................................
...................................................
....
Loading unloaded module list
.....
Loading User Symbols
**************************************************
*****************************
* *
* Bugcheck Analysis *
* *
**************************************************
*****************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 1, fffff80001cc6195}

Probably caused by : ntkrnlmp.exe ( nt!CcDeleteMbcb+e9 )

Followup: MachineOwner
---------

0: kd> !analyze -v
**************************************************
*****************************
* *
* Bugcheck Analysis *
* *
**************************************************
*****************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80001cc6195, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: unable to get MiSystemVaType - probably bad symbols
0000000000000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!CcDeleteMbcb+e9
fffff800`01cc6195 488908 mov [rax],rcx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from fffff80001cad12e to fffff80001cad390

STACK_TEXT:
fffffa60`019ab848 fffff800`01cad12e : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffffa60`019ab850 fffff800`01cac00b : 00000000`00000001 fffffa80`0214eba0 fffffa80`046a9600 fffffa80`02282ec0 : nt!KiBugCheckDispatch+0x6e
fffffa60`019ab990 fffff800`01cc6195 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x20b
fffffa60`019abb20 fffff800`01cc5e12 : 00000000`0000000f 00000000`00000000 fffffa80`022ed600 fffffa80`0255d870 : nt!CcDeleteMbcb+0xe9
fffffa60`019abb80 fffff800`01cc688b : fffffa80`0255d870 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CcDeleteSharedCacheMap+0x272
fffffa60`019abbe0 fffff800`01cc6fab : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`08276900 : nt!CcWriteBehind+0x5eb
fffffa60`019abc70 fffff800`01cba066 : fffffa80`0189ef70 fffff800`01e568a0 fffffa80`01f7b1d0 fffffa80`00000001 : nt!CcWorkerThread+0x17b
fffffa60`019abcf0 fffff800`01ed0de3 : fffffa80`0189ef70 00000000`00000000 fffffa80`01898290 00000000`00000080 : nt!ExpWorkerThread+0x11a
fffffa60`019abd50 fffff800`01ce7536 : fffffa60`005ec180 fffffa80`01898290 fffffa60`005f5d40 00000000`00000001 : nt!PspSystemThreadStartup+0x57
fffffa60`019abd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


FOLLOWUP_IP:
nt!CcDeleteMbcb+e9
fffff800`01cc6195 488908 mov [rax],rcx

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!CcDeleteMbcb+e9

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 479192b7

STACK_COMMAND: kb

FAILURE_BUCKET_ID: X64_0xA_W_nt!CcDeleteMbcb+e9

BUCKET_ID: X64_0xA_W_nt!CcDeleteMbcb+e9

Followup: MachineOwner
---------
0

#4 Mitglied ist offline   Thomynator 

  • Gruppe: aktive Mitglieder
  • Beiträge: 2.484
  • Beigetreten: 20. Februar 08
  • Reputation: 36
  • Geschlecht:Männlich
  • Wohnort:Traunreut

geschrieben 18. Juni 2008 - 15:38

Kein Problem helfe gerne :wink:

MfG

Tommy

Dieser Beitrag wurde von Thomynator bearbeitet: 18. Juni 2008 - 15:38

0

Thema verteilen:


Seite 1 von 1

1 Besucher lesen dieses Thema
Mitglieder: 0, Gäste: 1, unsichtbare Mitglieder: 0