Hilfe
Neues Thema
Antworten
ich hoffe, ihr könnt mir weiterhelfen. Ich habe hier eine Laptop, bei dem ich einen Bluescreen erhalte. Ich habe den minidump schon ausgelsen und es sieht nach einem Treiberproblem aus. Leider komme ich nicht weiter. Den Rechner kann ich nur im abgesicherten Modus starten. Zurück setzen habe ich schon versucht, allerdings lag der letzte Punkt nur 3 Tage zurück. Anbei die Auswertung des Dump:
Microsoft ® Windows Debugger Version 6.4.0007.2
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Mini010101-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Longhorn Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x8201b000 PsLoadedModuleList = 0x82132c70
Debug session time: Mon Jan 1 04:42:42.567 2001 (GMT+1)
System Uptime: 0 days 0:04:34.588
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
......................................................................................................................................................
Loading unloaded module list
....
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {b306dff0, 0, 82762be4, 2}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Unable to load image \SystemRoot\system32\drivers\fltmgr.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for fltmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
Probably caused by : MpFilter.sys ( MpFilter+23be4 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: b306dff0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 82762be4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
FAULTING_MODULE: 8201b000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5632f79c
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
unable to get nt!MiSessionPoolStart
unable to get nt!MiSessionPoolEnd
b306dff0
FAULTING_IP:
MpFilter+23be4
82762be4 ?? ?
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
LAST_CONTROL_TRANSFER: from 82068d74 to 820b326e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
9e3fe904 82068d74 00000000 b306dff0 00000000 nt+0x9826e
9e3fe91c 82762be4 badb0d00 9e3fe9a0 85275898 nt+0x4dd74
9e3fe9b8 8275f8cf 9e3feac0 9e3feb1c 853579e0 MpFilter+0x23be4
9e3fe9d0 8274e05c 7e1be425 9c8c34b8 85571450 MpFilter+0x208cf
9e3feb1c 827041ad 8556f534 00000020 00000020 MpFilter+0xf05c
9e3feb68 8271921a 81d17028 0269d8d0 00000020 fltmgr+0x71ad
9e3feb9c 8271962b 81d17000 85255800 0269d8d0 fltmgr+0x1c21a
9e3febe0 82702cd5 8553c998 852558a0 81d17028 fltmgr+0x1c62b
9e3fec0c 8205f99a 8553c998 852558a0 852558a0 fltmgr+0x5cd5
9e3fec24 82262301 00000000 852558a0 85255910 nt+0x4499a
9e3fec44 82262c14 8553c998 81d17028 0269d800 nt+0x247301
9e3fed00 82263cde 00000240 00000004 00000000 nt+0x247c14
9e3fed34 82065c26 00000240 00000000 00000000 nt+0x248cde
9e3fed64 77a05dd4 badb0d00 0269d714 00000000 nt+0x4ac26
0269d770 00000000 00000000 00000000 00000000 0x77a05dd4
FOLLOWUP_IP:
MpFilter+23be4
82762be4 ?? ?
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: MpFilter+23be4
MODULE_NAME: MpFilter
IMAGE_NAME: MpFilter.sys
STACK_COMMAND: kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Hat jemand eine Idee, wie ich vorgehen könnte? Vielen Dank!
Nach oben
