Bluescreens - Hjälp med att läsa minidump filer
Hej!
Det är så att min kompis får bluescreens ibland. Har läst lite tutorials om det och fått reda på att man kan läsa dom med winDbg.exe som ingår i windows sdk. så jag öppnade en dumpfil med programet och läste igenom lite och kom fram till att det var något fel med ntfs.sys. Men har inte så jättebra koll på det så jag undrar om någon annan med koll kan se vad problemet är.
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\073011-18642-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02c4a000 PsLoadedModuleList = 0xfffff800`02e8f650
Debug session time: Fri Jul 29 19:48:51.252 2011 (UTC + 2:00)
System Uptime: 0 days 6:02:47.470
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff8800adf3ff8, fffff8800adf3850, fffff80002cf5df3}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonWrite+3390 )
Followup: MachineOwner
---------
Processing initial command '!analyze -v'
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800adf3ff8
Arg3: fffff8800adf3850
Arg4: fffff80002cf5df3
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800adf3ff8 -- (.exr 0xfffff8800adf3ff8)
ExceptionAddress: fffff80002cf5df3 (nt!MmCopyToCachedPage+0x0000000000000223)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800adf3850 -- (.cxr 0xfffff8800adf3850)
rax=6000fffffa800a58 rbx=0000000000000000 rcx=0000000fffffffff
rdx=fffff80002c4a000 rsi=ffffffffffffffff rdi=fffffa800a5817e2
rip=fffff80002cf5df3 rsp=fffff8800adf4230 rbp=fffff8800adf4280
r8=0000098000000000 r9=0000000001dc8040 r10=0000058000000000
r11=fffff8800adf41b8 r12=fffff6fcc0114fc0 r13=0000000000000000
r14=0000000000001000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!MmCopyToCachedPage+0x223:
fffff800`02cf5df3 8b7838 mov edi,dword ptr [rax+38h] ds:002b:6000ffff`fa800a90=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: rundll32.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p 0x%08lx refererade till minnet p 0x%08lx. Det gick inte att utf ra en minnes tg rd. F ljande fel returnerades: The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p 0x%08lx refererade till minnet p 0x%08lx. Det gick inte att utf ra en minnes tg rd. F ljande fel returnerades: The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ef9100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsCommonWrite+3390
fffff880`01260bf6 84c0 test al,al
FAULTING_IP:
nt!MmCopyToCachedPage+223
fffff800`02cf5df3 8b7838 mov edi,dword ptr [rax+38h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff80002cf2e9e to fffff80002cf5df3
STACK_TEXT:
fffff880`0adf4230 fffff800`02cf2e9e : fffff980`229f8000 00000000`01dc8040 fffff880`00000000 00000000`00001000 : nt!MmCopyToCachedPage+0x223
fffff880`0adf4420 fffff800`02cf3454 : fffffa80`0a185e00 00000000`01dc8040 fffff880`0adf4560 00000000`00000000 : nt!CcMapAndCopyInToCache+0x20e
fffff880`0adf4510 fffff880`01260bf6 : 00000000`00000000 fffff880`0adf4780 fffffa80`09cf3b20 00000000`00000000 : nt!CcCopyWrite+0x194
fffff880`0adf45a0 fffff880`012611a3 : fffffa80`09cf3b20 fffffa80`0727a8b0 fffff880`0adf4701 fffff880`0adf4700 : Ntfs!NtfsCommonWrite+0x3390
fffff880`0adf4750 fffff880`011aabcf : fffffa80`0727ac08 fffffa80`0727a8b0 fffffa80`0732f010 00000000`00000001 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`0adf4810 fffff880`011a96df : fffffa80`08114de0 00000000`00000001 fffffa80`08114d00 fffffa80`0727a8b0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0adf48a0 fffff800`02fd18ab : 00000000`00000001 fffffa80`0a5e01e0 00000000`00000001 fffffa80`0727a8b0 : fltmgr!FltpDispatch+0xcf
fffff880`0adf4900 fffff800`02fdc313 : fffffa80`0727ac50 fffffa80`0996e4d0 fffffa80`0a5e01e0 fffff880`03165180 : nt!IopSynchronousServiceTail+0xfb
fffff880`0adf4970 fffff800`02cc8f93 : 00000000`000b0001 00000000`000001f8 00000000`00000000 00000000`003b2c98 : nt!NtWriteFile+0x7e2
fffff880`0adf4a70 00000000`76f1139a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0024dc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f1139a
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: Ntfs!NtfsCommonWrite+3390
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff8800adf3850 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonWrite+3390
BUCKET_ID: X64_0x24_Ntfs!NtfsCommonWrite+3390
Followup: MachineOwner
---------
2: kd> lmvm Ntfs
start end module name
fffff880`0124a000 fffff880`013ed000 Ntfs (pdb symbols) C:\Program\Debugging Tools for Windows (x64)\sym\ntfs.pdb\D51347AE03CB4523A2844EA865BA0BE92\ntfs.pdb
Loaded symbol image file: Ntfs.sys
Mapped memory image file: C:\Program\Debugging Tools for Windows (x64)\sym\Ntfs.sys\4D79997B1a3000\Ntfs.sys
Image path: Ntfs.sys
Image name: Ntfs.sys
Timestamp: Fri Mar 11 04:39:39 2011 (4D79997B)
CheckSum: 0019968A
ImageSize: 001A3000
File version: 6.1.7601.17577
Product version: 6.1.7601.17577
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 6.1.7601.17577
FileVersion: 6.1.7601.17577 (win7sp1_gdr.110310-1504)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
Lian Li PC-B25FB | Gigabyte P67A-D3-B3 | i5 2500k @ 4.3GHz | Vengeance 8GB | Asus 970 Strix DirectCu II | Corsair AX 750W | Crucial m4 64GB | DarkRock Pro C1 | O2+ODAC portable mod | Beyerdynamic DT 880 Pro 600Ω