Minidumps available !

[Guest Skybuck Flying]

Hello,

 

Windows XP Professional x64 Edition has crashed many times the last year and

two months.

 

I have made available 27 minidumps that were made during the crashes !

 

Not all minidumps might be complete, sometimes I resetted the system because

I didn't want to wait, so some minidumps might be truncated.

 

Also the Win 64 Debugger doesn't show that much information but some command

line tool did show much more information... which can be seen in the two

output.txt samples. (Can't remember which command line tool it was, maybe

output.txt has hints ! ;) )

 

I have uploaded these minidumps to my webdrive for you to download in case

you want to improve WinXPx64Pro !

 

Hope this helps ! (I also hope no passwords are in there or something like

that LOL ! ;) gjez)

 

Webdrive is located at:

 

http://members.home.nl/hbthouppermans/

 

Specifically:

 

http://members.home.nl/hbthouppermans/WinXPx64ProMinidumps/

 

I hope you have some fun with them !

 

I will inspect the latest myself:

 

27 august 2007.

 

I was debugging, developing with Delphi 2007 with themed support enabled and

then first system hang and the second time system crashed !

 

Nasty ! (win32k.sys bug ?)

 

Bye,

Skybuck.

[Guest Skybuck Flying]

Short Crash Analysis...

 

Short Crash Analysis...

 

I am definetly no expert...

 

Seems like something did a try except where that is not allowed, also seems

resource related ????:

 

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is:

SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free

x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 3790.srv03_sp2_rtm.070216-1710

Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100

Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)

System Uptime: 0 days 0:27:21.571

Loading Kernel Symbols

............................................................................................................................................

Loading User Symbols

Loading unloaded module list

...................................................

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}

 

 

Could not read faulting driver name

Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by

try-except,

it must be protected by a Probe. Typically the address is just plain bad or

it

is pointing at freed memory.

Arguments:

Arg1: fffffa8804c21090, memory referenced.

Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.

Arg3: fffff97fff0a7742, If non-zero, the instruction address which

referenced the bad memory

address.

Arg4: 0000000000000005, (reserved)

 

Debugging Details:

------------------

 

 

Could not read faulting driver name

 

READ_ADDRESS: fffffa8804c21090

 

FAULTING_IP:

win32k!HmgAllocateDcAttr+1b6

fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

 

MM_INTERNAL_CODE: 5

 

CUSTOMER_CRASH_COUNT: 1

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

BUGCHECK_STR: 0x50

 

PROCESS_NAME: bds.exe

 

CURRENT_IRQL: 0

 

TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed.

rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080

rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e

rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0

r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d

r11=00000000000007ff r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei ng nz ac po nc

win32k!HmgAllocateDcAttr+0x1b6:

fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

ds:fffffa88`04c21090=????????????????

Resetting default scope

 

LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950

 

STACK_TEXT:

fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050 fffffa88`04c21090

00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx

fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0 00000000`00000009

00000000`00000000 fffffa80`05009b50 : nt!MmAccessFault+0x395

fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000 fffff97f`ff0ce249

fffffa80`0445f780 fffffadf`c478ecf0 : nt!KiPageFault+0x119

fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888 00000000`00000000

00000000`1e011591 fffffa80`051f6280 : win32k!HmgAllocateDcAttr+0x1b6

fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280 fffffa80`051f6280

fffffadf`cba85cd0 fffffa80`0133b000 : win32k!GreSetupDCAttributes+0x34

fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010 fffff97f`ff0ced20

00000000`00000000 00000000`7efdb000 : win32k!GreCreateDisplayDC+0x1c4

fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6 fffff97f`ff0ced20

00000000`7d814cc6 00000000`7d814c30 : win32k!GreCreateCompatibleDC+0x77

fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000 00000000`00000000

00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3

00000000`0012edf8 00000000`00000000 : 00000000`00000000 00000000`00000000

00000000`00000000 00000000`00000000 : 0x78b842d9

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

win32k!HmgAllocateDcAttr+1b6

fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

 

SYMBOL_STACK_INDEX: 3

 

SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: win32k

 

IMAGE_NAME: win32k.sys

 

DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

 

FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

 

BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

 

Followup: MachineOwner

---------

 

Bye,

Skybuck.

 

P.S.: I followed instructions on this link to setup WinDBG properly for

symbol support ;)

 

http://forums.majorgeeks.com/showthread.php?t=35246

 

Simply add something like:

 

SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

 

to symbol path.

 

Then symbols will be downloaded...

 

(I set mine to C:\Tools\WinDBG\WebSymbols :) )

[Guest Skybuck Flying]

Re: Minidumps available !

 

Make that 28 !

 

System just crashed again while using internet explorer and surfing to the

weblog of the guy that wrote the themed delphi stuff ?!

 

The irony ?! Coincendence ?! or this guy one serious bug !? :) Me think

coincedence ! ;)

 

Latest crash analysis:

 

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\Minidump\Mini082707-02.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is:

SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free

x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 3790.srv03_sp2_rtm.070216-1710

Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100

Debug session time: Mon Aug 27 17:39:39.484 2007 (GMT+2)

System Uptime: 0 days 2:21:02.411

Loading Kernel Symbols

............................................................................................................................................

Loading User Symbols

Loading unloaded module list

...................................................

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 1000007E, {ffffffffc0000005, fffff80001011ebd, fffffadfc9086a90,

fffffadfc90864a0}

 

Probably caused by : ntkrnlmp.exe ( nt!CmpDelayCloseWorker+494 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff80001011ebd, The address that the exception occurred at

Arg3: fffffadfc9086a90, Exception Record Address

Arg4: fffffadfc90864a0, Context Record Address

 

Debugging Details:

------------------

 

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"

referenced memory at "0x%08lx". The memory could not be "%s".

 

FAULTING_IP:

nt!CmpDelayCloseWorker+494

fffff800`01011ebd 488b4008 mov rax,qword ptr [rax+8]

 

EXCEPTION_RECORD: fffffadfc9086a90 -- (.exr fffffadfc9086a90)

ExceptionAddress: fffff80001011ebd

(nt!CmpDelayCloseWorker+0x0000000000000494)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: 0000000000000008

Attempt to read from address 0000000000000008

 

CONTEXT: fffffadfc90864a0 -- (.cxr fffffadfc90864a0)

rax=0000000000000000 rbx=fffffa8003281c68 rcx=000000000000132f

rdx=0000000000000008 rsi=00000000ffffffff rdi=fffffa80028bd588

rip=fffff80001011ebd rsp=fffffadfc9086cb0 rbp=fffffa800412b920

r8=00000000da81d47a r9=fffffa80028bd590 r10=0000000000000000

r11=00000000000007ff r12=000000000000132f r13=00000000000001c1

r14=0000000000000000 r15=0000000000000001

iopl=0 nv up ei pl nz na pe cy

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b

efl=00010203

nt!CmpDelayCloseWorker+0x494:

fffff800`01011ebd 488b4008 mov rax,qword ptr [rax+8]

ds:002b:00000000`00000008=0000000000000000

Resetting default scope

 

CUSTOMER_CRASH_COUNT: 2

 

CURRENT_IRQL: 0

 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced

memory at "0x%08lx". The memory could not be "%s".

 

READ_ADDRESS: 0000000000000008

 

BUGCHECK_STR: 0x7E

 

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

 

EXCEPTION_STR: 0x0

 

LAST_CONTROL_TRANSFER: from fffff8000103768a to fffff80001011ebd

 

STACK_TEXT:

fffffadf`c9086cb0 fffff800`0103768a : 00000000`00000000 fffff800`011defe0

fffff800`01012070 fffffadf`cecd3bf0 : nt!CmpDelayCloseWorker+0x494

fffffadf`c9086d00 fffff800`0124b972 : fffffadf`cecd3bf0 00000000`00000080

fffffadf`cecd3bf0 fffffadf`c8c83680 : nt!ExpWorkerThread+0x13b

fffffadf`c9086d70 fffff800`010202d6 : fffffadf`c8c7b180 fffffadf`cecd3bf0

fffffadf`c8c83680 fffff800`011b5dc0 : nt!PspSystemThreadStartup+0x3e

fffffadf`c9086dd0 00000000`00000000 : 00000000`00000000 00000000`00000000

00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16

 

 

FOLLOWUP_IP:

nt!CmpDelayCloseWorker+494

fffff800`01011ebd 488b4008 mov rax,qword ptr [rax+8]

 

SYMBOL_STACK_INDEX: 0

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: nt

 

IMAGE_NAME: ntkrnlmp.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69ab4

 

SYMBOL_NAME: nt!CmpDelayCloseWorker+494

 

STACK_COMMAND: .cxr 0xfffffadfc90864a0 ; kb

 

FAILURE_BUCKET_ID: X64_0x7E_nt!CmpDelayCloseWorker+494

 

BUCKET_ID: X64_0x7E_nt!CmpDelayCloseWorker+494

 

Followup: MachineOwner

---------

 

1: kd> ml

*** WARNING: Unable to verify timestamp for nv4_disp.dll

*** ERROR: Module load completed but symbols could not be loaded for

nv4_disp.dll

*** WARNING: Unable to verify timestamp for CTEDSPSY.DLL

*** ERROR: Module load completed but symbols could not be loaded for

CTEDSPSY.DLL

*** WARNING: Unable to verify timestamp for dump_nvata64.sys

*** ERROR: Module load completed but symbols could not be loaded for

dump_nvata64.sys

*** WARNING: Unable to verify timestamp for vmm.sys

*** ERROR: Module load completed but symbols could not be loaded for vmm.sys

*** WARNING: Unable to verify timestamp for kl1.sys

*** ERROR: Module load completed but symbols could not be loaded for kl1.sys

*** WARNING: Unable to verify timestamp for klif.sys

*** ERROR: Module load completed but symbols could not be loaded for

klif.sys

*** WARNING: Unable to verify timestamp for CTEXFIFX.DLL

*** ERROR: Module load completed but symbols could not be loaded for

CTEXFIFX.DLL

*** WARNING: Unable to verify timestamp for CT20XUT.DLL

*** ERROR: Module load completed but symbols could not be loaded for

CT20XUT.DLL

*** WARNING: Unable to verify timestamp for ctac32k.sys

*** ERROR: Module load completed but symbols could not be loaded for

ctac32k.sys

*** WARNING: Unable to verify timestamp for ctsfm2k.sys

*** ERROR: Module load completed but symbols could not be loaded for

ctsfm2k.sys

*** WARNING: Unable to verify timestamp for emupia2k.sys

*** ERROR: Module load completed but symbols could not be loaded for

emupia2k.sys

*** WARNING: Unable to verify timestamp for ha20x2k.sys

*** ERROR: Module load completed but symbols could not be loaded for

ha20x2k.sys

*** WARNING: Unable to verify timestamp for AmdTools64.sys

*** ERROR: Module load completed but symbols could not be loaded for

AmdTools64.sys

*** WARNING: Unable to verify timestamp for usbccgp.sys

*** ERROR: Module load completed but symbols could not be loaded for

usbccgp.sys

*** WARNING: Unable to verify timestamp for dtscsi.sys

*** ERROR: Module load completed but symbols could not be loaded for

dtscsi.sys

*** WARNING: Unable to verify timestamp for NVSNPU.SYS

*** ERROR: Module load completed but symbols could not be loaded for

NVSNPU.SYS

*** WARNING: Unable to verify timestamp for NVNRM.SYS

*** ERROR: Module load completed but symbols could not be loaded for

NVNRM.SYS

*** WARNING: Unable to verify timestamp for ctoss2k.sys

*** ERROR: Module load completed but symbols could not be loaded for

ctoss2k.sys

*** WARNING: Unable to verify timestamp for ctaud2k.sys

*** ERROR: Module load completed but symbols could not be loaded for

ctaud2k.sys

*** WARNING: Unable to verify timestamp for nv4_mini.sys

*** ERROR: Module load completed but symbols could not be loaded for

nv4_mini.sys

*** WARNING: Unable to verify timestamp for yk51x64.sys

*** ERROR: Module load completed but symbols could not be loaded for

yk51x64.sys

*** WARNING: Unable to verify timestamp for speedfan.sys

*** ERROR: Module load completed but symbols could not be loaded for

speedfan.sys

*** WARNING: Unable to verify timestamp for nvata64.sys

*** ERROR: Module load completed but symbols could not be loaded for

nvata64.sys

*** WARNING: Unable to verify timestamp for SI3132.sys

*** ERROR: Module load completed but symbols could not be loaded for

SI3132.sys

*** WARNING: Unable to verify timestamp for Si3132r5.sys

*** ERROR: Module load completed but symbols could not be loaded for

Si3132r5.sys

*** WARNING: Unable to verify timestamp for SPTD2221.SYS

*** ERROR: Module load completed but symbols could not be loaded for

SPTD2221.SYS

*** WARNING: Unable to verify timestamp for sptd.sys

*** ERROR: Module load completed but symbols could not be loaded for

sptd.sys

*** WARNING: Unable to verify timestamp for amdk8.sys

*** ERROR: Module load completed but symbols could not be loaded for

amdk8.sys

*** WARNING: Unable to verify timestamp for LHidFilt.Sys

*** ERROR: Module load completed but symbols could not be loaded for

LHidFilt.Sys

*** WARNING: Unable to verify timestamp for LMouFilt.Sys

*** ERROR: Module load completed but symbols could not be loaded for

LMouFilt.Sys

*** WARNING: Unable to verify timestamp for SiWinAcc.sys

*** ERROR: Module load completed but symbols could not be loaded for

SiWinAcc.sys

*** WARNING: Unable to verify timestamp for ptilink.sys

*** ERROR: Module load completed but symbols could not be loaded for

ptilink.sys

*** WARNING: Unable to verify timestamp for NVENETFD.sys

*** ERROR: Module load completed but symbols could not be loaded for

NVENETFD.sys

*** WARNING: Unable to verify timestamp for nvnetbus.sys

*** ERROR: Module load completed but symbols could not be loaded for

nvnetbus.sys

*** WARNING: Unable to verify timestamp for klim5.sys

*** ERROR: Module load completed but symbols could not be loaded for

klim5.sys

*** WARNING: Unable to verify timestamp for SiRemFil.sys

*** ERROR: Module load completed but symbols could not be loaded for

SiRemFil.sys

*** WARNING: Unable to verify timestamp for CdaC15BA.sys

*** ERROR: Module load completed but symbols could not be loaded for

CdaC15BA.sys

*** WARNING: Unable to verify timestamp for secdrv.sys

*** ERROR: Module load completed but symbols could not be loaded for

secdrv.sys

*** WARNING: Unable to verify timestamp for CdaD10BA.sys

*** ERROR: Module load completed but symbols could not be loaded for

CdaD10BA.sys

*** WARNING: Unable to verify timestamp for ctprxy2k.sys

*** ERROR: Module load completed but symbols could not be loaded for

ctprxy2k.sys

*** WARNING: Unable to verify timestamp for ASACPI.sys

*** ERROR: Module load completed but symbols could not be loaded for

ASACPI.sys

*** WARNING: Unable to verify timestamp for FileDisk.SYS

*** ERROR: Module load completed but symbols could not be loaded for

FileDisk.SYS

*** WARNING: Unable to verify timestamp for AmdAcpi.sys

*** ERROR: Module load completed but symbols could not be loaded for

AmdAcpi.sys

*** WARNING: Unable to verify timestamp for PxHlpa64.sys

*** ERROR: Module load completed but symbols could not be loaded for

PxHlpa64.sys

*** WARNING: Unable to verify timestamp for AsIO.sys

*** ERROR: Module load completed but symbols could not be loaded for

AsIO.sys

*** WARNING: Unable to verify timestamp for LtcyCfgWDM.sys

*** ERROR: Module load completed but symbols could not be loaded for

LtcyCfgWDM.sys

Couldn't resolve error at 'l'

1: kd> lm nt

start end module name

fffff800`00800000 fffff800`0085e000 hal hal.dll Sat Feb 17

06:28:59 2007 (45D6929B)

fffff800`01000000 fffff800`01490000 nt ntkrnlmp.exe Sat Feb 17

07:03:32 2007 (45D69AB4)

fffff97f`ff000000 fffff97f`ff460000 win32k win32k.sys Thu Mar 01

16:36:48 2007 (45E6F310)

fffff97f`ff460000 fffff97f`ff488000 dxg dxg.sys Sat Feb 17

06:43:08 2007 (45D695EC)

fffff97f`ff488000 fffff97f`ffabe900 nv4_disp nv4_disp.dll Sun Oct 22

23:36:40 2006 (453BE468)

fffffadf`bf535000 fffffadf`bf56d000 kmixer kmixer.sys Fri Mar 25

01:43:18 2005 (42435EA6)

fffffadf`c34f5000 fffffadf`c3552000 CTEDSPSY CTEDSPSY.DLL Thu Aug 17

06:18:36 2006 (44E3EE1C)

fffffadf`c4a84000 fffffadf`c4ac5000 Fastfat Fastfat.SYS Sat Feb 17

06:29:41 2007 (45D692C5)

fffffadf`c4cda000 fffffadf`c4d05000 sysaudio sysaudio.sys Sat Feb 17

06:59:44 2007 (45D699D0)

fffffadf`c4d05000 fffffadf`c4d39000 wdmaud wdmaud.sys Sat Feb 17

07:00:21 2007 (45D699F5)

fffffadf`c6469000 fffffadf`c6496000 dump_nvata64 dump_nvata64.sys Tue Apr

25 02:59:58 2006 (444D748E)

fffffadf`c6526000 fffffadf`c652f000 dump_WMILIB dump_WMILIB.SYS Fri Mar 25

01:43:56 2005 (42435ECC)

fffffadf`c6536000 fffffadf`c6555000 Udfs Udfs.SYS Sat Feb 17

06:29:46 2007 (45D692CA)

fffffadf`c6555000 fffffadf`c6576000 Cdfs Cdfs.SYS Sat Feb 17

06:59:37 2007 (45D699C9)

fffffadf`c668e000 fffffadf`c675b000 mrxsmb mrxsmb.sys Sat Feb 17

07:01:41 2007 (45D69A45)

fffffadf`c675b000 fffffadf`c67ac000 rdbss rdbss.sys Sat Feb 17

07:02:30 2007 (45D69A76)

fffffadf`c67ac000 fffffadf`c67f9000 vmm vmm.sys Sun Feb 18

09:11:21 2007 (45D80A29)

fffffadf`c67f9000 fffffadf`c68cf000 Wdf01000 Wdf01000.sys Thu Nov 02

10:43:35 2006 (4549BDC7)

fffffadf`c68cf000 fffffadf`c691c000 afd afd.sys Sat Feb 17

06:59:33 2007 (45D699C5)

fffffadf`c691c000 fffffadf`c6976000 netbt netbt.sys Sat Feb 17

07:00:23 2007 (45D699F7)

fffffadf`c69bc000 fffffadf`c69d1000 HIDCLASS HIDCLASS.SYS Fri Mar 25

01:43:28 2005 (42435EB0)

fffffadf`c69d1000 fffffadf`c69f7000 kl1 kl1.sys Sat Mar 03

18:38:14 2007 (45E9B286)

fffffadf`c69f7000 fffffadf`c6aec000 tcpip tcpip.sys Sat Feb 17

06:58:59 2007 (45D699A3)

fffffadf`c6aec000 fffffadf`c6b17000 ipsec ipsec.sys Sat Feb 17

07:01:35 2007 (45D69A3F)

fffffadf`c6b17000 fffffadf`c6b2b000 Npfs Npfs.SYS Sat Feb 17

06:29:55 2007 (45D692D3)

fffffadf`c6beb000 fffffadf`c6c15000 klif klif.sys Mon Jan 29

13:59:26 2007 (45BDEFAE)

fffffadf`c6c15000 fffffadf`c6d78000 CTEXFIFX CTEXFIFX.DLL Thu Aug 17

06:19:01 2006 (44E3EE35)

fffffadf`c6d78000 fffffadf`c6db9000 CT20XUT CT20XUT.DLL Thu Aug 17

06:19:03 2006 (44E3EE37)

fffffadf`c6ddb000 fffffadf`c6e89000 ctac32k ctac32k.sys Thu Aug 17

06:15:29 2006 (44E3ED61)

fffffadf`c6e89000 fffffadf`c6ed3000 ctsfm2k ctsfm2k.sys Thu Aug 17

06:15:45 2006 (44E3ED71)

fffffadf`c6ed3000 fffffadf`c6f23000 emupia2k emupia2k.sys Thu Aug 17

06:15:40 2006 (44E3ED6C)

fffffadf`c6f23000 fffffadf`c7116000 ha20x2k ha20x2k.sys Thu Aug 17

06:17:10 2006 (44E3EDC6)

fffffadf`c7216000 fffffadf`c7236000 usbhub usbhub.sys Sat Feb 17

06:52:07 2007 (45D69807)

fffffadf`c737c000 fffffadf`c7390000 NDProxy NDProxy.SYS Sat Feb 17

06:31:37 2007 (45D69339)

fffffadf`c7390000 fffffadf`c73a5000 AmdTools64 AmdTools64.sys Tue Jun 27

21:24:21 2006 (44A185E5)

fffffadf`c73a5000 fffffadf`c73c0000 update update.sys Sat Feb 17

06:46:26 2007 (45D696B2)

fffffadf`c73c0000 fffffadf`c73d6000 termdd termdd.sys Sat Feb 17

06:33:42 2007 (45D693B6)

fffffadf`c73d6000 fffffadf`c742d000 rdpdr rdpdr.sys Sat Feb 17

06:30:39 2007 (45D692FF)

fffffadf`c743d000 fffffadf`c7449000 kbdhid kbdhid.sys Sat Feb 17

06:46:30 2007 (45D696B6)

fffffadf`c744d000 fffffadf`c7457000 mouhid mouhid.sys Fri Mar 25

01:38:12 2005 (42435D74)

fffffadf`c745d000 fffffadf`c746b000 WDFLDR WDFLDR.SYS Thu Nov 02

10:42:06 2006 (4549BD6E)

fffffadf`c748d000 fffffadf`c7497000 hidusb hidusb.sys Fri Mar 25

01:43:29 2005 (42435EB1)

fffffadf`c74ad000 fffffadf`c74b7700 usbccgp usbccgp.sys Sat Feb 17

06:52:10 2007 (45D6980A)

fffffadf`c74bd000 fffffadf`c74c7000 rasacd rasacd.sys Fri Mar 25

01:44:16 2005 (42435EE0)

fffffadf`c74cd000 fffffadf`c74e3000 msgpc msgpc.sys Sat Feb 17

06:31:07 2007 (45D6931B)

fffffadf`c74e3000 fffffadf`c7503000 psched psched.sys Sat Feb 17

06:31:10 2007 (45D6931E)

fffffadf`c7503000 fffffadf`c7526000 raspptp raspptp.sys Sat Feb 17

07:01:23 2007 (45D69A33)

fffffadf`c7526000 fffffadf`c753a000 raspppoe raspppoe.sys Sat Feb 17

06:31:42 2007 (45D6933E)

fffffadf`c753a000 fffffadf`c7566000 ndiswan ndiswan.sys Sat Feb 17

07:01:23 2007 (45D69A33)

fffffadf`c7566000 fffffadf`c758c000 rasl2tp rasl2tp.sys Sat Feb 17

07:00:35 2007 (45D69A03)

fffffadf`c758c000 fffffadf`c75e3000 dtscsi dtscsi.sys Sat Dec 10

16:06:04 2005 (439AEEDC)

fffffadf`c75e3000 fffffadf`c7630000 NVSNPU NVSNPU.SYS Sat Apr 15

05:09:50 2006 (444063FE)

fffffadf`c7630000 fffffadf`c769d400 NVNRM NVNRM.SYS Sat Apr 15

05:10:01 2006 (44406409)

fffffadf`c769e000 fffffadf`c76d8000 ctoss2k ctoss2k.sys Thu Aug 17

06:15:59 2006 (44E3ED7F)

fffffadf`c76d8000 fffffadf`c7721000 ks ks.sys Sat Feb 17

07:02:44 2007 (45D69A84)

fffffadf`c7721000 fffffadf`c7761000 portcls portcls.sys Sat Feb 17

07:00:14 2007 (45D699EE)

fffffadf`c7761000 fffffadf`c7831980 ctaud2k ctaud2k.sys Thu Aug 17

06:18:18 2006 (44E3EE0A)

fffffadf`c7832000 fffffadf`c784d000 cdrom cdrom.sys Fri Mar 25

01:39:39 2005 (42435DCB)

fffffadf`c784d000 fffffadf`c7887000 USBPORT USBPORT.SYS Sat Feb 17

06:52:00 2007 (45D69800)

fffffadf`c7887000 fffffadf`c78aa000 VIDEOPRT VIDEOPRT.SYS Sat Feb 17

06:50:17 2007 (45D69799)

fffffadf`c78aa000 fffffadf`c7db3d80 nv4_mini nv4_mini.sys Sun Oct 22

23:42:05 2006 (453BE5AD)

fffffadf`c7db4000 fffffadf`c7df9000 yk51x64 yk51x64.sys Thu Apr 28

10:10:15 2005 (42709A67)

fffffadf`c7eb6000 fffffadf`c7ebd000 speedfan speedfan.sys Sun Sep 24

15:26:48 2006 (45168798)

fffffadf`c7f6c000 fffffadf`c7f73000 Beep Beep.SYS Fri Mar 25

01:38:06 2005 (42435D6E)

fffffadf`c81d6000 fffffadf`c820a000 Mup Mup.sys Sat Feb 17

07:02:36 2007 (45D69A7C)

fffffadf`c820a000 fffffadf`c8270000 NDIS NDIS.sys Sat Feb 17

07:00:17 2007 (45D699F1)

fffffadf`c8270000 fffffadf`c8375000 Ntfs Ntfs.sys Sat Feb 17

07:00:15 2007 (45D699EF)

fffffadf`c8375000 fffffadf`c83a9000 KSecDD KSecDD.sys Sat Feb 17

06:36:10 2007 (45D6944A)

fffffadf`c83a9000 fffffadf`c83e7000 fltmgr fltmgr.sys Sat Feb 17

06:30:45 2007 (45D69305)

fffffadf`c83e7000 fffffadf`c8404000 CLASSPNP CLASSPNP.SYS Sat Feb 17

06:59:43 2007 (45D699CF)

fffffadf`c8404000 fffffadf`c8419000 disk disk.sys Sat Feb 17

06:47:52 2007 (45D69708)

fffffadf`c8419000 fffffadf`c8446000 nvata64 nvata64.sys Tue Apr 25

02:59:58 2006 (444D748E)

fffffadf`c8446000 fffffadf`c8464000 SI3132 SI3132.sys Fri Jan 26

00:17:31 2007 (45B93A8B)

fffffadf`c8464000 fffffadf`c8495000 SCSIPORT SCSIPORT.SYS Sat Feb 17

06:59:49 2007 (45D699D5)

fffffadf`c8495000 fffffadf`c84ea000 Si3132r5 Si3132r5.sys Tue Nov 28

00:11:19 2006 (456B7097)

fffffadf`c84ea000 fffffadf`c8517000 atapi atapi.sys Sat Feb 17

06:47:46 2007 (45D69702)

fffffadf`c8517000 fffffadf`c8562000 volsnap volsnap.sys Sat Feb 17

06:48:21 2007 (45D69725)

fffffadf`c8562000 fffffadf`c85a9000 dmio dmio.sys Sat Feb 17

06:50:25 2007 (45D697A1)

fffffadf`c85a9000 fffffadf`c85e9000 ftdisk ftdisk.sys Sat Feb 17

06:48:06 2007 (45D69716)

fffffadf`c85e9000 fffffadf`c85ff000 MountMgr MountMgr.sys Sat Feb 17

06:46:25 2007 (45D696B1)

fffffadf`c85ff000 fffffadf`c8612a00 1394BUS 1394BUS.SYS Sat Feb 17

06:52:29 2007 (45D6981D)

fffffadf`c8613000 fffffadf`c8629d00 ohci1394 ohci1394.sys Sat Feb 17

06:52:30 2007 (45D6981E)

fffffadf`c862a000 fffffadf`c864b000 pci pci.sys Sat Feb 17

06:38:11 2007 (45D694C3)

fffffadf`c864b000 fffffadf`c869f000 ACPI ACPI.sys Sat Feb 17

06:37:56 2007 (45D694B4)

fffffadf`c869f000 fffffadf`c86d0000 SPTD2221 SPTD2221.SYS Sat Feb 17

06:59:49 2007 (45D699D5)

fffffadf`c86d0000 fffffadf`c87f2000 sptd sptd.sys Fri Jun 23

23:55:14 2006 (449C6342)

fffffadf`c88f3000 fffffadf`c8905000 amdk8 amdk8.sys Mon Jul 03

08:55:17 2006 (44A8BF55)

fffffadf`c8906000 fffffadf`c8918000 wanarp wanarp.sys Sat Feb 17

06:31:35 2007 (45D69337)

fffffadf`c8919000 fffffadf`c892b000 LHidFilt LHidFilt.Sys Wed Jan 24

00:41:13 2007 (45B69D19)

fffffadf`c892c000 fffffadf`c893e000 netbios netbios.sys Sat Feb 17

06:31:02 2007 (45D69316)

fffffadf`c893f000 fffffadf`c8951000 LMouFilt LMouFilt.Sys Wed Jan 24

00:41:16 2007 (45B69D1C)

fffffadf`c8952000 fffffadf`c8964000 Fips Fips.SYS Sat Feb 17

06:38:28 2007 (45D694D4)

fffffadf`c8bfb000 fffffadf`c8c05000 kdcom kdcom.dll Fri Mar 25

04:54:15 2005 (42438B67)

fffffadf`c8c0b000 fffffadf`c8c14000 BOOTVID BOOTVID.dll Fri Mar 25

04:54:04 2005 (42438B5C)

fffffadf`c8c1b000 fffffadf`c8c24000 WMILIB WMILIB.SYS Fri Mar 25

01:43:56 2005 (42435ECC)

fffffadf`c8c2b000 fffffadf`c8c34000 isapnp isapnp.sys Sat Feb 17

06:38:08 2007 (45D694C0)

fffffadf`c8c3b000 fffffadf`c8c4b000 PCIIDEX PCIIDEX.SYS Sat Feb 17

06:47:39 2007 (45D696FB)

fffffadf`c8c4b000 fffffadf`c8c5b000 PartMgr PartMgr.sys Sat Feb 17

06:59:56 2007 (45D699DC)

fffffadf`c8c5b000 fffffadf`c8c65000 SiWinAcc SiWinAcc.sys Mon Nov 01

20:23:29 2004 (41868D31)

fffffadf`c8c6b000 fffffadf`c8c76000 crcdisk crcdisk.sys Fri Mar 25

01:42:06 2005 (42435E5E)

fffffadf`c8c8b000 fffffadf`c8c98000 ptilink ptilink.sys Fri Mar 25

01:38:44 2005 (42435D94)

fffffadf`c8ccb000 fffffadf`c8cd6000 raspti raspti.sys Fri Mar 25

01:44:11 2005 (42435EDB)

fffffadf`c8cdb000 fffffadf`c8ce9000 kbdclass kbdclass.sys Sat Feb 17

06:46:27 2007 (45D696B3)

fffffadf`c8ceb000 fffffadf`c8cf8000 mouclass mouclass.sys Fri Mar 25

01:38:09 2005 (42435D71)

fffffadf`c8cfb000 fffffadf`c8d08000 mssmbios mssmbios.sys Sat Feb 17

06:38:13 2007 (45D694C5)

fffffadf`c8d1b000 fffffadf`c8d27000 Dxapi Dxapi.sys Fri Mar 25

01:39:08 2005 (42435DAC)

fffffadf`c8d5b000 fffffadf`c8d67e00 NVENETFD NVENETFD.sys Sat Apr 15

05:10:14 2006 (44406416)

fffffadf`c8d6b000 fffffadf`c8d77000 flpydisk flpydisk.sys Fri Mar 25

01:39:10 2005 (42435DAE)

fffffadf`c8d8b000 fffffadf`c8d95000 Fs_Rec Fs_Rec.SYS Fri Mar 25

01:39:42 2005 (42435DCE)

fffffadf`c8dab000 fffffadf`c8db5200 HIDPARSE HIDPARSE.SYS Sat Feb 17

06:51:53 2007 (45D697F9)

fffffadf`c8dbb000 fffffadf`c8dc9000 vga vga.sys Fri Mar 25

01:42:24 2005 (42435E70)

fffffadf`c8dcb000 fffffadf`c8dd5000 mnmdd mnmdd.SYS Fri Mar 25

01:42:22 2005 (42435E6E)

fffffadf`c8ddb000 fffffadf`c8de5000 RDPCDD RDPCDD.sys Fri Mar 25

01:38:04 2005 (42435D6C)

fffffadf`c8deb000 fffffadf`c8df8000 Msfs Msfs.SYS Fri Mar 25

01:40:07 2005 (42435DE7)

fffffadf`c8dfb000 fffffadf`c8e04000 watchdog watchdog.sys Fri Mar 25

01:43:05 2005 (42435E99)

fffffadf`c8e0b000 fffffadf`c8e19000 fdc fdc.sys Sat Feb 17

06:47:27 2007 (45D696EF)

fffffadf`c8e1b000 fffffadf`c8e25c80 usbehci usbehci.sys Sat Feb 17

06:51:59 2007 (45D697FF)

fffffadf`c8e2b000 fffffadf`c8e36000 nvnetbus nvnetbus.sys Sat Apr 15

05:10:16 2006 (44406418)

fffffadf`c8e3b000 fffffadf`c8e45000 klim5 klim5.sys Mon Jan 22

17:37:43 2007 (45B4E857)

fffffadf`c8e4b000 fffffadf`c8e55000 ndistapi ndistapi.sys Fri Mar 25

01:44:06 2005 (42435ED6)

fffffadf`c8e5b000 fffffadf`c8e6a000 TDI TDI.SYS Sat Feb 17

06:33:32 2007 (45D693AC)

fffffadf`c8e6b000 fffffadf`c8e73000 SiRemFil SiRemFil.sys Thu Oct 19

00:20:39 2006 (4536A8B7)

fffffadf`c8e9b000 fffffadf`c8ea3000 CdaC15BA CdaC15BA.sys Wed Dec 10

16:11:51 2003 (3FD737B7)

fffffadf`c8ecb000 fffffadf`c8ed3000 secdrv secdrv.sys Thu Apr 01

13:26:05 2004 (406BFC4D)

fffffadf`c8ed3000 fffffadf`c8edb000 CdaD10BA CdaD10BA.sys Wed Dec 10

16:11:51 2003 (3FD737B7)

fffffadf`c8ee3000 fffffadf`c8eeb000 ctprxy2k ctprxy2k.sys Thu Aug 17

06:18:29 2006 (44E3EE15)

fffffadf`c8f03000 fffffadf`c8f0b000 ASACPI ASACPI.sys Mon Mar 28

04:30:36 2005 (42476C4C)

fffffadf`c8f0b000 fffffadf`c8f13000 FileDisk FileDisk.SYS Sat Jun 12

00:42:28 2004 (40CA3554)

fffffadf`c8f13000 fffffadf`c8f1b000 Null Null.SYS Fri Mar 25

01:38:07 2005 (42435D6F)

fffffadf`c8fe3000 fffffadf`c8feb000 audstub audstub.sys Fri Mar 25

01:43:08 2005 (42435E9C)

fffffadf`c8ffb000 fffffadf`c9000d00 AmdAcpi AmdAcpi.sys Mon Feb 14

18:54:15 2005 (4210E5C7)

fffffadf`c9002000 fffffadf`c9009000 pciide pciide.sys Fri Mar 25

01:39:26 2005 (42435DBE)

fffffadf`c9009000 fffffadf`c9010000 dmload dmload.sys Fri Mar 25

01:42:29 2005 (42435E75)

fffffadf`c9010000 fffffadf`c9016860 PxHlpa64 PxHlpa64.sys Mon Apr 25

21:48:21 2005 (426D4985)

fffffadf`c91b4000 fffffadf`c91ba000 AsIO AsIO.sys Thu Oct 14

11:53:21 2004 (416E4C91)

fffffadf`c91d0000 fffffadf`c91d6700 usbohci usbohci.sys Sat Feb 17

06:52:04 2007 (45D69804)

fffffadf`c920f000 fffffadf`c9214e80 ksthunk ksthunk.sys Sat Feb 17

06:46:33 2007 (45D696B9)

fffffadf`c93d3000 fffffadf`c93d4f00 LtcyCfgWDM LtcyCfgWDM.sys Mon Dec 26

00:23:17 2005 (43AF29E5)

fffffadf`c93ff000 fffffadf`c9400400 swenum swenum.sys Sat Feb 17

06:46:35 2007 (45D696BB)

fffffadf`c940d000 fffffadf`c940ed80 USBD USBD.SYS Fri Mar 25

01:43:30 2005 (42435EB2)

 

Unloaded modules:

fffffadf`bf7bb000 fffffadf`bf7f3000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`bf7bb000 fffffadf`bf7f3000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`bf879000 fffffadf`bf8b1000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c02cd000 fffffadf`c0305000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c0b05000 fffffadf`c0b3d000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c2a26000 fffffadf`c2a5e000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c4c53000 fffffadf`c4c8b000 kmixer.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c4c8b000 fffffadf`c4ca5000 swmidi.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c4ca5000 fffffadf`c4cda000 aec.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c932f000 fffffadf`c9332000 splitter.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3552000 fffffadf`c357d000 COMMONFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c357d000 fffffadf`c35ac000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c35ac000 fffffadf`c35fe000 CTEDSPFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c35fe000 fffffadf`c362d000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c362d000 fffffadf`c367f000 CTEDSPFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c367f000 fffffadf`c36dc000 CTEDSPSY.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c36dc000 fffffadf`c3787000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3787000 fffffadf`c37d9000 CTEDSPFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37d9000 fffffadf`c3808000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c372e000 fffffadf`c37d9000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37d9000 fffffadf`c3808000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3519000 fffffadf`c3548000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3548000 fffffadf`c35a5000 CTEDSPSY.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c35a5000 fffffadf`c3650000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3650000 fffffadf`c367f000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c367f000 fffffadf`c372a000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c372a000 fffffadf`c37d9000 CTAUDFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37d9000 fffffadf`c3808000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c33bb000 fffffadf`c33ea000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c33ea000 fffffadf`c3499000 CTAUDFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3499000 fffffadf`c34eb000 CTEDSPFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c34eb000 fffffadf`c3596000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3596000 fffffadf`c35f3000 CTEDSPSY.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c35f3000 fffffadf`c369e000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c369e000 fffffadf`c36f0000 CTEDSPFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c36f0000 fffffadf`c374d000 CTEDSPSY.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c374d000 fffffadf`c377c000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c377c000 fffffadf`c37d9000 CTEDSPSY.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37d9000 fffffadf`c3808000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37d9000 fffffadf`c3808000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c375d000 fffffadf`c3808000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c36b1000 fffffadf`c3703000 CTEDSPFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3703000 fffffadf`c3732000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c3732000 fffffadf`c37dd000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37dd000 fffffadf`c3808000 COMMONFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c36a2000 fffffadf`c36d1000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c36d1000 fffffadf`c372e000 CTEDSPSY.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c372e000 fffffadf`c37d9000 CTSBLFX.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c37d9000 fffffadf`c3808000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

fffffadf`c372e000 fffffadf`c375d000 CTEDSPIO.DLL

Timestamp: unavailable (00000000)

Checksum: 00000000

 

What does unloaded modules mean ? Did these modules not load properly ?

 

Lot's of creative labs stuff it seems...

 

Why were these unloaded ?

 

Bye,

Skybuck.

[Guest Paul Russell]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

what is PROCESS_NAME: bds.exe

 

 

"Skybuck Flying" <spam@hotmail.com> wrote in message

news:faumd8$2ae$1@news3.zwoll1.ov.home.nl...

>I am definetly no expert...

>

> Seems like something did a try except where that is not allowed, also

> seems resource related ????:

>

> Microsoft ® Windows Debugger Version 6.6.0007.5

> Copyright © Microsoft Corporation. All rights reserved.

>

>

> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]

> Mini Kernel Dump File: Only registers and stack trace are available

>

> Symbol search path is:

> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

> Executable search path is:

> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free

> x64

> Product: WinNt, suite: TerminalServer SingleUserTS

> Built by: 3790.srv03_sp2_rtm.070216-1710

> Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100

> Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)

> System Uptime: 0 days 0:27:21.571

> Loading Kernel Symbols

> ...........................................................................................................................................

> Loading User Symbols

> Loading unloaded module list

> ..................................................

> *******************************************************************************

> * *

> * Bugcheck Analysis *

> * *

> *******************************************************************************

>

> Use !analyze -v to get detailed debugging information.

>

> BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}

>

>

> Could not read faulting driver name

> Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )

>

> Followup: MachineOwner

> ---------

>

> 1: kd> !analyze -v

> *******************************************************************************

> * *

> * Bugcheck Analysis *

> * *

> *******************************************************************************

>

> PAGE_FAULT_IN_NONPAGED_AREA (50)

> Invalid system memory was referenced. This cannot be protected by

> try-except,

> it must be protected by a Probe. Typically the address is just plain bad

> or it

> is pointing at freed memory.

> Arguments:

> Arg1: fffffa8804c21090, memory referenced.

> Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.

> Arg3: fffff97fff0a7742, If non-zero, the instruction address which

> referenced the bad memory

> address.

> Arg4: 0000000000000005, (reserved)

>

> Debugging Details:

> ------------------

>

>

> Could not read faulting driver name

>

> READ_ADDRESS: fffffa8804c21090

>

> FAULTING_IP:

> win32k!HmgAllocateDcAttr+1b6

> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>

> MM_INTERNAL_CODE: 5

>

> CUSTOMER_CRASH_COUNT: 1

>

> DEFAULT_BUCKET_ID: DRIVER_FAULT

>

> BUGCHECK_STR: 0x50

>

> PROCESS_NAME: bds.exe

>

> CURRENT_IRQL: 0

>

> TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)

> NOTE: The trap frame does not contain all registers.

> Some register values may be zeroed.

> rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080

> rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e

> rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0

> r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d

> r11=00000000000007ff r12=0000000000000000 r13=0000000000000000

> r14=0000000000000000 r15=0000000000000000

> iopl=0 nv up ei ng nz ac po nc

> win32k!HmgAllocateDcAttr+0x1b6:

> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

> ds:fffffa88`04c21090=????????????????

> Resetting default scope

>

> LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950

>

> STACK_TEXT:

> fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050 fffffa88`04c21090

> 00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx

> fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0 00000000`00000009

> 00000000`00000000 fffffa80`05009b50 : nt!MmAccessFault+0x395

> fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000 fffff97f`ff0ce249

> fffffa80`0445f780 fffffadf`c478ecf0 : nt!KiPageFault+0x119

> fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888 00000000`00000000

> 00000000`1e011591 fffffa80`051f6280 : win32k!HmgAllocateDcAttr+0x1b6

> fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280 fffffa80`051f6280

> fffffadf`cba85cd0 fffffa80`0133b000 : win32k!GreSetupDCAttributes+0x34

> fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010 fffff97f`ff0ced20

> 00000000`00000000 00000000`7efdb000 : win32k!GreCreateDisplayDC+0x1c4

> fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6 fffff97f`ff0ced20

> 00000000`7d814cc6 00000000`7d814c30 : win32k!GreCreateCompatibleDC+0x77

> fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000 00000000`00000000

> 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3

> 00000000`0012edf8 00000000`00000000 : 00000000`00000000 00000000`00000000

> 00000000`00000000 00000000`00000000 : 0x78b842d9

>

>

> STACK_COMMAND: kb

>

> FOLLOWUP_IP:

> win32k!HmgAllocateDcAttr+1b6

> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>

> SYMBOL_STACK_INDEX: 3

>

> SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6

>

> FOLLOWUP_NAME: MachineOwner

>

> MODULE_NAME: win32k

>

> IMAGE_NAME: win32k.sys

>

> DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

>

> FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>

> BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>

> Followup: MachineOwner

> ---------

>

> Bye,

> Skybuck.

>

> P.S.: I followed instructions on this link to setup WinDBG properly for

> symbol support ;)

>

> http://forums.majorgeeks.com/showthread.php?t=35246

>

> Simply add something like:

>

> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

>

> to symbol path.

>

> Then symbols will be downloaded...

>

> (I set mine to C:\Tools\WinDBG\WebSymbols :) )

>

>

>

[Guest Theo]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

File purpose and description:

Bds.exe is a program file which you would have installed

yourself on your own computer. The exact disk location is

also shown below to verfiy it is not spyware, as many

spyware programs use similiar names and just locate them

elsewhere on your hard drive. Always check the proper disk

location of your programs if you are suspicious. Bds.exe is

a common name, short names like this can often be used by

many companies, this one is most often associated with

Borland Software (not Codegear software) and the Delphi

installation. The BDS.exe is for the Borland Database Engine

(as it used to be called), and this will be a running task

if you install Delphi software. This file is considered safe

and is not spyware. (See the details below for the actual

location of this file.)

 

Actual file or task name:

bds.exe

 

File type:

This is an executable program.

 

File or folder location:

This file will be found on your disk drive at C:\Documents

and Settings\All Users\Application

Data\{AB3EC276-D261-4943-A921-1CC1C6799AED}\corex\B2284239\1CC39CF2

and also at C:\Program Files\CodeGear\RAD Studio\5.0\bin

 

 

General information:

Be aware that many tasks will be similiar names to existing

tasks or processes. You can always view the running tasks on

your computer by pressing ctrl-alt-del to view the windows

"task manager", and then view the "processes" tab. This will

show you all tasks running or currently active on your PC.

Although this shows you all running tasks, it does not show

dll file thats are loaded, as they get loaded as part of

other processes. Many spyware writers attempt to hide their

files on your computer, for example, bds.exe may be

intentionally misspelled to look like a similiar task, or

spyware may be named very similiar to a Windows system task.

The reason they do this is so you cannot easily recognize

the name in your tasklist as I have mentioned above. Make

sure always check the location of the file if you are

concerned. You can always find the location of bds.exe on

your computer by using your Windows search options, but I

will also try to list the file location of every file

described on this website, so you can verify the correct

location. You can view the entire tasklist directory with

the link below.

 

Tasklist Directory Main Page

Software Downloads Page

Spyware and Adware Removal Tips

 

Lookup other processes below.

icq.exe icqlite.exe ie4uinit.exe iedkcs32.dll ieexplorer.exe

iegr32.exe iehelper.dll iehost.exe iel2cde8.dll iesdpb.dll

iesdsg.dll ietie.dll ieudinit.exe iexplore.exe iexplores.exe

ifrmewrk.exe igdctrl.exe igfxpers igfxtray.exe igowdkka.dll

ikeymain.exe imekrmig.exe imjpmig.exe imscinst.exe incd.exe

incdsrv.exe incmail.exe indexsearch.exe inicio.exe

inkmonitor.exe

intel32.exe intelmem.exe internat.exe intmonp.exe

iopengl.exe

iphsend.exe ipmon32.exe ipodwatcher.exe ipv6monl.dll

isadd.dll

isaddon.dll isamntr.exe isamonitor.exe issch.exe isstart.exe

isuspm.exe itouch.exe ituneshelper.exe jaaste.dll jawa32.exe

 

Paul Russell wrote:

> what is PROCESS_NAME: bds.exe

>

>

> "Skybuck Flying" <spam@hotmail.com> wrote in message

> news:faumd8$2ae$1@news3.zwoll1.ov.home.nl...

>> I am definetly no expert...

>>

>> Seems like something did a try except where that is not allowed, also

>> seems resource related ????:

>>

>> Microsoft ® Windows Debugger Version 6.6.0007.5

>> Copyright © Microsoft Corporation. All rights reserved.

>>

>>

>> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]

>> Mini Kernel Dump File: Only registers and stack trace are available

>>

>> Symbol search path is:

>> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

>> Executable search path is:

>> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs)

>> Free x64

>> Product: WinNt, suite: TerminalServer SingleUserTS

>> Built by: 3790.srv03_sp2_rtm.070216-1710

>> Kernel base = 0xfffff800`01000000 PsLoadedModuleList =

>> 0xfffff800`011d5100

>> Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)

>> System Uptime: 0 days 0:27:21.571

>> Loading Kernel Symbols

>> ...........................................................................................................................................

>>

>> Loading User Symbols

>> Loading unloaded module list

>> ..................................................

>> *******************************************************************************

>>

>> * *

>> * Bugcheck Analysis *

>> * *

>> *******************************************************************************

>>

>>

>> Use !analyze -v to get detailed debugging information.

>>

>> BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}

>>

>>

>> Could not read faulting driver name

>> Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )

>>

>> Followup: MachineOwner

>> ---------

>>

>> 1: kd> !analyze -v

>> *******************************************************************************

>>

>> * *

>> * Bugcheck Analysis *

>> * *

>> *******************************************************************************

>>

>>

>> PAGE_FAULT_IN_NONPAGED_AREA (50)

>> Invalid system memory was referenced. This cannot be protected by

>> try-except,

>> it must be protected by a Probe. Typically the address is just plain

>> bad or it

>> is pointing at freed memory.

>> Arguments:

>> Arg1: fffffa8804c21090, memory referenced.

>> Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.

>> Arg3: fffff97fff0a7742, If non-zero, the instruction address which

>> referenced the bad memory

>> address.

>> Arg4: 0000000000000005, (reserved)

>>

>> Debugging Details:

>> ------------------

>>

>>

>> Could not read faulting driver name

>>

>> READ_ADDRESS: fffffa8804c21090

>>

>> FAULTING_IP:

>> win32k!HmgAllocateDcAttr+1b6

>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>

>> MM_INTERNAL_CODE: 5

>>

>> CUSTOMER_CRASH_COUNT: 1

>>

>> DEFAULT_BUCKET_ID: DRIVER_FAULT

>>

>> BUGCHECK_STR: 0x50

>>

>> PROCESS_NAME: bds.exe

>>

>> CURRENT_IRQL: 0

>>

>> TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)

>> NOTE: The trap frame does not contain all registers.

>> Some register values may be zeroed.

>> rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080

>> rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e

>> rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0

>> r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d

>> r11=00000000000007ff r12=0000000000000000 r13=0000000000000000

>> r14=0000000000000000 r15=0000000000000000

>> iopl=0 nv up ei ng nz ac po nc

>> win32k!HmgAllocateDcAttr+0x1b6:

>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr

>> [rcx+rax*8+18h] ds:fffffa88`04c21090=????????????????

>> Resetting default scope

>>

>> LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950

>>

>> STACK_TEXT:

>> fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050

>> fffffa88`04c21090 00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx

>> fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0

>> 00000000`00000009 00000000`00000000 fffffa80`05009b50 :

>> nt!MmAccessFault+0x395

>> fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000

>> fffff97f`ff0ce249 fffffa80`0445f780 fffffadf`c478ecf0 :

>> nt!KiPageFault+0x119

>> fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888

>> 00000000`00000000 00000000`1e011591 fffffa80`051f6280 :

>> win32k!HmgAllocateDcAttr+0x1b6

>> fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280

>> fffffa80`051f6280 fffffadf`cba85cd0 fffffa80`0133b000 :

>> win32k!GreSetupDCAttributes+0x34

>> fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010

>> fffff97f`ff0ced20 00000000`00000000 00000000`7efdb000 :

>> win32k!GreCreateDisplayDC+0x1c4

>> fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6

>> fffff97f`ff0ced20 00000000`7d814cc6 00000000`7d814c30 :

>> win32k!GreCreateCompatibleDC+0x77

>> fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000

>> 00000000`00000000 00000000`00000000 00000000`00000000 :

>> nt!KiSystemServiceCopyEnd+0x3

>> 00000000`0012edf8 00000000`00000000 : 00000000`00000000

>> 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b842d9

>>

>>

>> STACK_COMMAND: kb

>>

>> FOLLOWUP_IP:

>> win32k!HmgAllocateDcAttr+1b6

>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>

>> SYMBOL_STACK_INDEX: 3

>>

>> SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6

>>

>> FOLLOWUP_NAME: MachineOwner

>>

>> MODULE_NAME: win32k

>>

>> IMAGE_NAME: win32k.sys

>>

>> DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

>>

>> FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>>

>> BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>>

>> Followup: MachineOwner

>> ---------

>>

>> Bye,

>> Skybuck.

>>

>> P.S.: I followed instructions on this link to setup WinDBG properly

>> for symbol support ;)

>>

>> http://forums.majorgeeks.com/showthread.php?t=35246

>>

>> Simply add something like:

>>

>> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

>>

>> to symbol path.

>>

>> Then symbols will be downloaded...

>>

>> (I set mine to C:\Tools\WinDBG\WebSymbols :) )

>>

>>

>>

>

[Guest Skybuck Flying]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

Hi,

 

It's Delphi 2007 from the file's description:

 

"CodeGear RAD Studio for Windows"

 

BDS.EXE is what I believe is the Delphi 2007 IDE.

 

Integrated Development Environment for Rapid Application Development for

Windows.

 

So far no more crashes, play with it a bit more...

 

Bye,

Skybuck.

 

"Paul Russell" <no_spam@nospam.com> wrote in message

news:4A21A8D0-6A4C-42DF-A0DF-10DE6DDA7838@microsoft.com...

> what is PROCESS_NAME: bds.exe

>

>

> "Skybuck Flying" <spam@hotmail.com> wrote in message

> news:faumd8$2ae$1@news3.zwoll1.ov.home.nl...

>>I am definetly no expert...

>>

>> Seems like something did a try except where that is not allowed, also

>> seems resource related ????:

>>

>> Microsoft ® Windows Debugger Version 6.6.0007.5

>> Copyright © Microsoft Corporation. All rights reserved.

>>

>>

>> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]

>> Mini Kernel Dump File: Only registers and stack trace are available

>>

>> Symbol search path is:

>> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

>> Executable search path is:

>> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs)

>> Free x64

>> Product: WinNt, suite: TerminalServer SingleUserTS

>> Built by: 3790.srv03_sp2_rtm.070216-1710

>> Kernel base = 0xfffff800`01000000 PsLoadedModuleList =

>> 0xfffff800`011d5100

>> Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)

>> System Uptime: 0 days 0:27:21.571

>> Loading Kernel Symbols

>> ...........................................................................................................................................

>> Loading User Symbols

>> Loading unloaded module list

>> ..................................................

>> *******************************************************************************

>> * *

>> * Bugcheck Analysis *

>> * *

>> *******************************************************************************

>>

>> Use !analyze -v to get detailed debugging information.

>>

>> BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}

>>

>>

>> Could not read faulting driver name

>> Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )

>>

>> Followup: MachineOwner

>> ---------

>>

>> 1: kd> !analyze -v

>> *******************************************************************************

>> * *

>> * Bugcheck Analysis *

>> * *

>> *******************************************************************************

>>

>> PAGE_FAULT_IN_NONPAGED_AREA (50)

>> Invalid system memory was referenced. This cannot be protected by

>> try-except,

>> it must be protected by a Probe. Typically the address is just plain bad

>> or it

>> is pointing at freed memory.

>> Arguments:

>> Arg1: fffffa8804c21090, memory referenced.

>> Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.

>> Arg3: fffff97fff0a7742, If non-zero, the instruction address which

>> referenced the bad memory

>> address.

>> Arg4: 0000000000000005, (reserved)

>>

>> Debugging Details:

>> ------------------

>>

>>

>> Could not read faulting driver name

>>

>> READ_ADDRESS: fffffa8804c21090

>>

>> FAULTING_IP:

>> win32k!HmgAllocateDcAttr+1b6

>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>

>> MM_INTERNAL_CODE: 5

>>

>> CUSTOMER_CRASH_COUNT: 1

>>

>> DEFAULT_BUCKET_ID: DRIVER_FAULT

>>

>> BUGCHECK_STR: 0x50

>>

>> PROCESS_NAME: bds.exe

>>

>> CURRENT_IRQL: 0

>>

>> TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)

>> NOTE: The trap frame does not contain all registers.

>> Some register values may be zeroed.

>> rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080

>> rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e

>> rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0

>> r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d

>> r11=00000000000007ff r12=0000000000000000 r13=0000000000000000

>> r14=0000000000000000 r15=0000000000000000

>> iopl=0 nv up ei ng nz ac po nc

>> win32k!HmgAllocateDcAttr+0x1b6:

>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>> ds:fffffa88`04c21090=????????????????

>> Resetting default scope

>>

>> LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950

>>

>> STACK_TEXT:

>> fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050 fffffa88`04c21090

>> 00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx

>> fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0 00000000`00000009

>> 00000000`00000000 fffffa80`05009b50 : nt!MmAccessFault+0x395

>> fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000 fffff97f`ff0ce249

>> fffffa80`0445f780 fffffadf`c478ecf0 : nt!KiPageFault+0x119

>> fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888 00000000`00000000

>> 00000000`1e011591 fffffa80`051f6280 : win32k!HmgAllocateDcAttr+0x1b6

>> fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280 fffffa80`051f6280

>> fffffadf`cba85cd0 fffffa80`0133b000 : win32k!GreSetupDCAttributes+0x34

>> fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010 fffff97f`ff0ced20

>> 00000000`00000000 00000000`7efdb000 : win32k!GreCreateDisplayDC+0x1c4

>> fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6 fffff97f`ff0ced20

>> 00000000`7d814cc6 00000000`7d814c30 : win32k!GreCreateCompatibleDC+0x77

>> fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000 00000000`00000000

>> 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3

>> 00000000`0012edf8 00000000`00000000 : 00000000`00000000 00000000`00000000

>> 00000000`00000000 00000000`00000000 : 0x78b842d9

>>

>>

>> STACK_COMMAND: kb

>>

>> FOLLOWUP_IP:

>> win32k!HmgAllocateDcAttr+1b6

>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>

>> SYMBOL_STACK_INDEX: 3

>>

>> SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6

>>

>> FOLLOWUP_NAME: MachineOwner

>>

>> MODULE_NAME: win32k

>>

>> IMAGE_NAME: win32k.sys

>>

>> DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

>>

>> FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>>

>> BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>>

>> Followup: MachineOwner

>> ---------

>>

>> Bye,

>> Skybuck.

>>

>> P.S.: I followed instructions on this link to setup WinDBG properly for

>> symbol support ;)

>>

>> http://forums.majorgeeks.com/showthread.php?t=35246

>>

>> Simply add something like:

>>

>> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

>>

>> to symbol path.

>>

>> Then symbols will be downloaded...

>>

>> (I set mine to C:\Tools\WinDBG\WebSymbols :) )

>>

>>

>>

>

[Guest Tony Sperling]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

I dunno. . .I notice this: PAGE_FAULT_IN_NONPAGED_AREA

 

perhaps you should read this article here:

 

http://www.osronline.com/article.cfm?id=335

 

it is (may be?) helpfull in many ways.

 

This amount of errors and warnings actually tells me there is one error that

is triggering most of all the rest. Otherwise that machine would NEVER have

booted. I think you have a bad installation of something or other, if the

'dumps' isn't teaching you anything, I would start un-installing things -

one at a time, until you find. . .whatever. I think that is much faster -

memory dumps are specialist info of the most extreme kind, most of us

ordinary mortals fall asleep while trying to read them. Things that are

listed by name, isn't automatically where the trouble is located, that is

just where the system finds the error or where the error surfaces, it may

well be happening somewhere else entirely - in fact, the more errors you

have, the less is the chance of the origin being named there.

 

 

Tony. . .

 

 

"Skybuck Flying" <spam@hotmail.com> wrote in message

news:faumd8$2ae$1@news3.zwoll1.ov.home.nl...

> I am definetly no expert...

>

> Seems like something did a try except where that is not allowed, also

seems

> resource related ????:

>

> Microsoft ® Windows Debugger Version 6.6.0007.5

> Copyright © Microsoft Corporation. All rights reserved.

>

>

> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]

> Mini Kernel Dump File: Only registers and stack trace are available

>

> Symbol search path is:

> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

> Executable search path is:

> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free

> x64

> Product: WinNt, suite: TerminalServer SingleUserTS

> Built by: 3790.srv03_sp2_rtm.070216-1710

> Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100

> Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)

> System Uptime: 0 days 0:27:21.571

> Loading Kernel Symbols

>

.............................................................................

................................................................

> Loading User Symbols

> Loading unloaded module list

> ..................................................

>

****************************************************************************

***

> *

> *

> * Bugcheck Analysis

> *

> *

> *

>

****************************************************************************

***

>

> Use !analyze -v to get detailed debugging information.

>

> BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}

>

>

> Could not read faulting driver name

> Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )

>

> Followup: MachineOwner

> ---------

>

> 1: kd> !analyze -v

>

****************************************************************************

***

> *

> *

> * Bugcheck Analysis

> *

> *

> *

>

****************************************************************************

***

>

> PAGE_FAULT_IN_NONPAGED_AREA (50)

> Invalid system memory was referenced. This cannot be protected by

> try-except,

> it must be protected by a Probe. Typically the address is just plain bad

or

> it

> is pointing at freed memory.

> Arguments:

> Arg1: fffffa8804c21090, memory referenced.

> Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.

> Arg3: fffff97fff0a7742, If non-zero, the instruction address which

> referenced the bad memory

> address.

> Arg4: 0000000000000005, (reserved)

>

> Debugging Details:

> ------------------

>

>

> Could not read faulting driver name

>

> READ_ADDRESS: fffffa8804c21090

>

> FAULTING_IP:

> win32k!HmgAllocateDcAttr+1b6

> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>

> MM_INTERNAL_CODE: 5

>

> CUSTOMER_CRASH_COUNT: 1

>

> DEFAULT_BUCKET_ID: DRIVER_FAULT

>

> BUGCHECK_STR: 0x50

>

> PROCESS_NAME: bds.exe

>

> CURRENT_IRQL: 0

>

> TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)

> NOTE: The trap frame does not contain all registers.

> Some register values may be zeroed.

> rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080

> rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e

> rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0

> r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d

> r11=00000000000007ff r12=0000000000000000 r13=0000000000000000

> r14=0000000000000000 r15=0000000000000000

> iopl=0 nv up ei ng nz ac po nc

> win32k!HmgAllocateDcAttr+0x1b6:

> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

> ds:fffffa88`04c21090=????????????????

> Resetting default scope

>

> LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950

>

> STACK_TEXT:

> fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050 fffffa88`04c21090

> 00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx

> fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0 00000000`00000009

> 00000000`00000000 fffffa80`05009b50 : nt!MmAccessFault+0x395

> fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000 fffff97f`ff0ce249

> fffffa80`0445f780 fffffadf`c478ecf0 : nt!KiPageFault+0x119

> fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888 00000000`00000000

> 00000000`1e011591 fffffa80`051f6280 : win32k!HmgAllocateDcAttr+0x1b6

> fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280 fffffa80`051f6280

> fffffadf`cba85cd0 fffffa80`0133b000 : win32k!GreSetupDCAttributes+0x34

> fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010 fffff97f`ff0ced20

> 00000000`00000000 00000000`7efdb000 : win32k!GreCreateDisplayDC+0x1c4

> fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6 fffff97f`ff0ced20

> 00000000`7d814cc6 00000000`7d814c30 : win32k!GreCreateCompatibleDC+0x77

> fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000 00000000`00000000

> 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3

> 00000000`0012edf8 00000000`00000000 : 00000000`00000000 00000000`00000000

> 00000000`00000000 00000000`00000000 : 0x78b842d9

>

>

> STACK_COMMAND: kb

>

> FOLLOWUP_IP:

> win32k!HmgAllocateDcAttr+1b6

> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>

> SYMBOL_STACK_INDEX: 3

>

> SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6

>

> FOLLOWUP_NAME: MachineOwner

>

> MODULE_NAME: win32k

>

> IMAGE_NAME: win32k.sys

>

> DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

>

> FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>

> BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>

> Followup: MachineOwner

> ---------

>

> Bye,

> Skybuck.

>

> P.S.: I followed instructions on this link to setup WinDBG properly for

> symbol support ;)

>

> http://forums.majorgeeks.com/showthread.php?t=35246

>

> Simply add something like:

>

> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

>

> to symbol path.

>

> Then symbols will be downloaded...

>

> (I set mine to C:\Tools\WinDBG\WebSymbols :) )

>

>

>

[Guest Paul Russell]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

what were you programming at the time of crash?

 

I have seen this kind of crash happen in some apps our test guys were doing

to stress GDI ...

 

 

"Skybuck Flying" <spam@hotmail.com> wrote in message

news:favvsa$d2b$1@news4.zwoll1.ov.home.nl...

> Hi,

>

> It's Delphi 2007 from the file's description:

>

> "CodeGear RAD Studio for Windows"

>

> BDS.EXE is what I believe is the Delphi 2007 IDE.

>

> Integrated Development Environment for Rapid Application Development for

> Windows.

>

> So far no more crashes, play with it a bit more...

>

> Bye,

> Skybuck.

>

> "Paul Russell" <no_spam@nospam.com> wrote in message

> news:4A21A8D0-6A4C-42DF-A0DF-10DE6DDA7838@microsoft.com...

>> what is PROCESS_NAME: bds.exe

>>

>>

>> "Skybuck Flying" <spam@hotmail.com> wrote in message

>> news:faumd8$2ae$1@news3.zwoll1.ov.home.nl...

>>>I am definetly no expert...

>>>

>>> Seems like something did a try except where that is not allowed, also

>>> seems resource related ????:

>>>

>>> Microsoft ® Windows Debugger Version 6.6.0007.5

>>> Copyright © Microsoft Corporation. All rights reserved.

>>>

>>>

>>> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-01.dmp]

>>> Mini Kernel Dump File: Only registers and stack trace are available

>>>

>>> Symbol search path is:

>>> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

>>> Executable search path is:

>>> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs)

>>> Free x64

>>> Product: WinNt, suite: TerminalServer SingleUserTS

>>> Built by: 3790.srv03_sp2_rtm.070216-1710

>>> Kernel base = 0xfffff800`01000000 PsLoadedModuleList =

>>> 0xfffff800`011d5100

>>> Debug session time: Mon Aug 27 15:17:04.640 2007 (GMT+2)

>>> System Uptime: 0 days 0:27:21.571

>>> Loading Kernel Symbols

>>> ...........................................................................................................................................

>>> Loading User Symbols

>>> Loading unloaded module list

>>> ..................................................

>>> *******************************************************************************

>>> * *

>>> * Bugcheck Analysis *

>>> * *

>>> *******************************************************************************

>>>

>>> Use !analyze -v to get detailed debugging information.

>>>

>>> BugCheck 50, {fffffa8804c21090, 0, fffff97fff0a7742, 5}

>>>

>>>

>>> Could not read faulting driver name

>>> Probably caused by : win32k.sys ( win32k!HmgAllocateDcAttr+1b6 )

>>>

>>> Followup: MachineOwner

>>> ---------

>>>

>>> 1: kd> !analyze -v

>>> *******************************************************************************

>>> * *

>>> * Bugcheck Analysis *

>>> * *

>>> *******************************************************************************

>>>

>>> PAGE_FAULT_IN_NONPAGED_AREA (50)

>>> Invalid system memory was referenced. This cannot be protected by

>>> try-except,

>>> it must be protected by a Probe. Typically the address is just plain

>>> bad or it

>>> is pointing at freed memory.

>>> Arguments:

>>> Arg1: fffffa8804c21090, memory referenced.

>>> Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.

>>> Arg3: fffff97fff0a7742, If non-zero, the instruction address which

>>> referenced the bad memory

>>> address.

>>> Arg4: 0000000000000005, (reserved)

>>>

>>> Debugging Details:

>>> ------------------

>>>

>>>

>>> Could not read faulting driver name

>>>

>>> READ_ADDRESS: fffffa8804c21090

>>>

>>> FAULTING_IP:

>>> win32k!HmgAllocateDcAttr+1b6

>>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>>

>>> MM_INTERNAL_CODE: 5

>>>

>>> CUSTOMER_CRASH_COUNT: 1

>>>

>>> DEFAULT_BUCKET_ID: DRIVER_FAULT

>>>

>>> BUGCHECK_STR: 0x50

>>>

>>> PROCESS_NAME: bds.exe

>>>

>>> CURRENT_IRQL: 0

>>>

>>> TRAP_FRAME: fffffadfc478e990 -- (.trap fffffadfc478e990)

>>> NOTE: The trap frame does not contain all registers.

>>> Some register values may be zeroed.

>>> rax=00000000ffffffff rbx=0000000000000888 rcx=fffffa8004c21080

>>> rdx=fffffa8004c21080 rsi=fffffa80051f6280 rdi=fffff97fff0cda0e

>>> rip=fffff97fff0a7742 rsp=fffffadfc478eb20 rbp=fffffadfc478ecf0

>>> r8=fffffa8004b9b0c0 r9=5000984210000000 r10=500098421117001d

>>> r11=00000000000007ff r12=0000000000000000 r13=0000000000000000

>>> r14=0000000000000000 r15=0000000000000000

>>> iopl=0 nv up ei ng nz ac po nc

>>> win32k!HmgAllocateDcAttr+0x1b6:

>>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>> ds:fffffa88`04c21090=????????????????

>>> Resetting default scope

>>>

>>> LAST_CONTROL_TRANSFER: from fffff800010a5416 to fffff8000102e950

>>>

>>> STACK_TEXT:

>>> fffffadf`c478e8b8 fffff800`010a5416 : 00000000`00000050

>>> fffffa88`04c21090 00000000`00000000 fffffadf`c478e990 : nt!KeBugCheckEx

>>> fffffadf`c478e8c0 fffff800`0102d519 : fffffa80`00cad9e0

>>> 00000000`00000009 00000000`00000000 fffffa80`05009b50 :

>>> nt!MmAccessFault+0x395

>>> fffffadf`c478e990 fffff97f`ff0a7742 : 00000000`00000000

>>> fffff97f`ff0ce249 fffffa80`0445f780 fffffadf`c478ecf0 :

>>> nt!KiPageFault+0x119

>>> fffffadf`c478eb20 fffff97f`ff0ce004 : 00000000`00000888

>>> 00000000`00000000 00000000`1e011591 fffffa80`051f6280 :

>>> win32k!HmgAllocateDcAttr+0x1b6

>>> fffffadf`c478eb60 fffff97f`ff0cdf0e : fffffa80`051f6280

>>> fffffa80`051f6280 fffffadf`cba85cd0 fffffa80`0133b000 :

>>> win32k!GreSetupDCAttributes+0x34

>>> fffffadf`c478eba0 fffff97f`ff0a36c6 : fffffa80`01351010

>>> fffff97f`ff0ced20 00000000`00000000 00000000`7efdb000 :

>>> win32k!GreCreateDisplayDC+0x1c4

>>> fffffadf`c478ec30 fffff800`0102e3fd : 00000000`7d814cc6

>>> fffff97f`ff0ced20 00000000`7d814cc6 00000000`7d814c30 :

>>> win32k!GreCreateCompatibleDC+0x77

>>> fffffadf`c478ec70 00000000`78b842d9 : 00000000`00000000

>>> 00000000`00000000 00000000`00000000 00000000`00000000 :

>>> nt!KiSystemServiceCopyEnd+0x3

>>> 00000000`0012edf8 00000000`00000000 : 00000000`00000000

>>> 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b842d9

>>>

>>>

>>> STACK_COMMAND: kb

>>>

>>> FOLLOWUP_IP:

>>> win32k!HmgAllocateDcAttr+1b6

>>> fffff97f`ff0a7742 488b4cc118 mov rcx,qword ptr [rcx+rax*8+18h]

>>>

>>> SYMBOL_STACK_INDEX: 3

>>>

>>> SYMBOL_NAME: win32k!HmgAllocateDcAttr+1b6

>>>

>>> FOLLOWUP_NAME: MachineOwner

>>>

>>> MODULE_NAME: win32k

>>>

>>> IMAGE_NAME: win32k.sys

>>>

>>> DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

>>>

>>> FAILURE_BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>>>

>>> BUCKET_ID: X64_0x50_win32k!HmgAllocateDcAttr+1b6

>>>

>>> Followup: MachineOwner

>>> ---------

>>>

>>> Bye,

>>> Skybuck.

>>>

>>> P.S.: I followed instructions on this link to setup WinDBG properly for

>>> symbol support ;)

>>>

>>> http://forums.majorgeeks.com/showthread.php?t=35246

>>>

>>> Simply add something like:

>>>

>>> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

>>>

>>> to symbol path.

>>>

>>> Then symbols will be downloaded...

>>>

>>> (I set mine to C:\Tools\WinDBG\WebSymbols :) )

>>>

>>>

>>>

>>

>

>

[Guest Skybuck Flying]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

It is not my job to fixes these bugs.

 

Somebody made a bug somewhere.

 

These minidumps can provide hints.

 

That's why I am providing these minidumps, in case some developer is reading

or happens to read this message and finds it interesting and thinks hmmm I

am gonna look into the mentioned code to see if there is something that

could have caused it.

 

Alternatively recreate the situation debug it and see what happens.

 

Might be difficult to recreate this problem, or maybe not... time will tell.

 

Bye,

Skybuck.

[Guest Jud Hendrix]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

On Tue, 28 Aug 2007 08:50:01 +0200, "Skybuck Flying" <spam@hotmail.com>

wrote:

>It is not my job to fixes these bugs.

>

>Somebody made a bug somewhere.

>

>These minidumps can provide hints.

 

But why dump then here? Get in touch with the right people for support,

contact Delphi, or go to their forums. Over there they are much cleverer.

 

jud

[Guest Skybuck Flying]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

What if they don't have the time for it, or are not interested ?

 

When they get fired at least somebody else can continue thanks to these

posts in history ! :)

 

Bye,

Skybuck.

[Guest Tony Sperling]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

 

"Skybuck Flying" <spam@hotmail.com> wrote in message

news:fb0ldc$385$1@news4.zwoll1.ov.home.nl...

> It is not my job to fixes these bugs.

>

 

Sure, it is.

Unless you give them your machine and pay them to solve it - it's nobody

else's job.

> Somebody made a bug somewhere.

>

 

So far, I've seen nothing that suggest this has to be a bug, just as I've

seen nothing to suggest it couldn't be your own doing.

> These minidumps can provide hints.

>

 

Sure, they can.

> That's why I am providing these minidumps, in case some developer is

reading

> or happens to read this message and finds it interesting and thinks hmmm I

> am gonna look into the mentioned code to see if there is something that

> could have caused it.

>

 

Developers usually aren't allowed to debug code, because they write code and

they are pre-determined to believe the code. Debugging is handed over to

people who can think like an analytical archeologist, and unless anything

essential on your system is Open Source - there is no code to look at. If it

is OS then this is not the forum anyway.

> Alternatively recreate the situation debug it and see what happens.

>

 

Wonderfull! They would have to do this on the actual machine - publishing a

memory dump is practically useless for anything other than guess-work,

unless you happen to draw attention to someone who studied a near duplicate

yesterday! In which case it would still contain a lot of guess-work.

> Might be difficult to recreate this problem, or maybe not... time will

tell.

>

 

If for nothing else - it will depend on how much learning you pick up from

the event. If you don't care - nobody else will, too.

 

 

Tony. . .

[Guest Homer J. Simpson]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

It's not the job of anyone *here* either to hunt down bugs you're seeing on

your system. Besides, what do you expect any of *us* here to do about them?

Nobody here has the source or can release a hotfix.

 

Submit your dumps to MS. If it's somebody's job at all to look after these

submissions, they won't claim they don't have time or inclination. It's not

up to the individual developers at MS to make those kind of decisions.

[Guest Don Burn]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

 

"Skybuck Flying" <spam@hotmail.com> wrote in message

news:fb1dtu$ddm$1@news6.zwoll1.ov.home.nl...

> What if they don't have the time for it, or are not interested ?

>

> When they get fired at least somebody else can continue thanks to these

> posts in history ! :)

>

 

Sorry, but this is not how it works. You can submit the dumps to

Microsoft, IIRC the cost is $250 per dump. This is a newsgroup where

people try to help one another, but not do their work.

 

 

--

Don Burn (MVP, Windows DDK)

Windows 2k/XP/2k3 Filesystem and Driver Consulting

Website: http://www.windrvr.com

Blog: http://msmvps.com/blogs/WinDrvr

Remove StopSpam to reply

[Guest Skybuck Flying]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

Very strange,

 

This is a newsgroup hosted by microsoft ?

 

Bye,

Skybuck.

[Guest Jud Hendrix]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

On Wed, 29 Aug 2007 20:39:19 +0200, "Skybuck Flying" <spam@hotmail.com>

wrote:

>Very strange,

>

>This is a newsgroup hosted by microsoft ?

 

Yes, more or less so, but maybe not the right place

(microsoft.public.windows.64bit) to get a specific answer to your problem.

That's why I suggested to go to Delphi, if you think it's a Delphi problem.

They have a Knowledge Base, newsgroups on Usetnet etc etc. The

concentration of specialists which can help you, is much higher there,

that's what I'm on about :-)

 

jud

[Guest J de Boyne Pollard]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

SF> This is a newsgroup hosted by microsoft ?

 

This is a newsgroup hosted by anyone who decides to carry it in xyr

news spool.

[Guest R. C. White]

Re: Short Crash Analysis...

 

Re: Short Crash Analysis...

 

Hi, Skybuck.

 

"Hosted" is the key word. Microsoft just makes it easy (possible?) for us

users to communicate with each other. With rare exceptions, Softies don't

hang out in these newsgroups, or do so quietly on their own time. Unless

you see something like [MS] or [MSFT] in their Sig, they probably are not

posting in any official capacity. MVPs are NOT Microsoft employees; we are

just volunteers who enjoy helping when we can.

 

It's just us, talking among ourselves, trying to help each other. Like

reminding each other when it is time to contact the official Tech Support

staff, who ARE paid to help us solve problems with Microsoft products.

 

RC

--

R. C. White, CPA

San Marcos, TX

rc@grandecom.net

Microsoft Windows MVP

(Running Windows Live Mail beta in Vista Ultimate x64)

 

"Skybuck Flying" <spam@hotmail.com> wrote in message

news:fb4jb4$bsc$1@news4.zwoll1.ov.home.nl...

> Very strange,

>

> This is a newsgroup hosted by microsoft ?

>

> Bye,

> Skybuck.

[Guest Tiletron]

Re: Minidumps available !

 

I am experiencing a similar error, but the crash occurs whenever various,

unconnected folders crash the Windows Explorer. I have just recently

installed an upgrade to Windows Vista Business and this was not occuring

before then.

 

"Skybuck Flying" wrote:

> Make that 28 !

>

> System just crashed again while using internet explorer and surfing to the

> weblog of the guy that wrote the themed delphi stuff ?!

>

> The irony ?! Coincendence ?! or this guy one serious bug !? :) Me think

> coincedence ! ;)

>

> Latest crash analysis:

>

> Microsoft ® Windows Debugger Version 6.6.0007.5

> Copyright © Microsoft Corporation. All rights reserved.

>

>

> Loading Dump File [C:\WINDOWS\Minidump\Mini082707-02.dmp]

> Mini Kernel Dump File: Only registers and stack trace are available

>

> Symbol search path is:

> SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols

> Executable search path is:

> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free

> x64

> Product: WinNt, suite: TerminalServer SingleUserTS

> Built by: 3790.srv03_sp2_rtm.070216-1710

> Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100

> Debug session time: Mon Aug 27 17:39:39.484 2007 (GMT+2)

> System Uptime: 0 days 2:21:02.411

> Loading Kernel Symbols

> ............................................................................................................................................

> Loading User Symbols

> Loading unloaded module list

> ...................................................

> *******************************************************************************

> *

> *

> * Bugcheck Analysis

> *

> *

> *

> *******************************************************************************

>

> Use !analyze -v to get detailed debugging information.

>

> BugCheck 1000007E, {ffffffffc0000005, fffff80001011ebd, fffffadfc9086a90,

> fffffadfc90864a0}

>

> Probably caused by : ntkrnlmp.exe ( nt!CmpDelayCloseWorker+494 )

>

> Followup: MachineOwner

> ---------

>

> 1: kd> !analyze -v

> *******************************************************************************

> *

> *

> * Bugcheck Analysis

> *

> *

> *

> *******************************************************************************

>

> SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

> This is a very common bugcheck. Usually the exception address pinpoints

> the driver/function that caused the problem. Always note this address

> as well as the link date of the driver/image that contains this address.

> Some common problems are exception code 0x80000003. This means a hard

> coded breakpoint or assertion was hit, but this system was booted

> /NODEBUG. This is not supposed to happen as developers should never have

> hardcoded breakpoints in retail code, but ...

> If this happens, make sure a debugger gets connected, and the

> system is booted /DEBUG. This will let us see why this breakpoint is

> happening.

> Arguments:

> Arg1: ffffffffc0000005, The exception code that was not handled

> Arg2: fffff80001011ebd, The address that the exception occurred at

> Arg3: fffffadfc9086a90, Exception Record Address

> Arg4: fffffadfc90864a0, Context Record Address

>

> Debugging Details:

> ------------------

>

>

> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"

> referenced memory at "0x%08lx". The memory could not be "%s".

>

> FAULTING_IP:

> nt!CmpDelayCloseWorker+494

> fffff800`01011ebd 488b4008 mov rax,qword ptr [rax+8]

>

> EXCEPTION_RECORD: fffffadfc9086a90 -- (.exr fffffadfc9086a90)

> ExceptionAddress: fffff80001011ebd

> (nt!CmpDelayCloseWorker+0x0000000000000494)

> ExceptionCode: c0000005 (Access violation)

> ExceptionFlags: 00000000

> NumberParameters: 2

> Parameter[0]: 0000000000000000

> Parameter[1]: 0000000000000008

> Attempt to read from address 0000000000000008

>

> CONTEXT: fffffadfc90864a0 -- (.cxr fffffadfc90864a0)

> rax=0000000000000000 rbx=fffffa8003281c68 rcx=000000000000132f

> rdx=0000000000000008 rsi=00000000ffffffff rdi=fffffa80028bd588

> rip=fffff80001011ebd rsp=fffffadfc9086cb0 rbp=fffffa800412b920

> r8=00000000da81d47a r9=fffffa80028bd590 r10=0000000000000000

> r11=00000000000007ff r12=000000000000132f r13=00000000000001c1

> r14=0000000000000000 r15=0000000000000001

> iopl=0 nv up ei pl nz na pe cy

> cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b

> efl=00010203

> nt!CmpDelayCloseWorker+0x494:

> fffff800`01011ebd 488b4008 mov rax,qword ptr [rax+8]

> ds:002b:00000000`00000008=0000000000000000

> Resetting default scope

>

> CUSTOMER_CRASH_COUNT: 2

>

> CURRENT_IRQL: 0

>

> ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced

> memory at "0x%08lx". The memory could not be "%s".

>

> READ_ADDRESS: 0000000000000008

>

> BUGCHECK_STR: 0x7E

>

> DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

>

> EXCEPTION_STR: 0x0

>

> LAST_CONTROL_TRANSFER: from fffff8000103768a to fffff80001011ebd

>

> STACK_TEXT:

> fffffadf`c9086cb0 fffff800`0103768a : 00000000`00000000 fffff800`011defe0

> fffff800`01012070 fffffadf`cecd3bf0 : nt!CmpDelayCloseWorker+0x494

> fffffadf`c9086d00 fffff800`0124b972 : fffffadf`cecd3bf0 00000000`00000080

> fffffadf`cecd3bf0 fffffadf`c8c83680 : nt!ExpWorkerThread+0x13b

> fffffadf`c9086d70 fffff800`010202d6 : fffffadf`c8c7b180 fffffadf`cecd3bf0

> fffffadf`c8c83680 fffff800`011b5dc0 : nt!PspSystemThreadStartup+0x3e

> fffffadf`c9086dd0 00000000`00000000 : 00000000`00000000 00000000`00000000

> 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16

>

>

> FOLLOWUP_IP:

> nt!CmpDelayCloseWorker+494

> fffff800`01011ebd 488b4008 mov rax,qword ptr [rax+8]

>

> SYMBOL_STACK_INDEX: 0

>

> FOLLOWUP_NAME: MachineOwner

>

> MODULE_NAME: nt

>

> IMAGE_NAME: ntkrnlmp.exe

>

> DEBUG_FLR_IMAGE_TIMESTAMP: 45d69ab4

>

> SYMBOL_NAME: nt!CmpDelayCloseWorker+494

>

> STACK_COMMAND: .cxr 0xfffffadfc90864a0 ; kb

>

> FAILURE_BUCKET_ID: X64_0x7E_nt!CmpDelayCloseWorker+494

>

> BUCKET_ID: X64_0x7E_nt!CmpDelayCloseWorker+494

>

> Followup: MachineOwner

> ---------

>

> 1: kd> ml

> *** WARNING: Unable to verify timestamp for nv4_disp.dll

> *** ERROR: Module load completed but symbols could not be loaded for

> nv4_disp.dll

> *** WARNING: Unable to verify timestamp for CTEDSPSY.DLL

> *** ERROR: Module load completed but symbols could not be loaded for

> CTEDSPSY.DLL

> *** WARNING: Unable to verify timestamp for dump_nvata64.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> dump_nvata64.sys

> *** WARNING: Unable to verify timestamp for vmm.sys

> *** ERROR: Module load completed but symbols could not be loaded for vmm.sys

> *** WARNING: Unable to verify timestamp for kl1.sys

> *** ERROR: Module load completed but symbols could not be loaded for kl1.sys

> *** WARNING: Unable to verify timestamp for klif.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> klif.sys

> *** WARNING: Unable to verify timestamp for CTEXFIFX.DLL

> *** ERROR: Module load completed but symbols could not be loaded for

> CTEXFIFX.DLL

> *** WARNING: Unable to verify timestamp for CT20XUT.DLL

> *** ERROR: Module load completed but symbols could not be loaded for

> CT20XUT.DLL

> *** WARNING: Unable to verify timestamp for ctac32k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ctac32k.sys

> *** WARNING: Unable to verify timestamp for ctsfm2k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ctsfm2k.sys

> *** WARNING: Unable to verify timestamp for emupia2k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> emupia2k.sys

> *** WARNING: Unable to verify timestamp for ha20x2k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ha20x2k.sys

> *** WARNING: Unable to verify timestamp for AmdTools64.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> AmdTools64.sys

> *** WARNING: Unable to verify timestamp for usbccgp.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> usbccgp.sys

> *** WARNING: Unable to verify timestamp for dtscsi.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> dtscsi.sys

> *** WARNING: Unable to verify timestamp for NVSNPU.SYS

> *** ERROR: Module load completed but symbols could not be loaded for

> NVSNPU.SYS

> *** WARNING: Unable to verify timestamp for NVNRM.SYS

> *** ERROR: Module load completed but symbols could not be loaded for

> NVNRM.SYS

> *** WARNING: Unable to verify timestamp for ctoss2k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ctoss2k.sys

> *** WARNING: Unable to verify timestamp for ctaud2k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ctaud2k.sys

> *** WARNING: Unable to verify timestamp for nv4_mini.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> nv4_mini.sys

> *** WARNING: Unable to verify timestamp for yk51x64.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> yk51x64.sys

> *** WARNING: Unable to verify timestamp for speedfan.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> speedfan.sys

> *** WARNING: Unable to verify timestamp for nvata64.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> nvata64.sys

> *** WARNING: Unable to verify timestamp for SI3132.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> SI3132.sys

> *** WARNING: Unable to verify timestamp for Si3132r5.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> Si3132r5.sys

> *** WARNING: Unable to verify timestamp for SPTD2221.SYS

> *** ERROR: Module load completed but symbols could not be loaded for

> SPTD2221.SYS

> *** WARNING: Unable to verify timestamp for sptd.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> sptd.sys

> *** WARNING: Unable to verify timestamp for amdk8.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> amdk8.sys

> *** WARNING: Unable to verify timestamp for LHidFilt.Sys

> *** ERROR: Module load completed but symbols could not be loaded for

> LHidFilt.Sys

> *** WARNING: Unable to verify timestamp for LMouFilt.Sys

> *** ERROR: Module load completed but symbols could not be loaded for

> LMouFilt.Sys

> *** WARNING: Unable to verify timestamp for SiWinAcc.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> SiWinAcc.sys

> *** WARNING: Unable to verify timestamp for ptilink.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ptilink.sys

> *** WARNING: Unable to verify timestamp for NVENETFD.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> NVENETFD.sys

> *** WARNING: Unable to verify timestamp for nvnetbus.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> nvnetbus.sys

> *** WARNING: Unable to verify timestamp for klim5.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> klim5.sys

> *** WARNING: Unable to verify timestamp for SiRemFil.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> SiRemFil.sys

> *** WARNING: Unable to verify timestamp for CdaC15BA.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> CdaC15BA.sys

> *** WARNING: Unable to verify timestamp for secdrv.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> secdrv.sys

> *** WARNING: Unable to verify timestamp for CdaD10BA.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> CdaD10BA.sys

> *** WARNING: Unable to verify timestamp for ctprxy2k.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ctprxy2k.sys

> *** WARNING: Unable to verify timestamp for ASACPI.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> ASACPI.sys

> *** WARNING: Unable to verify timestamp for FileDisk.SYS

> *** ERROR: Module load completed but symbols could not be loaded for

> FileDisk.SYS

> *** WARNING: Unable to verify timestamp for AmdAcpi.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> AmdAcpi.sys

> *** WARNING: Unable to verify timestamp for PxHlpa64.sys

> *** ERROR: Module load completed but symbols could not be loaded for

> PxHlpa64.sys

> *** WARNING: Unable to verify timestamp for AsIO.sys

> *** ERROR: Module load completed but symbols could not be loaded for

[Guest Tiletron]

Re: Minidumps available !

 

Opened log file 'c:\debuglog.txt'

 

Microsoft ® Windows Debugger Version 6.7.0005.1

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Complete Dump File: Full address space is available

 

************************************************************

WARNING: Dump file has been truncated. Data may be missing.

************************************************************

Symbol search path is:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

C:\Windows;C:\Windows\system32;C:\Windows\system32\drivers

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

Unable to read PsLoadedModuleList

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

KdDebuggerData.KernBase < SystemRangeStart

Windows XP Kernel Version 2600 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x00000000 PsLoadedModuleList = 0x8055c700

Debug session time: Tue Sep 18 06:34:07.937 2007 (GMT+1)

System Uptime: 0 days 2:59:32.620

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

Unable to read PsLoadedModuleList

**************************************************************************

THIS DUMP FILE IS PARTIALLY CORRUPT.

KdDebuggerDataBlock is not present or unreadable.

**************************************************************************

KdDebuggerData.KernBase < SystemRangeStart

Loading Kernel Symbols

Unable to read PsLoadedModuleList

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

CS descriptor lookup failed

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get program counter

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 8E, {c0000005, 804ef15f, acfe6b54, 0}

 

***** Debugger could not find nt in module list, module list might be

corrupt, error 0x80070057.

 

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to read selector for PCR for processor 0

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

 

Followup: MachineOwner

---------

 

?: kd> !analyze -v;r;kv;lmtn;.logclose;q

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get program counter

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: 804ef15f, The address that the exception occurred at

Arg3: acfe6b54, Trap Frame

Arg4: 00000000

 

Debugging Details:

------------------

 

***** Debugger could not find nt in module list, module list might be

corrupt, error 0x80070057.

 

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to read selector for PCR for processor 0

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx

referenced memory at 0x%08lx. The memory could not be %s.

 

FAULTING_IP:

+ffffffff804ef15f

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

804ef15f ?? ???

 

TRAP_FRAME: acfe6b54 -- (.trap 0xffffffffacfe6b54)

..trap 0xffffffffacfe6b54

Unable to read trap frame at acfe6b54

..trap

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

BUGCHECK_STR: 0x8E

 

STACK_TEXT:

GetContextState failed, 0x80004002

Unable to get current machine context, HRESULT 0x80004002

 

 

STACK_COMMAND: kb

 

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: Unknown_Module

 

IMAGE_NAME: Unknown_Image

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

BUCKET_ID: CORRUPT_MODULELIST

 

Followup: MachineOwner

---------

 

GetContextState failed, 0x80004002

GetContextState failed, 0x80004002

^ Unable to get program counter '!analyze

-v;r;kv;lmtn;.logclose;q'