Jump to content

Minidump analysis

Guest Gary Roach

By Guest Gary Roach
in Windows XP

 Share

Recommended Posts

Guest Gary Roach

Guest Gary Roach

Posted
Posted

I've got a computer running XP Home SP2 that crashes intermittently. I've

used the Window debugging tools to analyze the minidump file. It indicates a

problem in the win32k module. I'm wondering if any more information can be

obtained. Here's the !analyze -v output. Thanks for any help.

 

 

Microsoft ® Windows Debugger Version 6.9.0003.113 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [c:\windows\minidump\Mini053008-02.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is: c:\windows\i386

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Built by: 2600.xpsp_sp2_gdr.070227-2254

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620

Debug session time: Fri May 30 21:36:44.343 2008 (GMT-4)

System Uptime: 0 days 0:11:31.920

Loading Kernel Symbols

...............................................................................................................................................

Loading User Symbols

Loading unloaded module list

..............................

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 1000008E, {c0000005, bf8055c5, eddae744, 0}

 

Probably caused by : memory_corruption

 

Followup: memory_corruption

---------

 

kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: bf8055c5, The address that the exception occurred at

Arg3: eddae744, Trap Frame

Arg4: 00000000

 

Debugging Details:

------------------

 

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"

referenced memory at "0x%08lx". The memory could not be "%s".

 

FAULTING_IP:

win32k!DC::vUpdate_VisRect+99

bf8055c5 8020fb and byte ptr [eax],0FBh

 

TRAP_FRAME: eddae744 -- (.trap 0xffffffffeddae744)

ErrCode = 00000002

eax=5600299b ebx=e1108008 ecx=55ff8b90 edx=00000000 esi=eddae7d4

edi=023f0cb0

eip=bd8055c5 esp=eddae7b8 ebp=eddae7d4 iopl=0 nv up ei pl nz na pe

nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000

efl=00010206

bd8055c5 ?? ???

Resetting default scope

 

CUSTOMER_CRASH_COUNT: 2

 

DEFAULT_BUCKET_ID: CODE_CORRUPTION

 

BUGCHECK_STR: 0x8E

 

PROCESS_NAME: RegistryPatrol.

 

LAST_CONTROL_TRANSFER: from e1108418 to bd8055c5

 

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

eddae7b4 e1108418 e1108008 00000001 00000014 0xbd8055c5

eddae7d4 bf805e73 e01460d8 eddae85c 550109e0 0xe1108418

eddae814 bf804727 00000000 00000000 eddae854 win32k!DC::bCompute+0x23d

eddae824 bf8066b6 eddae85c eddae8c8 bc6d56c0 win32k!DEVLOCKOBJ::bLock+0x79

eddae854 bf8155f0 e1108008 eddae8d0 00000001 win32k!GreGetClipBox+0x2e

eddae878 bd81599d bc6d56c0 550109e0 eddae8d0

win32k!UT_GetParentDCClipBox+0x15

eddae89c bf815a84 00000002 eddae8c8 eddae934 0xbd81599d

eddae924 804de7ec 000203ec 0012f134 0012f1b4 win32k!NtUserBeginPaint+0x53

eddae924 7c90eb94 000203ec 0012f134 0012f1b4 nt!KiFastCallEntry+0xf8

0012f1b4 00000000 00000000 00000000 00000000 0x7c90eb94

 

 

STACK_COMMAND: .bugcheck ; kb

 

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt

80566020-8056603b 28 bytes - nt!CmpUnlockRegistry+8

[ be 60 73 55 80 0f 85 9c:06 00 70 00 00 00 00 00 ]

8056603d-80566056 26 bytes - nt!CmpUnlockRegistry+42 (+0x1d)

[ 00 5e 75 0b 8d 48 34 39:a0 da ed 00 f0 fd 7f 00 ]

80566058-8056606a 19 bytes - nt!RtlUpcaseUnicodeString+6 (+0x1b)

[ 7d 10 00 56 8b 75 0c 66:54 60 56 82 5c 60 56 80 ]

8056606c-8056606e 3 bytes - nt!RtlUpcaseUnicodeString+35 (+0x14)

[ 66 3b 47:c7 10 02 ]

80566070-80566074 5 bytes - nt!RtlUpcaseUnicodeString+39 (+0x04)

[ 0f 87 e4 70 09:00 00 00 00 00 ]

80566076-80566079 4 bytes - nt!RtlUpcaseUnicodeString+45 (+0x06)

[ 0f b7 16 6a:00 00 00 01 ]

8056607b-805660c0 70 bytes - nt!RtlUpcaseUnicodeString+4a (+0x05)

[ d1 ea 59 89 55 08 89 4d:04 d8 60 56 80 00 00 00 ]

805660c2-805660cd 12 bytes - nt!RtlUpcaseUnicodeString+ad (+0x47)

[ 0f b7 c0 eb dd 3b d0 0f:00 00 00 00 00 00 20 60 ]

805660cf-805660fe 48 bytes - nt!NtWaitForMultipleObjects+6a (+0x0d)

[ 8b 0a 89 4d b0 8b 52 04:00 00 00 00 00 00 00 00 ]

80566100-80566106 7 bytes - nt!ObReferenceObjectByHandle+37 (+0x31)

[ 8b 76 44 8b 8e a4 01:40 96 55 80 00 00 00 ]

80566109-80566114 12 bytes - nt!ObReferenceObjectByHandle+40 (+0x09)

[ 8b c1 f7 d0 85 45 0c 0f:00 00 00 00 00 00 00 08 ]

80566116-80566125 16 bytes - nt!ObReferenceObjectByHandle+4f (+0x0d)

[ 8b 45 1c 3b c3 8d 56 e8:00 00 d8 60 56 82 d8 60 ]

80566127-80566132 12 bytes - nt!ObReferenceObjectByHandle+61 (+0x11)

[ 80 3d 50 2f 55 80 00 0f:00 28 31 58 82 10 2a 56 ]

80566134-80566135 2 bytes - nt!ObReferenceObjectByHandle+72 (+0x0d)

[ b8 01:00 00 ]

80566139-80566180 72 bytes - nt!ObReferenceObjectByHandle+77 (+0x05)

[ 8b 4d fc 0f c1 01 89 37:00 00 00 00 00 00 00 01 ]

80566183-8056618e 12 bytes - nt!ObReferenceObjectByHandle+d4 (+0x4a)

[ 80 3d 50 2f 55 80 00 0f:00 00 00 01 00 00 f0 da ]

80566190-80566191 2 bytes - nt!ObReferenceObjectByHandle+e5 (+0x0d)

[ b8 01:00 00 ]

80566194-805661b2 31 bytes - nt!ObReferenceObjectByHandle+e9 (+0x04)

[ 00 8b 4d fc 0f c1 01 eb:20 60 56 80 54 60 56 82 ]

805661b6-805661b9 4 bytes - nt!RtlpUnlockAtomTable+14 (+0x22)

[ 8b 4d 08 ba:00 00 00 00 ]

805661bc - nt!RtlpUnlockAtomTable+1a (+0x06)

[ 00:05 ]

805661be-805661cd 16 bytes - nt!RtlpUnlockAtomTable+1c (+0x02)

[ 0f b1 11 83 f8 02 0f 85:05 00 00 00 00 00 c4 61 ]

805661d0-805661da 11 bytes - nt!RtlpUnlockAtomTable+31 (+0x12)

[ ff 80 d4 00 00 00 5e 0f:58 cf 66 82 40 07 54 82 ]

805661dd-80566200 36 bytes - nt!RtlpUnlockAtomTable+4d (+0x0d)

[ 5d c2 04 00 90 90 90 90:00 00 00 b0 ee ec dc eb ]

80566202-8056620d 12 bytes - nt!RtlpLockAtomTable+14 (+0x25)

[ 56 64 a1 24 01 00 00 ff:00 00 04 62 56 82 04 62 ]

8056620f-80566210 2 bytes - nt!RtlpLockAtomTable+21 (+0x0d)

[ 8d 71:00 3c ]

80566212-80566216 5 bytes - nt!RtlpLockAtomTable+24 (+0x03)

[ 89 75 08 b8 00:00 00 05 00 05 ]

8056621a-80566267 78 bytes - nt!RtlpLockAtomTable+2c (+0x08)

[ 8b 4d 08 ba 02 00 00 00:00 00 1c 62 56 82 1c 62 ]

80566269-8056627c 20 bytes - nt!RtlpAtomMapAtomToHandleEntry+2d (+0x4f)

[ 33 c0 eb f7 90 90 90 90:00 00 00 00 00 00 00 00 ]

8056627e-8056627f 2 bytes - nt!NtRemoveIoCompletion+c (+0x15)

[ 33 f6:ff 7f ]

568 errors : !nt (80566020-8056627f)

 

MODULE_NAME: memory_corruption

 

IMAGE_NAME: memory_corruption

 

FOLLOWUP_NAME: memory_corruption

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

MEMORY_CORRUPTOR: LARGE

 

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE

 

BUCKET_ID: MEMORY_CORRUPTION_LARGE

 

Followup: memory_corruption

---------

 

kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: bf8055c5, The address that the exception occurred at

Arg3: eddae744, Trap Frame

Arg4: 00000000

 

Debugging Details:

------------------

 

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"

referenced memory at "0x%08lx". The memory could not be "%s".

 

FAULTING_IP:

win32k!DC::vUpdate_VisRect+99

bf8055c5 8020fb and byte ptr [eax],0FBh

 

TRAP_FRAME: eddae744 -- (.trap 0xffffffffeddae744)

ErrCode = 00000002

eax=5600299b ebx=e1108008 ecx=55ff8b90 edx=00000000 esi=eddae7d4

edi=023f0cb0

eip=bd8055c5 esp=eddae7b8 ebp=eddae7d4 iopl=0 nv up ei pl nz na pe

nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000

efl=00010206

bd8055c5 ?? ???

Resetting default scope

 

CUSTOMER_CRASH_COUNT: 2

 

DEFAULT_BUCKET_ID: CODE_CORRUPTION

 

BUGCHECK_STR: 0x8E

 

PROCESS_NAME: RegistryPatrol.

 

LAST_CONTROL_TRANSFER: from e1108418 to bd8055c5

 

STACK_TEXT:

WARNING: Frame IP not in any known module. Following frames may be wrong.

eddae7b4 e1108418 e1108008 00000001 00000014 0xbd8055c5

eddae7d4 bf805e73 e01460d8 eddae85c 550109e0 0xe1108418

eddae814 bf804727 00000000 00000000 eddae854 win32k!DC::bCompute+0x23d

eddae824 bf8066b6 eddae85c eddae8c8 bc6d56c0 win32k!DEVLOCKOBJ::bLock+0x79

eddae854 bf8155f0 e1108008 eddae8d0 00000001 win32k!GreGetClipBox+0x2e

eddae878 bd81599d bc6d56c0 550109e0 eddae8d0

win32k!UT_GetParentDCClipBox+0x15

eddae89c bf815a84 00000002 eddae8c8 eddae934 0xbd81599d

eddae924 804de7ec 000203ec 0012f134 0012f1b4 win32k!NtUserBeginPaint+0x53

eddae924 7c90eb94 000203ec 0012f134 0012f1b4 nt!KiFastCallEntry+0xf8

0012f1b4 00000000 00000000 00000000 00000000 0x7c90eb94

 

 

STACK_COMMAND: .bugcheck ; kb

 

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt

80566020-8056603b 28 bytes - nt!CmpUnlockRegistry+8

[ be 60 73 55 80 0f 85 9c:06 00 70 00 00 00 00 00 ]

8056603d-80566056 26 bytes - nt!CmpUnlockRegistry+42 (+0x1d)

[ 00 5e 75 0b 8d 48 34 39:a0 da ed 00 f0 fd 7f 00 ]

80566058-8056606a 19 bytes - nt!RtlUpcaseUnicodeString+6 (+0x1b)

[ 7d 10 00 56 8b 75 0c 66:54 60 56 82 5c 60 56 80 ]

8056606c-8056606e 3 bytes - nt!RtlUpcaseUnicodeString+35 (+0x14)

[ 66 3b 47:c7 10 02 ]

80566070-80566074 5 bytes - nt!RtlUpcaseUnicodeString+39 (+0x04)

[ 0f 87 e4 70 09:00 00 00 00 00 ]

80566076-80566079 4 bytes - nt!RtlUpcaseUnicodeString+45 (+0x06)

[ 0f b7 16 6a:00 00 00 01 ]

8056607b-805660c0 70 bytes - nt!RtlUpcaseUnicodeString+4a (+0x05)

[ d1 ea 59 89 55 08 89 4d:04 d8 60 56 80 00 00 00 ]

805660c2-805660cd 12 bytes - nt!RtlUpcaseUnicodeString+ad (+0x47)

[ 0f b7 c0 eb dd 3b d0 0f:00 00 00 00 00 00 20 60 ]

805660cf-805660fe 48 bytes - nt!NtWaitForMultipleObjects+6a (+0x0d)

[ 8b 0a 89 4d b0 8b 52 04:00 00 00 00 00 00 00 00 ]

80566100-80566106 7 bytes - nt!ObReferenceObjectByHandle+37 (+0x31)

[ 8b 76 44 8b 8e a4 01:40 96 55 80 00 00 00 ]

80566109-80566114 12 bytes - nt!ObReferenceObjectByHandle+40 (+0x09)

[ 8b c1 f7 d0 85 45 0c 0f:00 00 00 00 00 00 00 08 ]

80566116-80566125 16 bytes - nt!ObReferenceObjectByHandle+4f (+0x0d)

[ 8b 45 1c 3b c3 8d 56 e8:00 00 d8 60 56 82 d8 60 ]

80566127-80566132 12 bytes - nt!ObReferenceObjectByHandle+61 (+0x11)

[ 80 3d 50 2f 55 80 00 0f:00 28 31 58 82 10 2a 56 ]

80566134-80566135 2 bytes - nt!ObReferenceObjectByHandle+72 (+0x0d)

[ b8 01:00 00 ]

80566139-80566180 72 bytes - nt!ObReferenceObjectByHandle+77 (+0x05)

[ 8b 4d fc 0f c1 01 89 37:00 00 00 00 00 00 00 01 ]

80566183-8056618e 12 bytes - nt!ObReferenceObjectByHandle+d4 (+0x4a)

[ 80 3d 50 2f 55 80 00 0f:00 00 00 01 00 00 f0 da ]

80566190-80566191 2 bytes - nt!ObReferenceObjectByHandle+e5 (+0x0d)

[ b8 01:00 00 ]

80566194-805661b2 31 bytes - nt!ObReferenceObjectByHandle+e9 (+0x04)

[ 00 8b 4d fc 0f c1 01 eb:20 60 56 80 54 60 56 82 ]

805661b6-805661b9 4 bytes - nt!RtlpUnlockAtomTable+14 (+0x22)

[ 8b 4d 08 ba:00 00 00 00 ]

805661bc - nt!RtlpUnlockAtomTable+1a (+0x06)

[ 00:05 ]

805661be-805661cd 16 bytes - nt!RtlpUnlockAtomTable+1c (+0x02)

[ 0f b1 11 83 f8 02 0f 85:05 00 00 00 00 00 c4 61 ]

805661d0-805661da 11 bytes - nt!RtlpUnlockAtomTable+31 (+0x12)

[ ff 80 d4 00 00 00 5e 0f:58 cf 66 82 40 07 54 82 ]

805661dd-80566200 36 bytes - nt!RtlpUnlockAtomTable+4d (+0x0d)

[ 5d c2 04 00 90 90 90 90:00 00 00 b0 ee ec dc eb ]

80566202-8056620d 12 bytes - nt!RtlpLockAtomTable+14 (+0x25)

[ 56 64 a1 24 01 00 00 ff:00 00 04 62 56 82 04 62 ]

8056620f-80566210 2 bytes - nt!RtlpLockAtomTable+21 (+0x0d)

[ 8d 71:00 3c ]

80566212-80566216 5 bytes - nt!RtlpLockAtomTable+24 (+0x03)

[ 89 75 08 b8 00:00 00 05 00 05 ]

8056621a-80566267 78 bytes - nt!RtlpLockAtomTable+2c (+0x08)

[ 8b 4d 08 ba 02 00 00 00:00 00 1c 62 56 82 1c 62 ]

80566269-8056627c 20 bytes - nt!RtlpAtomMapAtomToHandleEntry+2d (+0x4f)

[ 33 c0 eb f7 90 90 90 90:00 00 00 00 00 00 00 00 ]

8056627e-8056627f 2 bytes - nt!NtRemoveIoCompletion+c (+0x15)

[ 33 f6:ff 7f ]

568 errors : !nt (80566020-8056627f)

 

MODULE_NAME: memory_corruption

 

IMAGE_NAME: memory_corruption

 

FOLLOWUP_NAME: memory_corruption

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

MEMORY_CORRUPTOR: LARGE

 

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE

 

BUCKET_ID: MEMORY_CORRUPTION_LARGE

 

Followup: memory_corruption

---------

 

 

 

 

--

Gary Roach

ADB Services

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

 Share
Go to topic listing
×
×
  • Create New...