Guest Rich Posted June 11, 2008 Posted June 11, 2008 I used the WinDbg program which i just read about to analyze a memory.dmp file. when i had it do the analyze part, i got the following. so is this telling me that DKService.exe, DisKeeper's auto defragmentation, made my server crash?? 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 0019033d Arg2: ba63125c Arg3: ba630f58 Arg4: 8089bce3 Debugging Details: ------------------ Page e40f5 not present in the dump file. Type ".hh dbgerr004" for details Page e4061 not present in the dump file. Type ".hh dbgerr004" for details PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details OVERLAPPED_MODULE: Address regions for 'clusnet' and 'wlbs.sys' overlap EXCEPTION_RECORD: ba63125c -- (.exr 0xffffffffba63125c) ExceptionAddress: 8089bce3 (nt!ExAllocatePoolWithTag+0x0000083f) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00460060 Attempt to write to address 00460060 CONTEXT: ba630f58 -- (.cxr 0xffffffffba630f58) eax=0046005c ebx=8abb4060 ecx=8abb7130 edx=0000000d esi=8abb4100 edi=e2781210 eip=8089bce3 esp=ba631324 ebp=ba631360 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 nt!ExAllocatePoolWithTag+0x83f: 8089bce3 897004 mov dword ptr [eax+4],esi ds:0023:00460060=???????? Resetting default scope DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: DkService.exe CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". WRITE_ADDRESS: 00460060 BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from f71a61c6 to 8089bce3 STACK_TEXT: ba631360 f71a61c6 00000001 00000000 2073664c nt!ExAllocatePoolWithTag+0x83f ba63137c f71aa7c5 e122de98 ba6313c0 e122de98 Ntfs!LfsAllocateLbcb+0x3e ba6313e0 f71aa933 e122de98 e1c70000 00000030 Ntfs!LfsGetLbcb+0x24 ba6313f4 f71a9ce4 e122de98 00000028 e1c70000 Ntfs!LfsPrepareLfcbForLogRecord+0x4a ba631444 f71aa6f7 e122de98 e1c71420 00000002 Ntfs!LfsWriteLogRecordIntoLogPage+0x5c ba631520 f71aa1ba e1c71420 00000002 ba6315f0 Ntfs!LfsWrite+0x305 ba6316b0 f71aeb99 8990f670 8a3d1238 8a8542f0 Ntfs!NtfsWriteLog+0x75e ba631744 f71aedbd 8990f670 89abc100 0077a4ee Ntfs!NtfsAllocateBitmapRun+0xfa ba631880 f71b5f57 8990f670 89abc100 e27750d0 Ntfs!NtfsAllocateClusters+0x9fd ba63191c f71d6e85 8990f670 e27750d0 00263669 Ntfs!NtfsReallocateRange+0x17e ba631b08 f718dac1 8990f670 8966b570 ba631b4c Ntfs!NtfsDefragFile+0xaec ba631b1c f71a3b94 8990f670 8966b570 ba631b4c Ntfs!NtfsUserFsRequest+0x198 ba631b30 f71a3b54 8990f670 8966b570 89ac64a8 Ntfs!NtfsCommonFileSystemControl+0x44 ba631ba4 80840153 89abc020 8966b570 8966b570 Ntfs!NtfsFsdFileSystemControl+0x124 ba631bb8 f722e6c1 8a6fdad8 8966b570 8ab056e0 nt!IofCallDriver+0x45 ba631be4 80840153 89ac64a8 8966b570 00000000 fltmgr!FltpFsControl+0xd7 ba631bf8 b933297e 8966b570 8a6fdad8 8966b570 nt!IofCallDriver+0x45 WARNING: Stack unwind information not available. Following frames may be wrong. ba631c28 b932c940 8a7e7128 8966b570 8a64a488 naiavf5x+0x897e ba631c3c 80840153 89ba24e8 8966b570 8a7e7128 naiavf5x+0x2940 ba631c50 8092b50f 8966b76c 8a7e7128 8966b570 nt!IofCallDriver+0x45 ba631c64 8092b444 89ba24e8 8966b570 8a7e7128 nt!IopSynchronousServiceTail+0x10b ba631d00 80938997 00000518 00000000 00000000 nt!IopXxxControlFile+0x60f ba631d34 80833bdf 00000518 00000000 00000000 nt!NtFsControlFile+0x2a ba631d34 7c8285ec 00000518 00000000 00000000 nt!KiFastCallEntry+0xfc 03f1fd58 00000000 00000000 00000000 00000000 0x7c8285ec FOLLOWUP_IP: Ntfs!LfsAllocateLbcb+3e f71a61c6 8bd0 mov edx,eax SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: Ntfs!LfsAllocateLbcb+3e FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a04b STACK_COMMAND: .cxr 0xffffffffba630f58 ; kb FAILURE_BUCKET_ID: 0x24_Ntfs!LfsAllocateLbcb+3e BUCKET_ID: 0x24_Ntfs!LfsAllocateLbcb+3e Followup: MachineOwner ---------
Recommended Posts