New Posts  All Forums:Forum Nav:

help reading dump files - Page 2

post #11 of 17
Thread Starter 
thanks i will keep in touch thumb.gif
phantom
(11 items)
 
  
Reply
phantom
(11 items)
 
  
Reply
post #12 of 17
Quote:
Originally Posted by phileps View Post

thanks i will keep in touch thumb.gif

Well...? rolleyes.gif
post #13 of 17
Thread Starter 
had one bsod today... mad.gif i thought we solved my case...

can you read it please?

073013-11793-01.zip 23k .zip file

thanks mate
phantom
(11 items)
 
  
Reply
phantom
(11 items)
 
  
Reply
post #14 of 17
Quote:
Originally Posted by phileps View Post

had one bsod today... mad.gif i thought we solved my case...

can you read it please?

073013-11793-01.zip 23k .zip file

thanks mate

It's a !driver (Click to show)
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, A page table page has been corrupted. On a 64 bit OS, parameter 2
contains the address of the PFN for the corrupted page table page.
On a 32 bit OS, parameter 2 contains a pointer to the number of used
PTEs, and parameter 3 contains the number of used PTEs.
Arg2: fffffa8003a02f00
Arg3: 000000000000ffff
Arg4: 0000000000000000

Here we can see the error (red) which is nicely explained to us by Windbg.

Now what do wee do with it? (Click to show)
fffff880`0a372958 fffff800`030f8b10 : 00000000`0000001a 00000000`00041790 fffffa80`03a02f00 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0a372960 fffff800`03072c2f : fffffa80`00000000 00000000`258cffff 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x34f24
fffff880`0a372b20 fffff800`03084913 : ffffffff`ffffffff 00000000`0420f578 00000000`0420f570 00000000`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`0a372c20 00000000`76e2123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0420f538 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e2123a


Here we can see that we had some activity in Virtual Memory being freed (green).
By looking at argument 3, 000000000000ffff, we can see that some driver has called an unlock of a page.


dt nt!_MMPFN (Click to show)
0: kd> dt nt!_MMPFN fffffa8003a02f00
+0x000 u1 :
+0x008 u2 :
+0x010 PteAddress : 0xfffff6fb`400005b8 _MMPTE
+0x010 VolatilePteAddress : 0xfffff6fb`400005b8 Void
+0x010 Lock : 0n1073743288
+0x010 PteLong : 0xfffff6fb`400005b8
+0x018 u3 :
+0x01c UsedPageTableEntries : 0xffff
+0x01e VaType : 0 ''
+0x01f ViewCount : 0 ''
+0x020 OriginalPte : _MMPTE
+0x020 AweReferenceCount : 0n128
+0x028 u4 :


By running "dt nt!_MMPFN [Arg3]" we get a confirmation





Now I would use Driver Verifier, let me quote Patrick a.k.a pjBSOD
He simply posted it with great success:

DV to the rescue! (Click to show)
Quote:
What is Driver Verifier?
Driver Verifier is included in Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver by flagging it and causing your system to BSOD.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7)
- Concurrentcy Stress Test (Windows 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:
- Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
- Restart and boot into normal Windows.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 36-48 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?
They will be located in C:\Windows\Minidump
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617


Post back with the new bugcheck when it occurs.
post #15 of 17
Thread Starter 
thank you very much again but what driver am i loking for?
phantom
(11 items)
 
  
Reply
phantom
(11 items)
 
  
Reply
post #16 of 17
Quote:
Originally Posted by phileps View Post

thank you very much again but what driver am i loking for?

just follow the tutorial I've qouted; DV to the rescue! (above).
post #17 of 17
Thread Starter 
Thank you very much wink.gif
phantom
(11 items)
 
  
Reply
phantom
(11 items)
 
  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Crash Analysis and Debugging