Crash dump error
Min fars pc har de sidste par måneder opført sig underligt, han får ofte sort skærm med en fejl, noget ala crash dump, jeg har kigget på .dmp filerne..... men men men jeg fatter hathåber nogen kan hjælpe, jeg har vedlagt 4 .dmp filer
-----------------------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800b3da798
Arg3: fffff8800b3da000
Arg4: fffff88001508a84
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800b3da798 -- (.exr 0xfffff8800b3da798)
ExceptionAddress: fffff88001508a84 (Ntfs!NtfsFindPrefix+0x0000000000000114)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800b3da000 -- (.cxr 0xfffff8800b3da000)
rax=fffff8a00ef09dd2 rbx=fffef8a00eb9aa08 rcx=0000000000000050
rdx=000000000000004e rsi=fffff8a002dda140 rdi=fffff8a00eb9a3e8
rip=fffff88001508a84 rsp=fffff8800b3da9d0 rbp=fffff8800b3dac60
r8=0000000000000000 r9=fffff8a00eb9a4ac r10=fffff8800b3daa30
r11=fffff8800b3daa10 r12=fffffa800adc9420 r13=0000000000000000
r14=0000000000000000 r15=fffff8800b2ef3c8
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
Ntfs!NtfsFindPrefix+0x114:
fffff880`01508a84 4c8b4bf8 mov r9,qword ptr [rbx-8] ds:002b:fffef8a0`0eb9aa00=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WatAdminSvc.ex
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruktionen ved 0x%08lx refererede hukommelse ved 0x%08lx. Hukommelsen kunne ikke %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen ved 0x%08lx refererede hukommelse ved 0x%08lx. Hukommelsen kunne ikke %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0b0e0
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsFindPrefix+114
fffff880`01508a84 4c8b4bf8 mov r9,qword ptr [rbx-8]
FAULTING_IP:
Ntfs!NtfsFindPrefix+114
fffff880`01508a84 4c8b4bf8 mov r9,qword ptr [rbx-8]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff880014f9f74 to fffff88001508a84
STACK_TEXT:
fffff880`0b3da9d0 fffff880`014f9f74 : fffffa80`0adc9420 fffff8a0`02dda140 fffff880`0b2ef3a8 fffff880`0b3dac10 : Ntfs!NtfsFindPrefix+0x114
fffff880`0b3daa80 fffff880`014f428d : fffffa80`0adc9420 fffffa80`0afbfc10 fffff880`0b3dac60 fffff880`0b3daca8 : Ntfs!NtfsFindStartingNode+0x6e4
fffff880`0b3dab50 fffff880`0145dc0d : fffffa80`0adc9420 fffffa80`0afbfc10 fffff880`0b2ef340 fffffa80`08d69000 : Ntfs!NtfsCommonCreate+0x3dd
fffff880`0b3dad30 fffff800`02ccb5c7 : fffff880`0b2ef2b0 00000000`c007006d 00000000`7ef83000 00000000`02e2fcf0 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`0b3dad60 fffff800`02ccb581 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KySwitchKernelStackCallout+0x27
fffff880`0b2ef180 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsFindPrefix+114
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
STACK_COMMAND: .cxr 0xfffff8800b3da000 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsFindPrefix+114
BUCKET_ID: X64_0x24_Ntfs!NtfsFindPrefix+114
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff880041ae75b, The address that the exception occurred at
Arg3: fffff880009a8ac8, Exception Record Address
Arg4: fffff880009a8330, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen ved 0x%08lx refererede hukommelse ved 0x%08lx. Hukommelsen kunne ikke %s.
FAULTING_IP:
avgldx64+c75b
fffff880`041ae75b 420fb74c2a0e movzx ecx,word ptr [rdx+r13+0Eh]
EXCEPTION_RECORD: fffff880009a8ac8 -- (.exr 0xfffff880009a8ac8)
ExceptionAddress: fffff880041ae75b (avgldx64+0x000000000000c75b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000756aefc7
Attempt to read from address 00000000756aefc7
CONTEXT: fffff880009a8330 -- (.cxr 0xfffff880009a8330)
rax=00000000078deeb8 rbx=fffff880041e8410 rcx=0000000000004e97
rdx=000000006f432e65 rsi=000000000009d42c rdi=000000000782d4ac
rip=fffff880041ae75b rsp=fffff880009a8d00 rbp=00000000078deeb8
r8=0000000000000000 r9=0000000000000001 r10=fffff8a000272558
r11=0000000000000000 r12=00000000078c446f r13=000000000627c154
r14=0000000000006323 r15=00000000000059dd
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
avgldx64+0xc75b:
fffff880`041ae75b 420fb74c2a0e movzx ecx,word ptr [rdx+r13+0Eh] ds:002b:00000000`756aefc7=????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruktionen ved 0x%08lx refererede hukommelse ved 0x%08lx. Hukommelsen kunne ikke %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000000756aefc7
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0f0e0
00000000756aefc7
FOLLOWUP_IP:
avgldx64+c75b
fffff880`041ae75b 420fb74c2a0e movzx ecx,word ptr [rdx+r13+0Eh]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 0000000000000010 to fffff880041ae75b
STACK_TEXT:
fffff880`009a8d00 00000000`00000010 : 00000000`00010202 fffff880`041e8410 fffff880`041ae4ef 00000000`0000000c : avgldx64+0xc75b
fffff880`009a8d08 00000000`00010202 : fffff880`041e8410 fffff880`041ae4ef 00000000`0000000c 00000000`00000010 : 0x10
fffff880`009a8d10 fffff880`041e8410 : fffff880`041ae4ef 00000000`0000000c 00000000`00000010 00000000`061a0010 : 0x10202
fffff880`009a8d18 fffff880`041ae4ef : 00000000`0000000c 00000000`00000010 00000000`061a0010 fffff880`041ae136 : avgldx64+0x46410
fffff880`009a8d20 00000000`0000000c : 00000000`00000010 00000000`061a0010 fffff880`041ae136 00000000`00000000 : avgldx64+0xc4ef
fffff880`009a8d28 00000000`00000010 : 00000000`061a0010 fffff880`041ae136 00000000`00000000 fffff880`041e8f58 : 0xc
fffff880`009a8d30 00000000`061a0010 : fffff880`041ae136 00000000`00000000 fffff880`041e8f58 fffff880`041e21d0 : 0x10
fffff880`009a8d38 fffff880`041ae136 : 00000000`00000000 fffff880`041e8f58 fffff880`041e21d0 fffff8a0`00274778 : 0x61a0010
fffff880`009a8d40 00000000`00000000 : fffff880`041e8f58 fffff880`041e21d0 fffff8a0`00274778 00000000`00000000 : avgldx64+0xc136
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: avgldx64+c75b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: avgldx64
IMAGE_NAME: avgldx64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c858c19
STACK_COMMAND: .cxr 0xfffff880009a8330 ; kb
FAILURE_BUCKET_ID: X64_0x7E_avgldx64+c75b
BUCKET_ID: X64_0x7E_avgldx64+c75b
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800030d9796, Address of the instruction which caused the bugcheck
Arg3: fffff88007efed50, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen ved 0x%08lx refererede hukommelse ved 0x%08lx. Hukommelsen kunne ikke %s.
FAULTING_IP:
nt!PfGetCompletedTrace+1a6
fffff800`030d9796 48897008 mov qword ptr [rax+8],rsi
CONTEXT: fffff88007efed50 -- (.cxr 0xfffff88007efed50)
rax=ffbff80002e1d6f8 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000010 rsi=fffff80002e1d6f8 rdi=0000000000000001
rip=fffff800030d9796 rsp=fffff88007eff720 rbp=fffff88007effca0
r8=0000000000000000 r9=fffffa800a9b5938 r10=0000000000000001
r11=0000000060b16280 r12=fffff8a003869000 r13=fffff88007eff880
r14=fffff80002e1d718 r15=000000000002ec88
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
nt!PfGetCompletedTrace+0x1a6:
fffff800`030d9796 48897008 mov qword ptr [rax+8],rsi ds:002b:ffbff800`02e1d700=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800030d9796
STACK_TEXT:
fffff880`07eff720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfGetCompletedTrace+0x1a6
FOLLOWUP_IP:
nt!PfGetCompletedTrace+1a6
fffff800`030d9796 48897008 mov qword ptr [rax+8],rsi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!PfGetCompletedTrace+1a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff88007efed50 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!PfGetCompletedTrace+1a6
BUCKET_ID: X64_0x3B_nt!PfGetCompletedTrace+1a6
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffffa8006c94920, the pool entry being checked.
Arg3: fffffa8006c94920, the read back flink freelist value (should be the same as 2).
Arg4: ffbffa8006c94920, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002df4d6f to fffff80002cc1740
STACK_TEXT:
fffff880`02fbbc18 fffff800`02df4d6f : 00000000`00000019 00000000`00000003 fffffa80`06c94920 fffffa80`06c94920 : nt!KeBugCheckEx
fffff880`02fbbc20 fffff800`02ce9a24 : 00000000`00000000 fffffa80`092e4f90 00000000`00000702 00000000`00000000 : nt!ExDeferredFreePool+0xa56
fffff880`02fbbd10 fffff800`02ca3b34 : 00000000`00000000 00000000`00000023 00000000`00000000 fffff880`02fbbe10 : nt!MiAddViewsForSection+0x1d4
fffff880`02fbbda0 fffff800`02fdac0a : 00000000`00000001 00000000`00000023 00000000`00000000 fffff880`02fbc058 : nt!MiAddViewsForSectionWithPfn+0x98
fffff880`02fbbe10 fffff800`02fdb53b : fffffa80`092e4f10 fffffa80`06ca2890 fffff880`02fbc050 fffffa80`06d1c680 : nt!MiMapViewOfDataSection+0x60a
fffff880`02fbbef0 fffff800`02fdb23f : fffffa80`00000001 fffffa80`06ca2890 fffff880`02fbc050 00000000`00000000 : nt!MiMapViewOfSection+0x20b
fffff880`02fbbfe0 fffff800`02cc0993 : ffffffff`80000268 fffffa80`06d1c680 fffff880`02fbc2d8 00000000`00000000 : nt!NtMapViewOfSection+0x2be
fffff880`02fbc0b0 fffff800`02cbcf30 : fffff880`00d40bbf fffff880`02fbc480 fffff880`02fbc3b8 fffff880`02fbc438 : nt!KiSystemServiceCopyEnd+0x13
fffff880`02fbc2b8 fffff880`00d40bbf : fffff880`02fbc480 fffff880`02fbc3b8 fffff880`02fbc438 fffff880`02fbc430 : nt!KiServiceLinkage
fffff880`02fbc2c0 fffff880`00d40dd2 : ffffffff`80000244 fffff880`02fbc480 00000000`00000029 ffffffff`80000268 : CI!I_MapAndSizeDataFile+0x12f
fffff880`02fbc370 fffff880`00d41578 : fffff880`00022efd fffff8a0`0076aae8 00000000`00000000 00000000`00000000 : CI!I_MapCatalog+0x166
fffff880`02fbc420 fffff880`00d403dd : ffffffff`8000024c 00000000`c0000428 fffff880`02fbc8f8 00000000`00000000 : CI!I_ReloadCatalogs+0x2cc
fffff880`02fbc5c0 fffff880`00d3e9cd : fffff880`02fbc810 ffffffff`00000001 00000000`00000000 fffff880`00000000 : CI!I_FindFileOrHeaderHashInCatalogs+0x101
fffff880`02fbc660 fffff880`00d3f381 : fffffa80`091d9750 fffff880`02fbc810 00000000`00008004 00000000`00000000 : CI!CipFindFileHash+0xf9
fffff880`02fbc730 fffff880`00d3dfbb : 00000000`00000001 fffff880`02fbc9f0 fffff880`02fbc9f0 00000000`00000000 : CI!CipValidateFileHash+0x311
fffff880`02fbc8a0 fffff800`02f2c68e : 00000000`00000044 00000000`000fffff fffffa80`091d9750 00000000`00000000 : CI!CiValidateImageHeader+0x213
fffff880`02fbc980 fffff800`02f2c57c : 00000000`00000001 00000000`01000000 fffffa80`09101450 00000000`00000000 : nt!SeValidateImageHeader+0x2e
fffff880`02fbc9c0 fffff800`02fbcd95 : fffffa80`091d9750 fffffa80`09101450 00000000`00000001 00000000`00000044 : nt!MiValidateImageHeader+0xa4
fffff880`02fbca80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmCreateSection+0x8c9
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a56
fffff800`02df4d6f cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a56
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a56
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a56
Followup: Pool_corruption
---------
