TechSpot

Debugging BSOD

By BlackScarlet
Aug 14, 2007
  1. I have repeated BSODs, but unfortunately my system doesn't seem to write minidump/kernel dumps!! I don't know why, because everything is set to!

    However, on one of the three or so crashes I got in a day I did get a dump write, and analyzing it with windbg I found that it was probably a driver called ntkrnlpa.exe, whatever that is. Because I only have that one dump I cannot tell if that was the primary and consistent cause, or even if it was accurate, but I have included the bang analyze dash v and lmv results for this debug, if anyone can add any wisdom to this irritating problem.

    Thanks,

    Scarlet


    (the lmv results extend much farther, but I only included the info relevant to the driver hinted by !analyze -v...)

    --

    kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 71a5df52, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000008, value 0 = read operation, 1 = write operation
    Arg4: 71a5df52, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: 71a5df52

    CURRENT_IRQL: 2

    FAULTING_IP:
    +71a5df52
    71a5df52 ?? ???

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT


    BUGCHECK_STR: 0xD1

    LAST_CONTROL_TRANSFER: from 71a5df52 to 8053fa73

    FAILED_INSTRUCTION_ADDRESS:
    +71a5df52
    71a5df52 ?? ???

    STACK_TEXT:
    ed767d64 71a5df52 badb0d00 7c90eb94 ed767d98 nt!KiTrap0E+0x233
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0093f158 00000000 00000000 00000000 00000000 0x71a5df52


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!KiTrap0E+233
    8053fa73 f7457000000200 test dword ptr [ebp+70h],20000h

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: nt!KiTrap0E+233

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrnlpa.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

    FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233

    BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233

    Followup: MachineOwner
    ---------

    kd> lmv
    start end module name
    804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
    Loaded symbol image file: ntkrnlpa.exe
    Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
    Image path: ntkrnlpa.exe
    Image name: ntkrnlpa.exe
    Timestamp: Wed Feb 28 00:38:52 2007 (45E53F9C)
    CheckSum: 00200031
    ImageSize: 001F6580
    File version: 5.1.2600.3093
    Product version: 5.1.2600.3093
    File flags: 0 (Mask 3F)
    File OS: 40004 NT Win32
    File type: 1.0 App
    File date: 00000000.00000000
    Translations: 0411.04b0
    CompanyName: Microsoft Corporation
    ProductName: Microsoft(R) Windows(R) Operating System
    InternalName: ntkrnlpa.exe
    OriginalFilename: ntkrnlpa.exe
    ProductVersion: 5.1.2600.3093
    FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
    FileDescription: NT Kernel & System
    LegalCopyright: (C) Microsoft Corporation. All rights reserved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...