G'day,
i have a new vista machine with sp1 on it. it is crashing almost every other day and I have tried downloading the debugger and symbols but still don't think i'm analysing it right as when using the 'WinDbg' program I can't seem to get the dump file to use th esymbols. I have seriously been trying to debug this myself for weeks and finally turning to forums for assistance.
I ahve attached my dump file for anyone interested in helping. I would really love to be able to read these file correctly as then I can do all the work myself.
Also, I have already run a memory check which stated that there were no memory issues and chkdsk to ensure there were no bad sectors.
Thanks in advance to anyone who can help.
cheers,
brendan
p.s. when I run '!analyze -v' i get the following:
-------------------------------------------------------------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 823f2c7e, The address that the exception occurred at
Arg3: 8afcfb6c, Exception Record Address
Arg4: 8afcf868, Context Record Address
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: nt
FAULTING_MODULE: 82203000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b7fa
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt+1efc7e
823f2c7e 83790800 cmp dword ptr [ecx+8],0
EXCEPTION_RECORD: 8afcfb6c -- (.exr 0xffffffff8afcfb6c)
ExceptionAddress: 823f2c7e (nt+0x001efc7e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000009
Attempt to read from address 00000009
CONTEXT: 8afcf868 -- (.cxr 0xffffffff8afcf868)
eax=9ab5c608 ebx=9ab5c608 ecx=00000001 edx=8dcb5568 esi=8dcb5568 edi=8dcb5228
eip=823f2c7e esp=8afcfc34 ebp=8afcfc48 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt+0x1efc7e:
823f2c7e 83790800 cmp dword ptr [ecx+8],0 ds:0023:00000009=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x7E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 823f3e3b to 823f2c7e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
8afcfc48 823f3e3b b4b84da0 00000000 8dcb5228 nt+0x1efc7e
8afcfcd0 823f3061 8dcb5228 8afcfcf0 8dcb5550 nt+0x1f0e3b
8afcfcf8 823f46de 82302e10 82338ea8 00000000 nt+0x1f0061
8afcfd14 823f4554 82305100 8afcfd36 8afcfd3c nt+0x1f16de
8afcfd44 8223b445 00000000 00000000 8458c020 nt+0x1f1554
8afcfd7c 823d8b18 00000000 b4b84cb0 00000000 nt+0x38445
8afcfdc0 82231a2e 8223b348 00000001 00000000 nt+0x1d5b18
00000000 00000000 00000000 00000000 00000000 nt+0x2ea2e
FOLLOWUP_IP:
nt+1efc7e
823f2c7e 83790800 cmp dword ptr [ecx+8],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+1efc7e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
STACK_COMMAND: .cxr 0xffffffff8afcf868 ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
i have a new vista machine with sp1 on it. it is crashing almost every other day and I have tried downloading the debugger and symbols but still don't think i'm analysing it right as when using the 'WinDbg' program I can't seem to get the dump file to use th esymbols. I have seriously been trying to debug this myself for weeks and finally turning to forums for assistance.
I ahve attached my dump file for anyone interested in helping. I would really love to be able to read these file correctly as then I can do all the work myself.
Also, I have already run a memory check which stated that there were no memory issues and chkdsk to ensure there were no bad sectors.
Thanks in advance to anyone who can help.
cheers,
brendan
p.s. when I run '!analyze -v' i get the following:
-------------------------------------------------------------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 823f2c7e, The address that the exception occurred at
Arg3: 8afcfb6c, Exception Record Address
Arg4: 8afcf868, Context Record Address
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: nt
FAULTING_MODULE: 82203000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48d1b7fa
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt+1efc7e
823f2c7e 83790800 cmp dword ptr [ecx+8],0
EXCEPTION_RECORD: 8afcfb6c -- (.exr 0xffffffff8afcfb6c)
ExceptionAddress: 823f2c7e (nt+0x001efc7e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000009
Attempt to read from address 00000009
CONTEXT: 8afcf868 -- (.cxr 0xffffffff8afcf868)
eax=9ab5c608 ebx=9ab5c608 ecx=00000001 edx=8dcb5568 esi=8dcb5568 edi=8dcb5228
eip=823f2c7e esp=8afcfc34 ebp=8afcfc48 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt+0x1efc7e:
823f2c7e 83790800 cmp dword ptr [ecx+8],0 ds:0023:00000009=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x7E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 823f3e3b to 823f2c7e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
8afcfc48 823f3e3b b4b84da0 00000000 8dcb5228 nt+0x1efc7e
8afcfcd0 823f3061 8dcb5228 8afcfcf0 8dcb5550 nt+0x1f0e3b
8afcfcf8 823f46de 82302e10 82338ea8 00000000 nt+0x1f0061
8afcfd14 823f4554 82305100 8afcfd36 8afcfd3c nt+0x1f16de
8afcfd44 8223b445 00000000 00000000 8458c020 nt+0x1f1554
8afcfd7c 823d8b18 00000000 b4b84cb0 00000000 nt+0x38445
8afcfdc0 82231a2e 8223b348 00000001 00000000 nt+0x1d5b18
00000000 00000000 00000000 00000000 00000000 nt+0x2ea2e
FOLLOWUP_IP:
nt+1efc7e
823f2c7e 83790800 cmp dword ptr [ecx+8],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+1efc7e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
STACK_COMMAND: .cxr 0xffffffff8afcf868 ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
