Mini Dump

Status
Not open for further replies.

commission

Posts: 26   +0
Can anyone tell me what the below mini dump means?

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Minidump\Mini040908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Wed Apr 9 01:28:38.433 2008 (GMT+10)
System Uptime: 0 days 0:00:50.993
Loading Kernel Symbols
..........................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {c, ff, 0, 804e8a13}

*** ERROR: Module load completed but symbols could not be loaded for sr.sys


Probably caused by : sr.sys ( sr+3ca )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000c, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e8a13, address which referenced memory

Debugging Details:
------------------




READ_ADDRESS: 0000000c

CURRENT_IRQL: ff

FAULTING_IP:
nt!ExAcquireSharedWaitForExclusive+16
804e8a13 66395e0c cmp word ptr [esi+0Ch],bx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: igateway.exe

LAST_CONTROL_TRANSFER: from f735bc41 to 804e8a13

STACK_TEXT:
f62ef978 f735bc41 00000000 a8804e01 804e8752 nt!ExAcquireSharedWaitForExclusive+0x16
WARNING: Stack unwind information not available. Following frames may be wrong.
f62efb60 f7359c24 86243228 86289a78 86289a78 Ntfs+0x3c41
f62efbc4 804e37f7 86757020 86289a78 866957a8 Ntfs+0x1c24
f62efbd4 f73fc3ca 00000000 86289a78 f62efc60 nt!IopfCallDriver+0x31
f62efbe4 804e37f7 8677c9e8 e1e05880 86289c08 sr+0x3ca
f62efc60 804e37f7 86278020 86289a78 806ed070 nt!IopfCallDriver+0x31
f62efc70 8056a148 86289c2c 00000000 86289a78 nt!IopfCallDriver+0x31
f62efc60 804e37f7 86278020 86289a78 806ed070 nt!IopSynchronousServiceTail+0x60
f62efc84 80577530 86278020 86289a78 86235028 nt!IopfCallDriver+0x31
f62efc84 80577530 86278020 86289a78 86235028 nt!NtWriteFile+0x602
f62efd38 804de7ec 000000dc 00000000 00000000 nt!NtWriteFile+0x602
f62efd38 7c90eb94 000000dc 00000000 00000000 nt!KiFastCallEntry+0xf8
0070bf2c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
sr+3ca
f73fc3ca 5f pop edi

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: sr+3ca

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: sr

IMAGE_NAME: sr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107cde

FAILURE_BUCKET_ID: 0xA_sr+3ca

BUCKET_ID: 0xA_sr+3ca

Followup: MachineOwner
---------

kd> lmvm sr
start end module name
f73fc000 f740df00 sr (no symbols)
Loaded symbol image file: sr.sys
Mapped memory image file: C:\WINDOWS\symbols\sr.sys\41107CDE11f00\sr.sys
Image path: sr.sys
Image name: sr.sys
Timestamp: Wed Aug 04 16:06:22 2004 (41107CDE)
CheckSum: 00016006
ImageSize: 00011F00
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: sr.sys
OriginalFilename: sr.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: System Restore Filesystem Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
 
It's written at the end
sr.sys is a System Restore Filesystem Filter Driver

Just turn off system restore (to lose all system restore points)
Then turn it back on (to create a new restore point)
You can get to System Restore by right clicking on My Computer->Properties->System Restore

I don't have this problem (actually any problem) because I have System Restore off all the time
Although this is not recommended, how many times have you used it in the last 5 years? (although you know what will happen!)
 
Status
Not open for further replies.
Back