Minidumps
Please help diagnose my minidumps... Today in the morning my computer restarted without giving me a BSOD (which is weird since i have it set to dont restart when error happens) but when it booted back to windows it says windows has recoverd from serious problem. When i check the minidump it was in a different location then c:windows\minidump instead it was in a temp file.. after looking at the system events i took a look at the minidump
after closing the window the minidump dispaered from the temp file so i could not post the original minidump file for thismorning here.. but i did manage to copy and paste the following:
Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\Local Settings\Temp\WER6505.dir00\Mini100705-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Oct 7 22:10:41.718 2005 (GMT-7)
System Uptime: 0 days 0:00:37.406
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
....................................................................................................................................................
Loading unloaded module list
.........
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f75adf0e, f6d147d4, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Unable to load image Ntfs.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
Unable to load image sr.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for sr.sys
*** ERROR: Module load completed but symbols could not be loaded for sr.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : hardware ( SYMEVENT+80f1 )
Followup: MachineOwner
---------
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f75adf0e, The address that the exception occurred at
Arg3: f6d147d4, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
Ntfs+24f0e
f75adf0e f75353 not dword ptr [ebx+0x53]
TRAP_FRAME: f6d147d4 -- (.trap fffffffff6d147d4)
ErrCode = 00000002
eax=f6d14850 ebx=00000000 ecx=f75a8820 edx=86725b90 esi=83e0bdb8 edi=86725b90
eip=f75adf0e esp=f6d14848 ebp=f6d149d8 iopl=0 ov up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a82
Ntfs+0x24f0e:
f75adf0e f75353 not dword ptr [ebx+0x53] ds:0023:00000053=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0x8E
MISALIGNED_IP:
Ntfs+24f0e
f75adf0e f75353 not dword ptr [ebx+0x53]
LAST_CONTROL_TRANSFER: from f7634f70 to f75adf0e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f6d149d8 f7634f70 83e0bc28 f6d14c00 8676e770 Ntfs+0x24f0e
f6d149f8 ae0b30f1 83e0bc28 f6d14c00 86725b90 sr+0x7f70
f6d149fc 83e0bc28 f6d14c00 86725b90 f6d14c38 SYMEVENT+0x80f1
f6d14a00 f6d14c00 86725b90 f6d14c38 83e0bc28 0x83e0bc28
f6d14a04 86725b90 f6d14c38 83e0bc28 f6d14b04 0xf6d14c00
f6d14c00 85de9438 83ce7fd0 ffffffff 000001ec 0x86725b90
f6d14c04 83ce7fd0 ffffffff 000001ec 00000000 0x85de9438
f6d14c08 ffffffff 000001ec 00000000 00000000 0x83ce7fd0
f6d14c0c 00000000 00000000 00000000 f6d14c4c 0xffffffff
FOLLOWUP_IP:
SYMEVENT+80f1
ae0b30f1 ?? ???
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: SYMEVENT+80f1
MODULE_NAME: hardware
IMAGE_NAME: hardware
STACK_COMMAND: .trap fffffffff6d147d4 ; kb
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 10/16/2005
Time: 3:07:06 AM
User: N/A
Computer: JASONYAP
Description:
Error code 1000008e, parameter1 c0000005, parameter2 f75adf0e, parameter3 f6d147d4, parameter4 00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 66 37 35 61 64 66 30 65 f75adf0e
0040: 2c 20 66 36 64 31 34 37 , f6d147
0048: 64 34 2c 20 30 30 30 30 d4, 0000
0050: 30 30 30 30 0000
Please help diagnose my minidumps... Today in the morning my computer restarted without giving me a BSOD (which is weird since i have it set to dont restart when error happens) but when it booted back to windows it says windows has recoverd from serious problem. When i check the minidump it was in a different location then c:windows\minidump instead it was in a temp file.. after looking at the system events i took a look at the minidump
after closing the window the minidump dispaered from the temp file so i could not post the original minidump file for thismorning here.. but i did manage to copy and paste the following:
Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\Local Settings\Temp\WER6505.dir00\Mini100705-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Oct 7 22:10:41.718 2005 (GMT-7)
System Uptime: 0 days 0:00:37.406
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
....................................................................................................................................................
Loading unloaded module list
.........
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f75adf0e, f6d147d4, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Unable to load image Ntfs.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
Unable to load image sr.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for sr.sys
*** ERROR: Module load completed but symbols could not be loaded for sr.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : hardware ( SYMEVENT+80f1 )
Followup: MachineOwner
---------
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f75adf0e, The address that the exception occurred at
Arg3: f6d147d4, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
Ntfs+24f0e
f75adf0e f75353 not dword ptr [ebx+0x53]
TRAP_FRAME: f6d147d4 -- (.trap fffffffff6d147d4)
ErrCode = 00000002
eax=f6d14850 ebx=00000000 ecx=f75a8820 edx=86725b90 esi=83e0bdb8 edi=86725b90
eip=f75adf0e esp=f6d14848 ebp=f6d149d8 iopl=0 ov up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a82
Ntfs+0x24f0e:
f75adf0e f75353 not dword ptr [ebx+0x53] ds:0023:00000053=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0x8E
MISALIGNED_IP:
Ntfs+24f0e
f75adf0e f75353 not dword ptr [ebx+0x53]
LAST_CONTROL_TRANSFER: from f7634f70 to f75adf0e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f6d149d8 f7634f70 83e0bc28 f6d14c00 8676e770 Ntfs+0x24f0e
f6d149f8 ae0b30f1 83e0bc28 f6d14c00 86725b90 sr+0x7f70
f6d149fc 83e0bc28 f6d14c00 86725b90 f6d14c38 SYMEVENT+0x80f1
f6d14a00 f6d14c00 86725b90 f6d14c38 83e0bc28 0x83e0bc28
f6d14a04 86725b90 f6d14c38 83e0bc28 f6d14b04 0xf6d14c00
f6d14c00 85de9438 83ce7fd0 ffffffff 000001ec 0x86725b90
f6d14c04 83ce7fd0 ffffffff 000001ec 00000000 0x85de9438
f6d14c08 ffffffff 000001ec 00000000 00000000 0x83ce7fd0
f6d14c0c 00000000 00000000 00000000 f6d14c4c 0xffffffff
FOLLOWUP_IP:
SYMEVENT+80f1
ae0b30f1 ?? ???
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: SYMEVENT+80f1
MODULE_NAME: hardware
IMAGE_NAME: hardware
STACK_COMMAND: .trap fffffffff6d147d4 ; kb
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 10/16/2005
Time: 3:07:06 AM
User: N/A
Computer: JASONYAP
Description:
Error code 1000008e, parameter1 c0000005, parameter2 f75adf0e, parameter3 f6d147d4, parameter4 00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 66 37 35 61 64 66 30 65 f75adf0e
0040: 2c 20 66 36 64 31 34 37 , f6d147
0048: 64 34 2c 20 30 30 30 30 d4, 0000
0050: 30 30 30 30 0000
