BlackScarlet
Posts: 105 +0
I have repeated BSODs, but unfortunately my system doesn't seem to write minidump/kernel dumps!! I don't know why, because everything is set to!
However, on one of the three or so crashes I got in a day I did get a dump write, and analyzing it with windbg I found that it was probably a driver called ntkrnlpa.exe, whatever that is. Because I only have that one dump I cannot tell if that was the primary and consistent cause, or even if it was accurate, but I have included the bang analyze dash v and lmv results for this debug, if anyone can add any wisdom to this irritating problem.
Thanks,
Scarlet
(the lmv results extend much farther, but I only included the info relevant to the driver hinted by !analyze -v...)
--
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 71a5df52, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 71a5df52, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 71a5df52
CURRENT_IRQL: 2
FAULTING_IP:
+71a5df52
71a5df52 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 71a5df52 to 8053fa73
FAILED_INSTRUCTION_ADDRESS:
+71a5df52
71a5df52 ?? ???
STACK_TEXT:
ed767d64 71a5df52 badb0d00 7c90eb94 ed767d98 nt!KiTrap0E+0x233
WARNING: Frame IP not in any known module. Following frames may be wrong.
0093f158 00000000 00000000 00000000 00000000 0x71a5df52
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+233
8053fa73 f7457000000200 test dword ptr [ebp+70h],20000h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+233
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlpa.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233
Followup: MachineOwner
---------
kd> lmv
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 00:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
However, on one of the three or so crashes I got in a day I did get a dump write, and analyzing it with windbg I found that it was probably a driver called ntkrnlpa.exe, whatever that is. Because I only have that one dump I cannot tell if that was the primary and consistent cause, or even if it was accurate, but I have included the bang analyze dash v and lmv results for this debug, if anyone can add any wisdom to this irritating problem.
Thanks,
Scarlet
(the lmv results extend much farther, but I only included the info relevant to the driver hinted by !analyze -v...)
--
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 71a5df52, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 71a5df52, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 71a5df52
CURRENT_IRQL: 2
FAULTING_IP:
+71a5df52
71a5df52 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 71a5df52 to 8053fa73
FAILED_INSTRUCTION_ADDRESS:
+71a5df52
71a5df52 ?? ???
STACK_TEXT:
ed767d64 71a5df52 badb0d00 7c90eb94 ed767d98 nt!KiTrap0E+0x233
WARNING: Frame IP not in any known module. Following frames may be wrong.
0093f158 00000000 00000000 00000000 00000000 0x71a5df52
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+233
8053fa73 f7457000000200 test dword ptr [ebp+70h],20000h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+233
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlpa.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233
Followup: MachineOwner
---------
kd> lmv
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 00:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
