DUMP FILE, can you help me cpc2004 ?

By dmarin
Oct 13, 2005
  1. Hello There,

    I used windbp to analyze the dump file, but I am not a developer so I am having a hard time reading the below code.. Is there an easy way to indentify which drivers is causing the blue screen and make the machine reboot. ?

    Any Help Apreciated. thanks

    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003. This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG. This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG. This will let us see why this breakpoint is
    Arg1: c0000005, The exception code that was not handled
    Arg2: 804e73a0, The address that the exception occurred at
    Arg3: b49c083c, Trap Frame
    Arg4: 00000000

    Debugging Details:

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
    memory at "0x%08lx". The memory could not be "%s".

    804e73a0 8b8840010000 mov ecx,[eax+0x140]

    TRAP_FRAME: b49c083c -- (.trap ffffffffb49c083c)
    ErrCode = 00000000
    eax=08143b30 ebx=00000081 ecx=00000000 edx=00000000 esi=e476fbf8 edi=897ac028
    eip=804e73a0 esp=b49c08b0 ebp=b49c08cc iopl=0 nv up ei pl nz na pe cy
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010203
    804e73a0 8b8840010000 mov ecx,[eax+0x140] ds:0023:08143c70=????????
    Resetting default scope



    LAST_CONTROL_TRANSFER: from 8054b229 to 804e73a0

    b49c08cc 8054b229 08143b30 00000001 00000408 nt!PsReturnPoolQuota+0x17
    b49c0914 bf8029ef e476fc00 08143b30 b49c0930 nt!ExFreePoolWithTag+0x3aa
    b49c0924 bf80ee83 e476fc00 b49c0bf4 bf888978 win32k!HeavyFreePool+0xbb
    b49c0930 bf888978 b49c0984 bc66c6b0 0000004a win32k!PopAndFreeAlwaysW32ThreadLoc
    b49c0bf4 bf813ea0 bc66c6b0 0000004a 00020470 win32k!SfnCOPYDATA+0x284
    b49c0c3c bf83c607 0066c6b0 0000004a 00020470 win32k!xxxSendMessageToClient+0x176

    b49c0cac bf801e58 e16064c0 b49c0d64 00000000 win32k!xxxReceiveMessage+0x2b5
    b49c0ce8 bf80365e b49c0d14 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x
    b49c0d48 804df06b 0117ff28 00000000 00000000 win32k!NtUserPeekMessage+0x40
    b49c0d48 7c90eb94 0117ff28 00000000 00000000 nt!KiFastCallEntry+0xf8
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0117fed4 00000000 00000000 00000000 00000000 0x7c90eb94

    bf8029ef 5d pop ebp


    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: win32k!HeavyFreePool+bb

    MODULE_NAME: win32k

    IMAGE_NAME: win32k.sys


    STACK_COMMAND: .trap ffffffffb49c083c ; kb

    FAILURE_BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

    BUCKET_ID: 0x8E_win32k!HeavyFreePool+bb

    Followup: MachineOwner
  2. cpc2004

    cpc2004 TS Evangelist Posts: 1,994


    One minidump is insufficient to determine the culrit. Attach 5 to 6 minidumps here.
