Mini Dump

By commission
Apr 8, 2008
  1. Can anyone tell me what the below mini dump means?

    Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
    Debug session time: Wed Apr 9 01:28:38.433 2008 (GMT+10)
    System Uptime: 0 days 0:00:50.993
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
    * *
    * Bugcheck Analysis *
    * *

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000000A, {c, ff, 0, 804e8a13}

    *** ERROR: Module load completed but symbols could not be loaded for sr.sys

    Probably caused by : sr.sys ( sr+3ca )

    Followup: MachineOwner

    kd> !analyze -v
    * *
    * Bugcheck Analysis *
    * *

    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arg1: 0000000c, memory referenced
    Arg2: 000000ff, IRQL
    Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: 804e8a13, address which referenced memory

    Debugging Details:

    READ_ADDRESS: 0000000c


    804e8a13 66395e0c cmp word ptr [esi+0Ch],bx




    PROCESS_NAME: igateway.exe

    LAST_CONTROL_TRANSFER: from f735bc41 to 804e8a13

    f62ef978 f735bc41 00000000 a8804e01 804e8752 nt!ExAcquireSharedWaitForExclusive+0x16
    WARNING: Stack unwind information not available. Following frames may be wrong.
    f62efb60 f7359c24 86243228 86289a78 86289a78 Ntfs+0x3c41
    f62efbc4 804e37f7 86757020 86289a78 866957a8 Ntfs+0x1c24
    f62efbd4 f73fc3ca 00000000 86289a78 f62efc60 nt!IopfCallDriver+0x31
    f62efbe4 804e37f7 8677c9e8 e1e05880 86289c08 sr+0x3ca
    f62efc60 804e37f7 86278020 86289a78 806ed070 nt!IopfCallDriver+0x31
    f62efc70 8056a148 86289c2c 00000000 86289a78 nt!IopfCallDriver+0x31
    f62efc60 804e37f7 86278020 86289a78 806ed070 nt!IopSynchronousServiceTail+0x60
    f62efc84 80577530 86278020 86289a78 86235028 nt!IopfCallDriver+0x31
    f62efc84 80577530 86278020 86289a78 86235028 nt!NtWriteFile+0x602
    f62efd38 804de7ec 000000dc 00000000 00000000 nt!NtWriteFile+0x602
    f62efd38 7c90eb94 000000dc 00000000 00000000 nt!KiFastCallEntry+0xf8
    0070bf2c 00000000 00000000 00000000 00000000 0x7c90eb94


    f73fc3ca 5f pop edi


    SYMBOL_NAME: sr+3ca

    FOLLOWUP_NAME: MachineOwner


    IMAGE_NAME: sr.sys


    FAILURE_BUCKET_ID: 0xA_sr+3ca

    BUCKET_ID: 0xA_sr+3ca

    Followup: MachineOwner

    kd> lmvm sr
    start end module name
    f73fc000 f740df00 sr (no symbols)
    Loaded symbol image file: sr.sys
    Mapped memory image file: C:\WINDOWS\symbols\sr.sys\41107CDE11f00\sr.sys
    Image path: sr.sys
    Image name: sr.sys
    Timestamp: Wed Aug 04 16:06:22 2004 (41107CDE)
    CheckSum: 00016006
    ImageSize: 00011F00
    File version: 5.1.2600.2180
    Product version: 5.1.2600.2180
    File flags: 0 (Mask 3F)
    File OS: 40004 NT Win32
    File type: 3.7 Driver
    File date: 00000000.00000000
    Translations: 0409.04b0
    CompanyName: Microsoft Corporation
    ProductName: Microsoft® Windows® Operating System
    InternalName: sr.sys
    OriginalFilename: sr.sys
    ProductVersion: 5.1.2600.2180
    FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    FileDescription: System Restore Filesystem Filter Driver
    LegalCopyright: © Microsoft Corporation. All rights reserved.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    It's written at the end
    sr.sys is a System Restore Filesystem Filter Driver

    Just turn off system restore (to lose all system restore points)
    Then turn it back on (to create a new restore point)
    You can get to System Restore by right clicking on My Computer->Properties->System Restore

    I don't have this problem (actually any problem) because I have System Restore off all the time
    Although this is not recommended, how many times have you used it in the last 5 years? (although you know what will happen!)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...