gulluwing
18-07-2008, 01:36
da un pò di tempo mi si crasha il pc e l'analisi del minidump dice:
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini071808-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Fri Jul 18 00:10:11.750 2008 (GMT+2)
System Uptime: 0 days 6:12:30.567
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {6c, 2, 0, 804e39a7}
*** WARNING: Unable to verify timestamp for Ntfs.sys
Probably caused by : ntoskrnl.exe ( nt!CcWriteBehind+114 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000006c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e39a7, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0000006c
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeUpdateRunTime+fa
804e39a7 8b7904 mov edi,dword ptr [ecx+4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
LAST_CONTROL_TRANSFER: from 82fb8c38 to 804e39a7
STACK_TEXT:
b7cd482c 82fb8c38 82fb8c00 b7cd4870 80519ad9 nt!KeUpdateRunTime+0xfa
WARNING: Frame IP not in any known module. Following frames may be wrong.
b7cd4838 80519ad9 00000068 00000000 00000000 0x82fb8c38
b7cd4870 8056d74c 00000000 00000000 b7cd4890 nt!CcWriteBehind+0x114
b7cd4880 f8334671 82fb8c39 b7cd4b38 b7cd48a4 nt!NtQueryInformationToken+0xc39
b7cd4890 f833252f b7cd4b38 c000000f b7cd4b38 Ntfs!NtfsReleaseAllResources+0x38
b7cd48a4 f8332417 b7cd4b38 c000000f b7cd4b38 Ntfs!NtfsInitializeTopLevelIrp+0x17
b7cd48bc f8332666 b7cd4b38 00000001 00000000 Ntfs!NtfsFreeSnapshotsForFcb+0x30
b7cd48d4 f835b387 b7cd4b38 ff307650 c000000f Ntfs!NtfsInitializeIrpContext+0xad
b7cd4ae8 f835a2e8 b7cd4b38 ff307650 82e79100 Ntfs!NtfsQueryDirectory+0x2c0
b7cd4b1c f835a253 b7cd4b38 e26f1d20 82e7d1a0 Ntfs!NtfsFsdDirectoryControl+0x25
b7cd4c94 804e37f7 82e79020 ff307650 82ed2630 Ntfs!NtfsCheckExistingFile+0x53
b7cd4c94 82e7d1a0 82e79020 ff307650 82ed2630 nt!KeUpdateSystemTime+0xba
b7cd4d30 00000000 000017c8 00000000 00000000 0x82e7d1a0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CcWriteBehind+114
80519ad9 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!CcWriteBehind+114
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab
FAILURE_BUCKET_ID: 0xA_nt!CcWriteBehind+114
BUCKET_ID: 0xA_nt!CcWriteBehind+114
Followup: MachineOwner
---------
cosa potete dirmi?
grazie
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini071808-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Fri Jul 18 00:10:11.750 2008 (GMT+2)
System Uptime: 0 days 6:12:30.567
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {6c, 2, 0, 804e39a7}
*** WARNING: Unable to verify timestamp for Ntfs.sys
Probably caused by : ntoskrnl.exe ( nt!CcWriteBehind+114 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000006c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e39a7, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0000006c
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeUpdateRunTime+fa
804e39a7 8b7904 mov edi,dword ptr [ecx+4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
LAST_CONTROL_TRANSFER: from 82fb8c38 to 804e39a7
STACK_TEXT:
b7cd482c 82fb8c38 82fb8c00 b7cd4870 80519ad9 nt!KeUpdateRunTime+0xfa
WARNING: Frame IP not in any known module. Following frames may be wrong.
b7cd4838 80519ad9 00000068 00000000 00000000 0x82fb8c38
b7cd4870 8056d74c 00000000 00000000 b7cd4890 nt!CcWriteBehind+0x114
b7cd4880 f8334671 82fb8c39 b7cd4b38 b7cd48a4 nt!NtQueryInformationToken+0xc39
b7cd4890 f833252f b7cd4b38 c000000f b7cd4b38 Ntfs!NtfsReleaseAllResources+0x38
b7cd48a4 f8332417 b7cd4b38 c000000f b7cd4b38 Ntfs!NtfsInitializeTopLevelIrp+0x17
b7cd48bc f8332666 b7cd4b38 00000001 00000000 Ntfs!NtfsFreeSnapshotsForFcb+0x30
b7cd48d4 f835b387 b7cd4b38 ff307650 c000000f Ntfs!NtfsInitializeIrpContext+0xad
b7cd4ae8 f835a2e8 b7cd4b38 ff307650 82e79100 Ntfs!NtfsQueryDirectory+0x2c0
b7cd4b1c f835a253 b7cd4b38 e26f1d20 82e7d1a0 Ntfs!NtfsFsdDirectoryControl+0x25
b7cd4c94 804e37f7 82e79020 ff307650 82ed2630 Ntfs!NtfsCheckExistingFile+0x53
b7cd4c94 82e7d1a0 82e79020 ff307650 82ed2630 nt!KeUpdateSystemTime+0xba
b7cd4d30 00000000 000017c8 00000000 00000000 0x82e7d1a0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CcWriteBehind+114
80519ad9 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!CcWriteBehind+114
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab
FAILURE_BUCKET_ID: 0xA_nt!CcWriteBehind+114
BUCKET_ID: 0xA_nt!CcWriteBehind+114
Followup: MachineOwner
---------
cosa potete dirmi?
grazie