|
|||||||
|
|
|
 |
|
|
Strumenti |
23-06-2015, 17:39
|
#1 |
|
Member
Iscritto dal: Dec 2006
Messaggi: 174
|
schermata blu Page Fault In Nonpaged Area
ho fatto il debug del file minidump ma non capisco l'errore. cosa fa il file xNtKrnl.exe?
Codice:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\062215-16988-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\xNtKrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for xNtKrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for xNtKrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Machine Name:
Kernel base = 0xfffff800`0300f000 PsLoadedModuleList = 0xfffff800`032526d0
Debug session time: Mon Jun 22 14:47:31.943 2015 (UTC + 2:00)
System Uptime: 0 days 0:03:13.317
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\xNtKrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for xNtKrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for xNtKrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck FC, {fffff88007eaa888, 8000000070559963, fffff88007eaa660, 2}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : xNtKrnl.exe ( nt+75bc0 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory. The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff88007eaa888, Virtual address for the attempted execute.
Arg2: 8000000070559963, PTE contents.
Arg3: fffff88007eaa660, (reserved)
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: fffff8000300f000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 521ea035
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xFC
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800031028b8 to fffff80003084bc0
STACK_TEXT:
fffff880`07eaa4f8 fffff800`031028b8 : 00000000`000000fc fffff880`07eaa888 80000000`70559963 fffff880`07eaa660 : nt+0x75bc0
fffff880`07eaa500 00000000`000000fc : fffff880`07eaa888 80000000`70559963 fffff880`07eaa660 00000000`00000002 : nt+0xf38b8
fffff880`07eaa508 fffff880`07eaa888 : 80000000`70559963 fffff880`07eaa660 00000000`00000002 00000000`00000000 : 0xfc
fffff880`07eaa510 80000000`70559963 : fffff880`07eaa660 00000000`00000002 00000000`00000000 fffff880`07eaa8f0 : 0xfffff880`07eaa888
fffff880`07eaa518 fffff880`07eaa660 : 00000000`00000002 00000000`00000000 fffff880`07eaa8f0 00000000`00000000 : 0x80000000`70559963
fffff880`07eaa520 00000000`00000002 : 00000000`00000000 fffff880`07eaa8f0 00000000`00000000 fffff880`07eaa5c0 : 0xfffff880`07eaa660
fffff880`07eaa528 00000000`00000000 : fffff880`07eaa8f0 00000000`00000000 fffff880`07eaa5c0 00000000`00000000 : 0x2
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+75bc0
fffff800`03084bc0 48894c2408 mov qword ptr [rsp+8],rcx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+75bc0
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: xNtKrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
3: kd> lmvm nt
start end module name
fffff800`0300f000 fffff800`035f4000 nt T (no symbols)
Loaded symbol image file: xNtKrnl.exe
Image path: \SystemRoot\system32\xNtKrnl.exe
Image name: xNtKrnl.exe
Timestamp: Thu Aug 29 03:13:25 2013 (521EA035)
CheckSum: 0054DC33
ImageSize: 005E5000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
|
|
|
|
23-06-2015, 18:54
|
#2 |
|
Senior Member
Iscritto dal: Feb 2009
Messaggi: 50674
|
La schermata blu ti appare all' avvio di windows o.....?
Riesci a entrare in modalità provvisoria ? Il file xNtKrnl, dovrebbe essere il file di sistema NtosKrnl.exe che si trova in system32 . O una variante, alias virus, poi.....
__________________
Aomei in Prog. & Utility - Lic OEM - Q di Merc Ott '22 - W10 Spot Images Seasons from '20 to Summer 2022 - DailyPic dalle Eccezioni alle Unique Images + Rec > DailyPic Unique Images Novembre 2022 |
|
|
|
|
23-06-2015, 20:16
|
#3 |
|
Member
Iscritto dal: Dec 2006
Messaggi: 174
|
si riesco ad entrare , posso utilizzare il pc. la scermata blu compare dopo un ora o anche subito
ho fotta il test della ram , nessun errore trovato Ultima modifica di obaoba_ita : 23-06-2015 alle 21:13. |
|
|
|
|
24-06-2015, 21:21
|
#4 | |
|
Senior Member
Iscritto dal: Feb 2009
Messaggi: 50674
|
Quote:
Riporta l' Id evento, l' Origine e la descrizione dell' evento, che trovi alla voce Generale .
__________________
Aomei in Prog. & Utility - Lic OEM - Q di Merc Ott '22 - W10 Spot Images Seasons from '20 to Summer 2022 - DailyPic dalle Eccezioni alle Unique Images + Rec > DailyPic Unique Images Novembre 2022 |
|
|
|
|
|
02-07-2015, 12:17
|
#5 |
|
Senior Member
Iscritto dal: Jul 2010
Messaggi: 9326
|
Non esistono moduli del kernel con quel nome. Sei infetto.
Segui la guida alla disinfezione nella sezione Antivirus & Sicurezza del forum.
__________________
[CASE Cooler Master Silencio 550]-[MOBO Asrock Z68 Pro3]-[CPU Intel Core i7-2600K]-[RAM 8GB G.Skill]-[HDD 1TB Samsung + 320GB Samsung + 500GB Maxtor]-[VGA Zotac Geforce GTX 560 Ti]-[MASTERIZZATORE Samsung SH-S222AB][S.O. Windows 7 64 bit] |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:24.
