Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32k.sys Bsod Help


  • Please log in to reply
7 replies to this topic

#1 porschedrifter

porschedrifter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 09 December 2007 - 11:33 PM

Well, I keep getting this bsod.. I have no idea how to read into these minidump files but I know its win32k.sys that is causing the crash.

Could someone please give me some insight as to what is causing these BSOD's
Frequency is every 2-4 days. I tried to upload the actual .dmp file but it's not letting me.

XP 64 pro


Microsoft ® Windows Debugger Version 6.7.0005.1
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini120907-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140
Debug session time: Sun Dec 9 22:36:44.640 2007 (GMT-5)
System Uptime: 1 days 9:26:46.553
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffa800cbaa000, 0, fffff97fff17efd4, 0}


Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : win32k.sys ( win32k!Input1BPPToAA24+288 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800cbaa000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff97fff17efd4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: fffffa800cbaa000

FAULTING_IP:
win32k!Input1BPPToAA24+288
fffff97f`ff17efd4 8b4630 mov eax,dword ptr [rsi+30h]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: €A

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800010a6072 to fffff8000102e890

STACK_TEXT:
fffffadf`8411ba48 fffff800`010a6072 : 00000000`00000050 fffffa80`0cbaa000 00000000`00000000 fffffadf`8411bb20 : nt!CcPurgeCacheSection+0xda
fffffadf`8411ba50 00000000`00000050 : fffffa80`0cbaa000 00000000`00000000 fffffadf`8411bb20 00000000`00000000 : nt!CcRegularWorkQueue+0x2
fffffadf`8411ba58 fffffa80`0cbaa000 : 00000000`00000000 fffffadf`8411bb20 00000000`00000000 00000000`00000000 : 0x50
fffffadf`8411ba60 00000000`00000000 : fffffadf`8411bb20 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0cbaa000
fffffadf`8411ba68 fffffadf`8411bb20 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411ba70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`8411bb20
fffffadf`8411ba78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411ba80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411ba88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411ba90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411ba98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411baa0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411baa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bab0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bab8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000219 : 0x0
fffffadf`8411bac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000219 00000000`00008006 : 0x0
fffffadf`8411bac8 00000000`00000000 : 00000000`00000000 00000000`00000219 00000000`00008006 00000000`0000002c : 0x0
fffffadf`8411bad0 00000000`00000000 : 00000000`00000219 00000000`00008006 00000000`0000002c 00000000`07eae8f0 : 0x0
fffffadf`8411bad8 00000000`00000219 : 00000000`00008006 00000000`0000002c 00000000`07eae8f0 00000000`0000002c : 0x0
fffffadf`8411bae0 00000000`00008006 : 00000000`0000002c 00000000`07eae8f0 00000000`0000002c fffffa80`0cba9fd0 : 0x219
fffffadf`8411bae8 00000000`0000002c : 00000000`07eae8f0 00000000`0000002c fffffa80`0cba9fd0 fffffadf`8411bba0 : 0x8006
fffffadf`8411baf0 00000000`07eae8f0 : 00000000`0000002c fffffa80`0cba9fd0 fffffadf`8411bba0 00000000`00000000 : 0x2c
fffffadf`8411baf8 00000000`0000002c : fffffa80`0cba9fd0 fffffadf`8411bba0 00000000`00000000 fffff800`0102d459 : 0x7eae8f0
fffffadf`8411bb00 fffffa80`0cba9fd0 : fffffadf`8411bba0 00000000`00000000 fffff800`0102d459 00000000`00000000 : 0x2c
fffffadf`8411bb08 fffffadf`8411bba0 : 00000000`00000000 fffff800`0102d459 00000000`00000000 00000000`00000000 : 0xfffffa80`0cba9fd0
fffffadf`8411bb10 00000000`00000000 : fffff800`0102d459 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`8411bba0
fffffadf`8411bb18 fffff800`0102d459 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bb20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmUnmapViewInSystemCache+0x4a
fffffadf`8411bb28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00001f80`01000000 : 0x0
fffffadf`8411bb30 00000000`00000000 : 00000000`00000000 00000000`00000000 00001f80`01000000 00000000`00000000 : 0x0
fffffadf`8411bb38 00000000`00000000 : 00000000`00000000 00001f80`01000000 00000000`00000000 fffffa80`0cba9fd0 : 0x0
fffffadf`8411bb40 00000000`00000000 : 00001f80`01000000 00000000`00000000 fffffa80`0cba9fd0 00000000`00000016 : 0x0
fffffadf`8411bb48 00001f80`01000000 : 00000000`00000000 fffffa80`0cba9fd0 00000000`00000016 00000000`00000000 : 0x0
fffffadf`8411bb50 00000000`00000000 : fffffa80`0cba9fd0 00000000`00000016 00000000`00000000 fffffa80`0cba9fd0 : 0x1f80`01000000
fffffadf`8411bb58 fffffa80`0cba9fd0 : 00000000`00000016 00000000`00000000 fffffa80`0cba9fd0 000003f0`00000000 : 0x0
fffffadf`8411bb60 00000000`00000016 : 00000000`00000000 fffffa80`0cba9fd0 000003f0`00000000 fffffa80`0cba9fd0 : 0xfffffa80`0cba9fd0
fffffadf`8411bb68 00000000`00000000 : fffffa80`0cba9fd0 000003f0`00000000 fffffa80`0cba9fd0 00000000`00000000 : 0x16
fffffadf`8411bb70 fffffa80`0cba9fd0 : 000003f0`00000000 fffffa80`0cba9fd0 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bb78 000003f0`00000000 : fffffa80`0cba9fd0 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0cba9fd0
fffffadf`8411bb80 fffffa80`0cba9fd0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x3f0`00000000
fffffadf`8411bb88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0cba9fd0
fffffadf`8411bb90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bb98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bba0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bbb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bbb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bbc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bbc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffadf`8411bbd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0cbaa000 : 0x0
fffffadf`8411bbd8 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0cbaa000 fffffa80`06517310 : 0x0
fffffadf`8411bbe0 00000000`00000000 : 00000000`00000000 fffffa80`0cbaa000 fffffa80`06517310 fffffa80`06517300 : 0x0
fffffadf`8411bbe8 00000000`00000000 : fffffa80`0cbaa000 fffffa80`06517310 fffffa80`06517300 fffffadf`9ccb6000 : 0x0
fffffadf`8411bbf0 fffffa80`0cbaa000 : fffffa80`06517310 fffffa80`06517300 fffffadf`9ccb6000 00000000`76647355 : 0x0
fffffadf`8411bbf8 fffffa80`06517310 : fffffa80`06517300 fffffadf`9ccb6000 00000000`76647355 00000000`00000000 : 0xfffffa80`0cbaa000
fffffadf`8411bc00 fffffa80`06517300 : fffffadf`9ccb6000 00000000`76647355 00000000`00000000 00000000`00000000 : 0xfffffa80`06517310
fffffadf`8411bc08 fffffadf`9ccb6000 : 00000000`76647355 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`06517300
fffffadf`8411bc10 00000000`76647355 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffadf`9ccb6000
fffffadf`8411bc18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000004 : 0x76647355
fffffadf`8411bc20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000004 00000000`00000219 : 0x0
fffffadf`8411bc28 00000000`00000000 : 00000000`00000000 00000000`00000004 00000000`00000219 00000000`00008006 : 0x0
fffffadf`8411bc30 00000000`00000000 : 00000000`00000004 00000000`00000219 00000000`00008006 00000000`00a9c230 : 0x0
fffffadf`8411bc38 00000000`00000004 : 00000000`00000219 00000000`00008006 00000000`00a9c230 00000000`76647355 : 0x0
fffffadf`8411bc40 00000000`00000219 : 00000000`00008006 00000000`00a9c230 00000000`76647355 00000000`00008006 : 0x4
fffffadf`8411bc48 00000000`00008006 : 00000000`00a9c230 00000000`76647355 00000000`00008006 fffff97f`ff000000 : 0x219
fffffadf`8411bc50 00000000`00a9c230 : 00000000`76647355 00000000`00008006 fffff97f`ff000000 00000000`76647355 : 0x8006
fffffadf`8411bc58 00000000`76647355 : 00000000`00008006 fffff97f`ff000000 00000000`76647355 00000000`07eae8f0 : 0xa9c230
fffffadf`8411bc60 00000000`00008006 : fffff97f`ff000000 00000000`76647355 00000000`07eae8f0 00000000`00000000 : 0x76647355
fffffadf`8411bc68 fffff97f`ff000000 : 00000000`76647355 00000000`07eae8f0 00000000`00000000 fffff97f`ff17efd4 : 0x8006
fffffadf`8411bc70 00000000`76647355 : 00000000`07eae8f0 00000000`00000000 fffff97f`ff17efd4 00000000`00000010 : win32k!CheckPwndFilter <PERF> (win32k+0x0)
fffffadf`8411bc78 00000000`07eae8f0 : 00000000`00000000 fffff97f`ff17efd4 00000000`00000010 00000000`00010246 : 0x76647355
fffffadf`8411bc80 00000000`00000000 : fffff97f`ff17efd4 00000000`00000010 00000000`00010246 fffffadf`8411bcb0 : 0x7eae8f0
fffffadf`8411bc88 fffff97f`ff17efd4 : 00000000`00000010 00000000`00010246 fffffadf`8411bcb0 00000000`00000018 : 0x0
fffffadf`8411bc90 00000000`00000010 : 00000000`00010246 fffffadf`8411bcb0 00000000`00000018 00000000`00000000 : win32k!Input1BPPToAA24+0x288
fffffadf`8411bc98 00000000`00010246 : fffffadf`8411bcb0 00000000`00000018 00000000`00000000 00000000`07eae8f0 : 0x10


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!Input1BPPToAA24+288
fffff97f`ff17efd4 8b4630 mov eax,dword ptr [rsi+30h]

SYMBOL_STACK_INDEX: 49

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45e6f310

SYMBOL_NAME: win32k!Input1BPPToAA24+288

FAILURE_BUCKET_ID: X64_0x50_win32k!Input1BPPToAA24+288

BUCKET_ID: X64_0x50_win32k!Input1BPPToAA24+288

Followup: MachineOwner
---------

Edited by porschedrifter, 10 December 2007 - 07:30 PM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:14 PM

Posted 10 December 2007 - 06:33 PM

Does this ring any bells?

PROCESS_NAME: €šA


Also, the stack text appears a bit messed up (too many of the same addresses). Did you use the 64 bit version of the debugger to analyze the dump file? Or it could just be my lack of experience with 64 bit dump files :thumbsup:

Since it refers to win32k.sys - does this belong to a process on the system that's emulating a 32 bit OS? Although I don't know, I wonder if the 64 bit versions use win32k.sys - shouldn't it be win64k.sys? (just guessing on my part - don't have a 64 bit OS to look at)

FWIW - this link http://aumha.org/a/stop.php#0x50 states that it's usually a memory problem, although other things (such as drivers) can cause it. I'd try running Memtest86 - http://www.memtest86.com/

Edited by usasma, 10 December 2007 - 06:41 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 porschedrifter

porschedrifter
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 10 December 2007 - 07:34 PM

Yeah I was wondering what the deal was with those characters...

Yeah this is using the 64bit debugger. But it does still have some 32 bit processes...

I'm thinking that maybe it could be memory too, I just wanted to see if there was a way to look into it more by reading the minidump file but I have no idea how to figure that out.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:14 PM

Posted 11 December 2007 - 07:11 AM

I'd have a look around the web to see if there's anyone with more experience in reading stack traces (especially 64 bit one's). Most dump log analysis is done to debug drivers - and I'm not able to follow most of their discussions. One of the reasons that I got interested in dump files was that there wasn't a whole bunch of easy to understand info about them unless you were willing to learn how to write drivers.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 porschedrifter

porschedrifter
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 December 2007 - 02:01 PM

Ran memtest86+ last night. Only waking to my system in windows :thumbsup:

Father decided to not let me see the results instead of actually reading the screen, decided to just boot up. :flowers:

I asked if he could remember what was on the screen and he said "press any key to exit"

I'll have to run another scan tonight and make sure he doesn't touch anything this time.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:14 AM

Posted 11 December 2007 - 07:05 PM

LOL...I loved this line:

<<I asked if he could remember what was on the screen and he said "press any key to exit">>

I'll have to remember that one :thumbsup:.

Louis

#7 porschedrifter

porschedrifter
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 December 2007 - 08:35 PM

LOL...I loved this line:

<<I asked if he could remember what was on the screen and he said "press any key to exit">>

I'll have to remember that one :thumbsup:.

Louis


:flowers:

Would anyone know of a forum I could post this minidump on and have someone decipher this crude code?

I think its egyptian.

or something.

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:14 PM

Posted 12 December 2007 - 05:01 PM

Give http://www.windowsbbs.com/login.php a try - I've gotten a lot of help from them when learning about 32 bit dump files

Edited by usasma, 12 December 2007 - 05:01 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users