Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with analyzing a memory dump file


  • Please log in to reply
No replies to this topic

#1 8bitstyle

8bitstyle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 04 September 2009 - 10:00 AM

Greetings,

Ordered the boss a spiffy new Dell laptop. It is crashing to a blue screen every so often for no discernable reason. Applied basic fixes, all I have done is prolong the time between blue screens. Please take a look at the debugging log and let me know if you can help. Thanks.

Dell Studio XPS
Intel Core 2 Duo T9600 @ 2.8 GHz
8 GB RAM
64 Bit Windows Vista Ultimate


Microsoft ® Windows Debugger Version 6.11.0001.404 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini082409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at end of path element
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.22389.amd64fre.vistasp1_ldr.090302-1506
Machine Name:
Kernel base = 0xfffff800`01c1b000 PsLoadedModuleList = 0xfffff800`01de0db0
Debug session time: Mon Aug 24 08:48:55.360 2009 (GMT-5)
System Uptime: 3 days 18:24:05.738
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffffa60036f94c0, 2, 0, fffffa6002830a9d}

Unable to load image \SystemRoot\system32\DRIVERS\NETw5v64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETw5v64.sys
*** ERROR: Module load completed but symbols could not be loaded for NETw5v64.sys
Probably caused by : NETw5v64.sys ( NETw5v64+24a9d )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffa60036f94c0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffa6002830a9d, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e44080
fffffa60036f94c0

CURRENT_IRQL: 2

FAULTING_IP:
NETw5v64+24a9d
fffffa60`02830a9d ?? ???

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

TRAP_FRAME: fffffa600151b980 -- (.trap 0xfffffa600151b980)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000003264 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa6002830a9d rsp=fffffa600151bb10 rbp=fffffa800989f920
r8=fffffa80097b0000 r9=0000000000000000 r10=5000ef422c060004
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
NETw5v64+0x24a9d:
fffffa60`02830a9d ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c6bd2e to fffff80001c6bf90

STACK_TEXT:
fffffa60`0151b838 fffff800`01c6bd2e : 00000000`0000000a fffffa60`036f94c0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffa60`0151b840 fffff800`01c6ac0b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000009 : nt!KiBugCheckDispatch+0x6e
fffffa60`0151b980 fffffa60`02830a9d : 00000000`00000009 fffffa60`036f6204 fffffa60`036f6004 fffffa60`036f6200 : nt!KiPageFault+0x20b
fffffa60`0151bb10 00000000`00000009 : fffffa60`036f6204 fffffa60`036f6004 fffffa60`036f6200 00000000`20004000 : NETw5v64+0x24a9d
fffffa60`0151bb18 fffffa60`036f6204 : fffffa60`036f6004 fffffa60`036f6200 00000000`20004000 00000000`00000000 : 0x9
fffffa60`0151bb20 fffffa60`036f6004 : fffffa60`036f6200 00000000`20004000 00000000`00000000 00000000`00000000 : 0xfffffa60`036f6204
fffffa60`0151bb28 fffffa60`036f6200 : 00000000`20004000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa60`036f6004
fffffa60`0151bb30 00000000`20004000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : 0xfffffa60`036f6200
fffffa60`0151bb38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000001 : 0x20004000


STACK_COMMAND: kb

FOLLOWUP_IP:
NETw5v64+24a9d
fffffa60`02830a9d ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: NETw5v64+24a9d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETw5v64

IMAGE_NAME: NETw5v64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 492192c1

FAILURE_BUCKET_ID: X64_0xD1_NETw5v64+24a9d

BUCKET_ID: X64_0xD1_NETw5v64+24a9d

Followup: MachineOwner
---------

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users