| javi252525 |  |
|
2007-12-28 15:14 - Respuestas: 1 - Tema nº: 2490442
Características: Windows XP Profesional, AMD athlon(tm) XP 2400+ - 2,01GHz, 512mb RAM,.
Bueno, pues eso, que despues de que me saliese repetidas veces el pantallazo azul, ademas de que se reinicie solo el ordenador a pesar de tener la opcion de "inicio y recuperacion" desactivada, me puse a ivestigar, y he descargado el programa ese de "Windbg", y este es el informe que me ha dado ( a traves del Memory.DMP).....pero no entiendo nada de lo que me pone. Haber si me echais una mano:
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*C:\simbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Fri Dec 28 14:30:50.042 2007 (GMT+1)
System Uptime: 0 days 0:16:15.612
Loading Kernel Symbols
.
Loading User Symbols
.......
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {eb800013, 2, 1, 804e668d}
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
Probably caused by : memory_corruption ( nt!MiRemovePageByColor+e2 )
Followup: MachineOwner
-
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: eb800013, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e668d, address which referenced memory
Debugging Details:
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
WRITE_ADDRESS: eb800013
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiRemovePageByColor+e2
804e668d ff4808 dec dword ptr [eax+8]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: lsass.exe
TRAP_FRAME: f55f0844 (.trap 0xfffffffff55f0844)
ErrCode = 00000002
eax=0c8b0400 ebx=823f2050 ecx=00000000 edx=823f4040 esi=e267e000 edi=000001ff
eip=8054af6e esp=f55f08b8 ebp=f55f090c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExAllocatePoolWithTag+0x869:
8054af6e 8906 mov dword ptr [esi],eax ds:0023:e267e000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 804e668d to 804e187f
STACK_TEXT:
f55f06c4 804e668d badb0d00 0001c529 00000000 nt!KiTrap0E+0x233
f55f0754 804e940d 00000001 00000000 c03899f8 nt!MiRemovePageByColor+0xe2
f55f076c 804e7e2e e267e000 c03899f8 00000000 nt!MiResolveDemandZeroFault+0xce
f55f07dc 804f06d1 00000001 e267e000 c03899f8 nt!MiDispatchFault+0x120
f55f082c 804e1718 00000001 e267e000 00000000 nt!MmAccessFault+0x5bc
f55f082c 8054af6e 00000001 e267e000 00000000 nt!KiTrap0E+0xcc
f55f090c 8056b864 00000001 00000000 7153624f nt!ExAllocatePoolWithTag+0x869
f55f0930 80565006 e2651568 f55f0958 f55f094c nt!ObGetObjectSecurity+0x53
f55f095c 8056b464 e2651568 81ef55b8 00000001 nt!ObCheckObjectAccess+0x29
f55f09a8 805679a0 e166a008 00002b60 c9483b64 nt!CmpDoOpen+0x256
f55f0ba0 805676b5 00002b60 00002b60 81ef55b8 nt!CmpParseKey+0x558
f55f0c28 8056749a 00000370 f55f0c68 00000040 nt!ObpLookupObjectName+0x119
f55f0c7c 80567dfd 00000000 823c3980 80566d01 nt!ObOpenObjectByName+0xeb
f55f0d50 804de7ec 00baf764 00020019 00baf72c nt!NtOpenKey+0x1af
f55f0d50 7c91eb94 00baf764 00020019 00baf72c nt!KiFastCallEntry+0xf8
00baf6f0 7c91dd48 7c939ca3 00baf764 00020019 ntdll!KiFastSystemCallRet
00baf6f4 7c939ca3 00baf764 00020019 00baf72c ntdll!ZwOpenKey+0xc
00baf708 743d54a0 00baf764 00020019 00baf72c ntdll!RtlpNtOpenKey+0x1c
00baf76c 753f20c0 000bfdb8 00000001 000c62c8 SAMSRV!SamrLookupNamesInDomain+0x381
00baf7d4 753f1f09 00000002 00000001 00096278 LSASRV!LsapDbLookupNamesInLocalDomainEx+0x283
00baf808 753f1239 00000001 000c909c 00096278 LSASRV!LsapDbLookupNamesInLocalDomains+0x69
00baf8ac 753f0fb0 00000000 00000001 000c909c LSASRV!LsapLookupNames+0x326
00baf8e4 77e5a1ac 000dda98 00000001 000c909c LSASRV!LsarLookupNames3+0xaa
00baf91c 77ed421a 753f0f38 00baf930 00000009 RPCRT4!Invoke+0x30
00bafd3c 77ed46ee 00000000 00000000 000c1b14 RPCRT4!NdrStubCall2+0x297
00bafd58 77e59c75 000c1b14 000b11b8 000c1b14 RPCRT4!NdrServerCall2+0x19
00bafd8c 77e59bda 753e7255 000c1b14 00bafe2c RPCRT4!DispatchToStubInC+0x38
00bafde0 77e59b06 00000044 00000000 7547f1d0 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x113
00bafe04 77e6114c 000c1b14 00000000 7547f1d0 RPCRT4!RPC_INTERFACE::DispatchToStub+0x84
00bafe34 77e61079 000c1ad8 00000000 000c1aa0 RPCRT4!OSF_SCALL::DispatchHelper+0x115
00bafe48 77e60ffd 00000000 00000044 000c9068 RPCRT4!OSF_SCALL::DispatchRPCCall+0xfe
00bafe78 77e60f08 000c9068 03000070 00000044 RPCRT4!OSF_SCALL::ProcessReceivedPDU+0x58a
00bafea0 77e58e27 000c9068 00000070 7c80977a RPCRT4!OSF_SCALL::BeginRpcCall+0x204
00baff00 77e58d62 00000000 000c9068 00000070 RPCRT4!OSF_SCONNECTION::ProcessReceiveComplete+0x3fb
00baff14 77e5727b 000b1c10 0000000c 00000000 RPCRT4!ProcessConnectionServerReceivedEvent+0x21
00baff80 77e572a4 00baffa8 77e56a4d 000b1c10 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x16f
00baff88 77e56a4d 000b1c10 00400178 00000000 RPCRT4!ProcessIOEventsWrapper+0xd
00baffa8 77e56c13 0009d8a8 00baffec 7c80b683 RPCRT4!BaseCachedThreadRoutine+0x79
00baffb4 7c80b683 000b7a18 00400178 00000000 RPCRT4!ThreadStartRoutine+0x1a
00baffec 00000000 77e56bf9 000b7a18 00000000 kernel32!BaseThreadStart+0x37
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiRemovePageByColor+e2
804e668d ff4808 dec dword ptr [eax+8]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiRemovePageByColor+e2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 45e54711
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_W_nt!MiRemovePageByColor+e2
BUCKET_ID: 0xA_W_nt!MiRemovePageByColor+e2
Followup: MachineOwner
| |
|
