| 1 | C:\Program Files\Debugging Tools for Windows>kd -y c:\windows\symbols -z c:\wind
|
|---|
| 2 | ows\MEMORY.DMP
|
|---|
| 3 |
|
|---|
| 4 | Microsoft (R) Windows Debugger Version 6.6.0007.5
|
|---|
| 5 | Copyright (c) Microsoft Corporation. All rights reserved.
|
|---|
| 6 |
|
|---|
| 7 |
|
|---|
| 8 | Loading Dump File [c:\windows\MEMORY.DMP]
|
|---|
| 9 | Kernel Complete Dump File: Full address space is available
|
|---|
| 10 |
|
|---|
| 11 | Symbol search path is: c:\windows\symbols
|
|---|
| 12 | Executable search path is:
|
|---|
| 13 | Windows Server 2003 Kernel Version 3790 (Service Pack 2) UP Free x86 compatible
|
|---|
| 14 | Product: Server, suite: Enterprise TerminalServer
|
|---|
| 15 | Built by: 3790.srv03_sp2_rtm.070216-1710
|
|---|
| 16 | Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8e48
|
|---|
| 17 | Debug session time: Sat Mar 24 02:41:39.147 2007 (GMT+1)
|
|---|
| 18 | System Uptime: 0 days 19:19:42.094
|
|---|
| 19 | Loading Kernel Symbols
|
|---|
| 20 | ................................................................................
|
|---|
| 21 | ...............
|
|---|
| 22 | Loading User Symbols
|
|---|
| 23 |
|
|---|
| 24 | Loading unloaded module list
|
|---|
| 25 | ...
|
|---|
| 26 | *******************************************************************************
|
|---|
| 27 | * *
|
|---|
| 28 | * Bugcheck Analysis *
|
|---|
| 29 | * *
|
|---|
| 30 | *******************************************************************************
|
|---|
| 31 |
|
|---|
| 32 | Use !analyze -v to get detailed debugging information.
|
|---|
| 33 |
|
|---|
| 34 | BugCheck D1, {81, 2, 0, 8176e498}
|
|---|
| 35 |
|
|---|
| 36 | Probably caused by : ntoskrnl.exe ( nt!KiTrap0E+2a1 )
|
|---|
| 37 |
|
|---|
| 38 | Followup: MachineOwner
|
|---|
| 39 | ---------
|
|---|
| 40 |
|
|---|
| 41 | kd> !analyze -v
|
|---|
| 42 | *******************************************************************************
|
|---|
| 43 | * *
|
|---|
| 44 | * Bugcheck Analysis *
|
|---|
| 45 | * *
|
|---|
| 46 | *******************************************************************************
|
|---|
| 47 |
|
|---|
| 48 | DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
|
|---|
| 49 | An attempt was made to access a pageable (or completely invalid) address at an
|
|---|
| 50 | interrupt request level (IRQL) that is too high. This is usually
|
|---|
| 51 | caused by drivers using improper addresses.
|
|---|
| 52 | If kernel debugger is available get stack backtrace.
|
|---|
| 53 | Arguments:
|
|---|
| 54 | Arg1: 00000081, memory referenced
|
|---|
| 55 | Arg2: 00000002, IRQL
|
|---|
| 56 | Arg3: 00000000, value 0 = read operation, 1 = write operation
|
|---|
| 57 | Arg4: 8176e498, address which referenced memory
|
|---|
| 58 |
|
|---|
| 59 | Debugging Details:
|
|---|
| 60 | ------------------
|
|---|
| 61 |
|
|---|
| 62 |
|
|---|
| 63 | READ_ADDRESS: 00000081
|
|---|
| 64 |
|
|---|
| 65 | CURRENT_IRQL: 2
|
|---|
| 66 |
|
|---|
| 67 | FAULTING_IP:
|
|---|
| 68 | +ffffffff8176e498
|
|---|
| 69 | 8176e498 0000 add byte ptr [eax],al
|
|---|
| 70 |
|
|---|
| 71 | DEFAULT_BUCKET_ID: DRIVER_FAULT
|
|---|
| 72 |
|
|---|
| 73 | BUGCHECK_STR: 0xD1
|
|---|
| 74 |
|
|---|
| 75 | PROCESS_NAME: Idle
|
|---|
| 76 |
|
|---|
| 77 | TRAP_FRAME: 8089d53c -- (.trap ffffffff8089d53c)
|
|---|
| 78 | ErrCode = 00000000
|
|---|
| 79 | eax=00000081 ebx=8176e48c ecx=8176f000 edx=ffdffa40 esi=817821a0 edi=ffdffa40
|
|---|
| 80 | eip=8176e498 esp=8089d5b0 ebp=8089d5b0 iopl=0 nv up ei pl nz na pe nc
|
|---|
| 81 | cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
|
|---|
| 82 | 0008:8176e498 0000 add byte ptr [eax],al ds:0023:00000081=??
|
|---|
| 83 | Resetting default scope
|
|---|
| 84 |
|
|---|
| 85 | LAST_CONTROL_TRANSFER: from 8176e498 to 80826653
|
|---|
| 86 |
|
|---|
| 87 | STACK_TEXT:
|
|---|
| 88 | 8089d53c 8176e498 badb0d00 ffdffa40 00000000 nt!KiTrap0E+0x2a1
|
|---|
| 89 | WARNING: Frame IP not in any known module. Following frames may be wrong.
|
|---|
| 90 | 8089d5ac 8089d600 80828a68 817821a0 8176f000 0x8176e498
|
|---|
| 91 | 8089d5b0 80828a68 817821a0 8176f000 00000000 nt!KiDoubleFaultStack+0x2d50
|
|---|
| 92 | 8089d600 80820bba 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca
|
|---|
| 93 | 8089d604 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x2f
|
|---|
| 94 |
|
|---|
| 95 |
|
|---|
| 96 | STACK_COMMAND: kb
|
|---|
| 97 |
|
|---|
| 98 | FOLLOWUP_IP:
|
|---|
| 99 | nt!KiTrap0E+2a1
|
|---|
| 100 | 80826653 833dc0828a8000 cmp dword ptr [nt!KiFreezeFlag (808a82c0)],0
|
|---|
| 101 |
|
|---|
| 102 | SYMBOL_STACK_INDEX: 0
|
|---|
| 103 |
|
|---|
| 104 | SYMBOL_NAME: nt!KiTrap0E+2a1
|
|---|
| 105 |
|
|---|
| 106 | FOLLOWUP_NAME: MachineOwner
|
|---|
| 107 |
|
|---|
| 108 | MODULE_NAME: nt
|
|---|
| 109 |
|
|---|
| 110 | IMAGE_NAME: ntoskrnl.exe
|
|---|
| 111 |
|
|---|
| 112 | DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a072
|
|---|
| 113 |
|
|---|
| 114 | FAILURE_BUCKET_ID: 0xD1_nt!KiTrap0E+2a1
|
|---|
| 115 |
|
|---|
| 116 | BUCKET_ID: 0xD1_nt!KiTrap0E+2a1
|
|---|
| 117 |
|
|---|
| 118 | Followup: MachineOwner
|
|---|
| 119 | ---------
|
|---|
| 120 |
|
|---|
| 121 | kd>
|
|---|