Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\MEMORY.DMP] Kernel Complete Dump File: Full address space is available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp3_qfe.090804-1456 Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0 Debug session time: Fri Oct 16 17:45:06.878 2009 (GMT-4) System Uptime: 0 days 0:07:24.889 Loading Kernel Symbols ............................................................... ....................................... Loading User Symbols ....................... Loading unloaded module list ............. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {a, 0, 0, 0} ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* Probably caused by : memory_corruption Followup: memory_corruption --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000a, EXCEPTION_INVALID_TSS Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* BUGCHECK_STR: 0x7f_a DEFAULT_BUCKET_ID: CODE_CORRUPTION PROCESS_NAME: ntvdm.exe LAST_CONTROL_TRANSFER: from 000008dd to 804e1ff1 STACK_TEXT: f59d2d64 000008dd badb0d00 02ba0074 00000000 nt!KiSystemFatalException+0xf WARNING: Frame IP not in any known module. Following frames may be wrong. 00006df2 00000000 3d485441 505c3a43 52474f52 0x8dd STACK_COMMAND: kb CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt 804d8f94-804d8f98 5 bytes - nt!KiXMMIZeroPage+30 [ fa f7 80 0c 02:e9 ef aa 32 77 ] 804d93b6-804d93ba 5 bytes - nt!ExAcquireResourceSharedLite+10 (+0x422) [ fa 8b 75 08 33:e9 05 f6 2f 77 ] 804da72e-804da732 5 bytes - nt!KiChainedDispatch+28 (+0x1378) [ fa ff 15 08 76:e9 b5 f6 33 77 ] 804db65b-804db65f 5 bytes - nt!ExReleaseResourceLite+b (+0xf2d) [ fa 66 8b 51 0e:e9 00 bf 2f 77 ] 804db954-804db958 5 bytes - nt!SwapContext+30 (+0x2f9) [ fa 89 67 28 8b:e9 df b7 2f 77 ] 804dbb3a-804dbb3e 5 bytes - nt!KiIdleLoop+13 (+0x1e6) [ fa 3b 6d 00 74:e9 79 0d 32 77 ] 804dbbdb-804dbbdf 5 bytes - nt!KiRetireDpcList+4d (+0xa1) [ fa 3b 6d 00 75:e9 f8 10 32 77 ] 804dbc69-804dbc6d 5 bytes - nt!Ki386AdjustEsp0+1e (+0x8e) [ fa 8b 15 40 f0:e9 d2 99 2f 77 ] 804dbc7d-804dbc81 5 bytes - nt!KiSetDebugActive+6 (+0x14) [ fa 88 48 2c 88:e9 b6 d8 2f 77 ] 804de7fd-804de801 5 bytes - nt!KiServiceExit (+0x2b80) [ fa f7 45 70 00:e9 ee 6e 2f 77 ] 804de85f - nt!KiServiceExit+62 (+0x62) [ fa:cc ] 804de9a4-804de9a8 5 bytes - nt!KiServiceExit2 (+0x145) [ fa f7 45 70 00:e9 4f 4e 33 77 ] 804de9e4 - nt!KiServiceExit2+40 (+0x40) [ fa:cc ] 804df05c-804df060 5 bytes - nt!KiExceptionExit (+0x678) [ fa f7 45 70 00:e9 87 a5 2f 77 ] 804df09c - nt!Kei386EoiHelper+40 (+0x40) [ fa:cc ] 804e00de-804e00e2 5 bytes - nt!KiTrap06+3e6 (+0x1042) [ fa f7 45 70 00:e9 e5 f9 2f 77 ] 804e015f-804e0163 5 bytes - nt!KiTrap06+463 (+0x81) [ fa f7 45 70 00:e9 8c 09 30 77 ] 804e0dc3 - nt!VdmFixEspEbp+3 (+0xc64) [ 0f:cc ] 804e0fe2-804e0fe6 5 bytes - nt!KiTrap0D+ad (+0x21f) [ fa f7 45 70 00:e9 41 88 30 77 ] 804e1f22-804e1f26 5 bytes - nt!KiFlushNPXState+4 (+0xf40) [ fa 8b 3d 1c f0:e9 69 74 2f 77 ] 804e2b6c-804e2b70 5 bytes - nt!KiCallUserMode+54 (+0xc4a) [ fa 8b 0e 89 0c:e9 37 ad 33 77 ] 804e2c5a-804e2c5e 5 bytes - nt!KeSwitchKernelStack+3e (+0xee) [ fa 89 8a 68 01:e9 09 5c 2f 77 ] 804e2cef-804e2cf3 5 bytes - nt!NtCallbackReturn+3b (+0x95) [ fa 8b 35 04 f0:e9 5c ad 33 77 ] 804e2e11-804e2e15 5 bytes - nt!ExfInterlockedAddUlong+1 (+0x122) [ fa 8b 01 01 11:e9 0a 98 33 77 ] 804e2e1d-804e2e21 5 bytes - nt!ExfInterlockedInsertHeadList+1 (+0x0c) [ fa 8b 01 89 02:e9 b6 98 31 77 ] 804e2e35-804e2e39 5 bytes - nt!ExfInterlockedInsertTailList+1 (+0x18) [ fa 8b 41 04 89:e9 86 90 31 77 ] 804e2e51-804e2e55 5 bytes - nt!ExfInterlockedRemoveHeadList+1 (+0x1c) [ fa 8b 01 3b c1:e9 12 29 33 77 ] 804e32a5-804e32a9 5 bytes - nt!KeUpdateSystemTime+e6 (+0x454) [ fa ff 81 70 08:e9 26 e7 31 77 ] 804e32f6-804e32fa 5 bytes - nt!KeUpdateSystemTime+137 (+0x51) [ fa ff 15 08 76:e9 8d b9 31 77 ] 804e35e3-804e35e7 5 bytes - nt!ExAcquireResourceExclusiveLite+f (+0x2ed) [ fa 8b 75 08 eb:e9 b8 3c 2f 77 ] 804e8910-804e8914 5 bytes - nt!ExIsResourceAcquiredExclusiveLite+b (+0x532d) [ fa 8b 4d 08 32:e9 7b 3e 31 77 ] 804e8a15-804e8a19 5 bytes - nt!ExAcquireSharedWaitForExclusive+10 (+0x105) [ fa 8b 75 08 33:e9 66 ba 31 77 ] 804ed38c-804ed390 5 bytes - nt!CcGetActiveVacb+5 (+0x4977) [ fa 8b 45 08 8b:e9 9f e8 30 77 ] 804ee3c2-804ee3c6 5 bytes - nt!ExIsResourceAcquiredSharedLite+c (+0x1036) [ fa 8b 4d 08 39:e9 71 e1 30 77 ] 804efade-804efae2 5 bytes - nt!ExReleaseResourceForThreadLite+8 (+0x171c) [ fa 8b 45 08 66:e9 9d 54 32 77 ] 804efe58-804efe5c 5 bytes - nt!ExDisableResourceBoostLite+5 (+0x37a) [ fa 8b 45 08 80:e9 1b c1 30 77 ] 804f0288 - nt!ExAcquireSharedStarveExclusive+f (+0x430) [ fa:cc ] 804f0439-804f043d 5 bytes - nt!ExSetResourceOwnerPointer+c (+0x1b1) [ fa 8b 75 08 f6:e9 62 d9 31 77 ] 804f0be0-804f0be4 5 bytes - nt!ExpAllocateExclusiveWaiterEvent+65 (+0x7a7) [ fa 5f 5e 5b c9:e9 d3 6e 2e 77 ] 804f0d01-804f0d05 5 bytes - nt!KeRestoreFloatingPointState+79 (+0x121) [ fa f6 03 01 0f:e9 42 c4 32 77 ] 804f0ddb-804f0ddf 5 bytes - nt!KeSaveFloatingPointState+9f (+0xda) [ fa 0f 20 c0 8b:e9 70 c5 32 77 ] 804f134c-804f1350 5 bytes - nt!CcSetActiveVacb+7 (+0x571) [ fa 8b 45 08 83:e9 87 0f 32 77 ] 804fae39-804fae3d 5 bytes - nt!ExpFindCurrentThread+10d (+0x9aed) [ fa 8b 75 f8 8b:e9 9a e0 2d 77 ] 804faea3 - nt!ExpFindCurrentThread+187 (+0x6a) [ fa:cc ] 804faf07-804faf0b 5 bytes - nt!ExpAllocateSharedWaiterSemaphore+5e (+0x64) [ fa 5f 5e c9 c2:e9 44 e3 2d 77 ] 804fb5e8-804fb5ec 5 bytes - nt!ExConvertExclusiveToSharedLite+5 (+0x6e1) [ fa 8b 45 08 66:e9 d3 95 30 77 ] 805038af-805038b3 5 bytes - nt!KeRemoveQueueDpc+6 (+0x82c7) [ fa 8b 45 08 8b:e9 bc 9e 31 77 ] 805073df-805073e3 5 bytes - nt!IoStartTimer+17 (+0x3b30) [ fa 66 83 78 02:e9 6c 1e 30 77 ] 8050939e-805093a2 5 bytes - nt!Ki386SetupAndExitToV86Code+a3 (+0x1fbf) [ fa 51 8b 73 04:e9 6d 42 31 77 ] 8050ba6b-8050ba6f 5 bytes - nt!Ki386VdmEnablePentiumExtentions+5 (+0x26cd) [ fa 0f 20 e0 f7:e9 70 11 31 77 ] WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output. 243 errors : !nt (804d8f94-805353a8) MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption FOLLOWUP_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MEMORY_CORRUPTOR: LARGE FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE BUCKET_ID: MEMORY_CORRUPTION_LARGE Followup: memory_corruption --------- kd> !chkimg -d !nt 804d8f94-804d8f98 5 bytes - nt!KiXMMIZeroPage+30 [ fa f7 80 0c 02:e9 ef aa 32 77 ] 804d93b6-804d93ba 5 bytes - nt!ExAcquireResourceSharedLite+10 (+0x422) [ fa 8b 75 08 33:e9 05 f6 2f 77 ] 804da72e-804da732 5 bytes - nt!KiChainedDispatch+28 (+0x1378) [ fa ff 15 08 76:e9 b5 f6 33 77 ] 804db65b-804db65f 5 bytes - nt!ExReleaseResourceLite+b (+0xf2d) [ fa 66 8b 51 0e:e9 00 bf 2f 77 ] 804db954-804db958 5 bytes - nt!SwapContext+30 (+0x2f9) [ fa 89 67 28 8b:e9 df b7 2f 77 ] 804dbb3a-804dbb3e 5 bytes - nt!KiIdleLoop+13 (+0x1e6) [ fa 3b 6d 00 74:e9 79 0d 32 77 ] 804dbbdb-804dbbdf 5 bytes - nt!KiRetireDpcList+4d (+0xa1) [ fa 3b 6d 00 75:e9 f8 10 32 77 ] 804dbc69-804dbc6d 5 bytes - nt!Ki386AdjustEsp0+1e (+0x8e) [ fa 8b 15 40 f0:e9 d2 99 2f 77 ] 804dbc7d-804dbc81 5 bytes - nt!KiSetDebugActive+6 (+0x14) [ fa 88 48 2c 88:e9 b6 d8 2f 77 ] 804de7fd-804de801 5 bytes - nt!KiServiceExit (+0x2b80) [ fa f7 45 70 00:e9 ee 6e 2f 77 ] 804de85f - nt!KiServiceExit+62 (+0x62) [ fa:cc ] 804de9a4-804de9a8 5 bytes - nt!KiServiceExit2 (+0x145) [ fa f7 45 70 00:e9 4f 4e 33 77 ] 804de9e4 - nt!KiServiceExit2+40 (+0x40) [ fa:cc ] 804df05c-804df060 5 bytes - nt!KiExceptionExit (+0x678) [ fa f7 45 70 00:e9 87 a5 2f 77 ] 804df09c - nt!Kei386EoiHelper+40 (+0x40) [ fa:cc ] 804e00de-804e00e2 5 bytes - nt!KiTrap06+3e6 (+0x1042) [ fa f7 45 70 00:e9 e5 f9 2f 77 ] 804e015f-804e0163 5 bytes - nt!KiTrap06+463 (+0x81) [ fa f7 45 70 00:e9 8c 09 30 77 ] 804e0dc3 - nt!VdmFixEspEbp+3 (+0xc64) [ 0f:cc ] 804e0fe2-804e0fe6 5 bytes - nt!KiTrap0D+ad (+0x21f) [ fa f7 45 70 00:e9 41 88 30 77 ] 804e1f22-804e1f26 5 bytes - nt!KiFlushNPXState+4 (+0xf40) [ fa 8b 3d 1c f0:e9 69 74 2f 77 ] 804e2b6c-804e2b70 5 bytes - nt!KiCallUserMode+54 (+0xc4a) [ fa 8b 0e 89 0c:e9 37 ad 33 77 ] 804e2c5a-804e2c5e 5 bytes - nt!KeSwitchKernelStack+3e (+0xee) [ fa 89 8a 68 01:e9 09 5c 2f 77 ] 804e2cef-804e2cf3 5 bytes - nt!NtCallbackReturn+3b (+0x95) [ fa 8b 35 04 f0:e9 5c ad 33 77 ] 804e2e11-804e2e15 5 bytes - nt!ExfInterlockedAddUlong+1 (+0x122) [ fa 8b 01 01 11:e9 0a 98 33 77 ] 804e2e1d-804e2e21 5 bytes - nt!ExfInterlockedInsertHeadList+1 (+0x0c) [ fa 8b 01 89 02:e9 b6 98 31 77 ] 804e2e35-804e2e39 5 bytes - nt!ExfInterlockedInsertTailList+1 (+0x18) [ fa 8b 41 04 89:e9 86 90 31 77 ] 804e2e51-804e2e55 5 bytes - nt!ExfInterlockedRemoveHeadList+1 (+0x1c) [ fa 8b 01 3b c1:e9 12 29 33 77 ] 804e32a5-804e32a9 5 bytes - nt!KeUpdateSystemTime+e6 (+0x454) [ fa ff 81 70 08:e9 26 e7 31 77 ] 804e32f6-804e32fa 5 bytes - nt!KeUpdateSystemTime+137 (+0x51) [ fa ff 15 08 76:e9 8d b9 31 77 ] 804e35e3-804e35e7 5 bytes - nt!ExAcquireResourceExclusiveLite+f (+0x2ed) [ fa 8b 75 08 eb:e9 b8 3c 2f 77 ] 804e8910-804e8914 5 bytes - nt!ExIsResourceAcquiredExclusiveLite+b (+0x532d) [ fa 8b 4d 08 32:e9 7b 3e 31 77 ] 804e8a15-804e8a19 5 bytes - nt!ExAcquireSharedWaitForExclusive+10 (+0x105) [ fa 8b 75 08 33:e9 66 ba 31 77 ] 804ed38c-804ed390 5 bytes - nt!CcGetActiveVacb+5 (+0x4977) [ fa 8b 45 08 8b:e9 9f e8 30 77 ] 804ee3c2-804ee3c6 5 bytes - nt!ExIsResourceAcquiredSharedLite+c (+0x1036) [ fa 8b 4d 08 39:e9 71 e1 30 77 ] 804efade-804efae2 5 bytes - nt!ExReleaseResourceForThreadLite+8 (+0x171c) [ fa 8b 45 08 66:e9 9d 54 32 77 ] 804efe58-804efe5c 5 bytes - nt!ExDisableResourceBoostLite+5 (+0x37a) [ fa 8b 45 08 80:e9 1b c1 30 77 ] 804f0288 - nt!ExAcquireSharedStarveExclusive+f (+0x430) [ fa:cc ] 804f0439-804f043d 5 bytes - nt!ExSetResourceOwnerPointer+c (+0x1b1) [ fa 8b 75 08 f6:e9 62 d9 31 77 ] 804f0be0-804f0be4 5 bytes - nt!ExpAllocateExclusiveWaiterEvent+65 (+0x7a7) [ fa 5f 5e 5b c9:e9 d3 6e 2e 77 ] 804f0d01-804f0d05 5 bytes - nt!KeRestoreFloatingPointState+79 (+0x121) [ fa f6 03 01 0f:e9 42 c4 32 77 ] 804f0ddb-804f0ddf 5 bytes - nt!KeSaveFloatingPointState+9f (+0xda) [ fa 0f 20 c0 8b:e9 70 c5 32 77 ] 804f134c-804f1350 5 bytes - nt!CcSetActiveVacb+7 (+0x571) [ fa 8b 45 08 83:e9 87 0f 32 77 ] 804fae39-804fae3d 5 bytes - nt!ExpFindCurrentThread+10d (+0x9aed) [ fa 8b 75 f8 8b:e9 9a e0 2d 77 ] 804faea3 - nt!ExpFindCurrentThread+187 (+0x6a) [ fa:cc ] 804faf07-804faf0b 5 bytes - nt!ExpAllocateSharedWaiterSemaphore+5e (+0x64) [ fa 5f 5e c9 c2:e9 44 e3 2d 77 ] 804fb5e8-804fb5ec 5 bytes - nt!ExConvertExclusiveToSharedLite+5 (+0x6e1) [ fa 8b 45 08 66:e9 d3 95 30 77 ] 805038af-805038b3 5 bytes - nt!KeRemoveQueueDpc+6 (+0x82c7) [ fa 8b 45 08 8b:e9 bc 9e 31 77 ] 805073df-805073e3 5 bytes - nt!IoStartTimer+17 (+0x3b30) [ fa 66 83 78 02:e9 6c 1e 30 77 ] 8050939e-805093a2 5 bytes - nt!Ki386SetupAndExitToV86Code+a3 (+0x1fbf) [ fa 51 8b 73 04:e9 6d 42 31 77 ] 8050ba6b-8050ba6f 5 bytes - nt!Ki386VdmEnablePentiumExtentions+5 (+0x26cd) [ fa 0f 20 e0 f7:e9 70 11 31 77 ] 8050ff93 - nt!KiSaveProcessorControlState+75 (+0x4528) [ 0f:cc ] 8050ff9a - nt!KiSaveProcessorControlState+7c (+0x07) [ 0f:cc ] 8050ffa1 - nt!KiSaveProcessorControlState+83 (+0x07) [ 66:cc ] 8050ffa9 - nt!KiSaveProcessorControlState+8b (+0x08) [ 66:cc ] 805110a3 - nt!CPUIDEx+a (+0x10fa) [ 0f:cc ] 805279b9 - nt!ExAcquireSharedWaitForExclusive+c0 (+0x16916) [ fa:cc ] 8052d70b-8052d70f 5 bytes - nt!IopRemoveTimerFromTimerList+5 (+0x5d52) [ fa 8b 45 08 8b:e9 c8 76 2d 77 ] 8052dd7e-8052dd82 5 bytes - nt!IoStopTimer+b (+0x673) [ fa 66 83 78 02:e9 bd 78 2e 77 ] 805353a8 - nt!Ki386CheckDelayedNpxTrap+328 (+0x762a) [ fa:cc ] 243 errors : !nt (804d8f94-805353a8)