spjallid.is

Sælir.
Var að setja upp Win7 upp á nýtt fyrir félaga sem var í vandræðum með ThinkPad E520.

Fékk BlueScreen áðan í smá flash streaming, var að velta því fyrir mér hvort það væri einhver hér sem nennti að rýna í þennan dump file sem kom og ath. hvort þið sjáið eitthvað sem þið kannist við:

Kóði: Velja allt

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a0d000 PsLoadedModuleList = 0xfffff800`02c4ae50
Debug session time: Sat Feb  2 16:58:57.748 2013 (UTC - 8:00)
System Uptime: 0 days 19:07:50.121
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols

Loading unloaded module list
...........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050033, 406f8, fffff80002a45ec0}

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for NETIO.SYS - 
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tdx.sys
*** ERROR: Module load completed but symbols could not be loaded for netbt.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for fwpkclnt.sys - 
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ndis.sys - 
*** ERROR: Module load completed but symbols could not be loaded for nwifi.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for vwififlt.sys - 
*** ERROR: Module load completed but symbols could not be loaded for Netwsw00.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : NETIO.SYS ( NETIO!KfdCheckConnectBypass+aca )

Followup: MachineOwner
---------

E codeinn er vitlaus.

destinydestiny skrifaði:E codeinn er vitlaus.

Ertu að reyna að hjálpa með þessu svari eða er þetta troll? :guy

http://www.google.is/search?q=E+code

E numbers are codes for chemicals which can be used as food additives for use within the European Union[1] and Switzerland. They are commonly found on food labels throughout the European Union.[2] Safety assessment and approval are the responsibility of the European Food Safety Authority.

haha troll ég veit ekkert um tölvuforritun.

Leitaði að "kernel symbols are wrong . please fix symbols to do analysis."

Prófaðu að skoða þetta hérna.
http://forums.whirlpool.net.au/archive/1859765

Takk fyrir það.

Þetta er það sem ég fékk eftir að þetta var lagað:

Kóði: Velja allt

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
   the operating system. The only supported way to extend a kernel
   mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff80002c4cc40
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

EXCEPTION_RECORD:  fffff80000b9cb08 -- (.exr 0xfffff80000b9cb08)
ExceptionAddress: fffff80002accf1c (nt!KiIdleLoop+0x000000000000008c)
   ExceptionCode: 80000004 (Single step exception)
  ExceptionFlags: 00000000
NumberParameters: 0

TRAP_FRAME:  fffff80000b9cbb0 -- (.trap 0xfffff80000b9cbb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000000000000b
rdx=0000000000187000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002accf1c rsp=fffff80000b9cd40 rbp=0000000000000000
 r8=fffffa8006d1b0c8  r9=0000000000000000 r10=fffffffffffffffe
r11=fffff80002c3ee00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!KiIdleLoop+0x8c:
fffff800`02accf1c 2200            and     al,byte ptr [rax] ds:00000000`00000000=??
Resetting default scope

MISALIGNED_IP: 
nt!KiIdleLoop+8c
fffff800`02accf1c 2200            and     al,byte ptr [rax]

LAST_CONTROL_TRANSFER:  from fffff80002b1924a to fffff80002ac4740

STACK_TEXT:  
fffff800`00b9bc18 fffff800`02b1924a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`02c4cc40 : nt!KeBugCheckEx
fffff800`00b9bc20 fffff800`02af16b3 : 00000000`00000000 00000000`00000000 00000000`00000003 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff800`00b9bc60 fffff800`02afe9ef : fffff800`00b9cb08 fffff800`00b9c870 fffff800`00b9cbb0 fffffa80`0b182760 : nt!RtlDispatchException+0x33
fffff800`00b9c340 fffff800`02ac3d82 : fffff800`00b9cb08 fffff800`02c3ee80 fffff800`00b9cbb0 fffff800`02c4cc40 : nt!KiDispatchException+0x16f
fffff800`00b9c9d0 fffff800`02ac1722 : 00000000`00000000 fffff800`02aca284 fffffa80`0ab9d094 fffff800`00b9ce50 : nt!KiExceptionDispatch+0xc2
fffff800`00b9cbb0 fffff800`02accf1c : fffff800`00b9d538 00000000`00000000 fffff800`00b9d530 fffff880`00000000 : nt!KiDebugTrapOrFault+0x1a2
fffff800`00b9cd40 fffff800`00b9ce00 : 00000000`00000000 fffff800`00b97000 fffff800`00b9cd00 fffffa80`0ab9d72c : nt!KiIdleLoop+0x8c
fffff800`00b9cd70 00000000`00000000 : fffff800`00b97000 fffff800`00b9cd00 fffffa80`0ab9d72c 00010101`011fffff : 0xfffff800`00b9ce00


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+4904
fffff800`02b1924a cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4904

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner
---------

Kemur eitthvað í Event Viewer og ertu með einhverja vírusvörn uppsetta?

Myndi skjóta á að þetta væri driver sem er að valda þessu.

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

Minn peningur færi á einhvern Driver. hehe...

Ég hef oft notað þetta forrit til að hjálpa mér að rýna í dump files.

http://www.nirsoft.net/utils/blue_screen_view.html

Er einhver leið að finna út hvaða driver þetta er? Eru ansi margir driverar sem ég installaði, tæki ansi langan tíma að taka út einn og einn :baby

: event viewer; kernel.JPG (54.95 KiB) Skoðað 1978 sinnum

: event viewer; event.JPG (44.49 KiB) Skoðað 1978 sinnum

Kóði: Velja allt

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
   the operating system. The only supported way to extend a kernel
   mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff80002c4cc40
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

EXCEPTION_RECORD:  fffff80000b9cb08 -- (.exr 0xfffff80000b9cb08)
ExceptionAddress: fffff80002accf1c (nt!KiIdleLoop+0x000000000000008c)
   ExceptionCode: 80000004 (Single step exception)
  ExceptionFlags: 00000000
NumberParameters: 0

TRAP_FRAME:  fffff80000b9cbb0 -- (.trap 0xfffff80000b9cbb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000000000000b
rdx=0000000000187000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002accf1c rsp=fffff80000b9cd40 rbp=0000000000000000
 r8=fffffa8006d1b0c8  r9=0000000000000000 r10=fffffffffffffffe
r11=fffff80002c3ee00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!KiIdleLoop+0x8c:
fffff800`02accf1c 2200            and     al,byte ptr [rax] ds:00000000`00000000=??
Resetting default scope

MISALIGNED_IP: 
nt!KiIdleLoop+8c
fffff800`02accf1c 2200            and     al,byte ptr [rax]

LAST_CONTROL_TRANSFER:  from fffff80002b1924a to fffff80002ac4740

STACK_TEXT:  
fffff800`00b9bc18 fffff800`02b1924a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`02c4cc40 : nt!KeBugCheckEx
fffff800`00b9bc20 fffff800`02af16b3 : 00000000`00000000 00000000`00000000 00000000`00000003 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff800`00b9bc60 fffff800`02afe9ef : fffff800`00b9cb08 fffff800`00b9c870 fffff800`00b9cbb0 fffffa80`0b182760 : nt!RtlDispatchException+0x33
fffff800`00b9c340 fffff800`02ac3d82 : fffff800`00b9cb08 fffff800`02c3ee80 fffff800`00b9cbb0 fffff800`02c4cc40 : nt!KiDispatchException+0x16f
fffff800`00b9c9d0 fffff800`02ac1722 : 00000000`00000000 fffff800`02aca284 fffffa80`0ab9d094 fffff800`00b9ce50 : nt!KiExceptionDispatch+0xc2
fffff800`00b9cbb0 fffff800`02accf1c : fffff800`00b9d538 00000000`00000000 fffff800`00b9d530 fffff880`00000000 : nt!KiDebugTrapOrFault+0x1a2
fffff800`00b9cd40 fffff800`00b9ce00 : 00000000`00000000 fffff800`00b97000 fffff800`00b9cd00 fffffa80`0ab9d72c : nt!KiIdleLoop+0x8c
fffff800`00b9cd70 00000000`00000000 : fffff800`00b97000 fffff800`00b9cd00 fffffa80`0ab9d72c 00010101`011fffff : 0xfffff800`00b9ce00


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+4904
fffff800`02b1924a cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4904

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner
---------

Probably caused by : NETIO.SYS ( NETIO!KfdCheckConnectBypass+aca )

Uppfærðu driverana fyrir netkortið (augljóslega það netkort sem þú varst að nota þegar tölvan krassaði. Þráðlaust eða ethernet).

daremo skrifaði:
Probably caused by : NETIO.SYS ( NETIO!KfdCheckConnectBypass+aca )

Uppfærðu driverana fyrir netkortið (augljóslega það netkort sem þú varst að nota þegar tölvan krassaði. Þráðlaust eða ethernet).

Setti Win7 upp aftur og nýjustu Wifi driverana. Bluescreenaði aftur, kem með dump fileinn seinna. Er að prufa eldri driver fyrir Wifi núna, þessir driverar eru 250-300mb.

Ertu búinn að prófa hvort að minnið sé í lagi?

beatmaster skrifaði:Ertu búinn að prófa hvort að minnið sé í lagi?

Reyndar ekki. Ætli það verði ekki næsta skref.
Ætla fyrst að athuga hvort þetta séu alltaf sömu BSOD aftur og aftur.

Hún var víst ekki að bluescreena fyrir þetta format.

spjallid.is

Kannt þú að rýna í DUMP file?

Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?

Re: Kannt þú að rýna í DUMP file?