zamieszczam odczyt z minidumpa
Loading Dump File [C:\WINDOWS\Minidump\Mini082710-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Aug 27 16:11:56.468 2010 (UTC + 2:00)
System Uptime: 0 days 0:26:51.169
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..............
Unable to load image frost.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for frost.sys
*** ERROR: Module load completed but symbols could not be loaded for frost.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {7850bd14, ff, 1, a97a40a3}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : frost.sys ( frost+20a3 )
Followup: MachineOwner
---------
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: frost
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4b853de7
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
7850bd14
CURRENT_IRQL: ff
FAULTING_IP:
frost+20a3
a97a40a3 8904b1 mov dword ptr [ecx+esi*4],eax
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 8058145b to a97a40a3
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
ba4f3d60 8058145b 89f25180 a8c7dc24 8056485c frost+0x20a3
ba4f3d7c 8053879d a8c7dc24 00000000 8b1f4b30 nt+0xaa45b
ba4f3dac 805cff62 a8c7dc24 00000000 00000000 nt+0x6179d
ba4f3ddc 8054612e 805386ae 00000001 00000000 nt+0xf8f62
00000000 00000000 00000000 00000000 00000000 nt+0x6f12e
STACK_COMMAND: kb
FOLLOWUP_IP:
frost+20a3
a97a40a3 8904b1 mov dword ptr [ecx+esi*4],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: frost+20a3
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: frost.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> lmvm frost
start end module name
a97a2000 a97af000 frost T (no symbols)
Loaded symbol image file: frost.sys
Image path: frost.sys
Image name: frost.sys
Timestamp: Wed Feb 24 15:55:35 2010 (4B853DE7)
CheckSum: 0000F751
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> lmvm nt
start end module name
804d7000 806e4000 nt T (no symbols)
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Tue Apr 27 15:04:40 2010 (4BD6E0E8)
CheckSum: 001EF92B
ImageSize: 0020D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
