R
RedLars
Hi,
Using Windows XP professional with SP3.
There was a BSOD on the on a lab computer today. I do not know what
application was running or what operations that were performed at the
time of BSOD. Here is the info I got from WinDBG of the mini dump.
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000010, The address that the exception occurred at
Arg3: f740bc30, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i "0x%08lx"
refererte til adresse "0x%08lx". Minnet kunne ikke v re "%s".
FAULTING_IP:
+fc
00000010 0000 add byte ptr [eax],al
TRAP_FRAME: f740bc30 -- (.trap 0xfffffffff740bc30)
Unable to read trap frame at f740bc30
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from bf801e5e to 00000010
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f740bcb0 bf801e5e 00000000 f740bd64 0012fec8 0x10
f740bcec bf819e57 f740bd18 000025ff 00000000 win32k!
xxxRealInternalGetMessage+0x3fe
f740bd4c 804dd99f 00157128 00000000 00000000 win32k!NtUserGetMessage
+0x27
f740bd4c 7c90e514 00157128 00000000 00000000 nt!KiFastCallEntry+0xfc
0012fed4 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+3fe
bf801e5e 85c0 test eax,eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: win32k!xxxRealInternalGetMessage+3fe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe
BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe
Followup: MachineOwner
---------
It seems to point to the win32k.sys. What actions does this file
perform?
Searching for the file win32k.sys using google indicates that there
are several problems with this file and BSOD. A lot of them are
releated to hardware \ driver issues. There are quite a number of
drivers installed on WinXP, how can I narrow down the list of
suspected drivers?
Please advice on how to analyze this issue.
Using Windows XP professional with SP3.
There was a BSOD on the on a lab computer today. I do not know what
application was running or what operations that were performed at the
time of BSOD. Here is the info I got from WinDBG of the mini dump.
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000010, The address that the exception occurred at
Arg3: f740bc30, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i "0x%08lx"
refererte til adresse "0x%08lx". Minnet kunne ikke v re "%s".
FAULTING_IP:
+fc
00000010 0000 add byte ptr [eax],al
TRAP_FRAME: f740bc30 -- (.trap 0xfffffffff740bc30)
Unable to read trap frame at f740bc30
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from bf801e5e to 00000010
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f740bcb0 bf801e5e 00000000 f740bd64 0012fec8 0x10
f740bcec bf819e57 f740bd18 000025ff 00000000 win32k!
xxxRealInternalGetMessage+0x3fe
f740bd4c 804dd99f 00157128 00000000 00000000 win32k!NtUserGetMessage
+0x27
f740bd4c 7c90e514 00157128 00000000 00000000 nt!KiFastCallEntry+0xfc
0012fed4 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+3fe
bf801e5e 85c0 test eax,eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: win32k!xxxRealInternalGetMessage+3fe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe
BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe
Followup: MachineOwner
---------
It seems to point to the win32k.sys. What actions does this file
perform?
Searching for the file win32k.sys using google indicates that there
are several problems with this file and BSOD. A lot of them are
releated to hardware \ driver issues. There are quite a number of
drivers installed on WinXP, how can I narrow down the list of
suspected drivers?
Please advice on how to analyze this issue.