Thanks SO much. What a wealth of info! I'll pass it on to the friend who
had the virus and is working on this. Will definitely printout a copy for
my own troubleshooting file. I really appreciate all the detailed help.
Boze
"David Candy" <.> wrote in message
You need to post full error messages. Those numbers tell things. You can
waste your time testing memory but the numbers are telling you if that's a
possible cause or not.
Try all the following with existing dump files but you can also turn on the
Driver Verifier (type verifier in Start Run and follow the wizard). This is
strict checking of all drivers (so it makes computer slower). This may give
different error messages and pinpoint one driver that is not crashing but
causing another driver to crash. If you can't start after enabling verifier
choose Last Known Good Configuration at the Failed Boot menu (which will
start without verifier).
Get your XP CD and install Windows Support Tools.
Type in start run after installing and rebooting
pstat > "%userprofile%\desktop\driverlist.txt"
The last table in this file is a list of loaded drivers. Other things apart
from hardware uses drivers. Post the list of drivers (the last table only -
REPEAT THE LAST TABLE O N L Y ) or match the fault address to the driver.
If you have the XP SP2 Security Update CD (else see
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx
)
Install symbols from <CD Drive Letter>:\SUPPORT\SYMBOLS
Download
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Load the crash dump file into windbg (File - Load Crash Dump and it's in
c:\windows\minidump) and READ WHAT IT SAYS (you may need to tell it where
the symbol files are), then
Type
!Analyze -v
into Windbg's command line.
(this will hopefully tell you the faulty component)
If a minidump doesn't help use a kernel dump, if that doesn't help create a
full dump.
You can look up specific details here
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ddtools/hh/
ddtools/BCIntro_ea8b9fd0-2d81-4a04-a7ed-c1c6a80bd501.xml.asp
If it indicates faulty memory might be the cause you can get a memory tester
here
http://oca.microsoft.com/en/windiag.asp
If it mentions a core windows system file, meaning it a MS fix is required,
upload a minidump to
http://oca.microsoft.com
Also try typing the main error code in Help while online (ie,
Stop 0x50
and also try in the 8 digit form
stop 0x00000050)
and if there are too many hits use a filename if available. Generally memory
addresses are different for each computer (as each computer has a different
mix of drivers) so parameters aren't that useful for searching.
Driver Development Tools: Windows DDK
Bug Check 0x7F: UNEXPECTED_KERNEL_MODE_TRAP
The UNEXPECTED_KERNEL_MODE_TRAP bug check has a value of 0x0000007F. This
indicates that a trap was generated by the Intel CPU and the kernel failed
to catch this trap.
This could be either a bound trap (a trap the kernel is not permitted to
catch) or a double fault (a fault that occurred while processing an earlier
fault, which always results in a system crash).
Parameters
The first parameter displayed on the blue screen specifies the trap number.
Here are some of the most common trap codes:
a.. 0x00000000, or Divide by Zero Error, is caused when a DIV instruction
is executed and the divisor is zero. Memory corruption, other hardware
problems, or software failures can cause this error.
b.. 0x00000004, or Overflow, occurs when the processor executes a call to
an interrupt handler when the overflow (OF) flag is set.
c.. 0x00000005, or Bounds Check Fault, is generated when the processor,
while executing a BOUND instruction, finds the operand exceeds the specified
limits. A BOUND instruction is used to ensure that a signed array index is
within a certain range.
d.. 0x00000006, or Invalid Opcode, is generated when the processor
attempts to execute an invalid instruction. This is generally caused when
the instruction pointer has become corrupted and is pointing to the wrong
location. The most common cause of this is hardware memory corruption.
e.. 0x00000008, or Double Fault, is when an exception occurs while trying
to call the handler for a prior exception. Normally, the two exceptions can
be handled serially. However, there are several exceptions that cannot be
handled serially, and in this situation the processor signals a double
fault. There are two common causes of a double fault:
1.. A kernel stack overflow. This occurs when a guard page is hit, and
then the kernel tries to push a trap frame. Since there is no stack left, a
stack overflow results, causing the double fault. If you suspect this has
occurred, use the !thread debugger extension to determine the stack limits,
and then use the KB (Display Stack Backtrace) debugger command with a large
parameter (for example, kb 100) to display the full stack.
2.. A hardware problem.
The less-common trap codes include:
a.. 0x00000001 — A system-debugger call
b.. 0x00000003 — A debugger breakpoint
c.. 0x00000007 — A hardware coprocessor instruction with no coprocessor
present
d.. 0x0000000A — A corrupted Task State Segment
e.. 0x0000000B — An access to a memory segment that was not present
f.. 0x0000000C — An access to memory beyond the limits of a stack
g.. 0x0000000D — An exception not covered by some other exception; a
protection fault that pertains to access violations for applications
For other trap numbers, consult an Intel architecture manual.
Cause
Bug check 0x7F usually occurs after the installation of faulty or mismatched
hardware (especially memory) or in the event that installed hardware fails.
A double fault can occur when the kernel stack overflows. This can happen if
multiple drivers are attached to the same stack. For example, two file
system filter drivers can be attached to the same stack and then the file
system can recurse back in, overflowing the stack.
Resolving the Problem
Debugging: Always begin with the !analyze debugger extension.
If this is not sufficient, use the KV (Display Stack Backtrace) debugger
command.
a.. If KV shows a taskGate, then use the .tss (Display Task State Segment)
command on the part before the colon.
b.. If KV shows a trap frame, then use the .trap (Display Trap Frame)
command to format the frame.
c.. Otherwise, use the .trap (Display Trap Frame) command on the
appropriate frame. (On x86 platforms, this frame is associated with the
procedure NT!KiTrap.)
After this, use KV again to display the new stack.
Troubleshooting: If hardware was recently added to the system, remove it to
see if the error recurs. If existing hardware has failed, remove or replace
the faulty component. Run hardware diagnostics supplied by the system
manufacturer, to determine which hardware component has failed. The memory
scanner is especially important; faulty or mismatched memory can cause this
bug check. For details on these procedures, see the owner’s manual for your
computer. Check that all adapter cards in the computer are properly seated.
Use an ink eraser or an electrical contact treatment, available at
electronics supply stores, to ensure adapter card contacts are clean.
If the error appears on a newly installed system, check the availability of
updates for the BIOS, the SCSI controller or network cards. Updates of this
kind are typically available on the Web site or BBS of the hardware
manufacturer.
Confirm that all hard disks, hard disk controllers, and SCSI adapters are
listed on the Microsoft Windows Hardware Compatibility List (HCL).
If the error occurred after the installation of a new or updated device
driver, the driver should be removed or replaced. If, under this
circumstance, the error occurs during the startup sequence and the system
partition is formatted with NTFS, you might be able to use Safe Mode to
rename or delete the faulty driver. If the driver is used as part of the
system startup process in Safe Mode, you need to start the computer using
the Recovery Console in order to access the file. Also try restarting your
computer, and press F8 at the character-based menu that displays the
operating system choices. At the resulting Windows Advanced Options menu,
choose the Last Known Good Configuration option. This option is most
effective when only one driver or service is added at a time.
Overclocking (setting the CPU to run at speeds above the rated
specification) can cause this error. If this has been done to the computer
experiencing the error, return the CPU to the default clock speed setting.
Check the System Log in Event Viewer for additional error messages that
might help pinpoint the device or driver that is causing the error.
Disabling memory caching of the BIOS might also resolve it.
If you encountered this error while upgrading to a new version of Windows,
it might be caused by a device driver, a system service, a virus scanner, or
a backup tool that is incompatible with the new version. If possible, remove
all third-party device drivers and system services and disable any virus
scanners prior to upgrading. Contact the software manufacturer to obtain
updates of these tools. Also make sure that you have installed the latest
Windows Service Pack.
Finally, if all the above steps fail to resolve the error, take the system
motherboard to a repair facility for diagnostic testing. A crack, a
scratched trace, or a defective component on the motherboard can also cause
this error.
Send feedback on this topic. / Built on Thursday, February 13, 2003