win32k.sys bsod


R

RedLars

Hi,

Using Windows XP professional with SP3.

There was a BSOD on the on a lab computer today. I do not know what
application was running or what operations that were performed at the
time of BSOD. Here is the info I got from WinDBG of the mini dump.

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000010, The address that the exception occurred at
Arg3: f740bc30, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i "0x%08lx"
refererte til adresse "0x%08lx". Minnet kunne ikke v re "%s".

FAULTING_IP:
+fc
00000010 0000 add byte ptr [eax],al

TRAP_FRAME: f740bc30 -- (.trap 0xfffffffff740bc30)
Unable to read trap frame at f740bc30

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from bf801e5e to 00000010

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f740bcb0 bf801e5e 00000000 f740bd64 0012fec8 0x10
f740bcec bf819e57 f740bd18 000025ff 00000000 win32k!
xxxRealInternalGetMessage+0x3fe
f740bd4c 804dd99f 00157128 00000000 00000000 win32k!NtUserGetMessage
+0x27
f740bd4c 7c90e514 00157128 00000000 00000000 nt!KiFastCallEntry+0xfc
0012fed4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+3fe
bf801e5e 85c0 test eax,eax

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!xxxRealInternalGetMessage+3fe

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572

FAILURE_BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe

BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe

Followup: MachineOwner
---------

It seems to point to the win32k.sys. What actions does this file
perform?

Searching for the file win32k.sys using google indicates that there
are several problems with this file and BSOD. A lot of them are
releated to hardware \ driver issues. There are quite a number of
drivers installed on WinXP, how can I narrow down the list of
suspected drivers?

Please advice on how to analyze this issue.
 
Ad

Advertisements

R

Richard

Bug Check 0x8E KERNEL_MODE_EXCEPTION_NOT_HANDLED
http://msdn.microsoft.com/en-us/library/ms794023.aspx

Is the problem a one time error that has not repeated?
FWIW. --Richard

- - -
Hi,

Using Windows XP professional with SP3.

There was a BSOD on the on a lab computer today. I do not know what
application was running or what operations that were performed at the
time of BSOD. Here is the info I got from WinDBG of the mini dump.

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000010, The address that the exception occurred at
Arg3: f740bc30, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i "0x%08lx"
refererte til adresse "0x%08lx". Minnet kunne ikke v re "%s".

FAULTING_IP:
+fc
00000010 0000 add byte ptr [eax],al

TRAP_FRAME: f740bc30 -- (.trap 0xfffffffff740bc30)
Unable to read trap frame at f740bc30

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from bf801e5e to 00000010

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f740bcb0 bf801e5e 00000000 f740bd64 0012fec8 0x10
f740bcec bf819e57 f740bd18 000025ff 00000000 win32k!
xxxRealInternalGetMessage+0x3fe
f740bd4c 804dd99f 00157128 00000000 00000000 win32k!NtUserGetMessage
+0x27
f740bd4c 7c90e514 00157128 00000000 00000000 nt!KiFastCallEntry+0xfc
0012fed4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+3fe
bf801e5e 85c0 test eax,eax

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: win32k!xxxRealInternalGetMessage+3fe

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572

FAILURE_BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe

BUCKET_ID: 0x8E_win32k!xxxRealInternalGetMessage+3fe

Followup: MachineOwner
---------

It seems to point to the win32k.sys. What actions does this file
perform?

Searching for the file win32k.sys using google indicates that there
are several problems with this file and BSOD. A lot of them are
releated to hardware \ driver issues. There are quite a number of
drivers installed on WinXP, how can I narrow down the list of
suspected drivers?

Please advice on how to analyze this issue.
 
Ad

Advertisements

R

RedLars

Thank you for the response.

The BSOD has only happend once so far.

Read the article you posted. Would you say Microsoft Remote Desktop is
a "third-party remote control program"?


Bug Check 0x8E KERNEL_MODE_EXCEPTION_NOT_HANDLEDhttp://msdn.microsoft.com/en-us/library/ms794023.aspx

Is the problem a one time error that has not repeated?
FWIW. --Richard

- - -


Using Windows XP professional with SP3.
There was a BSOD on the on a lab computer today. I do not know what
application was running or what operations that were performed at the
time of BSOD. Here is the info I got from WinDBG of the mini dump.
kd> !analyze -v
*************************************************************************** ****
*
*
*                        Bugcheck
Analysis                                    *
*
*
*************************************************************************** ****
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address
pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this
address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000010, The address that the exception occurred at
Arg3: f740bc30, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i "0x%08lx"
refererte til adresse "0x%08lx". Minnet kunne ikke v re "%s".
FAULTING_IP:
+fc
00000010 0000            add     byte ptr [eax],al
TRAP_FRAME:  f740bc30 -- (.trap 0xfffffffff740bc30)
Unable to read trap frame at f740bc30
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  DRIVER_FAULT
BUGCHECK_STR:  0x8E
LAST_CONTROL_TRANSFER:  from bf801e5e to 00000010
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f740bcb0 bf801e5e 00000000 f740bd64 0012fec8 0x10
f740bcec bf819e57 f740bd18 000025ff 00000000 win32k!
xxxRealInternalGetMessage+0x3fe
f740bd4c 804dd99f 00157128 00000000 00000000 win32k!NtUserGetMessage
+0x27
f740bd4c 7c90e514 00157128 00000000 00000000 nt!KiFastCallEntry+0xfc
0012fed4 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND:  kb
FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+3fe
bf801e5e 85c0            test    eax,eax
SYMBOL_STACK_INDEX:  1
SYMBOL_NAME:  win32k!xxxRealInternalGetMessage+3fe
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: win32k
IMAGE_NAME:  win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  49e87572
FAILURE_BUCKET_ID:  0x8E_win32k!xxxRealInternalGetMessage+3fe
BUCKET_ID:  0x8E_win32k!xxxRealInternalGetMessage+3fe
Followup: MachineOwner
---------
It seems to point to the win32k.sys. What actions does this file
perform?
Searching for the file win32k.sys using google indicates that there
are several problems with this file and BSOD. A lot of them are
releated to hardware \ driver issues. There are quite a number of
drivers installed on WinXP, how can I narrow down the list of
suspected drivers?
Please advice on how to analyze this issue.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top