Como ler este despejo do WinDbg

0
Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump2814-13275-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at end of path element
Error: Empty Path.
Symbol search path is: http://msdl.microsoft.com/download/symbols 
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800'03266000 PsLoadedModuleList = 0xfffff800'034a9890
Debug session time: Mon Jul 28 13:09:45.196 2014 (UTC - 4:00)
System Uptime: 0 days 6:14:58.299
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff800032a5970, 1, 1}

Probably caused by : hardware ( nt! ?? ::FNODOBFM::'string'+185fc )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800032a5970, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 0000000000000001, Parameter 1 of the exception

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003513100
GetUlongFromAddress: unable to read from fffff800035131c0
 0000000000000000 Nonpaged pool

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt! ?? ::FNODOBFM::'string'+185fc
fffff800'032a5970 0000            add     byte ptr [rax],al

BUGCHECK_STR:  0x1E_c0000005_R

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

TRAP_FRAME:  fffff880033ffa80 -- (.trap 0xfffff880033ffa80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000002
rdx=000000000002d610 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800032a5970 rsp=fffff880033ffc18 rbp=0000000000000000
 r8=000000000000fec7  r9=0000000000000000 r10=0000000000003bb8
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di ng nz na po nc
nt! ?? ::FNODOBFM::'string'+0x185fc:
fffff800'032a5970 0000            add     byte ptr [rax],al ds:00000000'00000001=??
Resetting default scope

MISALIGNED_IP: 
nt! ?? ::FNODOBFM::'string'+185fc
fffff800'032a5970 0000            add     byte ptr [rax],al

LAST_CONTROL_TRANSFER:  from fffff80003326738 to fffff800032dbbc0

STACK_TEXT:  
fffff880'033ff1f8 fffff800'03326738 : 00000000'0000001e ffffffff'c0000005 fffff800'032a5970 00000000'00000001 : nt!KeBugCheckEx
fffff880'033ff200 fffff800'032db242 : fffff880'033ff9d8 fffff880'033d7180 fffff880'033ffa80 00000000'00000000 : nt! ?? ::FNODOBFM::'string'+0x487ed
fffff880'033ff8a0 fffff800'032d9dba : 00000000'00000001 00000000'00000001 fffffa80'0c6b5800 fffff880'033d7180 : nt!KiExceptionDispatch+0xc2
fffff880'033ffa80 fffff800'032a5970 : fffff800'032d38a2 00000000'00000010 00000000'00000286 fffff880'033ffc40 : nt!KiPageFault+0x23a
fffff880'033ffc18 00000000'00000000 : 00000000'00000000 00000000'00000000 00000000'00000000 00000000'00000000 : nt! ?? ::FNODOBFM::'string'+0x185fc


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::'string'+185fc
fffff800'032a5970 0000            add     byte ptr [rax],al

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt! ?? ::FNODOBFM::'string'+185fc

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  6.1.7601.18409

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_ip_misaligned

FAILURE_ID_HASH:  {45769616-fd06-8c70-4b8b-74a01eddc0cd}

Followup: MachineOwner
---------
    
por mico 28.07.2014 / 23:01

0 respostas

Tags