locked
Memory Management Blue Screen Errors at Startup RRS feed

  • Question

  • Can someone please analyze these mini dump files? I have been getting blue screen errors for quite a while now. They always seem to be different. I get Memory Management, IRQL Less Than or Equal, among others. They usually occur within just a few minutes of an initial boot or resume from sleep. I have updated drivers, ran the Windows Memory diagnostic overnight, etc without any errors. I am using EasyTether (an Android Market app) to access the Internet. I initially was using Klink, when the errors began. I have since switched to EasyTether but the errors continue. I think it may have to do with the driver for my Evo 4g as the errors seemed to coincide with the initial load. I have also reinstalled Windows 7 with no luck.

    https://skydrive.live.com/redir.aspx?cid=6da23f27343c9d1f&resid=6DA23F27343C9D1F!118&parid=6DA23F27343C9D1F!116&authkey=!ABqtMpV5dP-dbVQ

    Wednesday, December 21, 2011 3:11 AM

Answers

  • Looks like something is pretty mangled on the system, I have the correct
    symbol path configured as I have successfully debugged hundreds of other
    dumps, but whatever caused the crash mangled the kernel image beyond
    recognition. We might start with an integrity verification,
     
     
    and then enable driver verifier
     
     
    More about the errors,
     
     
    This was the most interesting one,
     
    kd> !analyze -v
    *******************************************************************************
    *                                                                            
    *
    *                        Bugcheck
    Analysis                                    *
    *                                                                            
    *
    *******************************************************************************
     
    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff80002e7c1d1, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: ffffffffffffffff, Parameter 1 of the exception
     
    Debugging Details:
    ------------------
     
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
     
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
     
    ADDITIONAL_DEBUG_TEXT:
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload'
    to set symbol path and load symbols.
     
    MODULE_NAME: nt
     
    FAULTING_MODULE: fffff80002e0c000 nt
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600
     
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
    referenced memory at 0x%08lx. The memory could not be %s.
     
    FAULTING_IP:
    nt+701d1
    fffff800`02e7c1d1 0fae55ac        ldmxcsr dword ptr [rbp-54h]
     
    EXCEPTION_PARAMETER1:  0000000000000000
     
    EXCEPTION_PARAMETER2:  ffffffffffffffff
     
    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     ffffffffffffffff
     
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
    referenced memory at 0x%08lx. The memory could not be %s.
     
    BUGCHECK_STR:  0x1E_c0000005
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
     
    CURRENT_IRQL:  0
     
    LAST_CONTROL_TRANSFER:  from fffff80002ebda17 to fffff80002e7df00
     
    STACK_TEXT:
    fffff880`05451a88 fffff800`02ebda17 : 00000000`0000001e
    ffffffff`c0000005 fffff800`02e7c1d1 00000000`00000000 : nt+0x71f00
    fffff880`05451a90 00000000`0000001e : ffffffff`c0000005
    fffff800`02e7c1d1 00000000`00000000 ffffffff`ffffffff : nt+0xb1a17
    fffff880`05451a98 ffffffff`c0000005 : fffff800`02e7c1d1
    00000000`00000000 ffffffff`ffffffff fffffa80`0320fb01 : 0x1e
    fffff880`05451aa0 fffff800`02e7c1d1 : 00000000`00000000
    ffffffff`ffffffff fffffa80`0320fb01 fffff880`05451e88 : 0xffffffff`c0000005
    fffff880`05451aa8 00000000`00000000 : ffffffff`ffffffff
    fffffa80`0320fb01 fffff880`05451e88 00000000`00000000 : nt+0x701d1
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    nt+701d1
    fffff800`02e7c1d1 0fae55ac        ldmxcsr dword ptr [rbp-54h]
     
    SYMBOL_STACK_INDEX:  4
     
    SYMBOL_NAME:  nt+701d1
     
    FOLLOWUP_NAME:  MachineOwner
     
    IMAGE_NAME:  ntoskrnU.exe
     
    BUCKET_ID:  WRONG_SYMBOLS
     
    Followup: MachineOwner
    ---------
     

    -- Mike Burr
    Technology
    • Marked as answer by Arthur Xie Wednesday, December 28, 2011 4:55 AM
    Wednesday, December 21, 2011 4:02 AM
  • All you really need for that procedure is the PE environment, so it
    doesn't make a lot of sense to spend money. You can probably use the PE
    environment that comes with the evaluation version,
     
     

    -- Mike Burr
    Technology
    • Proposed as answer by zhen tan Friday, December 23, 2011 7:31 AM
    • Marked as answer by Arthur Xie Wednesday, December 28, 2011 4:55 AM
    Wednesday, December 21, 2011 3:03 PM

All replies

  • Looks like something is pretty mangled on the system, I have the correct
    symbol path configured as I have successfully debugged hundreds of other
    dumps, but whatever caused the crash mangled the kernel image beyond
    recognition. We might start with an integrity verification,
     
     
    and then enable driver verifier
     
     
    More about the errors,
     
     
    This was the most interesting one,
     
    kd> !analyze -v
    *******************************************************************************
    *                                                                            
    *
    *                        Bugcheck
    Analysis                                    *
    *                                                                            
    *
    *******************************************************************************
     
    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff80002e7c1d1, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: ffffffffffffffff, Parameter 1 of the exception
     
    Debugging Details:
    ------------------
     
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
     
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
     
    ADDITIONAL_DEBUG_TEXT:
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload'
    to set symbol path and load symbols.
     
    MODULE_NAME: nt
     
    FAULTING_MODULE: fffff80002e0c000 nt
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600
     
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
    referenced memory at 0x%08lx. The memory could not be %s.
     
    FAULTING_IP:
    nt+701d1
    fffff800`02e7c1d1 0fae55ac        ldmxcsr dword ptr [rbp-54h]
     
    EXCEPTION_PARAMETER1:  0000000000000000
     
    EXCEPTION_PARAMETER2:  ffffffffffffffff
     
    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     ffffffffffffffff
     
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
    referenced memory at 0x%08lx. The memory could not be %s.
     
    BUGCHECK_STR:  0x1E_c0000005
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
     
    CURRENT_IRQL:  0
     
    LAST_CONTROL_TRANSFER:  from fffff80002ebda17 to fffff80002e7df00
     
    STACK_TEXT:
    fffff880`05451a88 fffff800`02ebda17 : 00000000`0000001e
    ffffffff`c0000005 fffff800`02e7c1d1 00000000`00000000 : nt+0x71f00
    fffff880`05451a90 00000000`0000001e : ffffffff`c0000005
    fffff800`02e7c1d1 00000000`00000000 ffffffff`ffffffff : nt+0xb1a17
    fffff880`05451a98 ffffffff`c0000005 : fffff800`02e7c1d1
    00000000`00000000 ffffffff`ffffffff fffffa80`0320fb01 : 0x1e
    fffff880`05451aa0 fffff800`02e7c1d1 : 00000000`00000000
    ffffffff`ffffffff fffffa80`0320fb01 fffff880`05451e88 : 0xffffffff`c0000005
    fffff880`05451aa8 00000000`00000000 : ffffffff`ffffffff
    fffffa80`0320fb01 fffff880`05451e88 00000000`00000000 : nt+0x701d1
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    nt+701d1
    fffff800`02e7c1d1 0fae55ac        ldmxcsr dword ptr [rbp-54h]
     
    SYMBOL_STACK_INDEX:  4
     
    SYMBOL_NAME:  nt+701d1
     
    FOLLOWUP_NAME:  MachineOwner
     
    IMAGE_NAME:  ntoskrnU.exe
     
    BUCKET_ID:  WRONG_SYMBOLS
     
    Followup: MachineOwner
    ---------
     

    -- Mike Burr
    Technology
    • Marked as answer by Arthur Xie Wednesday, December 28, 2011 4:55 AM
    Wednesday, December 21, 2011 4:02 AM
  • Mike, Thanks for looking these over. I reinstalled Windows using an upgrade disk as the PC came with Windows 7 and i wasnt provided a disk for operating system. Would you recommend purchasing one from emachines? I will enable the verifier after work and provide the dump files. I still think it has to do with the driver for the evo, although it is the most current.
    Wednesday, December 21, 2011 2:53 PM
  • All you really need for that procedure is the PE environment, so it
    doesn't make a lot of sense to spend money. You can probably use the PE
    environment that comes with the evaluation version,
     
     

    -- Mike Burr
    Technology
    • Proposed as answer by zhen tan Friday, December 23, 2011 7:31 AM
    • Marked as answer by Arthur Xie Wednesday, December 28, 2011 4:55 AM
    Wednesday, December 21, 2011 3:03 PM
  • Got the verifier on. Hope it crashes. :) I will upload the dump once it does. Thanks again Mike.
    Thursday, December 22, 2011 12:15 AM