locked
Bsod Debugging RRS feed

  • Question

  • Hi, I've recently been getting the blue screen of death "0x0000007F (0x0000000D)" and after checking memory and other things I though I would try to use WinDbg to figure out the problem but i seem to be having trouble reading the MiniDump. It would be great if anybody could tell me whats going on.

     


    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Adam\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: symsrv*symsrv.dll*c:Windowssymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x81810000 PsLoadedModuleList = 0x81958810
    Debug session time: Thu Oct 28 03:33:53.462 2010 (UTC - 4:00)
    System Uptime: 0 days 0:09:16.274
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .................
    Loading User Symbols

    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {d, 0, 0, 0}

    Unable to open image file: c:Windowssymbols\ntkrpamp.exe\4A5BC007410000\ntkrpamp.exe
    The system cannot find the file specified.

    Unable to open image file: c:Windowssymbols\ntkrpamp.exe\4A5BC007410000\ntkrpamp.exe
    The system cannot find the file specified.

    Unable to open image file: c:Windowssymbols\ntkrpamp.exe\4A5BC007410000\ntkrpamp.exe
    The system cannot find the file specified.

    Unable to open image file: c:Windowssymbols\ntkrpamp.exe\4A5BC007410000\ntkrpamp.exe
    The system cannot find the file specified.

    Unable to open image file: c:Windowssymbols\halmacpi.dll\4A5BBF0737000\halmacpi.dll
    The system cannot find the file specified.

    Unable to open image file: c:Windowssymbols\amdk8.sys\4A5BBF0712000\amdk8.sys
    The system cannot find the file specified.

    Probably caused by : amdk8.sys ( amdk8!C1Halt+4 )

    Followup: MachineOwner
    ---------

    Thursday, October 28, 2010 6:01 PM

Answers

  • Hi,
     
    Can you do a couple of things,
     
    Run a chkdsk against the system drive to try to take care of any
    filesystem corruption (run this from an elevated command prompt)
     
    chkdsk /r <systemdrive>
     
    Note that <systemdrive> is usually c: and it will prompt you to schedule
    for the next reboot. Next, verify the protected OS files from an
    administrative command prompt,
     
    sfc /scannow
     
    After that, please run the SUR tool as we may have to work with some
    corruption,
     
     
    Finally, zip up and upload the dumps to Skydrive, I can help you analyze
    them
     
     

    -- Mike Burr
    • Marked as answer by Leo Huang Friday, November 5, 2010 5:12 AM
    Thursday, October 28, 2010 8:39 PM

All replies

  • This one seems to have gone better

     

    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Adam\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;symsrv*symsrv.dll*c:Windowssymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x81810000 PsLoadedModuleList = 0x81958810
    Debug session time: Thu Oct 28 03:33:53.462 2010 (UTC - 4:00)
    System Uptime: 0 days 0:09:16.274
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .................
    Loading User Symbols

    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {d, 0, 0, 0}

    Probably caused by : amdk8.sys ( amdk8!C1Halt+4 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000d, EXCEPTION_GP_FAULT
    Arg2: 00000000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x7f_d

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  System

    CURRENT_IRQL:  2

    LAST_CONTROL_TRANSFER:  from 81c2331a to 81856f2b

    STACK_TEXT: 
    88c03bb4 81c2331a badb0d00 000303c0 00000001 nt!KiSystemFatalException+0xf
    88c03c28 8b1e9bb6 807eb884 00000000 00000000 hal!HalpClockInterruptPn+0x42
    88c03c98 81895695 83a182e0 807eb800 807e6000 amdk8!C1Halt+0x4
    88c03d20 8187800d 00000000 0000000e 8b821900 nt!PoIdle+0x538
    88c03d24 00000000 0000000e 8b821900 d2321877 nt!KiIdleLoop+0xd


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    amdk8!C1Halt+4
    8b1e9bb6 c3              ret

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  amdk8!C1Halt+4

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: amdk8

    IMAGE_NAME:  amdk8.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf07

    FAILURE_BUCKET_ID:  0x7f_d_amdk8!C1Halt+4

    BUCKET_ID:  0x7f_d_amdk8!C1Halt+4

    Followup: MachineOwner
    ---------

    Thursday, October 28, 2010 6:22 PM
  • Hi,
     
    Can you do a couple of things,
     
    Run a chkdsk against the system drive to try to take care of any
    filesystem corruption (run this from an elevated command prompt)
     
    chkdsk /r <systemdrive>
     
    Note that <systemdrive> is usually c: and it will prompt you to schedule
    for the next reboot. Next, verify the protected OS files from an
    administrative command prompt,
     
    sfc /scannow
     
    After that, please run the SUR tool as we may have to work with some
    corruption,
     
     
    Finally, zip up and upload the dumps to Skydrive, I can help you analyze
    them
     
     

    -- Mike Burr
    • Marked as answer by Leo Huang Friday, November 5, 2010 5:12 AM
    Thursday, October 28, 2010 8:39 PM