locked
Pantallazo azul RRS feed

  • Pregunta

  • Hola a todos, vuelvo a tener problemas de pantallazo azul. Me ocurre muy a menudo.

    Despues de pasarle el Windbg, esta es la información que me da.

    He comprobado que unas veces el error indica al fichero win32k.sys y otras al fichero win32k.sys

    De todas formas os pego la información de los dos casos de error.

    Gracias de antemano, espero vuestra ayuda.

    Un saludo

    ERROR CON win32k.sys

    Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\Mini020709-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18145.amd64fre.vistasp1_gdr.080917-1612
    Kernel base = 0xfffff800`01e4f000 PsLoadedModuleList = 0xfffff800`02014db0
    Debug session time: Sat Feb  7 07:47:04.945 2009 (GMT+1)
    System Uptime: 0 days 0:38:56.865
    Loading Kernel Symbols
    ...........................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 50, {fffffac0055c70e8, 0, fffff9600010bfb5, 5}


    Could not read faulting driver name
    Probably caused by : win32k.sys ( win32k!HMFreeObject+ed )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: fffffac0055c70e8, memory referenced.
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
    Arg3: fffff9600010bfb5, If non-zero, the instruction address which referenced the bad memory
     address.
    Arg4: 0000000000000005, (reserved)

    Debugging Details:
    ------------------


    Could not read faulting driver name

    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002078080
     fffffac0055c70e8

    FAULTING_IP:
    win32k!HMFreeObject+ed
    fffff960`0010bfb5 488b4f78        mov     rcx,qword ptr [rdi+78h]

    MM_INTERNAL_CODE:  5

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0x50

    PROCESS_NAME:  iexplore.exe

    CURRENT_IRQL:  0

    TRAP_FRAME:  fffffa60081170c0 -- (.trap 0xfffffa60081170c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff900c1f01300 rbx=fffffa80061fbbb0 rcx=fffff9600029bd7c
    rdx=0000000000000000 rsi=fffff8800ae35b20 rdi=fffff960000ccda7
    rip=fffff9600010bfb5 rsp=fffffa6008117250 rbp=fffffa6008117311
     r8=fffff900c0a43540  r9=0000000000000004 r10=0000000000000000
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    win32k!HMFreeObject+0xed:
    fffff960`0010bfb5 488b4f78        mov     rcx,qword ptr [rdi+78h] ds:a040:fffff960`000cce1f=850f1000000d0000
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80001eb24e2 to fffff80001ea4350

    STACK_TEXT: 
    fffffa60`08116fc8 fffff800`01eb24e2 : 00000000`00000050 fffffac0`055c70e8 00000000`00000000 fffffa60`081170c0 : nt!KeBugCheckEx
    fffffa60`08116fd0 fffff800`01ea2ed9 : 00000000`00000000 fffffa80`05f58ce0 fffff880`0a601100 fffff900`c04043c8 : nt!MmAccessFault+0x4f2
    fffffa60`081170c0 fffff960`0010bfb5 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`75166b6c : nt!KiPageFault+0x119
    fffffa60`08117250 fffff960`0014598d : fffff900`c0a43540 fffffa60`081173a0 fffff960`0029bd50 fffff960`00000000 : win32k!HMFreeObject+0xed
    fffffa60`08117290 fffff960`00145294 : 00000000`000006c8 fffff800`02120ec4 00000000`00000000 00000000`75166b6c : win32k!FreeHook+0x51
    fffffa60`081172c0 fffff960`0011e12f : 00000000`000302d3 00000000`7efa6000 fffffa60`081173a0 00000000`7519c454 : win32k!zzzUnhookWindowsHookEx+0x44
    fffffa60`081172f0 fffff800`01ea3df3 : fffffa80`061fbbb0 fffffa60`081173a0 00000000`7efa6000 fffffa80`02273e60 : win32k!NtUserUnhookWindowsHookEx+0x3f
    fffffa60`08117320 00000000`7517a68a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0461de28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7517a68a


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    win32k!HMFreeObject+ed
    fffff960`0010bfb5 488b4f78        mov     rcx,qword ptr [rdi+78h]

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  win32k!HMFreeObject+ed

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: win32k

    IMAGE_NAME:  win32k.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  48d1bca9

    FAILURE_BUCKET_ID:  X64_0x50_win32k!HMFreeObject+ed

    BUCKET_ID:  X64_0x50_win32k!HMFreeObject+ed

    Followup: MachineOwner
    ---------


    ERROR CON ntkrnlmp.exe



    Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\Mini020609-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18145.amd64fre.vistasp1_gdr.080917-1612
    Kernel base = 0xfffff800`01e08000 PsLoadedModuleList = 0xfffff800`01fcddb0
    Debug session time: Fri Feb  6 21:58:15.256 2009 (GMT+1)
    System Uptime: 0 days 0:06:13.048
    Loading Kernel Symbols
    .......................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1A, {41790, fffffa80004e3bd0, ffff, 0}

    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1d093 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    MEMORY_MANAGEMENT (1a)
        # Any other values for parameter 1 must be individually examined.
    Arguments:
    Arg1: 0000000000041790, The subtype of the bugcheck.
    Arg2: fffffa80004e3bd0
    Arg3: 000000000000ffff
    Arg4: 0000000000000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x1a_41790

    CUSTOMER_CRASH_COUNT:  2

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  ieuser.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff80001e3b181 to fffff80001e5d350

    STACK_TEXT: 
    fffffa60`06593658 fffff800`01e3b181 : 00000000`0000001a 00000000`00041790 fffffa80`004e3bd0 00000000`0000ffff : nt!KeBugCheckEx
    fffffa60`06593660 fffff800`01e9c32e : fffff6fb`7dbed011 00000000`036dffff fffffa80`00000000 fffffa60`00000000 : nt! ?? ::FNODOBFM::`string'+0x1d093
    fffffa60`065937f0 fffff800`01e5cdf3 : ffffffff`ffffffff fffffa80`06062bb0 00000000`00000000 fffffa80`00008000 : nt!NtFreeVirtualMemory+0xa1e
    fffffa60`06593900 fffff800`01e5d300 : fffff800`02052c07 00000000`00000010 00000000`00000086 fffffa60`06593ac8 : nt!KiSystemServiceCopyEnd+0x13
    fffffa60`06593a98 fffff800`02052c07 : 00000000`00000010 00000000`00000086 fffffa60`06593ac8 fffffa80`059dd860 : nt!KiServiceLinkage
    fffffa60`06593aa0 fffff800`021036bf : 00000000`036a0000 00000000`00000000 00000000`00000000 fffffa80`053a4060 : nt!RtlFreeUserStack+0x27
    fffffa60`06593ad0 fffff800`02103dd5 : 00000000`00000000 00000000`0358ee00 00000000`7ef8f000 00000000`00040000 : nt!PspExitThread+0x2db
    fffffa60`06593b90 fffff800`021040b1 : fffffa80`06062bb0 00000000`00000000 fffffa80`06062bb0 00000000`7ef91000 : nt!PspTerminateThreadByPointer+0x4d
    fffffa60`06593be0 fffff800`01e5cdf3 : fffffa80`06062bb0 fffffa60`06593ca0 00000000`7ef91000 00000000`7ef91000 : nt!NtTerminateThread+0x45
    fffffa60`06593c20 00000000`76ee5faa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0358e568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76ee5faa


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt! ?? ::FNODOBFM::`string'+1d093
    fffff800`01e3b181 cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+1d093

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  48d1ba35

    FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+1d093

    BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+1d093

    Followup: MachineOwner
    ---------




     

    sábado, 7 de febrero de 2009 7:19

Respuestas

  • Pero has señalado mal. El proceso que estaba en maquina en ese momento y activo es:

    PROCESS_NAME:  iexplore.exe

    Es decir el internet explorer. Si siempre es ese en todos los casques, el problema está en algun complemento que hayas instalado. (se pueden desactivar). Si el proceso es aleatorio, hay que pensar en la memoria y para analizarla el unico programa del cual me fio es el DocMemory de www.simmtester.com

    Comentanos...

    Un saludo,
    Jose Manuel Tella Llop news://jmtella.com
    sábado, 7 de febrero de 2009 9:32