locked
ayuda para analizar archivos dump RRS feed

  • Pregunta

  • SAludos Partners IT:

    Necesito analizar dos archivos Dump me puede ayudar??? se los agradezco

    Este es el primer archivo ... llamemolo computer 1:

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 7501117f, memory referenced
    Arg2: 000000ff, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 84a6e857, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82b7b848
    Unable to read MiSystemVaType memory at 82b5ae20
     7501117f

    CURRENT_IRQL:  2

    FAULTING_IP:
    +5bda2faf0382dc44
    84a6e857 11807f110175    adc     dword ptr [eax+7501117Fh],eax

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  82b39bb4 -- (.trap 0xffffffff82b39bb4)
    ErrCode = 00000002
    eax=00000000 ebx=ffffffff ecx=82b46380 edx=0000ce75 esi=40008000 edi=82b3cd21
    eip=84a6e857 esp=82b39c28 ebp=82b39c28 iopl=0         nv up di ng nz na pe cy
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010087
    84a6e857 11807f110175    adc     dword ptr [eax+7501117Fh],eax ds:0023:7501117f=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 84a6e857 to 82a535fb

    STACK_TEXT: 
    82b39bb4 84a6e857 badb0d00 0000ce75 82b39bd4 nt!KiTrap0E+0x2cf
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    82b39c24 82b39d20 8beb55d6 badb0d00 00000000 0x84a6e857
    82b39c28 8beb55d6 badb0d00 00000000 82b39c44 nt!KiDoubleFaultStack+0x2d20
    82b39d20 82a89e0d 00000000 0000000e 00000000 intelppm+0x15d6
    82b39d24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xd


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    intelppm+15d6
    8beb55d6 ??              ???

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  intelppm+15d6

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: intelppm

    IMAGE_NAME:  intelppm.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf07

    FAILURE_BUCKET_ID:  0xD1_intelppm+15d6

    BUCKET_ID:  0xD1_intelppm+15d6

    Followup: MachineOwner
    ---------

    Este es el segundo archivo llamemolo computer 2:


    Use !analyze -v to get detailed debugging information.

    BugCheck A, {8439ffe8, 2, 1, 82c8f826}

    Probably caused by : memory_corruption ( nt!MiInsertPageInList+243 )

    Followup: MachineOwner
    ---------

    2: kd> analyze -v
    *** WARNING: Unable to verify timestamp for volmgrx.sys
    *** ERROR: Module load completed but symbols could not be loaded for volmgrx.sys
    *** WARNING: Unable to verify timestamp for amdxata.sys
    *** ERROR: Module load completed but symbols could not be loaded for amdxata.sys
    *** WARNING: Unable to verify timestamp for ks.sys
    *** ERROR: Module load completed but symbols could not be loaded for ks.sys
    *** WARNING: Unable to verify timestamp for msrpc.sys
    *** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
    *** WARNING: Unable to verify timestamp for Fs_Rec.sys
    *** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.sys
    *** WARNING: Unable to verify timestamp for ksecpkg.sys
    *** ERROR: Module load completed but symbols could not be loaded for ksecpkg.sys
    *** WARNING: Unable to verify timestamp for nvmf6232.sys
    *** ERROR: Module load completed but symbols could not be loaded for nvmf6232.sys
    *** WARNING: Unable to verify timestamp for vmstorfl.sys
    *** ERROR: Module load completed but symbols could not be loaded for vmstorfl.sys
    *** WARNING: Unable to verify timestamp for spldr.sys
    *** ERROR: Module load completed but symbols could not be loaded for spldr.sys
    *** WARNING: Unable to verify timestamp for intelppm.sys
    *** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
    *** WARNING: Unable to verify timestamp for nvsmu.sys
    *** ERROR: Module load completed but symbols could not be loaded for nvsmu.sys
    *** WARNING: Unable to verify timestamp for kl1.sys
    *** ERROR: Module load completed but symbols could not be loaded for kl1.sys
    *** WARNING: Unable to verify timestamp for fvevol.sys
    *** ERROR: Module load completed but symbols could not be loaded for fvevol.sys
    *** WARNING: Unable to verify timestamp for klif.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    *** WARNING: Unable to verify timestamp for Null.SYS
    *** ERROR: Module load completed but symbols could not be loaded for Null.SYS
    *** WARNING: Unable to verify timestamp for kl2.sys
    *** ERROR: Module load completed but symbols could not be loaded for kl2.sys
    *** WARNING: Unable to verify timestamp for klim6.sys
    *** ERROR: Module load completed but symbols could not be loaded for klim6.sys
    *** WARNING: Unable to verify timestamp for nvlddmkm.sys
    *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
    *** WARNING: Unable to verify timestamp for nvBridge.kmd
    *** ERROR: Module load completed but symbols could not be loaded for nvBridge.kmd
    *** WARNING: Unable to verify timestamp for drmk.sys
    *** ERROR: Module load completed but symbols could not be loaded for drmk.sys
    *** WARNING: Unable to verify timestamp for klmouflt.sys
    *** ERROR: Module load completed but symbols could not be loaded for klmouflt.sys
    *** WARNING: Unable to verify timestamp for peauth.sys
    *** ERROR: Module load completed but symbols could not be loaded for peauth.sys
    *** WARNING: Unable to verify timestamp for secdrv.SYS
    *** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    *** WARNING: Unable to verify timestamp for TSDDD.dll
    *** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
    *** WARNING: Unable to verify timestamp for cdd.dll
    *** ERROR: Module load completed but symbols could not be loaded for cdd.dll


    Juan Pablo Vidal http://juanvidal.wordpress.com


    martes, 13 de marzo de 2012 1:29

Respuestas

  • En el caso 1 windbg apunta hacia intelppm.sys, este es un archivo legitimo del sistema es necesario abrir de nuevo el .dump y ejecutar el comando:

    !analyze -v

    Esto puede que nos de resultados mas concluyentes. Es posible que sea necesario con figurar el PC para que cree un memory.dmp en lugar del minidump.

    Para el caso 2 no se han descargado los simbolos y no se ha efectuado analisis alguno. Sigue los pasos de este articulo para ver que esta mal:

    BSOD - Pantalla azul. Cómo analizar el error
    http://www.multingles.net/docs/jmt/bsod.htm


    Saludos cordiales. Ivan

    martes, 13 de marzo de 2012 19:04

Todas las respuestas

  • En el caso 1 windbg apunta hacia intelppm.sys, este es un archivo legitimo del sistema es necesario abrir de nuevo el .dump y ejecutar el comando:

    !analyze -v

    Esto puede que nos de resultados mas concluyentes. Es posible que sea necesario con figurar el PC para que cree un memory.dmp en lugar del minidump.

    Para el caso 2 no se han descargado los simbolos y no se ha efectuado analisis alguno. Sigue los pasos de este articulo para ver que esta mal:

    BSOD - Pantalla azul. Cómo analizar el error
    http://www.multingles.net/docs/jmt/bsod.htm


    Saludos cordiales. Ivan

    martes, 13 de marzo de 2012 19:04
  • Ok Ivan garcias

    por hacer las revisions y ya vuelvo a postear


    Juan Pablo Vidal http://juanvidal.wordpress.com

    martes, 13 de marzo de 2012 20:23