none
MEMORY DUMP 분석 부탁드립니다. RRS feed

  • 질문


  • Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [D:\Windows dbg\memory\MEMORY.DMP]
    Kernel Complete Dump File: Full address space is available

    ************************************************************
    WARNING: Dump file has been truncated.  Data may be missing.
    ************************************************************
    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is:
    *** WARNING: symbols timestamp is wrong 0x4344ec59 0x3ee650a8 for ntkrnlmp.exe
    Windows 2000 Kernel Version 2195 (Service Pack 4) MP (4 procs) Free x86 compatible
    Product: Server, suite: TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0x80400000 PsLoadedModuleList = 0x80485b80
    Debug session time: Sat Oct 26 05:50:40.243 2013 (UTC + 9:00)
    System Uptime: 73 days 20:01:39.875
    *** WARNING: symbols timestamp is wrong 0x4344ec59 0x3ee650a8 for ntkrnlmp.exe
    Loading Kernel Symbols
    ...............................................................
    .................................................
    Loading User Symbols
    ................................................................
    ..................
    Loading unloaded module list
    ........*** WARNING: symbols timestamp is wrong 0x41e648e0 0x3ef28c03 for ntdll.dll

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1E, {c0000005, bc4292e3, 1, c}

    *** ERROR: Module load completed but symbols could not be loaded for v3engine.sys
    *** ERROR: Module load completed but symbols could not be loaded for V3Flt2K.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for fltmgr.sys -
    *** ERROR: Module load completed but symbols could not be loaded for AhnRghNt.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ctacore.dll -
    *** WARNING: symbols timestamp is wrong 0x42a0689c 0x3ef28c04 for KERNEL32.dll
    *** ERROR: Module load completed but symbols could not be loaded for ctai.dll
    Probably caused by : v3engine.sys ( v3engine+1b22e3 )

    Followup: MachineOwner
    ---------

     

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: bc4292e3, The address that the exception occurred at
    Arg3: 00000001, Parameter 0 of the exception
    Arg4: 0000000c, Parameter 1 of the exception

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

    FAULTING_IP:
    v3engine+1b22e3
    bc4292e3 c7410c649342bc  mov     dword ptr [ecx+0Ch],offset v3engine+0x1b2364 (bc429364)

    EXCEPTION_PARAMETER1:  00000001

    EXCEPTION_PARAMETER2:  0000000c

    WRITE_ADDRESS:  0000000c

    ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

    BUGCHECK_STR:  0x1E_c0000005

    DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

    PROCESS_NAME:  FOD.exe

    LAST_CONTROL_TRANSFER:  from 80468ea5 to 804308ea

    STACK_TEXT: 
    bc06f6bc 80468ea5 bc06f6d8 00000000 bc06f72c nt!IopProcessNewChildren+0x168
    bc06f734 8046e142 87eba9fc 87eba948 87eba9a4 nt!MmLocateUnloadedDriver+0x7b5
    bc06f7a8 bc425d84 00000000 00000001 00000004 nt!MmOutSwapProcess+0x104
    WARNING: Stack unwind information not available. Following frames may be wrong.
    bc06f7c8 bc426214 e6ca77e8 87799748 bc06f848 v3engine+0x1aed84
    bc06f7dc bc4261fb e6ca77e8 87799748 bc06f848 v3engine+0x1af214
    bc06f7f0 bc284004 e6ca77e8 87799748 bc06f848 v3engine+0x1af1fb
    bc06f804 bc296844 e6ca77e8 87799748 bc06f848 v3engine+0xd004
    bc06f828 bc296714 ea940848 00000000 87799748 v3engine+0x1f844
    bc06f854 bc27d096 ea940848 87799748 00000000 v3engine+0x1f714
    bc06f86c bc51c447 ea940848 87799748 00000000 v3engine+0x6096
    bc06f89c bc51de0d 87799748 00000f01 00001111 V3Flt2K+0xe447
    bc06f8d4 bc5143e0 87a9cf50 87a9cfc0 87799748 V3Flt2K+0xfe0d
    bc06f8f8 bff28e7e 87eba9a4 bc06f91c 87a9cf48 V3Flt2K+0x63e0
    bc06f960 bff2c4f2 87eba900 00000000 87eba948 fltmgr+0xe7e
    bc06f9ac bff2c7e3 bc06f9cc 00000000 00000000 fltmgr!FltGetIrpName+0xe7b
    bc06f9e4 8041eec9 889126e0 87b36ac8 8890e240 fltmgr!FltGetIrpName+0x116c
    bc06fa38 8041eec9 8890e240 87b36ac8 8042061e nt!FsRtlSplitLargeMcb+0x13a
    bc06fab0 8041eec9 8815fe20 87b36ac8 886b9b88 nt!FsRtlSplitLargeMcb+0x13a
    bc06fb48 80415b61 00000000 00000000 87eeabc0 nt!FsRtlSplitLargeMcb+0x13a
    bc06fc00 eb0f5e2c 000011c4 bc06fd64 00000000 nt!CcGetVacbMiss+0x252
    bc06fd58 80468389 000011c4 00000000 00000000 AhnRghNt+0x5e2c
    bc06fe20 084b55d8 000054ff 00000000 00126360 nt!MmFlushImageSection+0x21b
    bc06fe4c 77e7a030 00000404 00000000 00000000 ctacore!ctaWaitEvent+0x278
    bc06ff98 084a1a85 00126460 084a19f0 01200178 KERNEL32!LoadModule+0x103
    00000000 00000000 00000000 00000000 00000000 ctai+0x1a85


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP:
    v3engine+1b22e3
    bc4292e3 c7410c649342bc  mov     dword ptr [ecx+0Ch],offset v3engine+0x1b2364 (bc429364)

    SYMBOL_NAME:  v3engine+1b22e3

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: v3engine

    IMAGE_NAME:  v3engine.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  51cb8910

    FAILURE_BUCKET_ID:  0x1E_c0000005_VRFK_v3engine+1b22e3

    BUCKET_ID:  0x1E_c0000005_VRFK_v3engine+1b22e3

    Followup: MachineOwner
    ---------

     

    1: kd> lmvm v3engine
    start    end        module name
    bc277000 bc4a8c00   v3engine   (no symbols)          
        Loaded symbol image file: v3engine.sys
        Image path: \??\C:\WINNT\system32\drivers\v3engine.sys
        Image name: v3engine.sys
        Timestamp:        Thu Jun 27 09:36:32 2013 (51CB8910)
        CheckSum:         0023E8E9
        ImageSize:        00231C00
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

     

    1: kd> .bugcheck
    Bugcheck code 0000001E
    Arguments c0000005 bc4292e3 00000001 0000000c

     

    1: kd> !vm 1

    *** Virtual Memory Usage ***
     Physical Memory:   524155   ( 2096620 Kb)
     Paging File Name paged out
        Current: -301254912Kb Free Space: 2071053136Kb
        Minimum: 1125737596Kb Maximum:    -1201795112Kb
     Available Pages:   296397   ( 1185588 Kb)
     ResAvail Pages:    433799   ( 1735196 Kb)

     ********** Running out of physical memory **********

     Locked IO Pages: 1448542208   (1499201536 Kb)
     Free NP PTEs:    1706626164   (-1763429936 Kb)
     Free Special NP: 1684532381   (-1851805068 Kb)

     Modified Pages:       591   (    2364 Kb)
     NonPagedPool Usage:  7220   (   28880 Kb)
     NonPagedPool Max:   68609   (  274436 Kb)
     PagedPool 0 Usage:  22934   (   91736 Kb)
     PagedPool 1 Usage:   4513   (   18052 Kb)
     PagedPool 2 Usage:   4512   (   18048 Kb)
     PagedPool 3 Usage:   4514   (   18056 Kb)
     PagedPool 4 Usage:   4487   (   17948 Kb)
     ********** Excessive Paged Pool Usage *****
     PagedPool Usage:    40960   (  163840 Kb)
     PagedPool Maximum:  40960   (  163840 Kb)
     Shared Commit:       1324   (    5296 Kb)
     Special Pool:    -1920972690   (906043832 Kb)
     Free System PTEs: 1209496648   (543019296 Kb)
     Shared Process:     10764   (   43056 Kb)
     PagedPool Commit:   40960   (  163840 Kb)
     Driver Commit:       2142   (    8568 Kb)
     Committed pages:   142945   (  571780 Kb)
     Commit limit:     1008759   ( 4035036 Kb)

     ********** Commit has been extended with VM popup ********
     Extended by:     264275287   (1057101148 Kb)

     ****** ALL PAGING FILE BECAME FULL (28837957 times) - COMMITMENT ADJUSTED ****
     Current adjust:  1463812545   (1560282884 Kb)

     

    2013년 11월 18일 월요일 오전 8:23

모든 응답

  • 덤프 분석은 포럼 답변영역이 아닙니다.

    Microsoft 의 기술지원 채널을 통해 정식으로 기술지원을 받으시는 것을 권합니다.

    2013년 11월 18일 월요일 오후 6:23