none
переодический BSOD RRS feed

  • Вопрос

  • Приветствую!

    Некоторое количество компьютеров стало самопроизвольно перезагружаться.

    Помогите выявить причину ... какой драйвер дает сбой ?

    разбор CrashDump прилагаю
    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_rtm.040803-2158
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
    Debug session time: Thu Oct 15 11:28:25.140 2009 (GMT+4)
    System Uptime: 0 days 0:15:50.750
    Loading Kernel Symbols
    .....
    Loading User Symbols
    Loading unloaded module list
    .........
    
    kd> !analyze -v;r;kv;lmtn ERROR: FindPlugIns 80070015 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 8057e4dc, The address that the exception occurred at Arg3: f831cd20, Trap Frame Arg4: 00000000 Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text> FAULTING_IP: nt!PspTerminateThreadByPointer+17 8057e4dc f60640 test byte ptr [esi],40h TRAP_FRAME: f831cd20 -- (.trap 0xfffffffff831cd20) ErrCode = 00000000 eax=82072001 ebx=9a5f4400 ecx=82072161 edx=00000001 esi=00000248 edi=00000000 eip=8057e4dc esp=f831cd94 ebp=f831cda8 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 nt!PspTerminateThreadByPointer+0x17: 8057e4dc f60640 test byte ptr [esi],40h ds:0023:00000248=?? Resetting default scope CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: System LAST_CONTROL_TRANSFER: from 8057dff9 to 8057e4dc STACK_TEXT: f831cda8 8057dff9 00000000 00000000 00000000 nt!PspTerminateThreadByPointer+0x17 f831cddc 804fa477 804e4729 80000000 00000000 nt!PspSystemThreadStartup+0x40 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!PspTerminateThreadByPointer+17 8057e4dc f60640 test byte ptr [esi],40h SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!PspTerminateThreadByPointer+17 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 41108004 FAILURE_BUCKET_ID: 0x8E_nt!PspTerminateThreadByPointer+17 BUCKET_ID: 0x8E_nt!PspTerminateThreadByPointer+17 Followup: MachineOwner --------- eax=82072001 ebx=9a5f4400 ecx=82072161 edx=00000001 esi=00000248 edi=00000000 eip=8057e4dc esp=f831cd94 ebp=f831cda8 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 nt!PspTerminateThreadByPointer+0x17: 8057e4dc f60640 test byte ptr [esi],40h ds:0023:00000248=?? ChildEBP RetAddr Args to Child f831cda8 8057dff9 00000000 00000000 00000000 nt!PspTerminateThreadByPointer+0x17 (FPO: [2,3,0]) f831cddc 804fa477 804e4729 80000000 00000000 nt!PspSystemThreadStartup+0x40 (FPO: [Non-Fpo]) 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    и еще

    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_gdr.050301-1519
    Machine Name:
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
    Debug session time: Sat Oct  3 11:07:10.013 2009 (GMT+4)
    System Uptime: 0 days 2:17:43.933
    Loading Kernel Symbols
    ...............................................................
    Loading User Symbols
    Loading unloaded module list
    ......
    
    kd>  !analyze -v;r;kv;lmtn
    ERROR: FindPlugIns 80070015
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 805c7395, The address that the exception occurred at
    Arg3: f7d09d20, Trap Frame
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    FAULTING_IP: 
    nt!PspTerminateThreadByPointer+17
    805c7395 f60640          test    byte ptr [esi],40h
    
    TRAP_FRAME:  f7d09d20 -- (.trap 0xfffffffff7d09d20)
    ErrCode = 00000000
    eax=81f34b01 ebx=9a5f4400 ecx=81f34c71 edx=00000001 esi=00000248 edi=00000000
    eip=805c7395 esp=f7d09d94 ebp=f7d09da8 iopl=0         nv up ei ng nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
    nt!PspTerminateThreadByPointer+0x17:
    805c7395 f60640          test    byte ptr [esi],40h         ds:0023:00000248=??
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  DRIVER_FAULT
    
    BUGCHECK_STR:  0x8E
    
    PROCESS_NAME:  System
    
    LAST_CONTROL_TRANSFER:  from 805c4a12 to 805c7395
    
    STACK_TEXT:  
    f7d09da8 805c4a12 00000000 00000000 00000000 nt!PspTerminateThreadByPointer+0x17
    f7d09ddc 80540fa2 80533cd0 80000000 00000000 nt!PspSystemThreadStartup+0x40
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!PspTerminateThreadByPointer+17
    805c7395 f60640          test    byte ptr [esi],40h
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  nt!PspTerminateThreadByPointer+17
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlpa.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  42250a1d
    
    FAILURE_BUCKET_ID:  0x8E_nt!PspTerminateThreadByPointer+17
    
    BUCKET_ID:  0x8E_nt!PspTerminateThreadByPointer+17
    
    Followup: MachineOwner
    ---------
    
    eax=81f34b01 ebx=9a5f4400 ecx=81f34c71 edx=00000001 esi=00000248 edi=00000000
    eip=805c7395 esp=f7d09d94 ebp=f7d09da8 iopl=0         nv up ei ng nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
    nt!PspTerminateThreadByPointer+0x17:
    805c7395 f60640          test    byte ptr [esi],40h         ds:0023:00000248=??
    ChildEBP RetAddr  Args to Child              
    f7d09da8 805c4a12 00000000 00000000 00000000 nt!PspTerminateThreadByPointer+0x17 (FPO: [2,3,0])
    f7d09ddc 80540fa2 80533cd0 80000000 00000000 nt!PspSystemThreadStartup+0x40 (FPO: [Non-Fpo])
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    

    С уважением @le][
    20 октября 2009 г. 11:13

Ответы

  • Расслабтесь !!!

    BSOD вызван трояном, размещающим софтварный драйвер в адресном пространстве ядра кернел, который в свою очередь скрывает остальные компоненты ...


    С уважением @le][
    27 октября 2009 г. 19:37