Anybody Know How To... - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 8 (permalink) Old 11-09-2009, 07:06 AM Thread Starter
HERE WE GO STEELERS
 
Geor!'s Avatar
 
Join Date: Dec 2003
Location: HERE WE GO!!!
Posts: 18,685
Anybody Know How To...

Read and diagnose Windows dump files? I have a problem that is constantly occuring that I thought I had fixed, but is coming back in a big way over the past month or so. I get multiple memory dumps each day. When reading the dump files, they seem to be pointing to different files.

For instance, two from yesterday pointed to ntkrnlpa.exe which, to my knowledge, is not a driver. Another pointed to TDI.sys and yet another points to npfs.sys.

First:

************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804fff0a, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00000004

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiInsertTimerTable+4e
804fff0a 894204 mov dword ptr [edx+4],eax

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 804fffdf to 804fff0a

STACK_TEXT:
80549ac0 804fffdf ffb3b4c0 ffffffff ad48b2d8 nt!KiInsertTimerTable+0x4e
80549adc 804f8e57 ffb3b4c0 ffffffff f786c3f0 nt!KiInsertTreeTimer+0x7d
80549afc 804f8efe 00f778e8 ffb3b4c0 ffffffff nt!KeSetTimerEx+0x4b
80549b18 f786c558 85f778e8 ffb3b4c0 ffffffff nt!KeSetTimer+0x18
80549b34 ec7eaaa6 85f778b8 000001f4 ec7eaa65 TDI!CTEStartTimer+0x40
80549b54 f786c3ff 85f778b8 00000000 80549c80 tcpip!IPTimeout+0xbd
80549b64 804ffd98 85f778c8 85f778b8 e6598bb0 TDI!CTEpTimerHandler+0xf
80549c80 804ffeaf 80552a20 805527c0 ffdff000 nt!KiTimerListExpire+0x122
80549cac 80541b9d 80552e20 00000000 0022ad5d nt!KiTimerExpiration+0xaf
80549cd0 80541b16 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
80549cd4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26


STACK_COMMAND: kb

FOLLOWUP_IP:
TDI!CTEStartTimer+40
f786c558 33c0 xor eax,eax

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: TDI!CTEStartTimer+40

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: TDI

IMAGE_NAME: TDI.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 48025834

FAILURE_BUCKET_ID: 0xA_TDI!CTEStartTimer+40

BUCKET_ID: 0xA_TDI!CTEStartTimer+40

Followup: MachineOwner
---------


Second:

************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffc, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ffeeb, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: fffffffc

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiInsertTimerTable+2f
804ffeeb 3b51fc cmp edx,dword ptr [ecx-4]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: chrome.exe

LAST_CONTROL_TRANSFER: from 804fffdf to 804ffeeb

STACK_TEXT:
b93d1ca8 804fffdf ffff1ddd ffffffff bd483936 nt!KiInsertTimerTable+0x2f
b93d1cc4 804f8e57 ffff1ddd ffffffff 00000000 nt!KiInsertTreeTimer+0x7d
b93d1ce4 80535340 005e3020 ffff1ddd ffffffff nt!KeSetTimerEx+0x4b
b93d1d40 8053d648 00000270 0164feec 00000000 nt!NtSetTimer+0x1e6
b93d1d40 7c90e4f4 00000270 0164feec 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0164fef4 00000000 00000000 00000000 00000000 0x7c90e4f4


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiInsertTimerTable+2f
804ffeeb 3b51fc cmp edx,dword ptr [ecx-4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiInsertTimerTable+2f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48a3fbd8

FAILURE_BUCKET_ID: 0xA_nt!KiInsertTimerTable+2f

BUCKET_ID: 0xA_nt!KiInsertTimerTable+2f

Followup: MachineOwner
---------


Third:

************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffc, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ffeeb, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: fffffffc

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiInsertTimerTable+2f
804ffeeb 3b51fc cmp edx,dword ptr [ecx-4]

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: chrome.exe

LAST_CONTROL_TRANSFER: from 804fffdf to 804ffeeb

STACK_TEXT:
b9ea8ca8 804fffdf ffff5b35 ffffffff 0992e6d0 nt!KiInsertTimerTable+0x2f
b9ea8cc4 804f8e57 ffff5b35 ffffffff 00000000 nt!KiInsertTreeTimer+0x7d
b9ea8ce4 80535340 005793d8 ffff5b35 ffffffff nt!KeSetTimerEx+0x4b
b9ea8d40 8053d648 000002ac 0158feec 00000000 nt!NtSetTimer+0x1e6
b9ea8d40 7c90e4f4 000002ac 0158feec 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0158fef4 00000000 00000000 00000000 00000000 0x7c90e4f4


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiInsertTimerTable+2f
804ffeeb 3b51fc cmp edx,dword ptr [ecx-4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiInsertTimerTable+2f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48a3fbd8

FAILURE_BUCKET_ID: 0xA_nt!KiInsertTimerTable+2f

BUCKET_ID: 0xA_nt!KiInsertTimerTable+2f

Followup: MachineOwner
---------

Fourth:

************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 001c0707, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80500d19, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 001c0707

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiUnlinkThread+7
80500d19 8b10 mov edx,dword ptr [eax]

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: avgwdsvc.exe

LAST_CONTROL_TRANSFER: from 80500d80 to 80500d19

STACK_TEXT:
b9f20bc0 80500d80 860e1798 00000000 00000100 nt!KiUnlinkThread+0x7
b9f20bd4 804fdd80 00000001 00000000 00000001 nt!KiUnwaitThread+0x12
b9f20be8 804faaf8 854f0fa8 854f0f68 00000000 nt!KiInsertQueueApc+0x12a
b9f20c08 804f07e4 854f0fa8 86577f90 00000000 nt!KeInsertQueueApc+0x40
b9f20c3c eeab5dfb 8617b848 85f02758 86236720 nt!IopfCompleteRequest+0x1d8
b9f20c60 804ee129 85edf7c0 86236720 806d22d0 Npfs!NpFsdWrite+0x73
b9f20c70 80574dde 86236790 00000000 86236720 nt!IopfCallDriver+0x31
b9f20c84 805728ca 85edf7c0 86236720 8617b848 nt!IopSynchronousServiceTail+0x70
b9f20d38 8053d648 00000654 00000000 00000000 nt!NtWriteFile+0x602
b9f20d38 7c90e4f4 00000654 00000000 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
02aaf954 00000000 00000000 00000000 00000000 0x7c90e4f4


STACK_COMMAND: kb

FOLLOWUP_IP:
Npfs!NpFsdWrite+73
eeab5dfb 8d4df8 lea ecx,[ebp-8]

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: Npfs!NpFsdWrite+73

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Npfs

IMAGE_NAME: Npfs.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 480251c6

FAILURE_BUCKET_ID: 0xA_Npfs!NpFsdWrite+73

BUCKET_ID: 0xA_Npfs!NpFsdWrite+73

Followup: MachineOwner
---------

Geor! is offline  
Sponsored Links
Advertisement
 
post #2 of 8 (permalink) Old 11-09-2009, 07:07 AM Thread Starter
HERE WE GO STEELERS
 
Geor!'s Avatar
 
Join Date: Dec 2003
Location: HERE WE GO!!!
Posts: 18,685
If anybody has any ideas or knows how to go about getting more information than what I currently have that could better help me diagnose and fix the issue, I would be extremely appreciative! The only thing that I really see in common with all of them is "CURRENT_IRQL: 2"

Geor! is offline  
post #3 of 8 (permalink) Old 11-09-2009, 03:54 PM
2girls1cup
 
Blue5spd's Avatar
 
Join Date: May 2002
Location: Breaking up happy homes!
Posts: 3,381
Are these the .dmp files from Windbg?
Blue5spd is offline  
 
post #4 of 8 (permalink) Old 11-09-2009, 04:54 PM Thread Starter
HERE WE GO STEELERS
 
Geor!'s Avatar
 
Join Date: Dec 2003
Location: HERE WE GO!!!
Posts: 18,685
Quote:
Originally Posted by Blue5spd View Post
Are these the .dmp files from Windbg?
Sir, yes sir!

Geor! is offline  
post #5 of 8 (permalink) Old 11-10-2009, 01:47 AM
2girls1cup
 
Blue5spd's Avatar
 
Join Date: May 2002
Location: Breaking up happy homes!
Posts: 3,381
It looks like it BSOD on different things every time. Could you zip up the whole memory folder and email it to me?
Blue5spd is offline  
post #6 of 8 (permalink) Old 11-10-2009, 05:46 PM
2girls1cup
 
Blue5spd's Avatar
 
Join Date: May 2002
Location: Breaking up happy homes!
Posts: 3,381
Sorry I need the Minidump folder. Feel free to PM me and I will send you my email.
Blue5spd is offline  
post #7 of 8 (permalink) Old 11-10-2009, 08:18 PM
Lifer
 
Shaun's Avatar
 
Join Date: Mar 2003
Location: longview, tx
Posts: 2,107
now i'm having the same problems....>

Shaun is offline  
post #8 of 8 (permalink) Old 11-10-2009, 10:54 PM
CJ
User may be editing post.
 
CJ's Avatar
 
Join Date: May 2002
Location: Arlington, TX
Posts: 12,013
IRQ's are interrupt blue screens. They are almost always caused by hardware. How many PCI cards does this computer have? What are the symptoms? What OS are you using? I'm guessing it's XP...

Who is your motherboard manufacturer, and did these just start, or did you format recently, or make any hardware changes?
CJ is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome