aide pour la comprehension de fichiers minidumps

aide pour la comprehension de fichiers minidumps - Win NT/2K/XP - Windows & Software

Marsh Posté le 16-12-2005 à 21:10:18    

Bonjour,
 
j'aurai besoin d'aide pour m'aider à comprendre 2 fichiers Minidumps.
 
Depuis quelques jours mon PC redemarre aléatoirement, et parfois il plante même avant qu'on puisse voir apparaitre les sessions utilisateurs.
 
ma configuration :
Carte Mère : J830CH avec carte son et video integrés.
Processeur : AMD Duron 1,2 Ghz
RAM : 248 Mo
DD : 40 Go
CD ROM + Graveur
Windows Xp.
 
j'ai pu tout de même récuperer 2 fichiers Minidumps que j'ai pu lire avec WinDbg, mais auquel je ne comprends pas grand chose...  
Voici les copiers collers de ces 2 fichiers :
 
 
Microsoft (R) Windows Debugger  Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Documents and Settings\Moi\Bureau\Mini121405-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
 
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:  
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed Dec 14 10:38:00.367 2005 (GMT+1)
System Uptime: 0 days 0:06:06.934
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................
Loading unloaded module list
........
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck 1000008E, {c0000005, f98616e8, f3e099dc, 0}
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
Probably caused by : memory_corruption
 
Followup: memory_corruption
---------
 
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f98616e8, The address that the exception occurred at
Arg3: f3e099dc, Trap Frame
Arg4: 00000000
 
Debugging Details:
------------------
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
 
FAULTING_MODULE: 804d7000 nt
 
DEBUG_FLR_IMAGE_TIMESTAMP:  0
 
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction   "0x%08lx" emploie l'adresse m moire "0x%08lx". La m moire ne peut pas  tre "%s".
 
FAULTING_IP:  
Npfs!NpFsdCreate+0
f98616e8 0000             add     [eax],al
 
TRAP_FRAME:  f3e099dc -- (.trap fffffffff3e099dc)
ErrCode = 00000002
eax=00000000 ebx=ffb00578 ecx=80def910 edx=ffbc4c50 esi=80d97ae8 edi=ffbc4c60
eip=f98616e8 esp=f3e09a50 ebp=f3e09b3c iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
Npfs!NpFsdCreate:
f98616e8 0000             add     [eax],al                ds:0023:00000000=??
Resetting default scope
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
 
BUGCHECK_STR:  0x8E
 
LAST_CONTROL_TRANSFER:  from 804e37f7 to f98616e8
 
STACK_TEXT:  
f3e09a4c 804e37f7 80def910 ffbc4c50 ffbc4c50 Npfs!NpFsdCreate
WARNING: Stack unwind information not available. Following frames may be wrong.
f3e09b3c 8056316c 80def910 00000000 80d9af30 nt+0xc7f7
f3e09bc4 8056729a 00000000 f3e09c04 00000040 nt+0x8c16c
f3e09c18 80570b73 00000000 00000000 e09d3001 nt+0x9029a
f3e09c94 80570c42 00a8f058 c0100080 00a8eff8 nt+0x99b73
f3e09cf0 80570d78 00a8f058 c0100080 00a8eff8 nt+0x99c42
f3e09d30 804de7ec 00a8f058 c0100080 00a8eff8 nt+0x99d78
f3e09d64 7c91eb94 badb0d00 00a8efc0 00000202 nt+0x77ec
00a8f050 00000000 00000000 00000000 00000000 0x7c91eb94
 
 
STACK_COMMAND:  .bugcheck ; kb
 
CHKIMG_EXTENSION: !chkimg -lo 50 -d !Npfs
    f9861000-f9861001  2 bytes - Npfs!NpCommonCleanup+3a
 [ 92 1d:00 00 ]
    f9861004-f9861032  47 bytes - Npfs!NpCommonCleanup+3e (+0x04)
 [ 84 c0 74 49 0f b6 c0 48:00 00 00 00 00 00 00 00 ]
    f9861035-f9861086  82 bytes - Npfs!NpCommonCleanup+6f (+0x31)
 [ eb 1a 8b 45 f8 83 c0 38:00 00 00 00 00 00 00 00 ]
    f9861088-f98610b2  43 bytes - Npfs!NpCommonCleanup+c2 (+0x53)
 [ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
    f98610b5-f98610ca  22 bytes - Npfs!NpFsdCleanup+27 (+0x2d)
 [ 74 0d b2 01 8b cf 89 77:00 00 00 00 00 00 00 00 ]
    f98610cc-f98610fc  49 bytes - Npfs!NpFsdCleanup+3e (+0x17)
 [ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
    f98610fe-f986110b  14 bytes - Npfs!NpCommonClose+2c (+0x32)
 [ 8d 45 fc 50 8d 45 0c 50:00 00 00 00 00 00 00 00 ]
    f986110e-f986112a  29 bytes - Npfs!NpCommonClose+3c (+0x10)
 [ 84 c0 74 25 0f b6 c0 48:00 00 00 00 00 00 00 00 ]
    f986112d-f986116c  64 bytes - Npfs!NpCommonClose+5b (+0x1f)
 [ eb 08 a1 14 0e 86 f9 ff:00 00 00 00 00 00 00 00 ]
    f986116e-f986117a  13 bytes - Npfs!NpCommonClose+9c (+0x41)
 [ b2 01 8b cb ff d6 5e 33:00 00 00 00 00 00 00 00 ]
    f986117c-f98611a6  43 bytes - Npfs!NpCommonClose+aa (+0x0e)
 [ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
    f98611a8 - Npfs!NpFsdClose+26 (+0x2c)
 [ 4e:00 ]
    f98611aa - Npfs!NpFsdClose+28 (+0x02)
 [ 61:00 ]
    f98611ac - Npfs!NpFsdClose+2a (+0x02)
 [ 6d:00 ]
    f98611ae - Npfs!NpFsdClose+2c (+0x02)
 [ 65:00 ]
    f98611b0 - Npfs!NpFsdClose+2e (+0x02)
 [ 64:00 ]
    f98611b2 - Npfs!NpFsdClose+30 (+0x02)
 [ 50:00 ]
    f98611b4 - Npfs!NpFsdClose+32 (+0x02)
 [ 69:00 ]
    f98611b6 - Npfs!NpFsdClose+34 (+0x02)
 [ 70:00 ]
    f98611b8 - Npfs!NpFsdClose+36 (+0x02)
 [ 65:00 ]
    f98611bc-f98611db  32 bytes - Npfs!NpFsdClose+3a (+0x04)
 [ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
    f98611e0-f98611ff  32 bytes - Npfs!NpFsdClose+5e (+0x24)
 [ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
    f9861204-f9861223  32 bytes - Npfs!NpFsdClose+82 (+0x24)
 [ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
    f9861228-f9861247  32 bytes - Npfs!NpFsdClose+a6 (+0x24)
 [ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
    f9861249-f9861258  16 bytes - Npfs!NpFsdClose+c7 (+0x21)
 [ cc cc cc cc cc 8b ff 55:00 00 00 00 00 00 00 00 ]
    f986125a-f986127a  33 bytes - Npfs!NpCreateClientEnd+c (+0x11)
 [ 83 65 10 fb 53 8b 5d 08:00 00 00 00 00 00 00 00 ]
    f986127d-f986129c  32 bytes - Npfs!NpCreateClientEnd+2f (+0x23)
 [ 89 45 1c ff 15 58 0a 86:00 00 00 00 00 00 00 00 ]
    f986129e-f98612b1  20 bytes - Npfs!NpCreateClientEnd+50 (+0x21)
 [ ff 75 10 6a 01 ff 75 1c:00 00 00 00 00 00 00 00 ]
    f98612b3-f98612cd  27 bytes - Npfs!NpCreateClientEnd+65 (+0x15)
 [ 88 45 08 74 13 ff 75 fc:00 00 00 00 00 00 00 00 ]
    f98612cf-f98612d7  9 bytes - Npfs!NpCreateClientEnd+81 (+0x1c)
 [ 74 10 8b 45 f8 09 46 14:00 00 00 00 00 00 00 00 ]
    f98612db-f9861300  38 bytes - Npfs!NpCreateClientEnd+8d (+0x0c)
 [ 02 f7 d0 21 46 10 68 a8:00 00 00 00 00 00 00 00 ]
    f9861302-f9861307  6 bytes - Npfs!NpCreateClientEnd+b4 (+0x27)
 [ 56 ff 73 1c 50 6a:00 00 00 00 00 00 ]
    f9861309-f986131e  22 bytes - Npfs!NpCreateClientEnd+bb (+0x07)
 [ 8d 45 e8 50 ff 15 40 0a:00 00 00 00 00 00 00 00 ]
    f9861320-f9861322  3 bytes - Npfs!NpCreateClientEnd+d2 (+0x17)
 [ 0f 84 8d:00 00 00 ]
    f9861326-f986133c  23 bytes - Npfs!NpCreateClientEnd+d8 (+0x06)
 [ f6 45 10 01 74 04 85 ff:00 00 00 00 00 00 00 00 ]
    f986133f-f9861354  22 bytes - Npfs!NpCreateClientEnd+f1 (+0x19)
 [ c0 eb 74 83 c3 30 8b 03:00 00 00 00 00 00 00 00 ]
    f9861356-f9861361  12 bytes - Npfs!NpCreateClientEnd+108 (+0x17)
 [ 33 f6 3b c3 75 ef 85 f6:00 00 00 00 00 00 00 00 ]
    f9861364-f986136a  7 bytes - Npfs!NpCreateClientEnd+116 (+0x0e)
 [ c0 eb 4f 56 68 16 02:00 00 00 00 00 00 00 ]
    f986136d-f9861380  20 bytes - Npfs!NpCreateClientEnd+11f (+0x09)
 [ 68 bc 11 86 f9 e8 8f ef:00 00 00 00 00 00 00 00 ]
    f9861383-f9861393  17 bytes - Npfs!NpCreateClientEnd+135 (+0x16)
 [ 85 c0 89 45 f0 7c 2c ff:00 00 00 00 00 00 00 00 ]
    f9861396-f98613a0  11 bytes - Npfs!NpCreateClientEnd+148 (+0x13)
 [ 85 c0 89 45 f0 56 7d 1d:00 00 00 00 00 00 00 00 ]
    f98613a3-f98613a6  4 bytes - Npfs!NpCreateClientEnd+155 (+0x0d)
 [ 56 68 44 02:00 00 00 00 ]
    f98613a9-f98613bd  21 bytes - Npfs!NpCreateClientEnd+15b (+0x06)
 [ 68 e0 11 86 f9 e8 53 ef:00 00 00 00 00 00 00 00 ]
    f98613c0-f98613cf  16 bytes - Npfs!NpCreateClientEnd+172 (+0x17)
 [ 68 04 12 86 f9 e8 3c ef:00 00 00 00 00 00 00 00 ]
    f98613d1-f98613da  10 bytes - Npfs!NpCreateClientEnd+183 (+0x11)
 [ ff 15 38 0a 86 f9 56 68:00 00 00 00 00 00 00 00 ]
    f98613dd-f98613f4  24 bytes - Npfs!NpCreateClientEnd+18f (+0x0c)
 [ 68 28 12 86 f9 89 46 24:00 00 00 00 00 00 00 00 ]
    f98613f6-f986142b  54 bytes - Npfs!NpCreateClientEnd+1a8 (+0x19)
 [ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
    f986142d - Npfs!NpOpenNamedPipeFileSystem+31 (+0x37)
 [ 6a:00 ]
    f986142f-f986143a  12 bytes - Npfs!NpOpenNamedPipeFileSystem+33 (+0x02)
 [ ff 35 14 0e 86 f9 ff 75:00 00 00 00 00 00 00 00 ]
    f986143d-f986144a  14 bytes - Npfs!NpOpenNamedPipeFileSystem+41 (+0x0e)
 [ a1 14 0e 86 f9 ff 40 24:00 00 00 00 00 00 00 00 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view  entire output.
3781 errors : !Npfs (f9861000-f9861fff)
 
MODULE_NAME:  memory_corruption
 
IMAGE_NAME:  memory_corruption
 
FOLLOWUP_NAME:  memory_corruption
 
MEMORY_CORRUPTOR:  LARGE_4096
 
FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE_4096
 
BUCKET_ID:  MEMORY_CORRUPTION_LARGE_4096
 
Followup: memory_corruption
---------
 
 et :
 
 
Microsoft (R) Windows Debugger  Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Documents and Settings\Moi\Bureau\Mini121405-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
 
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:  
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed Dec 14 10:40:29.001 2005 (GMT+1)
System Uptime: 0 days 0:02:06.561
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................
Loading unloaded module list
........
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck 24, {1902fe, f43d8bdc, f43d88d8, 804e1680}
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
Probably caused by : PCIIDEX.SYS ( PCIIDEX!BmSetup+5f )
 
Followup: MachineOwner
---------
 
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001902fe
Arg2: f43d8bdc
Arg3: f43d88d8
Arg4: 804e1680
 
Debugging Details:
------------------
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
 
MODULE_NAME:  PCIIDEX
 
FAULTING_MODULE: 804d7000 nt
 
DEBUG_FLR_IMAGE_TIMESTAMP:  41107b4c
 
EXCEPTION_RECORD:  f43d8bdc -- (.exr fffffffff43d8bdc)
ExceptionAddress: 804e1680 (nt+0x0000a680)
   ExceptionCode: c000001d (Illegal instruction)
  ExceptionFlags: 00000000
NumberParameters: 0
 
CONTEXT:  f43d88d8 -- (.cxr fffffffff43d88d8)
eax=00000023 ebx=f43d8e94 ecx=e137a000 edx=80ec97e0 esi=f43d8dec edi=80ec9100
eip=804e1680 esp=f43d8ca4 ebp=f43d8d38 iopl=0         nv up di ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010082
nt+0xa680:
804e1680 8bec             mov     ebp,esp
Resetting default scope
 
CUSTOMER_CRASH_COUNT:  2
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
BUGCHECK_STR:  0x24
 
LAST_CONTROL_TRANSFER:  from f97a8ddb to 804e1680
 
STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f43d8ca4 f97a8ddb 80f0ee80 80ee9c90 00000000 nt+0xa680
f43d8d38 f93def73 ff527b30 80ec97e0 e13830d0 PCIIDEX!BmSetup+0x5f
f43d8ea4 f93e0f64 ff527b30 80e2dc48 f43d8efc Ntfs!NtfsCommonCreate+0xb39
f43d8f84 804e37f7 80ec9020 80e2dc48 ff4a2ca8 Ntfs!NtfsFsdCreate+0x1ec
f43d8fe0 804e37f7 80f445e0 00000001 f43d9040 nt+0xc7f7
f43d914c 8056316c 80edde30 00000000 ff5fd480 nt+0xc7f7
f43d91d4 8056729a 00000000 f43d9214 00000240 nt+0x8c16c
f43d9228 80570b73 00000000 00000000 3d92cc00 nt+0x9029a
f43d92a4 80579795 f43d9364 00100000 f43d9344 nt+0x99b73
f43d92ec f9468ea5 f43d9364 00100000 f43d9344 nt+0xa2795
f43d948c f94696d1 80f445e0 f43d9578 f43d9575 sr!SrpExpandPathOfFileName+0x111
f43d94ac f9469713 80f445e0 ff437028 f43d9578 sr!SrpGetFileNameFromFileObject+0xe7
f43d94c4 f94697a0 80f445e0 ff437028 00140008 sr!SrpExpandFileName+0x35
f43d94ec f94623e2 80f445e0 ff437028 00000000 sr!SrIsFileEligible+0x5a
f43d968c f946482c 80f445e0 ff437028 00140008 sr!SrCreateContext+0x13e
f43d96ec 804e37f7 80f445e0 00000004 f43d974c sr!SrCreate+0x106
f43d9858 8056316c 80edde30 00000000 ffb837b0 nt+0xc7f7
f43d98e0 8056729a 00000000 f43d9920 00000040 nt+0x8c16c
f43d9934 80570b73 00000000 00000000 00000000 nt+0x9029a
f43d99b0 80570c42 80ea77c4 00010000 80ea7800 nt+0x99b73
f43d9a0c 80570d78 80ea77c4 00010000 80ea7800 nt+0x99c42
f43d9a4c 804de7ec 80ea77c4 00010000 80ea7800 nt+0x99d78
f43d9a80 804dc9b1 badb0d00 f43d9af8 00001320 nt+0x77ec
80ea77c8 00000000 00000000 00000000 00000000 nt+0x59b1
 
 
FOLLOWUP_IP:  
PCIIDEX!BmSetup+5f
f97a8ddb 5f               pop     edi
 
SYMBOL_STACK_INDEX:  1
 
FOLLOWUP_NAME:  MachineOwner
 
SYMBOL_NAME:  PCIIDEX!BmSetup+5f
 
IMAGE_NAME:  PCIIDEX.SYS
 
STACK_COMMAND:  .cxr fffffffff43d88d8 ; kb
 
BUCKET_ID:  WRONG_SYMBOLS
 
Followup: MachineOwner
---------
 
 
Voila ! Il faut savoir qu'il redémarre depuis que j'ai installé une nouvelle imprimante HP PhotoSmart 8250 qui se branche par port USB. J'ai testé la memoire avec memtest (j'ai laisser tourner, 10 fois de suite) et il n'a rien trouvé. Je ne pense pas non plus que ce soit a cause de mon alimentation ou du ventillateur de mon processeur car je les ai changé il y a à peu près un an (mon ordinateur s'eteignait, il y avait des warning CPU un peu partout mais il rebootait pas)
 
 
Merci.

Reply

Marsh Posté le 16-12-2005 à 21:10:18   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed