aide pour la comprehension de fichiers minidumps
aide pour la comprehension de fichiers minidumps - Win NT/2K/XP - Windows & Software
Sujets relatifs:
- aide pour internet
- Fichiers Offline
- Copie de fichiers
- pc crashé et récup. de fichiers//ou sont les données outlook ?
- Impossible de copier fichiers MP4 d'un Cd/RW sur disk dur
- Installation Windows impossible -> a l'aide svp
- Enregistrement fichiers images
- Cherche un logiciel de stream de fichiers audio...
- VPN ? où sont les fichiers partagés ?
- a l'aide harcelement du neuf telecom
Marsh Posté le 16-12-2005 à 21:10:18
Bonjour,
j'aurai besoin d'aide pour m'aider à comprendre 2 fichiers Minidumps.
Depuis quelques jours mon PC redemarre aléatoirement, et parfois il plante même avant qu'on puisse voir apparaitre les sessions utilisateurs.
ma configuration :
Carte Mère : J830CH avec carte son et video integrés.
Processeur : AMD Duron 1,2 Ghz
RAM : 248 Mo
DD : 40 Go
CD ROM + Graveur
Windows Xp.
j'ai pu tout de même récuperer 2 fichiers Minidumps que j'ai pu lire avec WinDbg, mais auquel je ne comprends pas grand chose...
Voici les copiers collers de ces 2 fichiers :
Microsoft (R) Windows Debugger Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\Moi\Bureau\Mini121405-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed Dec 14 10:38:00.367 2005 (GMT+1)
System Uptime: 0 days 0:06:06.934
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................
Loading unloaded module list
........
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, f98616e8, f3e099dc, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Probably caused by : memory_corruption
Followup: memory_corruption
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f98616e8, The address that the exception occurred at
Arg3: f3e099dc, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction "0x%08lx" emploie l'adresse m moire "0x%08lx". La m moire ne peut pas tre "%s".
FAULTING_IP:
Npfs!NpFsdCreate+0
f98616e8 0000 add [eax],al
TRAP_FRAME: f3e099dc -- (.trap fffffffff3e099dc)
ErrCode = 00000002
eax=00000000 ebx=ffb00578 ecx=80def910 edx=ffbc4c50 esi=80d97ae8 edi=ffbc4c60
eip=f98616e8 esp=f3e09a50 ebp=f3e09b3c iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
Npfs!NpFsdCreate:
f98616e8 0000 add [eax],al ds:0023:00000000=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 804e37f7 to f98616e8
STACK_TEXT:
f3e09a4c 804e37f7 80def910 ffbc4c50 ffbc4c50 Npfs!NpFsdCreate
WARNING: Stack unwind information not available. Following frames may be wrong.
f3e09b3c 8056316c 80def910 00000000 80d9af30 nt+0xc7f7
f3e09bc4 8056729a 00000000 f3e09c04 00000040 nt+0x8c16c
f3e09c18 80570b73 00000000 00000000 e09d3001 nt+0x9029a
f3e09c94 80570c42 00a8f058 c0100080 00a8eff8 nt+0x99b73
f3e09cf0 80570d78 00a8f058 c0100080 00a8eff8 nt+0x99c42
f3e09d30 804de7ec 00a8f058 c0100080 00a8eff8 nt+0x99d78
f3e09d64 7c91eb94 badb0d00 00a8efc0 00000202 nt+0x77ec
00a8f050 00000000 00000000 00000000 00000000 0x7c91eb94
STACK_COMMAND: .bugcheck ; kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !Npfs
f9861000-f9861001 2 bytes - Npfs!NpCommonCleanup+3a
[ 92 1d:00 00 ]
f9861004-f9861032 47 bytes - Npfs!NpCommonCleanup+3e (+0x04)
[ 84 c0 74 49 0f b6 c0 48:00 00 00 00 00 00 00 00 ]
f9861035-f9861086 82 bytes - Npfs!NpCommonCleanup+6f (+0x31)
[ eb 1a 8b 45 f8 83 c0 38:00 00 00 00 00 00 00 00 ]
f9861088-f98610b2 43 bytes - Npfs!NpCommonCleanup+c2 (+0x53)
[ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
f98610b5-f98610ca 22 bytes - Npfs!NpFsdCleanup+27 (+0x2d)
[ 74 0d b2 01 8b cf 89 77:00 00 00 00 00 00 00 00 ]
f98610cc-f98610fc 49 bytes - Npfs!NpFsdCleanup+3e (+0x17)
[ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
f98610fe-f986110b 14 bytes - Npfs!NpCommonClose+2c (+0x32)
[ 8d 45 fc 50 8d 45 0c 50:00 00 00 00 00 00 00 00 ]
f986110e-f986112a 29 bytes - Npfs!NpCommonClose+3c (+0x10)
[ 84 c0 74 25 0f b6 c0 48:00 00 00 00 00 00 00 00 ]
f986112d-f986116c 64 bytes - Npfs!NpCommonClose+5b (+0x1f)
[ eb 08 a1 14 0e 86 f9 ff:00 00 00 00 00 00 00 00 ]
f986116e-f986117a 13 bytes - Npfs!NpCommonClose+9c (+0x41)
[ b2 01 8b cb ff d6 5e 33:00 00 00 00 00 00 00 00 ]
f986117c-f98611a6 43 bytes - Npfs!NpCommonClose+aa (+0x0e)
[ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
f98611a8 - Npfs!NpFsdClose+26 (+0x2c)
[ 4e:00 ]
f98611aa - Npfs!NpFsdClose+28 (+0x02)
[ 61:00 ]
f98611ac - Npfs!NpFsdClose+2a (+0x02)
[ 6d:00 ]
f98611ae - Npfs!NpFsdClose+2c (+0x02)
[ 65:00 ]
f98611b0 - Npfs!NpFsdClose+2e (+0x02)
[ 64:00 ]
f98611b2 - Npfs!NpFsdClose+30 (+0x02)
[ 50:00 ]
f98611b4 - Npfs!NpFsdClose+32 (+0x02)
[ 69:00 ]
f98611b6 - Npfs!NpFsdClose+34 (+0x02)
[ 70:00 ]
f98611b8 - Npfs!NpFsdClose+36 (+0x02)
[ 65:00 ]
f98611bc-f98611db 32 bytes - Npfs!NpFsdClose+3a (+0x04)
[ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
f98611e0-f98611ff 32 bytes - Npfs!NpFsdClose+5e (+0x24)
[ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
f9861204-f9861223 32 bytes - Npfs!NpFsdClose+82 (+0x24)
[ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
f9861228-f9861247 32 bytes - Npfs!NpFsdClose+a6 (+0x24)
[ 64 3a 5c 78 70 73 70 72:00 00 00 00 00 00 00 00 ]
f9861249-f9861258 16 bytes - Npfs!NpFsdClose+c7 (+0x21)
[ cc cc cc cc cc 8b ff 55:00 00 00 00 00 00 00 00 ]
f986125a-f986127a 33 bytes - Npfs!NpCreateClientEnd+c (+0x11)
[ 83 65 10 fb 53 8b 5d 08:00 00 00 00 00 00 00 00 ]
f986127d-f986129c 32 bytes - Npfs!NpCreateClientEnd+2f (+0x23)
[ 89 45 1c ff 15 58 0a 86:00 00 00 00 00 00 00 00 ]
f986129e-f98612b1 20 bytes - Npfs!NpCreateClientEnd+50 (+0x21)
[ ff 75 10 6a 01 ff 75 1c:00 00 00 00 00 00 00 00 ]
f98612b3-f98612cd 27 bytes - Npfs!NpCreateClientEnd+65 (+0x15)
[ 88 45 08 74 13 ff 75 fc:00 00 00 00 00 00 00 00 ]
f98612cf-f98612d7 9 bytes - Npfs!NpCreateClientEnd+81 (+0x1c)
[ 74 10 8b 45 f8 09 46 14:00 00 00 00 00 00 00 00 ]
f98612db-f9861300 38 bytes - Npfs!NpCreateClientEnd+8d (+0x0c)
[ 02 f7 d0 21 46 10 68 a8:00 00 00 00 00 00 00 00 ]
f9861302-f9861307 6 bytes - Npfs!NpCreateClientEnd+b4 (+0x27)
[ 56 ff 73 1c 50 6a:00 00 00 00 00 00 ]
f9861309-f986131e 22 bytes - Npfs!NpCreateClientEnd+bb (+0x07)
[ 8d 45 e8 50 ff 15 40 0a:00 00 00 00 00 00 00 00 ]
f9861320-f9861322 3 bytes - Npfs!NpCreateClientEnd+d2 (+0x17)
[ 0f 84 8d:00 00 00 ]
f9861326-f986133c 23 bytes - Npfs!NpCreateClientEnd+d8 (+0x06)
[ f6 45 10 01 74 04 85 ff:00 00 00 00 00 00 00 00 ]
f986133f-f9861354 22 bytes - Npfs!NpCreateClientEnd+f1 (+0x19)
[ c0 eb 74 83 c3 30 8b 03:00 00 00 00 00 00 00 00 ]
f9861356-f9861361 12 bytes - Npfs!NpCreateClientEnd+108 (+0x17)
[ 33 f6 3b c3 75 ef 85 f6:00 00 00 00 00 00 00 00 ]
f9861364-f986136a 7 bytes - Npfs!NpCreateClientEnd+116 (+0x0e)
[ c0 eb 4f 56 68 16 02:00 00 00 00 00 00 00 ]
f986136d-f9861380 20 bytes - Npfs!NpCreateClientEnd+11f (+0x09)
[ 68 bc 11 86 f9 e8 8f ef:00 00 00 00 00 00 00 00 ]
f9861383-f9861393 17 bytes - Npfs!NpCreateClientEnd+135 (+0x16)
[ 85 c0 89 45 f0 7c 2c ff:00 00 00 00 00 00 00 00 ]
f9861396-f98613a0 11 bytes - Npfs!NpCreateClientEnd+148 (+0x13)
[ 85 c0 89 45 f0 56 7d 1d:00 00 00 00 00 00 00 00 ]
f98613a3-f98613a6 4 bytes - Npfs!NpCreateClientEnd+155 (+0x0d)
[ 56 68 44 02:00 00 00 00 ]
f98613a9-f98613bd 21 bytes - Npfs!NpCreateClientEnd+15b (+0x06)
[ 68 e0 11 86 f9 e8 53 ef:00 00 00 00 00 00 00 00 ]
f98613c0-f98613cf 16 bytes - Npfs!NpCreateClientEnd+172 (+0x17)
[ 68 04 12 86 f9 e8 3c ef:00 00 00 00 00 00 00 00 ]
f98613d1-f98613da 10 bytes - Npfs!NpCreateClientEnd+183 (+0x11)
[ ff 15 38 0a 86 f9 56 68:00 00 00 00 00 00 00 00 ]
f98613dd-f98613f4 24 bytes - Npfs!NpCreateClientEnd+18f (+0x0c)
[ 68 28 12 86 f9 89 46 24:00 00 00 00 00 00 00 00 ]
f98613f6-f986142b 54 bytes - Npfs!NpCreateClientEnd+1a8 (+0x19)
[ cc cc cc cc cc cc 8b ff:00 00 00 00 00 00 00 00 ]
f986142d - Npfs!NpOpenNamedPipeFileSystem+31 (+0x37)
[ 6a:00 ]
f986142f-f986143a 12 bytes - Npfs!NpOpenNamedPipeFileSystem+33 (+0x02)
[ ff 35 14 0e 86 f9 ff 75:00 00 00 00 00 00 00 00 ]
f986143d-f986144a 14 bytes - Npfs!NpOpenNamedPipeFileSystem+41 (+0x0e)
[ a1 14 0e 86 f9 ff 40 24:00 00 00 00 00 00 00 00 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
3781 errors : !Npfs (f9861000-f9861fff)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
MEMORY_CORRUPTOR: LARGE_4096
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE_4096
BUCKET_ID: MEMORY_CORRUPTION_LARGE_4096
Followup: memory_corruption
---------
et :
Microsoft (R) Windows Debugger Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\Moi\Bureau\Mini121405-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed Dec 14 10:40:29.001 2005 (GMT+1)
System Uptime: 0 days 0:02:06.561
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...........................................................................................................
Loading unloaded module list
........
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1902fe, f43d8bdc, f43d88d8, 804e1680}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Probably caused by : PCIIDEX.SYS ( PCIIDEX!BmSetup+5f )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001902fe
Arg2: f43d8bdc
Arg3: f43d88d8
Arg4: 804e1680
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
MODULE_NAME: PCIIDEX
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 41107b4c
EXCEPTION_RECORD: f43d8bdc -- (.exr fffffffff43d8bdc)
ExceptionAddress: 804e1680 (nt+0x0000a680)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0
CONTEXT: f43d88d8 -- (.cxr fffffffff43d88d8)
eax=00000023 ebx=f43d8e94 ecx=e137a000 edx=80ec97e0 esi=f43d8dec edi=80ec9100
eip=804e1680 esp=f43d8ca4 ebp=f43d8d38 iopl=0 nv up di ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010082
nt+0xa680:
804e1680 8bec mov ebp,esp
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from f97a8ddb to 804e1680
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f43d8ca4 f97a8ddb 80f0ee80 80ee9c90 00000000 nt+0xa680
f43d8d38 f93def73 ff527b30 80ec97e0 e13830d0 PCIIDEX!BmSetup+0x5f
f43d8ea4 f93e0f64 ff527b30 80e2dc48 f43d8efc Ntfs!NtfsCommonCreate+0xb39
f43d8f84 804e37f7 80ec9020 80e2dc48 ff4a2ca8 Ntfs!NtfsFsdCreate+0x1ec
f43d8fe0 804e37f7 80f445e0 00000001 f43d9040 nt+0xc7f7
f43d914c 8056316c 80edde30 00000000 ff5fd480 nt+0xc7f7
f43d91d4 8056729a 00000000 f43d9214 00000240 nt+0x8c16c
f43d9228 80570b73 00000000 00000000 3d92cc00 nt+0x9029a
f43d92a4 80579795 f43d9364 00100000 f43d9344 nt+0x99b73
f43d92ec f9468ea5 f43d9364 00100000 f43d9344 nt+0xa2795
f43d948c f94696d1 80f445e0 f43d9578 f43d9575 sr!SrpExpandPathOfFileName+0x111
f43d94ac f9469713 80f445e0 ff437028 f43d9578 sr!SrpGetFileNameFromFileObject+0xe7
f43d94c4 f94697a0 80f445e0 ff437028 00140008 sr!SrpExpandFileName+0x35
f43d94ec f94623e2 80f445e0 ff437028 00000000 sr!SrIsFileEligible+0x5a
f43d968c f946482c 80f445e0 ff437028 00140008 sr!SrCreateContext+0x13e
f43d96ec 804e37f7 80f445e0 00000004 f43d974c sr!SrCreate+0x106
f43d9858 8056316c 80edde30 00000000 ffb837b0 nt+0xc7f7
f43d98e0 8056729a 00000000 f43d9920 00000040 nt+0x8c16c
f43d9934 80570b73 00000000 00000000 00000000 nt+0x9029a
f43d99b0 80570c42 80ea77c4 00010000 80ea7800 nt+0x99b73
f43d9a0c 80570d78 80ea77c4 00010000 80ea7800 nt+0x99c42
f43d9a4c 804de7ec 80ea77c4 00010000 80ea7800 nt+0x99d78
f43d9a80 804dc9b1 badb0d00 f43d9af8 00001320 nt+0x77ec
80ea77c8 00000000 00000000 00000000 00000000 nt+0x59b1
FOLLOWUP_IP:
PCIIDEX!BmSetup+5f
f97a8ddb 5f pop edi
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: PCIIDEX!BmSetup+5f
IMAGE_NAME: PCIIDEX.SYS
STACK_COMMAND: .cxr fffffffff43d88d8 ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Voila ! Il faut savoir qu'il redémarre depuis que j'ai installé une nouvelle imprimante HP PhotoSmart 8250 qui se branche par port USB. J'ai testé la memoire avec memtest (j'ai laisser tourner, 10 fois de suite) et il n'a rien trouvé. Je ne pense pas non plus que ce soit a cause de mon alimentation ou du ventillateur de mon processeur car je les ai changé il y a à peu près un an (mon ordinateur s'eteignait, il y avait des warning CPU un peu partout mais il rebootait pas)
Merci.