[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.3

Minidump Crash Dump File Help!

Asked by alcoahd in Management & Debugging Software, Windows XP Operating System

Tags: blue screen of death, windows xp, iphone, debugging

Could someone take a look at this interesting crash dump file?  I'm a little stumped on my next move.  The customer recently got an iPhone so I'm thinking that's the culprit...any help is appreciated!


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini071409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\symbols
Executable search path is:
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Jul 14 09:49:21.979 2009 (GMT-4)
System Uptime: 0 days 23:53:31.107
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
..................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, 8acf5da0, 8acf5f14, 805d297c}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** WARNING: Unable to verify timestamp for TfSysMon.sys
*** ERROR: Module load completed but symbols could not be loaded for TfSysMon.sys
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 8acf5da0, Terminating object
Arg3: 8acf5f14, Process image file name
Arg4: 805d297c, Explanatory message (ascii)

Debugging Details:
------------------

unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase

PROCESS_OBJECT: 8acf5da0

EXCEPTION_RECORD:  000000f4 -- (.exr 0xf4)
Cannot read Exception record @ 000000f4

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xF4

STACK_TEXT:  
a60754e8 805d1ac5 000000f4 00000003 8acf5da0 nt!KiDispatchException+0x1c7
a607550c 805d2a27 805d297c 8acf5da0 8acf5f14 nt!SeCaptureSecurityDescriptor+0x301
a607552c ba0feadc 8acf5da0 01075584 a6075574 nt!SeValidSecurityDescriptor+0x75
WARNING: Stack unwind information not available. Following frames may be wrong.
a607553c ba0feb32 8acf5fe8 c0000006 a6075604 TfSysMon+0x6adc
a6075574 8054162c ffffffff c0000006 a60759b0 TfSysMon+0x6b32
a6075584 80501161 badb0d00 a60755fc 00000000 nt!RtlpRangeListEntryLookasideList+0x62c
a6075a20 00000000 a60759d8 8aea6bc8 ffffffff nt!MmProtectMdlSystemAddress+0x8b


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  0xF4_ANALYSIS_INCONCLUSIVE

BUCKET_ID:  0xF4_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------

0: kd> .exr 0xf4
Cannot read Exception record @ 000000f4
0: kd> !process ffffffff8acf5da0 3
GetPointerFromAddress: unable to read from 80562134
TYPE mismatch for process object at 8acf5da0
[+][-]07/14/09 02:20 PM, ID: 24854200Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Management & Debugging Software, Windows XP Operating System
Tags: blue screen of death, windows xp, iphone, debugging
Sign Up Now!
Solution Provided By: johnb6767
Participating Experts: 2
Solution Grade: A
 
[+][-]07/15/09 12:23 AM, ID: 24856982Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20090701_SELECT_ZONES