Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windbg Output Memory.DMP file - Unexpected Shutdown DC 2003 OS

Posted on 2013-12-30
2
Medium Priority
?
786 Views
Last Modified: 2014-01-02
Can someone please shed some light as to what this means? Thanks!


*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 00000000c0000005, Exception code that caused the bugcheck

Arg2: fffff80001257a6f, Address of the instruction which caused the bugcheck

Arg3: fffffadf8f839260, Address of the context record for the exception that caused the bugcheck

Arg4: 0000000000000000, zero.

 

Debugging Details:

------------------

 

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

 

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

 

ADDITIONAL_DEBUG_TEXT:

Use '!findthebuild' command to search for the target build information.

If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

 

MODULE_NAME: nt

 

FAULTING_MODULE: fffff80001000000 nt

 

DEBUG_FLR_IMAGE_TIMESTAMP:  5138536e

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

 

FAULTING_IP:

nt!ObCheckCreateObjectAccess+186f

fffff800`01257a6f f0480fba2900    lock bts qword ptr [rcx],0

 

CONTEXT:  fffffadf8f839260 -- (.cxr 0xfffffadf8f839260)

rax=fffffadf98aab040 rbx=fffffa800389a8f0 rcx=a079654b0607022f

rdx=0000000000000001 rsi=a079654b06070107 rdi=fffffa800389a990

rip=fffff80001257a6f rsp=fffffadf8f839a70 rbp=fffffa800389a9a0

r8=0000000000020019  r9=0000000000000000 r10=fffffa80007b9940

r11=fffffadf98aab040 r12=fffffadf9ccb3080 r13=fffffa800389a9c0

r14=0000000000000000 r15=fffffa800389a9c0

iopl=0         nv up ei ng nz na pe nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282

nt!ObCheckCreateObjectAccess+0x186f:

fffff800`01257a6f f0480fba2900    lock bts qword ptr [rcx],0 ds:002b:a079654b`0607022f=????????????????

Resetting default scope

 

DEFAULT_BUCKET_ID:  DRIVER_FAULT

 

BUGCHECK_STR:  0x3B

 

CURRENT_IRQL:  0

 

LAST_CONTROL_TRANSFER:  from fffff8000128cd77 to fffff80001257a6f

 

STACK_TEXT:

fffffadf`8f839a70 fffff800`0128cd77 : fffffa80`013d1e60 fffffadf`98d87c20 fffffadf`9ccb3080 00000000`00000000 : nt!ObCheckCreateObjectAccess+0x186f

fffffadf`8f839af0 fffff800`0128ce7e : fffffa80`013d1e60 00000000`00000798 fffffa80`007b9940 00000000`00000000 : nt!PsLookupProcessByProcessId+0x247

fffffadf`8f839b50 fffff800`01289a44 : fffffadf`98aab040 00000000`00000798 fffffadf`98d87c20 fffffadf`98aab040 : nt!NtClose+0xce

fffffadf`8f839bf0 fffff800`0102e5bd : fffffadf`98aab040 fffffadf`8f839cf0 00000000`00f8f100 00000000`00000000 : nt!ObOpenObjectByName+0x3b4

fffffadf`8f839c70 00000000`77ef039a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ZwUnloadKey+0x20ad

00000000`00f8f018 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef039a

 

 

FOLLOWUP_IP:

nt!ObCheckCreateObjectAccess+186f

fffff800`01257a6f f0480fba2900    lock bts qword ptr [rcx],0

 

SYMBOL_STACK_INDEX:  0

 

SYMBOL_NAME:  nt!ObCheckCreateObjectAccess+186f

 

FOLLOWUP_NAME:  MachineOwner

 

IMAGE_NAME:  ntkrnlmp.exe

 

STACK_COMMAND:  .cxr 0xfffffadf8f839260 ; kb

 

BUCKET_ID:  WRONG_SYMBOLS

 

Followup: MachineOwner
0
Comment
Question by:syseng007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Rob Miners earned 2000 total points
ID: 39747045
If you have an Internet Connection, Symbol search path is: SRV*Downstream_store*http://msdl.microsoft.com/download/symbols

Symbol files
All system applications, drivers, and DLLs are built such that their debugging information resides in separate files known as symbol files.

Instructions on using WinDBG.

Open WinDBG and select File, Symbol file path and paste this line

SRV*Downstream_store*http://msdl.microsoft.com/download/symbols
or
You can create a Folder on a Drive that has free space and set the environment.eg:

SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
SRV*D:\symbols*http://msdl.microsoft.com/download/symbols
SRV*E:\symbols*http://msdl.microsoft.com/download/symbols
select OK.

Close the workpage and save the Workspace information. This should lock in the Symbol path.

Open WinDBG and select file and select Open Crash Dump then navigate to the minidump, highlight it and select Open.

There are two ways to use !analyze -v the easiest is to click on !analyze -v under Bugcheck Analysis.

When you have ran the initial dump if you look to the bottom of the screen you will see kd> to the right of that type in !analyze -v and press the Enter key.
or
you can add to the command like this !analyze -v;r;lmntsm;

Ctrl + a will let you select the information to Ctrl + C to copy and Ctrl + v paste into notepad.

http://blogs.technet.com/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-screen-crashes-for-beginners.aspx

If the debugger output references the NT kernel (ntoskrnl.exe, ntkrnlpa.exe, ntkrnlmp.exe, and ntkrnlpamp.exe), the driver verifier may be necessary to further pinpoint the problem.

The dates of all of the drivers loaded at the time of the crash can be determined using the lm n t debugger command. More information about a specific driver can be gained using the lm vm drivername command. This can be helpful to identify whether an older driver might be contributing to the crash.

Enable Driver Verifier, to get a more informative dump.

To configure Driver Verifier

Press the WinKey + r type verifier /standard /all
Restart the machine.
You may or may not Blue screen, if not you can also create a log file by following this procedure:
Once you're up and running press the WinKey + r type verifier /log drvchk.txt and press Enter.
This will open a blank command window while it is doing the check. Let it run for at least 4 minutes, then close the window, you may get an error message, but you can ignore it.
Press the WinKey + r type verifier /reset and press Enter.
Press the WinKey + r type %userprofile%\drvchk.txt
if it's not there
Press the WinKey + r type %windir%\System32\drvchk.txt
 Look for any errors...

Note:
If the computer fails to boot because of the verifier.
Restart in Safe Mode by repeatedly pressing the function key F8 during startup.
Click Start, type verifier /reset in the Start Search box, and then press Enter.
Click OK or Yes to the UAC prompt.
Restart the machine.
Post the next dump for analysis.
0
 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 39748128
Sorry , however I didn't understand what you want us to do with the information pasted in your query .
If you are willing to know about the symbol path [the reason for the error showing in the log whle you open it in windbg].

Or you want to know the reason for the Bugcheck[BSOD] .

For the first above it has been explained in its full.

But for the second one , its C5 exception [we call it in general] which means that the virtual memory of 2 application conicides and Operating system was unable to understand which memory location belongs to whom and did Bugcheck.
So once you get the symbol path fixed , rerun " !analyse -v " which will give you more idea . don't forget to check the stack which will provide you which thread or process was running while this happens so reinstallation/ update of that application will fix the issue.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question