Hi!
habe Probleme mit einem entfernten Rechner, bei dem
seit einer Woche jede 3 Stunden ein banales Bluescreen zu Gast ist:
STOP: 0x000000 1E (0xc 0000047, 0x8042F497, 0x00000000, 0x00000000)
KMODE_EXCEPTION_NOT_HANDLED
*** Adress 8042F497 base at 80400000, Datestamp 4047db83-ntoskrnl.exe
Wollte jetzt aber die Sache näher ran gehen und habe versucht den Feler mit Hilfe von Windows Debugger zu entziffern:
===========================================================
Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: kd -y
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 01011000 kd.exe
ModLoad: 77880000 77903000 ntdll.dll
ModLoad: 77e70000 77f35000 C:\WINNT\system32\KERNEL32.dll
ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
ModLoad: 02000000 0227b000 C:\Programme\Debugging Tools for Windows\dbgeng.dll
ModLoad: 02800000 02900000 C:\Programme\Debugging Tools for Windows\dbghelp.dll
ModLoad: 79350000 793b2000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 77d20000 77d91000 C:\WINNT\system32\RPCRT4.DLL
ModLoad: 77810000 77817000 C:\WINNT\system32\VERSION.dll
ModLoad: 75940000 75946000 C:\WINNT\system32\LZ32.DLL
ModLoad: 77e00000 77e65000 C:\WINNT\system32\USER32.dll
ModLoad: 77f40000 77f7e000 C:\WINNT\system32\GDI32.DLL
(ec0.f14): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00081f04 ecx=00000009 edx=00000000 esi=7ffdf000 edi=00081f68
eip=778813b1 esp=0006f984 ebp=0006fc98 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!DbgBreakPoint:
778813b1 cc int 3
0:000>
0:000> !analyze -show
APPLICATION_VERIFIER_GENERIC_ERROR (0)
Unknown error.
This message can happen if the error encountered cannot be classified in any way.
Not used right now.
Arguments:
Arg1: 00000000, Not used
Arg2: 00000000, Not used
Arg3: 00000000, Not used
Arg4: 00000000, Not used
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
***** OS symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
FAULTING_IP:
ntdll!DbgBreakPoint+0
778813b1 cc int 3
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 778813b1 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 00000009
Parameter[2]: 00000000
FAULTING_THREAD: 00000f14
BUGCHECK_STR: 80000003
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: kd.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {AUSNAHME} Haltepunkt Im Quellprogramm wurde ein Haltepunkt erreicht.
THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 778916cb to 778813b1
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0006fc98 778916cb 0006fd30 00000000 0006fcfc ntdll!DbgBreakPoint
0006fd1c 7789ff3b 0006fd30 77880000 00000000 ntdll!CsrClientConnectToServer+0x145
00000000 00000000 00000000 00000000 00000000 ntdll!KiUserApcDispatcher+0x7
FOLLOWUP_IP:
ntdll!DbgBreakPoint+0
778813b1 cc int 3
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: ntdll!DbgBreakPoint+0
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4060ef72
STACK_COMMAND: ~0s ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
0:000> lm t n
start end module name
01000000 01011000 kd kd.exe Tue May 18 21:22:27 2004 (40AA6273)
02000000 0227b000 dbgeng dbgeng.dll Tue May 25 02:27:51 2004 (40B29307)
02800000 02900000 dbghelp dbghelp.dll Tue May 25 02:28:03 2004 (40B29313)
75940000 75946000 LZ32 LZ32.DLL Fri Jun 20 05:58:40 2003 (3EF28670)
77810000 77817000 VERSION VERSION.dll Fri Jun 20 05:58:35 2003 (3EF2866B)
77880000 77903000 ntdll ntdll.dll Wed Mar 24 03:16:18 2004 (4060EF72)
77d20000 77d91000 RPCRT4 RPCRT4.DLL Thu Mar 11 22:28:56 2004 (4050DA18)
77e00000 77e65000 USER32 USER32.dll Wed Mar 24 03:16:19 2004 (4060EF73)
77e70000 77f35000 KERNEL32 KERNEL32.dll Wed Mar 24 03:16:18 2004 (4060EF72)
77f40000 77f7e000 GDI32 GDI32.DLL Wed Mar 24 03:16:18 2004 (4060EF72)
78000000 78045000 msvcrt msvcrt.dll Tue Mar 11 19:55:17 2003 (3E6E3115)
79350000 793b2000 ADVAPI32 ADVAPI32.dll Wed Mar 24 03:16:19 2004 (4060EF73)
============================================================
Trotz anscheinend nützlichen Meldungen wie z.B: " ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll" usw., kann ich im Endeffekt trotzdem nichts tun. Hat vielleicht jemand eine Idee?