Старожил
Сообщения: 186
Благодарности: 38
|
Профиль
|
Отправить PM
| Цитировать
skiliner,
отвечу на твои вопросы в личке.
1. как самостоятельно анализировать дампы
http://forum.oszone.net/thread-130713.html
2. БП попробуй сменить на более свежий, заведомо исправный, и более мощьный
3.
читать дальше »
---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052109-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Thu May 21 04:48:10.421 2009 (GMT+6)
System Uptime: 0 days 1:35:22.139
BugCheck 100000D1, {f433024e, 2, 0, f433024e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f433024e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f433024e, address which referenced memory
Debugging Details:
READ_ADDRESS: f433024e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f432ce59 to f433024e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)
STACK_TEXT:
b9fe9b58 f432ce59 841acab8 b9fe9b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9fe9b84 f43365b5 841acab8 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9fe9bc0 f433617e 8431f028 870546c0 b9fe9c10 afd!AfdCleanup+0x619
b9fe9bd0 804e19ee 85a2d4f8 840cee70 840cee70 afd!AfdDispatch+0xbb
b9fe9be0 8057e818 8431f010 873e7ca0 00000001 nt!IopfCallDriver+0x31
b9fe9c10 80570c83 841a4c50 85a2d4f8 001f01ff nt!IopCloseFile+0x26b
b9fe9c40 80570dd6 841a4c50 0131f010 873e7ca0 nt!ObpDecrementHandleCount+0x11b
b9fe9c68 80570cfc e3b21688 8431f028 00000790 nt!ObpCloseHandleTableEntry+0x14d
b9fe9cb0 80570d46 00000790 00000001 00000000 nt!ObpCloseHandle+0x87
b9fe9cc4 f77b4ca2 00000790 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9fe9cec f42dfe4a 00000790 b9fe9d64 08a7f50c Vax347b+0xdca2
b9fe9d58 804ddf0f 00000790 08a7f56c 7c90eb94 Sandbox+0x4e4a
b9fe9d58 7c90eb94 00000790 08a7f56c 7c90eb94 nt!KiFastCallEntry+0xfc
08a7f56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f77b4ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052309-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Sat May 23 03:28:15.890 2009 (GMT+6)
System Uptime: 0 days 8:24:30.593
Loading Kernel Symbols
BugCheck 100000D1, {f433024e, 2, 0, f433024e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f433024e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f433024e, address which referenced memory
Debugging Details:
READ_ADDRESS: f433024e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f432ce59 to f433024e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f433024e 687a0233f4 push offset afd!AfdSetContext+0x140 (f433027a)
STACK_TEXT:
8903cb58 f432ce59 846249b8 8903cb78 0000000c afd!AfdIssueDeviceControl+0x10d
8903cb84 f43365b5 846249b8 00000004 00000000 afd!AfdSetEventHandler+0x2e
8903cbc0 f433617e 835fa028 8704d030 8903cc10 afd!AfdCleanup+0x619
8903cbd0 804e19ee 85d0e460 85be2588 85be2588 afd!AfdDispatch+0xbb
8903cbe0 8057e818 835fa010 873e7ca0 00000001 nt!IopfCallDriver+0x31
8903cc10 80570c83 843b9da0 85d0e460 001f01ff nt!IopCloseFile+0x26b
8903cc40 80570dd6 843b9da0 015fa010 873e7ca0 nt!ObpDecrementHandleCount+0x11b
8903cc68 80570cfc e2f0ac08 835fa028 00000434 nt!ObpCloseHandleTableEntry+0x14d
8903ccb0 80570d46 00000434 00000001 00000000 nt!ObpCloseHandle+0x87
8903ccc4 f77b4ca2 00000434 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
8903ccec f42dfe4a 00000434 8903cd64 09dff50c Vax347b+0xdca2
8903cd58 804ddf0f 00000434 09dff56c 7c90eb94 Sandbox+0x4e4a
8903cd58 7c90eb94 00000434 09dff56c 7c90eb94 nt!KiFastCallEntry+0xfc
09dff56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f77b4ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-01.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 02:57:06.921 2009 (GMT+6)
System Uptime: 0 days 9:32:08.633
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {f446924e, 2, 0, f446924e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory
Debugging Details:
READ_ADDRESS: f446924e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f4465e59 to f446924e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
STACK_TEXT:
f7548b58 f4465e59 846196c8 f7548b78 0000000c afd!AfdIssueDeviceControl+0x10d
f7548b84 f446f5b5 846196c8 00000004 00000000 afd!AfdSetEventHandler+0x2e
f7548bc0 f446f17e 8449fb50 86f3ea20 f7548c10 afd!AfdCleanup+0x619
f7548bd0 804e19ee 85de2708 84459b80 84459b80 afd!AfdDispatch+0xbb
f7548be0 8057e818 8449fb38 873e7ad0 00000001 nt!IopfCallDriver+0x31
f7548c10 80570c83 83613020 85de2708 001f01ff nt!IopCloseFile+0x26b
f7548c40 80570dd6 83613020 0149fb38 873e7ad0 nt!ObpDecrementHandleCount+0x11b
f7548c68 80570cfc e27033a8 8449fb50 00000648 nt!ObpCloseHandleTableEntry+0x14d
f7548cb0 80570d46 00000648 00000001 00000000 nt!ObpCloseHandle+0x87
f7548cc4 f7794ca2 00000648 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
f7548cec f4418e4a 00000648 f7548d64 06dff50c Vax347b+0xdca2
f7548d58 804ddf0f 00000648 06dff56c 7c90eb94 Sandbox+0x4e4a
f7548d58 7c90eb94 00000648 06dff56c 7c90eb94 nt!KiFastCallEntry+0xfc
06dff56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-02.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 03:41:09.015 2009 (GMT+6)
System Uptime: 0 days 0:42:40.739
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {f446924e, 2, 0, f446924e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory
Debugging Details:
READ_ADDRESS: f446924e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f4465e59 to f446924e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
STACK_TEXT:
ba3c0b58 f4465e59 844eea80 ba3c0b78 0000000c afd!AfdIssueDeviceControl+0x10d
ba3c0b84 f446f5b5 844eea80 00000004 00000000 afd!AfdSetEventHandler+0x2e
ba3c0bc0 f446f17e 8598f908 8701fd78 ba3c0c10 afd!AfdCleanup+0x619
ba3c0bd0 804e19ee 870a75e0 844f8008 844f8008 afd!AfdDispatch+0xbb
ba3c0be0 8057e818 8598f8f0 873e7ca0 00000001 nt!IopfCallDriver+0x31
ba3c0c10 80570c83 84542990 870a75e0 001f01ff nt!IopCloseFile+0x26b
ba3c0c40 80570dd6 84542990 0198f8f0 873e7ca0 nt!ObpDecrementHandleCount+0x11b
ba3c0c68 80570cfc e1250878 8598f908 00000644 nt!ObpCloseHandleTableEntry+0x14d
ba3c0cb0 80570d46 00000644 00000001 00000000 nt!ObpCloseHandle+0x87
ba3c0cc4 f7794ca2 00000644 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
ba3c0cec f4418e4a 00000644 ba3c0d64 0b1af50c Vax347b+0xdca2
ba3c0d58 804ddf0f 00000644 0b1af56c 7c90eb94 Sandbox+0x4e4a
ba3c0d58 7c90eb94 00000644 0b1af56c 7c90eb94 nt!KiFastCallEntry+0xfc
0b1af56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
--
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-03.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 03:47:08.281 2009 (GMT+6)
System Uptime: 0 days 0:04:38.987
--
BugCheck 100000D1, {f446924e, 2, 0, f446924e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
Followup: MachineOwner
--
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory
Debugging Details:
READ_ADDRESS: f446924e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f4465e59 to f446924e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
STACK_TEXT:
b9a75b58 f4465e59 844ffe58 b9a75b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9a75b84 f446f5b5 844ffe58 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9a75bc0 f446f17e 84509848 86f88f38 b9a75c10 afd!AfdCleanup+0x619
b9a75bd0 804e19ee 85a064f8 844b4c70 844b4c70 afd!AfdDispatch+0xbb
b9a75be0 8057e818 84509830 873e7ad0 00000001 nt!IopfCallDriver+0x31
b9a75c10 80570c83 845a67b8 85a064f8 001f01ff nt!IopCloseFile+0x26b
b9a75c40 80570dd6 845a67b8 01509830 873e7ad0 nt!ObpDecrementHandleCount+0x11b
b9a75c68 80570cfc e3e6f5e8 84509848 00000448 nt!ObpCloseHandleTableEntry+0x14d
b9a75cb0 80570d46 00000448 00000001 00000000 nt!ObpCloseHandle+0x87
b9a75cc4 f7794ca2 00000448 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9a75cec f4418e4a 00000448 b9a75d64 0466f50c Vax347b+0xdca2
b9a75d58 804ddf0f 00000448 0466f56c 7c90eb94 Sandbox+0x4e4a
b9a75d58 7c90eb94 00000448 0466f56c 7c90eb94 nt!KiFastCallEntry+0xfc
0466f56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-04.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 04:09:57.328 2009 (GMT+6)
System Uptime: 0 days 0:21:27.059
BugCheck 100000C5, {e45f2000, 2, 1, 805524d5}
Probably caused by : win32k.sys ( win32k!HeavyAllocPool+74 )
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: e45f2000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805524d5, address which referenced memory
Debugging Details:
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExAllocatePoolWithTag+863
805524d5 8906 mov dword ptr [esi],eax
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
PROCESS_NAME: outpost.exe
LAST_CONTROL_TRANSFER: from bf802a8e to 805524d5
STACK_TEXT:
ba58fba0 bf802a8e 00000001 00000000 38306847 nt!ExAllocatePoolWithTag+0x863
ba58fbc0 bf805a96 00000458 38306847 00000000 win32k!HeavyAllocPool+0x74
ba58fbe0 bf826978 00000458 00000008 00000000 win32k!AllocateObject+0xaa
ba58fc34 bf82d00f 00000001 00000100 00000000 win32k!PALMEMOBJ::bCreatePalette+0xde
ba58fca8 bf82d554 b9010cd2 00000002 0c670000 win32k!GreCreateDIBitmapReal+0x281
ba58fd38 804ddf0f b9010cd2 00000000 00000000 win32k!NtGdiCreateDIBSection+0x18f
ba58fd38 7c90eb94 b9010cd2 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00c6f298 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HeavyAllocPool+74
bf802a8e 8bd0 mov edx,eax
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: win32k!HeavyAllocPool+74
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 41107f7a
FAILURE_BUCKET_ID: 0xC5_2_win32k!HeavyAllocPool+74
BUCKET_ID: 0xC5_2_win32k!HeavyAllocPool+74
----
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052709-05.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Wed May 27 04:48:29.687 2009 (GMT+6)
System Uptime: 0 days 0:37:12.402
BugCheck 100000D1, {f446924e, 2, 0, f446924e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory
Debugging Details:
READ_ADDRESS: f446924e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
CUSTOMER_CRASH_COUNT: 5
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f4465e59 to f446924e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
STACK_TEXT:
b9ca1b58 f4465e59 84531308 b9ca1b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9ca1b84 f446f5b5 84531308 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9ca1bc0 f446f17e 845ede80 8735fdd8 b9ca1c10 afd!AfdCleanup+0x619
b9ca1bd0 804e19ee 85deb628 83643008 83643008 afd!AfdDispatch+0xbb
b9ca1be0 8057e818 845ede68 873e7ca0 00000001 nt!IopfCallDriver+0x31
b9ca1c10 80570c83 8356e500 85deb628 001f01ff nt!IopCloseFile+0x26b
b9ca1c40 80570dd6 8356e500 015ede68 873e7ca0 nt!ObpDecrementHandleCount+0x11b
b9ca1c68 80570cfc e13ae760 845ede80 000001f0 nt!ObpCloseHandleTableEntry+0x14d
b9ca1cb0 80570d46 000001f0 00000001 00000000 nt!ObpCloseHandle+0x87
b9ca1cc4 f7794ca2 000001f0 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9ca1cec f4418e4a 000001f0 b9ca1d64 0afaf50c Vax347b+0xdca2
b9ca1d58 804ddf0f 000001f0 0afaf56c 7c90eb94 Sandbox+0x4e4a
b9ca1d58 7c90eb94 000001f0 0afaf56c 7c90eb94 nt!KiFastCallEntry+0xfc
0afaf56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
---------
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052809-01.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Thu May 28 05:04:13.937 2009 (GMT+6)
System Uptime: 0 days 7:11:23.660
BugCheck 100000D1, {f446924e, 2, 0, f446924e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory
Debugging Details:
READ_ADDRESS: f446924e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f4465e59 to f446924e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
STACK_TEXT:
b9e8eb58 f4465e59 842df028 b9e8eb78 0000000c afd!AfdIssueDeviceControl+0x10d
b9e8eb84 f446f5b5 842df028 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9e8ebc0 f446f17e 85960830 871ac6c8 b9e8ec10 afd!AfdCleanup+0x619
b9e8ebd0 804e19ee 87065f18 8414ae00 8414ae00 afd!AfdDispatch+0xbb
b9e8ebe0 8057e818 85960818 873e7ad0 00000001 nt!IopfCallDriver+0x31
b9e8ec10 80570c83 83f07020 87065f18 001f01ff nt!IopCloseFile+0x26b
b9e8ec40 80570dd6 83f07020 01960818 873e7ad0 nt!ObpDecrementHandleCount+0x11b
b9e8ec68 80570cfc e3cac180 85960830 000006f8 nt!ObpCloseHandleTableEntry+0x14d
b9e8ecb0 80570d46 000006f8 00000001 00000000 nt!ObpCloseHandle+0x87
b9e8ecc4 f7794ca2 000006f8 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9e8ecec f4418e4a 000006f8 b9e8ed64 0651f50c Vax347b+0xdca2
b9e8ed58 804ddf0f 000006f8 0651f56c 7c90eb94 Sandbox+0x4e4a
b9e8ed58 7c90eb94 000006f8 0651f56c 7c90eb94 nt!KiFastCallEntry+0xfc
0651f56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
----
Loading Dump File [F:\kdfe_Dump_Analize\DumpS\Mini052909-01.dmp]
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Fri May 29 02:32:19.703 2009 (GMT+6)
System Uptime: 0 days 3:20:59.414
BugCheck 100000D1, {f446924e, 2, 0, f446924e}
Unable to load image Vax347b.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Vax347b.sys
*** ERROR: Module load completed but symbols could not be loaded for Vax347b.sys
*** WARNING: Unable to verify timestamp for Sandbox.SYS
*** ERROR: Module load completed but symbols could not be loaded for Sandbox.SYS
Probably caused by : Vax347b.sys ( Vax347b+dca2 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f446924e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f446924e, address which referenced memory
Debugging Details:
READ_ADDRESS: f446924e
CURRENT_IRQL: 2
FAULTING_IP:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from f4465e59 to f446924e
FAILED_INSTRUCTION_ADDRESS:
afd!AfdIssueDeviceControl+10d
f446924e 687a9246f4 push offset afd!AfdSetContext+0x140 (f446927a)
STACK_TEXT:
b9cf5b58 f4465e59 85b0b718 b9cf5b78 0000000c afd!AfdIssueDeviceControl+0x10d
b9cf5b84 f446f5b5 85b0b718 00000004 00000000 afd!AfdSetEventHandler+0x2e
b9cf5bc0 f446f17e 8369e610 86fae030 b9cf5c10 afd!AfdCleanup+0x619
b9cf5bd0 804e19ee 85cef548 8348e008 8348e008 afd!AfdDispatch+0xbb
b9cf5be0 8057e818 8369e5f8 873e7ca0 00000001 nt!IopfCallDriver+0x31
b9cf5c10 80570c83 834d1020 85cef548 001f01ff nt!IopCloseFile+0x26b
b9cf5c40 80570dd6 834d1020 0169e5f8 873e7ca0 nt!ObpDecrementHandleCount+0x11b
b9cf5c68 80570cfc e3de9390 8369e610 000006f8 nt!ObpCloseHandleTableEntry+0x14d
b9cf5cb0 80570d46 000006f8 00000001 00000000 nt!ObpCloseHandle+0x87
b9cf5cc4 f7794ca2 000006f8 00000001 00000003 nt!NtClose+0x1d
WARNING: Stack unwind information not available. Following frames may be wrong.
b9cf5cec f4418e4a 000006f8 b9cf5d64 070ef50c Vax347b+0xdca2
b9cf5d58 804ddf0f 000006f8 070ef56c 7c90eb94 Sandbox+0x4e4a
b9cf5d58 7c90eb94 000006f8 070ef56c 7c90eb94 nt!KiFastCallEntry+0xfc
070ef56c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
Vax347b+dca2
f7794ca2 ?? ???
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: Vax347b+dca2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Vax347b
IMAGE_NAME: Vax347b.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 426c9fbc
FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
BUCKET_ID: 0xD1_CODE_AV_BAD_IP_Vax347b+dca2
quit:
что за зверь такой Vax347b.sys?
везде засветился outpost со своим драйвером Sandbox
так что похоже пока БП не виноват, но обновить его стоит.
1. обновить (снести) outpost
2. проверится на "зверей" в системе
3. и поставь наконец-то SP3. SP2 это готовое блюдо для зверей в сети 
|
