Debug analyze
Posted By: BioTecK on 
Monday 4 September 2006 with 
No Comments Yet
Nou, zojuist is mijn pc weer uitgevallen.. 
Ik heb een Windebugger geinstallerd om te kijken wat er nou fout gaat; maar goed, daar word ik ook niet echt wijzer op!! :S
Hieronder de analyze van de BSOD! Als je weet wat er nou mis is, email me dan!! 
***************************************************************************
****
* *
* Bugcheck Analysis *
* *
***************************************************************************
****
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {ffffff94, 2, 0, 80500b3a}
ANALYSIS: Kernel with unknown size. Will force reload symbols with known size.
ANALYSIS: Force reload command: .reload /f ntoskrnl.exe=FFFFFFFF804D7000,213F80,42250FF9
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Probably caused by : ntoskrnl.exe ( nt+29b3a )
Followup: MachineOwner
———
kd> !analyze -v
***************************************************************************
****
* *
* Bugcheck Analysis *
* *
***************************************************************************
****
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffff94, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80500b3a, address which referenced memory
Debugging Details:
——————
ANALYSIS: Kernel with unknown size. Will force reload symbols with known size.
ANALYSIS: Force reload command: .reload /f ntoskrnl.exe=FFFFFFFF804D7000,213F80,42250FF9
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
MODULE_NAME: nt
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
ffffff94
CURRENT_IRQL: 2
FAULTING_IP:
nt+29b3a
80500b3a 8b8744010000 mov eax,dword ptr [edi+144h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 80500c35 to 80500b3a
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f4560a74 80500c35 b884c5c8 fffffe50 e2c54400 nt+0×29b3a
f4560b04 805820df 019a0050 00010000 f4560d30 nt+0×29c35
f4560d4c 804de7ec 00000005 019a0050 00010000 nt+0xab0df
f4560d64 7c90eb94 badb0d00 0012f074 b9b67d98 nt+0×77ec
f4560d68 badb0d00 0012f074 b9b67d98 b9b67dcc 0×7c90eb94
f4560d6c 0012f074 b9b67d98 b9b67dcc 00000000 0xbadb0d00
f4560d70 b9b67d98 b9b67dcc 00000000 00000000 0×12f074
f4560d74 b9b67dcc 00000000 00000000 00000000 0xb9b67d98
f4560d78 00000000 00000000 00000000 00000000 0xb9b67dcc
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+29b3a
80500b3a 8b8744010000 mov eax,dword ptr [edi+144h]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
SYMBOL_NAME: nt+29b3a
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
———
