[Step by Step] How to Analyze BlueScreen Dump

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Reviews and Guides

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

[Step by Step] How to Analyze BlueScreen Dump, by using Microsoft Windows Debugger

views

shawnlst	Oct 21 2004, 09:03 AM Return to original view \| Post #1
Daydreamin'... Senior Member 677 posts Joined: Jan 2003	hi there, i'm quite new to these debugger thingy. i got this message but i don't really understand what's the prob actually. Microsoft ® Windows Debugger Version 6.3.0017.0 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Documents and Settings\LEE\Local Settings\Temp\WER788a.dir00\Mini102104-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols Executable search path is: Unable to load image ntoskrnl.exe, Win32 error 2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20 Debug session time: Thu Oct 21 03:18:01 2004 System Uptime: 0 days 11:50:48.346 Unable to load image ntoskrnl.exe, Win32 error 2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols .................................................................................................................................... Loading unloaded module list ................. Loading User Symbols ******************************************************************************* * * * Bugcheck Analysis * * * ***************************************************************************** Use !analyze -v to get detailed debugging information. BugCheck 100000D1, {0, 2, 0, b2d40937} * Kernel symbols are WRONG. Please fix symbols to do analysis. Unable to load image Klpf.sys, Win32 error 2 * WARNING: Unable to verify timestamp for Klpf.sys * ERROR: Module load completed but symbols could not be loaded for Klpf.sys Probably caused by : Klpf.sys ( Klpf+3bc1 ) Followup: MachineOwner --------- kd> .reload Unable to load image ntoskrnl.exe, Win32 error 2 * WARNING: Unable to verify timestamp for ntoskrnl.exe * ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols .................................................................................................................................... Loading unloaded module list ................. Loading User Symbols kd> !analyze -v ***************************************************************************** * * * Bugcheck Analysis * * * ***************************************************************************** DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000000, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: b2d40937, address which referenced memory Debugging Details: ------------------ * Kernel symbols are WRONG. Please fix symbols to do analysis. Unable to load image Klpf.sys, Win32 error 2 * WARNING: Unable to verify timestamp for Klpf.sys *** ERROR: Module load completed but symbols could not be loaded for Klpf.sys READ_ADDRESS: unable to get nt!MmPoolCodeEnd unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSpecialPoolStart unable to get nt!MmPagedPoolStart unable to get nt!MiSessionPoolStart unable to get nt!MiSessionPoolEnd unable to get nt!MmNonPagedPoolExpansionStart unable to get nt!MmPoolCodeStart 00000000 CURRENT_IRQL: 2 FAULTING_IP: afd!AfdDisconnectEventHandler+2d b2d40937 668b07 mov ax,[edi] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from f87d9bc1 to b2d40937 STACK_TEXT: b2349c34 f87d9bc1 ff2788a8 ff297920 00000000 afd!AfdDisconnectEventHandler+0x2d WARNING: Stack unwind information not available. Following frames may be wrong. b2349c6c f87dabda fedac5b0 c0000001 00000000 Klpf+0x3bc1 fee5af68 00000000 00000000 00000000 00000000 Klpf+0x4bda FOLLOWUP_IP: Klpf+3bc1 f87d9bc1 ?? ??? SYMBOL_STACK_INDEX: 1 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: Klpf+3bc1 MODULE_NAME: Klpf IMAGE_NAME: Klpf.sys DEBUG_FLR_IMAGE_TIMESTAMP: 3fc740f1 STACK_COMMAND: kb BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- anyone care to enlighthen me, plz?
Card PM	Report Top Like Quote Reply

shawnlst	Oct 21 2004, 03:03 PM Return to original view \| Post #2
Daydreamin'... Senior Member 677 posts Joined: Jan 2003	^i was thinking of that could be the prob too. actually this has happened quite a few times ard. usually i left my pc on overnite. then the next morning, my whole monitor screen became blank. i have to restart my pc then came up this error. i was having prob with ICS coz previously i didn't have this kind of prob. could it be the NIC driver prob?
Card PM	Report Top Like Quote Reply

« Next Oldest · Reviews and Guides · Next Newest »

Add Reply Options

Change to:

0.0237sec

0.44

7 queries

GZIP Disabled
Time is now: 1st December 2025 - 01:51 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.