New
#1
Computer crashed while booting up
I haven't had any more problems with turning the computer off, but just today I had a problem turning it on. I loaded the computer up like normal, but then there was a weird "rrrrrrr" sound, I saw a BSOD on the screen, and it rebooted. Here's the crash error report:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: C:\symbols;C:\symbols\ntkrnlmp.pdb
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`07451000 PsLoadedModuleList = 0xfffff800`0768ee50
Debug session time: Wed Aug 18 09:07:11.619 2010 (UTC - 4:00)
System Uptime: 0 days 0:00:20.586
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd8018). Type ".hh dbgerr001" for details
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff88002131de4, fffff880028d5f70, 0}
*** ERROR: Module load completed but symbols could not be loaded for keyscrambler.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : keyscrambler.sys ( keyscrambler+1de4 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88002131de4, Address of the instruction which caused the bugcheck
Arg3: fffff880028d5f70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: fffff80007451000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4ad86850
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be
%s.
FAULTING_IP:
keyscrambler+1de4
fffff880`02131de4 8b4108 mov eax,dword ptr [rcx+8]
CONTEXT: fffff880028d5f70 -- (.cxr 0xfffff880028d5f70)
rax=fffffa8008158f60 rbx=fffffa8007fe0870 rcx=0000000000000000
rdx=fffffa8007fe0870 rsi=fffffa8007fe0940 rdi=0000000000000080
rip=fffff88002131de4 rsp=fffff880028d6940 rbp=fffff880028d6c00
r8=fffffa8007cebe70 r9=0000000000000000 r10=fffff80007650888
r11=0000000000000006 r12=0000000000000000 r13=0000000000000001
r14=0000000000000001 r15=fffffa8007ce6900
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
keyscrambler+0x1de4:
fffff880`02131de4 8b4108 mov eax,dword ptr [rcx+8] ds:002b:00000000`00000008=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff88002131880 to fffff88002131de4
STACK_TEXT:
fffff880`028d6940 fffff880`02131880 : fffffa80`08128b30 fffff800`074e259c ffffffff`ffffffff 00000000`00000000 :
keyscrambler+0x1de4
fffff880`028d6970 fffff880`0214f626 : 00000000`00000000 fffffa80`07fe0940 00000000`00000001 00000000`00000080 :
keyscrambler+0x1880
fffff880`028d69a0 fffff800`077dc707 : fffffa80`08158de0 fffff880`028d6c60 fffffa80`08158de0 fffffa80`07fe0870 :
keyscrambler+0x1f626
fffff880`028d69d0 fffff800`077dcf66 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!
NtMapViewOfSection+0x1787
fffff880`028d6b00 fffff800`074c0993 : 00000000`0000072b 00000000`011becc0 00000000`00000000 0000007f`ffffffff : nt!
NtDeviceIoControlFile+0x56
fffff880`028d6b70 00000000`7799fdca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!
KeSynchronizeExecution+0x3a43
00000000`011bf698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7799fdca
FOLLOWUP_IP:
keyscrambler+1de4
fffff880`02131de4 8b4108 mov eax,dword ptr [rcx+8]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: keyscrambler+1de4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: keyscrambler
IMAGE_NAME: keyscrambler.sys
STACK_COMMAND: .cxr 0xfffff880028d5f70 ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> lmvm keyscrambler
start end module name
fffff880`02130000 fffff880`02155000 keyscrambler (no symbols)
Loaded symbol image file: keyscrambler.sys
Image path: \SystemRoot\System32\drivers\keyscrambler.sys
Image name: keyscrambler.sys
Timestamp: Fri Oct 16 08:34:24 2009 (4AD86850)
CheckSum: 00026F6C
ImageSize: 00025000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
One thing that especially gets my attention is the unusual Exception Code:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
Does that mean there's something wrong with the memory?
Quote