Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Translating memory adresses in windbg output

08 Jul 2014   #1
algol

windows 7 starter 32bit
 
 
Translating memory adresses in windbg output

Hi everybody. I've got blue screens pointing to ntfs.sys, many other drivers and ntoskrnl.exe on a pc wich I suspect has memory problems, originating either from the memory controller or the memory itself. I've already tested the only memory stick on the failing pc and another correctly working pc during several ours finding no errors. I'd like to know how to translate memory adresses like "fffff880`03164420" to physical adresses so I can test them more througly. I'd really apreciate any help. Here is the windbg analysis of one of the dups, wich I attached to the post:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\backup\backup2\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*c:\mss*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02601000 PsLoadedModuleList = 0xfffff800`02846e90
Debug session time: Tue Jul 8 09:13:21.144 2014 (GMT-3)
System Uptime: 0 days 0:47:25.252
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols

Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff880031641e8, fffff88003163a40, fffff8000269573a}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCheckpointVolume+35e )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880031641e8
Arg3: fffff88003163a40
Arg4: fffff8000269573a

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'nvlddmkm' and 'nvlddmkm.sys' overlap

EXCEPTION_RECORD: fffff880031641e8 -- (.exr 0xfffff880031641e8)
ExceptionAddress: fffff8000269573a (nt!CcUnpinFileDataEx+0x00000000000000ea)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

CONTEXT: fffff88003163a40 -- (.cxr 0xfffff88003163a40)
rax=0000000000000000 rbx=00000000ffffffff rcx=0000000000000000
rdx=fffffa8002619901 rsi=0000000065084601 rdi=fffffa80036adc80
rip=fffff8000269573a rsp=fffff88003164420 rbp=fffff8000281e600
r8=0000000000000001 r9=0000000000000000 r10=0000000000000000
r11=00000001b10bd975 r12=0000000000000000 r13=fffffa8002619910
r14=00000000000002fd r15=fffffa8002619920
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!CcUnpinFileDataEx+0xea:
fffff800`0269573a 488b4808 mov rcx,qword ptr [rax+8] ds:002b:00000000`00000008=????????????????
Resetting default scope

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria en 0x%08lx. La memoria no se pudo %s.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000008

READ_ADDRESS: 0000000000000008

FOLLOWUP_IP:
Ntfs!NtfsCheckpointVolume+35e
fffff880`012cce7e 4c8b9c24e0000000 mov r11,qword ptr [rsp+0E0h]

FAULTING_IP:
nt!CcUnpinFileDataEx+ea
fffff800`0269573a 488b4808 mov rcx,qword ptr [rax+8]

BUGCHECK_STR: 0x24

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from fffff80002642fb5 to fffff8000269573a

STACK_TEXT:
fffff880`03164420 fffff800`02642fb5 : fffffa80`02601980 fffff800`0281e600 fffff800`00001000 00000000`00000000 : nt!CcUnpinFileDataEx+0xea
fffff880`031644a0 fffff880`012cce7e : fffff8a0`00136870 fffff880`01223428 fffff880`03164ab0 fffff880`03164658 : nt!CcGetDirtyPages+0x1d9
fffff880`03164590 fffff880`012d08db : fffff880`03164ab0 fffffa80`02724180 fffff880`03164a00 fffff880`01223000 : Ntfs!NtfsCheckpointVolume+0x35e
fffff880`03164990 fffff880`012cf27b : fffff880`03164ab0 fffffa80`02724180 fffffa80`02724188 fffff880`01216020 : Ntfs!NtfsCheckpointAllVolumesWorker+0x4b
fffff880`031649e0 fffff880`012d1398 : fffff880`03164ab0 00000000`00000000 fffff880`012d0890 fffff880`03164cb8 : Ntfs!NtfsForEachVcb+0x167
fffff880`03164a80 fffff800`0268ba21 : fffff880`0418a500 fffff800`0281e600 fffffa80`015ce000 00000000`00000003 : Ntfs!NtfsCheckpointAllVolumes+0xb8
fffff880`03164cb0 fffff800`0291ecce : 00000000`00000000 fffffa80`015ce040 00000000`00000080 fffffa80`015ab040 : nt!ExpWorkerThread+0x111
fffff880`03164d40 fffff800`02672fe6 : fffff880`02f63180 fffffa80`015ce040 fffff880`02f6dfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03164d80 00000000`00000000 : fffff880`03165000 fffff880`0315f000 fffff880`031649e0 00000000`00000000 : nt!KxStartSystemThread+0x16


SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: Ntfs!NtfsCheckpointVolume+35e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME: Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce792f9

STACK_COMMAND: .cxr 0xfffff88003163a40 ; kb

FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCheckpointVolume+35e

BUCKET_ID: X64_0x24_Ntfs!NtfsCheckpointVolume+35e

Followup: MachineOwner
---------


My System SpecsSystem Spec
.
08 Jul 2014   #2
HarriePateman

Windows 7 Ultimate 64-bit
 
 

Well i would Recommend testing your RAM sticks before you go too deep into anything, that way we can rule out the obvious straight away.

Il message Boozad to have a look as he has much superior knowledge!
My System SpecsSystem Spec
08 Jul 2014   #3
algol

windows 7 starter 32bit
 
 

Quote   Quote: Originally Posted by HarriePateman View Post
Well i would Recommend testing your RAM sticks before you go too deep into anything, that way we can rule out the obvious straight away.

Il message Boozad to have a look as he has much superior knowledge!
Thanks for your reply. I've already tested the only memory stick on the failing pc and another correctly working pc during several ours finding no errors. I'd like to know how to translate memory adresses like "fffff880`03164420" to physical adresses so I can test them more througly. Thanks
My System SpecsSystem Spec
.

08 Jul 2014   #4
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

Please fill in your system specs by following the top link in my signature.

We need more information to analyze your logs. Follow Blue Screen of Death (BSOD) Posting Instructions, let the tool run until it has completely finished and then upload the new logs.

In the meantime, your nVidia Storage driver is causing issues.

Code:
fffff880`03163128  fffff880`00c32546Unable to load image \SystemRoot\system32\drivers\nvstor.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvstor.sys
*** ERROR: Module load completed but symbols could not be loaded for nvstor.sys
 nvstor+0x8546
It is old and needs updating. Search for updates here.

Code:
2: kd> lmvm nvstor
start             end                 module name
fffff880`00c2a000 fffff880`00c55000   nvstor   T (no symbols)           
    Loaded symbol image file: nvstor.sys
    Image path: \SystemRoot\system32\drivers\nvstor.sys
    Image name: nvstor.sys
    Timestamp:        Fri Mar 19 20:45:11 2010 (4BA3E257)
    CheckSum:         0002FE37
    ImageSize:        0002B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your nVidia video driver has also been flagged.

Code:
fffff880`03164838  fffff880`04a0b0ffUnable to load image \SystemRoot\system32\DRIVERS\nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
 nvlddmkm+0x17f0ff
It is very old and needs updating. Search for updates on the site linked above.

Code:
2: kd> lmvm nvlddmkm
start             end                 module name
fffff880`0488c000 fffff880`05392980   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Fri May 01 07:58:45 2009 (49FA9DA5)
    CheckSum:         00B182FA
    ImageSize:        00B06980
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Run SeaTools to check the integrity of your HDD. SeaTools for DOS and Windows - How to Use

Run chkdsk. Disk Check
My System SpecsSystem Spec
08 Jul 2014   #5
HarriePateman

Windows 7 Ultimate 64-bit
 
 

My System SpecsSystem Spec
08 Jul 2014   #6
algol

windows 7 starter 32bit
 
 

Thanks Bosaad. Sadly, I'v wiped the disk containing the windows install where the blue screens took place. It was a fresh installed windows 32bits starter with only the drivers provided in the asus webpage installed, nothing more. The BSOD took place while deleting a large folder. The disk is a Western Digital and I tested it using Data Lifeguard Tools provided in WD webpage using short and long test. The smart values are also ok. I also used Chkdsk, and no errors showed up. Thank you
My System SpecsSystem Spec
09 Jul 2014   #7
algol

windows 7 starter 32bit
 
 

Hi Boozad! I've added the information given by the two diagnostics programs as you asked. Sorry to bother you, but I'd really apreciate if you could tell me wich commands in windbg you used to get this info:
fffff880`03163128 fffff880`00c32546Unable to load image \SystemRoot\system32\drivers\nvstor.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for nvstor.sys *** ERROR: Module load completed but symbols could not be loaded for nvstor.sys nvstor+0x8546
Thank you very much!

Quote   Quote: Originally Posted by Boozad View Post
Please fill in your system specs by following the top link in my signature.

We need more information to analyze your logs. Follow Blue Screen of Death (BSOD) Posting Instructions, let the tool run until it has completely finished and then upload the new logs.

In the meantime, your nVidia Storage driver is causing issues.

Code:
fffff880`03163128  fffff880`00c32546Unable to load image \SystemRoot\system32\drivers\nvstor.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvstor.sys
*** ERROR: Module load completed but symbols could not be loaded for nvstor.sys
 nvstor+0x8546
It is old and needs updating. Search for updates here.

Code:
2: kd> lmvm nvstor
start             end                 module name
fffff880`00c2a000 fffff880`00c55000   nvstor   T (no symbols)           
    Loaded symbol image file: nvstor.sys
    Image path: \SystemRoot\system32\drivers\nvstor.sys
    Image name: nvstor.sys
    Timestamp:        Fri Mar 19 20:45:11 2010 (4BA3E257)
    CheckSum:         0002FE37
    ImageSize:        0002B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your nVidia video driver has also been flagged.

Code:
fffff880`03164838  fffff880`04a0b0ffUnable to load image \SystemRoot\system32\DRIVERS\nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
 nvlddmkm+0x17f0ff
It is very old and needs updating. Search for updates on the site linked above.

Code:
2: kd> lmvm nvlddmkm
start             end                 module name
fffff880`0488c000 fffff880`05392980   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Fri May 01 07:58:45 2009 (49FA9DA5)
    CheckSum:         00B182FA
    ImageSize:        00B06980
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Run SeaTools to check the integrity of your HDD. SeaTools for DOS and Windows - How to Use

Run chkdsk. Disk Check
My System SpecsSystem Spec
09 Jul 2014   #8
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

Have a read of this.
My System SpecsSystem Spec
09 Jul 2014   #9
algol

windows 7 starter 32bit
 
 

Quote   Quote: Originally Posted by Boozad View Post
Have a read of this.
Sorry, I forgot to add the output files of the diagnostic programs in the last post, I added them now. I read the link you gave me and a lot of other pages about windbg commands and usage, but till now I'm unable to pinpoint nvstor.sys and nvlddmkm.sys as problematic drivers. Could you please tell me what commands did you use to arrive at that conclusion? That would be very helpful to me not only to solve this blue screens, but also many others I could find. Pleaseeee
My System SpecsSystem Spec
Reply

 Translating memory adresses in windbg output




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How do I use WinDBG to properly analyze a kernal memory dump?
I've started getting in to analyzing my own memory dumps with WinDBG but the problem is I don't know which commands to use to properly utilize its features. For instance, (forgive me if I sound noobish about this I'm new to analyzing them) how do I view the call stacks for seeing if the probable...
BSOD Help and Support
Translating Labels - Win7 and Office
I use the Brazilian Portuguese versions of Win7 and Office. To make my posts well understood for the English speaking people, sometimes I have difficulties translating the Portuguese labels to the exact English ones. Is there a way to solve this problem? Any help is welcome. Regards,...
Installation & Setup
how do i prevent websites from auto-translating
Hello everyone I know this is not a problem concerning windows 7, but browsing in general. I still hope this is okay, because I got very good answers I last used this forum. I noticed over the last few months that there seems to be rising a new website standart, that automatically assumes ...
Browsers & Mail
Gigabyte HDMI output to Yamaha receiver - no sound output
GA-890GPA-UD3H (rev. 3.1) GIGABYTE - Motherboard - Socket AM3+ - GA-890GPA-UD3H (rev. 3.1) (Note 3) Simultaneous output for DVI-D and HDMI is not supported. What I'm trying to do is output just my sound to the receiver via HDMI cable, but still use the DVI to my monitor...
Sound & Audio
windows live mail won't open adresses
Hi, I have two dell computers. Before, I used to be able to go to craigslist, etc and click on the link and it open a blank email. Now, the links don't open. I checked and still have windows live essentials. I tried to make windows live mail my default in the programs area, but even thou I...
Browsers & Mail
Windbg
Hello can someone help with the windbg, I have been given a direct link but it goes to Juno. I am running windows 7 64bit and need to install windbg,,,so if anyone knows the direct link please let me know and thank you for all your help. Tom
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:54.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App