New
#1
Memory dump
Hi, appreciate if anyone could help me analyse this memory dump log
Thanks alot
Code:Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\temp\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Missing image name, possible paged-out or corrupt data. *** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000 Unable to add module at 00000000`00000000 WARNING: .reload failed, module list may be incomplete Debugger can not determine kernel base address Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64 Product: Server, suite: Enterprise TerminalServer SingleUserTS Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333 Machine Name: Kernel base = 0xfffff800`01817000 PsLoadedModuleList = 0xfffff800`01a5b670 Debug session time: Sat Nov 24 03:27:16.766 2012 (UTC + 8:00) System Uptime: 5 days 22:57:35.212 Missing image name, possible paged-out or corrupt data. *** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000 Unable to add module at 00000000`00000000 WARNING: .reload failed, module list may be incomplete Debugger can not determine kernel base address Loading Kernel Symbols Missing image name, possible paged-out or corrupt data. .*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000 Unable to add module at 00000000`00000000 Unable to read KLDR_DATA_TABLE_ENTRY at 00000000`00000000 - NTSTATUS 0xC0000147 WARNING: .reload failed, module list may be incomplete ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {100008038, 2, 0, fffff800018a10db} ***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057. Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000100008038, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800018a10db, address which referenced memory Debugging Details: ------------------ ***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057. READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSizeOfNonPagedPoolInBytes 0000000100008038 CURRENT_IRQL: 0 FAULTING_IP: +0 fffff800`018a10db 488b42f8 mov rax,qword ptr [rdx-8] DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88006a509a5 STACK_TEXT: fffff880`05c131d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`06a509a5 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: CORRUPT_MODULELIST Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000100008038, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800018a10db, address which referenced memory Debugging Details: ------------------ ***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057. READ_ADDRESS: 0000000100008038 CURRENT_IRQL: 0 FAULTING_IP: +0 fffff800`018a10db 488b42f8 mov rax,qword ptr [rdx-8] DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88006a509a5 STACK_TEXT: fffff880`05c131d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`06a509a5 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: CORRUPT_MODULELIST Followup: MachineOwner --------- 0: kd> lmvm Unknown_Module start end module name 0: kd> lmvm Unknown_Module start end module name
Last edited by Brink; 26 Nov 2012 at 02:11. Reason: code box