Windows Debugger, part of Never-Ending-Problem

[Hitchy]

Ok am trying to use the debugger accept it keeps giving me the same message once i haave entered the command into cmd.

Error message :

Could not create process 'cache\i386 -z c:windows\minidump\mini052105-05.dmp', Win32 error 2.

The system cannot find the specified file.


Input command used in CMD :

windbg -y c:\windows\symbols -i c:\windows\driver cache\i386 -z c:\windows\minidump\mini052105-05.dmp


Ok i think i have the input command write, have checked and double checked. Can anyone tell me what is going wrong please.

Thanks
Hitchy

 

[bcastner]

Quotation marks on paths with blank spaces.

 

[bcastner]

For small dumps in particular, I use KD. For both KD and Windbg make sure that c:\program files\debugging tools for windows\ is in your Environmental variable PATH.

To use KD on a small memory dump in your example:

Start, Run, CMD

c:
cd \program files\debugging tools for windows\
kd -z c:\windows\minidump\mini052105-05.dmp
.logopen c:\debuglog.txt
.sympath SRV*c:\windows\symbols*

http://msdl.microsoft.com/download/symbols

.reload;!analyze -v;r;kv;.logclose;q

You now have a debuglog.txt in c:\

 

[bcastner]

Some explanation:

c: <<= the boot drive is the default of debugger installs
cd \program files\debugging tools for windows\ <<== default
kd -z c:\windows\minidump\mini052105-05.dmp <<== you dump
.logopen c:\debuglog.txt <<== specify output file
.sympath SRV*c:\windows\symbols*

http://msdl.microsoft.com/download/symbols

.reload;!analyze -v;r;kv;.logclose;q <<=== debug

You now have a debuglog.txt in c:\

The extrnal reference to the symbol libraries online is to ensure your localstore of symbols is current. If your library is current this takes very little time

 

[Hitchy]

Ok have used bcastner's command and it seemed to work batter than before but obviously still with some errors, probably on my part, things which i may have needed to do but not yet done. This is what kd produced in the log:


Opened log file 'c:\debuglog.txt'
0: kd> .sympath srv*c:\windows\symbols*

http://msdl.microsoft.com/downloads/symbols

Symbol search path is: srv*c:\windows\symbols*

http://msdl.microsoft.com/downloads/symbols

0: kd> .reload;analyze -v;r;kv;.logclose;q
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading unloaded module list
..................
Loading User Symbols
*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for hal.dll
*** WARNING: Unable to verify timestamp for parport.sys
*** ERROR: Module load completed but symbols could not be loaded for parport.sys
*** WARNING: Unable to verify timestamp for portcls.sys
*** ERROR: Module load completed but symbols could not be loaded for portcls.sys
*** WARNING: Unable to verify timestamp for emu10k1m.sys
*** ERROR: Module load completed but symbols could not be loaded for emu10k1m.sys
*** WARNING: Unable to verify timestamp for USBPORT.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBPORT.SYS
*** WARNING: Unable to verify timestamp for e1000325.sys
*** ERROR: Module load completed but symbols could not be loaded for e1000325.sys
*** WARNING: Unable to verify timestamp for VIDEOPRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for VIDEOPRT.SYS
*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** WARNING: Unable to verify timestamp for ndistapi.sys
*** ERROR: Module load completed but symbols could not be loaded for ndistapi.sys
*** WARNING: Unable to verify timestamp for serenum.sys
*** ERROR: Module load completed but symbols could not be loaded for serenum.sys
*** WARNING: Unable to verify timestamp for gameenum.sys
*** ERROR: Module load completed but symbols could not be loaded for gameenum.sys
*** WARNING: Unable to verify timestamp for rasacd.sys
*** ERROR: Module load completed but symbols could not be loaded for rasacd.sys
*** WARNING: Unable to verify timestamp for Mup.sys
*** ERROR: Module load completed but symbols could not be loaded for Mup.sys
*** WARNING: Unable to verify timestamp for NDIS.sys
*** ERROR: Module load completed but symbols could not be loaded for NDIS.sys
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** WARNING: Unable to verify timestamp for KSecDD.sys
*** ERROR: Module load completed but symbols could not be loaded for KSecDD.sys
*** WARNING: Unable to verify timestamp for sr.sys
*** ERROR: Module load completed but symbols could not be loaded for sr.sys
*** WARNING: Unable to verify timestamp for fltmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
*** WARNING: Unable to verify timestamp for SCSIPORT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SCSIPORT.SYS
*** WARNING: Unable to verify timestamp for fasttx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for fasttx2k.sys
*** WARNING: Unable to verify timestamp for atapi.sys
*** ERROR: Module load completed but symbols could not be loaded for atapi.sys
*** WARNING: Unable to verify timestamp for dmio.sys
*** ERROR: Module load completed but symbols could not be loaded for dmio.sys
*** WARNING: Unable to verify timestamp for ftdisk.sys
*** ERROR: Module load completed but symbols could not be loaded for ftdisk.sys
*** WARNING: Unable to verify timestamp for pci.sys
*** ERROR: Module load completed but symbols could not be loaded for pci.sys
*** WARNING: Unable to verify timestamp for ACPI.sys
*** ERROR: Module load completed but symbols could not be loaded for ACPI.sys
*** WARNING: Unable to verify timestamp for dxg.sys
*** ERROR: Module load completed but symbols could not be loaded for dxg.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*** WARNING: Unable to verify timestamp for kmixer.sys
*** ERROR: Module load completed but symbols could not be loaded for kmixer.sys
*** WARNING: Unable to verify timestamp for HTTP.sys
*** ERROR: Module load completed but symbols could not be loaded for HTTP.sys
*** WARNING: Unable to verify timestamp for wdmaud.sys
*** ERROR: Module load completed but symbols could not be loaded for wdmaud.sys
*** WARNING: Unable to verify timestamp for Fastfat.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fastfat.SYS
*** WARNING: Unable to verify timestamp for NAVENG.Sys
*** ERROR: Module load completed but symbols could not be loaded for NAVENG.Sys
*** WARNING: Unable to verify timestamp for NavEx15.Sys
*** ERROR: Module load completed but symbols could not be loaded for NavEx15.Sys
*** WARNING: Unable to verify timestamp for SAVRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS
*** WARNING: Unable to verify timestamp for sysaudio.sys
*** ERROR: Module load completed but symbols could not be loaded for sysaudio.sys
*** WARNING: Unable to verify timestamp for srv.sys
*** ERROR: Module load completed but symbols could not be loaded for srv.sys
*** WARNING: Unable to verify timestamp for mrxdav.sys
*** ERROR: Module load completed but symbols could not be loaded for mrxdav.sys
*** WARNING: Unable to verify timestamp for ndisuio.sys
*** ERROR: Module load completed but symbols could not be loaded for ndisuio.sys
*** WARNING: Unable to verify timestamp for dump_atapi.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_atapi.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
*** ERROR: Module load completed but symbols could not be loaded for mrxsmb.sys
*** WARNING: Unable to verify timestamp for rdbss.sys
*** ERROR: Module load completed but symbols could not be loaded for rdbss.sys
*** WARNING: Unable to verify timestamp for SAVRTPEL.SYS
*** ERROR: Module load completed but symbols could not be loaded for SAVRTPEL.SYS
*** WARNING: Unable to verify timestamp for SPBBCDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for SPBBCDrv.sys
*** WARNING: Unable to verify timestamp for afd.sys
*** ERROR: Module load completed but symbols could not be loaded for afd.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** ERROR: Module load completed but symbols could not be loaded for netbt.sys
*** WARNING: Unable to verify timestamp for symidsco.sys
*** ERROR: Module load completed but symbols could not be loaded for symidsco.sys
*** WARNING: Unable to verify timestamp for SYMFW.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMFW.SYS
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** WARNING: Unable to verify timestamp for ipnat.sys
*** ERROR: Module load completed but symbols could not be loaded for ipnat.sys
*** WARNING: Unable to verify timestamp for SYMTDI.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMTDI.SYS
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
*** WARNING: Unable to verify timestamp for ipsec.sys
*** ERROR: Module load completed but symbols could not be loaded for ipsec.sys
*** WARNING: Unable to verify timestamp for Dxapi.sys
*** ERROR: Module load completed but symbols could not be loaded for Dxapi.sys
*** WARNING: Unable to verify timestamp for update.sys
*** ERROR: Module load completed but symbols could not be loaded for update.sys
*** WARNING: Unable to verify timestamp for rdpdr.sys
*** ERROR: Module load completed but symbols could not be loaded for rdpdr.sys
*** WARNING: Unable to verify timestamp for psched.sys
*** ERROR: Module load completed but symbols could not be loaded for psched.sys
*** WARNING: Unable to verify timestamp for mouhid.sys
*** ERROR: Module load completed but symbols could not be loaded for mouhid.sys
*** WARNING: Unable to verify timestamp for hidusb.sys
*** ERROR: Module load completed but symbols could not be loaded for hidusb.sys
*** WARNING: Unable to verify timestamp for SYMREDRV.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMREDRV.SYS
*** WARNING: Unable to verify timestamp for Cdfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Cdfs.SYS
*** WARNING: Unable to verify timestamp for ndiswan.sys
*** ERROR: Module load completed but symbols could not be loaded for ndiswan.sys
*** WARNING: Unable to verify timestamp for aeaudio.sys
*** ERROR: Module load completed but symbols could not be loaded for aeaudio.sys
*** WARNING: Unable to verify timestamp for smwdm.sys
*** ERROR: Module load completed but symbols could not be loaded for smwdm.sys
*** WARNING: Unable to verify timestamp for ks.sys
*** ERROR: Module load completed but symbols could not be loaded for ks.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for isapnp.sys
*** ERROR: Module load completed but symbols could not be loaded for isapnp.sys
*** WARNING: Unable to verify timestamp for ohci1394.sys
*** ERROR: Module load completed but symbols could not be loaded for ohci1394.sys
*** WARNING: Unable to verify timestamp for 1394BUS.SYS
*** ERROR: Module load completed but symbols could not be loaded for 1394BUS.SYS
*** WARNING: Unable to verify timestamp for MountMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for MountMgr.sys
*** WARNING: Unable to verify timestamp for VolSnap.sys
*** ERROR: Module load completed but symbols could not be loaded for VolSnap.sys
*** WARNING: Unable to verify timestamp for disk.sys
*** ERROR: Module load completed but symbols could not be loaded for disk.sys
*** WARNING: Unable to verify timestamp for CLASSPNP.SYS
*** ERROR: Module load completed but symbols could not be loaded for CLASSPNP.SYS
*** WARNING: Unable to verify timestamp for agp440.sys
*** ERROR: Module load completed but symbols could not be loaded for agp440.sys
*** WARNING: Unable to verify timestamp for wanarp.sys
*** ERROR: Module load completed but symbols could not be loaded for wanarp.sys
*** WARNING: Unable to verify timestamp for arp1394.sys
*** ERROR: Module load completed but symbols could not be loaded for arp1394.sys
*** WARNING: Unable to verify timestamp for HIDCLASS.SYS
*** ERROR: Module load completed but symbols could not be loaded for HIDCLASS.SYS
*** WARNING: Unable to verify timestamp for SYMNDIS.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMNDIS.SYS
*** WARNING: Unable to verify timestamp for netbios.sys
*** ERROR: Module load completed but symbols could not be loaded for netbios.sys
*** WARNING: Unable to verify timestamp for Fips.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fips.SYS
*** WARNING: Unable to verify timestamp for intelppm.sys
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
*** WARNING: Unable to verify timestamp for nic1394.sys
*** ERROR: Module load completed but symbols could not be loaded for nic1394.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for sfmanm.sys
*** ERROR: Module load completed but symbols could not be loaded for sfmanm.sys
*** WARNING: Unable to verify timestamp for i8042prt.sys
*** ERROR: Module load completed but symbols could not be loaded for i8042prt.sys
*** WARNING: Unable to verify timestamp for serial.sys
*** ERROR: Module load completed but symbols could not be loaded for serial.sys
*** WARNING: Unable to verify timestamp for imapi.sys
*** ERROR: Module load completed but symbols could not be loaded for imapi.sys
*** WARNING: Unable to verify timestamp for cdrom.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
*** WARNING: Unable to verify timestamp for redbook.sys
*** ERROR: Module load completed but symbols could not be loaded for redbook.sys
*** WARNING: Unable to verify timestamp for rasl2tp.sys
*** ERROR: Module load completed but symbols could not be loaded for rasl2tp.sys
*** WARNING: Unable to verify timestamp for raspppoe.sys
*** ERROR: Module load completed but symbols could not be loaded for raspppoe.sys
*** WARNING: Unable to verify timestamp for raspptp.sys
*** ERROR: Module load completed but symbols could not be loaded for raspptp.sys
*** WARNING: Unable to verify timestamp for msgpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msgpc.sys
*** WARNING: Unable to verify timestamp for termdd.sys
*** ERROR: Module load completed but symbols could not be loaded for termdd.sys
*** WARNING: Unable to verify timestamp for NDProxy.SYS
*** ERROR: Module load completed but symbols could not be loaded for NDProxy.SYS
*** WARNING: Unable to verify timestamp for usbhub.sys
*** ERROR: Module load completed but symbols could not be loaded for usbhub.sys
*** WARNING: Unable to verify timestamp for PCIIDEX.SYS
*** ERROR: Module load completed but symbols could not be loaded for PCIIDEX.SYS
*** WARNING: Unable to verify timestamp for PartMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for PartMgr.sys
*** WARNING: Unable to verify timestamp for usbuhci.sys
*** ERROR: Module load completed but symbols could not be loaded for usbuhci.sys
*** WARNING: Unable to verify timestamp for usbehci.sys
*** ERROR: Module load completed but symbols could not be loaded for usbehci.sys
*** WARNING: Unable to verify timestamp for kbdclass.sys
*** ERROR: Module load completed but symbols could not be loaded for kbdclass.sys
*** WARNING: Unable to verify timestamp for fdc.sys
*** ERROR: Module load completed but symbols could not be loaded for fdc.sys
*** WARNING: Unable to verify timestamp for TDI.SYS
*** ERROR: Module load completed but symbols could not be loaded for TDI.SYS
*** WARNING: Unable to verify timestamp for ptilink.sys
*** ERROR: Module load completed but symbols could not be loaded for ptilink.sys
*** WARNING: Unable to verify timestamp for raspti.sys
*** ERROR: Module load completed but symbols could not be loaded for raspti.sys
*** WARNING: Unable to verify timestamp for mouclass.sys
*** ERROR: Module load completed but symbols could not be loaded for mouclass.sys
*** WARNING: Unable to verify timestamp for flpydisk.sys
*** ERROR: Module load completed but symbols could not be loaded for flpydisk.sys
*** WARNING: Unable to verify timestamp for vga.sys
*** ERROR: Module load completed but symbols could not be loaded for vga.sys
*** WARNING: Unable to verify timestamp for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** WARNING: Unable to verify timestamp for Npfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Npfs.SYS
*** WARNING: Unable to verify timestamp for HIDPARSE.SYS
*** ERROR: Module load completed but symbols could not be loaded for HIDPARSE.SYS
*** WARNING: Unable to verify timestamp for SYMIDS.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMIDS.SYS
*** WARNING: Unable to verify timestamp for watchdog.sys
*** ERROR: Module load completed but symbols could not be loaded for watchdog.sys
*** WARNING: Unable to verify timestamp for BOOTVID.dll
*** ERROR: Module load completed but symbols could not be loaded for BOOTVID.dll
*** WARNING: Unable to verify timestamp for kdcom.dll
*** ERROR: Module load completed but symbols could not be loaded for kdcom.dll
*** WARNING: Unable to verify timestamp for WMILIB.SYS
*** ERROR: Module load completed but symbols could not be loaded for WMILIB.SYS
*** WARNING: Unable to verify timestamp for intelide.sys
*** ERROR: Module load completed but symbols could not be loaded for intelide.sys
*** WARNING: Unable to verify timestamp for dmload.sys
*** ERROR: Module load completed but symbols could not be loaded for dmload.sys
*** WARNING: Unable to verify timestamp for ctlfacem.sys
*** ERROR: Module load completed but symbols could not be loaded for ctlfacem.sys
*** WARNING: Unable to verify timestamp for swenum.sys
*** ERROR: Module load completed but symbols could not be loaded for swenum.sys
*** WARNING: Unable to verify timestamp for USBD.SYS
*** ERROR: Module load completed but symbols could not be loaded for USBD.SYS
*** WARNING: Unable to verify timestamp for Fs_Rec.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS
*** WARNING: Unable to verify timestamp for Beep.SYS
*** ERROR: Module load completed but symbols could not be loaded for Beep.SYS
*** WARNING: Unable to verify timestamp for mnmdd.SYS
*** ERROR: Module load completed but symbols could not be loaded for mnmdd.SYS
*** WARNING: Unable to verify timestamp for RDPCDD.sys
*** ERROR: Module load completed but symbols could not be loaded for RDPCDD.sys
*** WARNING: Unable to verify timestamp for SYMDNS.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMDNS.SYS
*** WARNING: Unable to verify timestamp for dump_WMILIB.SYS
*** ERROR: Module load completed but symbols could not be loaded for dump_WMILIB.SYS
*** WARNING: Unable to verify timestamp for ParVdm.SYS
*** ERROR: Module load completed but symbols could not be loaded for ParVdm.SYS
*** WARNING: Unable to verify timestamp for pciide.sys
*** ERROR: Module load completed but symbols could not be loaded for pciide.sys
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*** WARNING: Unable to verify timestamp for dxgthk.sys
*** ERROR: Module load completed but symbols could not be loaded for dxgthk.sys
*** WARNING: Unable to verify timestamp for ctljystk.sys
*** ERROR: Module load completed but symbols could not be loaded for ctljystk.sys
*** WARNING: Unable to verify timestamp for audstub.sys
*** ERROR: Module load completed but symbols could not be loaded for audstub.sys
Couldn't resolve error at 'nalyze -v;r;kv;.logclose;q'




Does anybody have any idea what i have done wrong, and what to do right??

Thanks
Hitchy

 

[bcastner]

Change to this line for the symbols path. Either the wrong symbols are installed, or the path is invalid.

.sympath srv*c:\symbols*

http://msdl.microsoft.com/download/symbols

 

[Hitchy]

I take it that link is for downloading the symbols??

 

[Hitchy]

Or do i not need to dl them, can they 'stream' from the site??

 

[Hitchy]

Thanks very much bcaastner. It now seems to have worked .

Now if any body can tell me what this means ...


Opened log file 'c:\debuglog2.txt'
0: kd> .sympath srv*c:\symbols*

http://msdl.microsoft.com/donwload/symbols

Symbol search path is: srv*c:\symbols*

http://msdl.microsoft.com/donwload/symbols

0: kd> .sympath srv*c:\symbols*

http://msdl.microsoft.com/download/symbols

Symbol search path is: srv*c:\symbols*

http://msdl.microsoft.com/download/symbols

0: kd> .reload;!analyze -v;r;kv;.logclose;q
Loading Kernel Symbols
.....................................................................................................................................
Loading unloaded module list
..................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
stack nor a DPC stack. Typically the driver doing this should be
on the stack obtained from `kb' command.
Arg2: ffdff120
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

Unable to load image SAVRT.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for SAVRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS

BUGCHECK_STR: 0xc4_90

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 00000000 to f345aaf4

TRAP_FRAME: 81ab8e14 -- (.trap ffffffff81ab8e14)
.trap ffffffff81ab8e14
ErrCode = 00000000
eax=e182a0e8 ebx=00000000 ecx=e12177f6 edx=e2ea1008 esi=e120007f edi=0000007f
eip=f345aaf4 esp=81ab8e88 ebp=e1200008 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
SAVRT+0x33af4:
f345aaf4 ?? ???
.trap
Resetting default scope

STACK_TEXT:
81ab8e84 00000000 e2ea1008 00000089 f34687eb SAVRT+0x33af4


FOLLOWUP_IP:
SAVRT+33af4
f345aaf4 ?? ???

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: SAVRT+33af4

MODULE_NAME: SAVRT

IMAGE_NAME: SAVRT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 41ba0a1f

STACK_COMMAND: .trap ffffffff81ab8e14 ; kb

FAILURE_BUCKET_ID: 0xc4_90_SAVRT+33af4

BUCKET_ID: 0xc4_90_SAVRT+33af4

Followup: MachineOwner
---------

eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=81ab8c44 esi=00000000 edi=00000000
eip=805371aa esp=81ab8c0c ebp=81ab8c24 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
805371aa 5d pop ebp
ChildEBP RetAddr Args to Child
81ab8c24 8067a445 000000c4 00000090 ffdff120 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
81ab8c44 8067a73f 81ab8c70 8067ad32 00000000 nt!ViDeadlockCheckStackLimits+0x6e (FPO: [Non-Fpo])
81ab8c4c 8067ad32 00000000 00000000 00000000 nt!ViDeadlockCanProceed+0x2a (FPO: [Non-Fpo])
81ab8c70 80550e91 81b44ce8 00000050 81bab398 nt!VfDeadlockDeleteMemoryRange+0x13 (FPO: [Non-Fpo])
81ab8cb4 805503e3 81b44ce8 00000000 81ab8cd0 nt!ExFreePoolWithTag+0xad (FPO: [Non-Fpo])
81ab8cc4 804fe845 81b44ce8 81ab8d00 80679468 nt!ExFreePool+0xf (FPO: [Non-Fpo])
81ab8cd0 80679468 8055bd80 81b44ce8 8067215d nt!ExFreeToPagedLookasideList+0x1e (FPO: [Non-Fpo])
81ab8cdc 8067215d 81b53d98 01872000 fe5f78b8 nt!VfIrpReleaseCallStackData+0x15 (FPO: [0,0,0])
81ab8d00 804fb09e 00000000 fe5f78a8 fe5f78b8 nt!IovCallDriver+0xb8 (FPO: [Non-Fpo])
81ab8d14 804fb0c5 81bab398 fe5f780a fe5f78c0 nt!IopPageReadInternal+0xf3 (FPO: [Non-Fpo])
81ab8d34 804fadec 81b53d98 fe5f78e0 fe5f78c0 nt!IoPageRead+0x1b (FPO: [Non-Fpo])
81ab8da8 804e9893 1595f880 e12177f6 c038485c nt!MiDispatchFault+0x280 (FPO: [Non-Fpo])
81ab8dfc 804e0944 00000000 e12177f6 00000000 nt!MmAccessFault+0x642 (FPO: [Non-Fpo])
81ab8dfc f345aaf4 00000000 e12177f6 00000000 nt!KiTrap0E+0xd0 (FPO: [0,0] TrapFrame @ 81ab8e14)
WARNING: Stack unwind information not available. Following frames may be wrong.
81ab8e84 00000000 e2ea1008 00000089 f34687eb SAVRT+0x33af4
Closing open log file c:\debuglog2.txt



Thanks Hitchy

 

[bcastner]

It means you should uninstall Norton/Symantec Antivirus and reinstall as a first attempt at resolving the issue.

SAVRT.SYS is a service drive for their AV products.

Although this: "Unable to load image SAVRT.SYS, Win32 error 2" is curious, as it usually means the driver was not found as expected.

This would be worth contacting Symantec tech support as a question.

 

[Hitchy]

Rite, will do thanks.

 

[Hitchy]

Ok, have talked to the symantec people and have altered a few registry files as they suggested. I thought the problem may have been cleared, however it seems not.

Another error happened, and this is the dump file of the latest log :


Opened log file 'c:\debuglog3.txt'
0: kd> .sympath srv*c:\symbols*

http://msdl.microsoft.com/download/symbols

Symbol search path is: srv*c:\symbols*

http://msdl.microsoft.com/download/symbols

0: kd> .reload;!analyze -v;r;kv;.logclose;q
Loading Kernel Symbols
......................................................................................................................................
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
stack nor a DPC stack. Typically the driver doing this should be
on the stack obtained from `kb' command.
Arg2: ffdff120
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

Unable to load image SYMEVENT.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Unable to load image SAVRT.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for SAVRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS

BUGCHECK_STR: 0xc4_90

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 00000000 to f34570d4

STACK_TEXT:
ff9c8e84 00000000 e1490008 000000cd f3464dcb SAVRT+0x340d4


FOLLOWUP_IP:
SYMEVENT+b0bb
f58d70bb ?? ???

SYMBOL_STACK_INDEX: 11

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: SYMEVENT+b0bb

MODULE_NAME: SYMEVENT

IMAGE_NAME: SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 4272844c

STACK_COMMAND: .trap ffffffffff9c8e14 ; kb

FAILURE_BUCKET_ID: 0xc4_90_SYMEVENT+b0bb

BUCKET_ID: 0xc4_90_SYMEVENT+b0bb

Followup: MachineOwner
---------

eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=ff9c8840 esi=00000000 edi=00000000
eip=805371aa esp=ff9c8808 ebp=ff9c8820 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
805371aa 5d pop ebp
ChildEBP RetAddr Args to Child
ff9c8820 8067a445 000000c4 00000090 ffdff120 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
ff9c8840 8067a73f ff9c886c 8067ad32 00000000 nt!ViDeadlockCheckStackLimits+0x6e (FPO: [Non-Fpo])
ff9c8848 8067ad32 00000000 00000000 00000000 nt!ViDeadlockCanProceed+0x2a (FPO: [Non-Fpo])
ff9c886c 80550e91 feeabc58 00000050 82293b40 nt!VfDeadlockDeleteMemoryRange+0x13 (FPO: [Non-Fpo])
ff9c88b0 805503e3 feeabc58 00000000 ff9c88cc nt!ExFreePoolWithTag+0xad (FPO: [Non-Fpo])
ff9c88c0 804fe845 feeabc58 ff9c88fc 80679468 nt!ExFreePool+0xf (FPO: [Non-Fpo])
ff9c88cc 80679468 8055bd80 feeabc58 8067215d nt!ExFreeToPagedLookasideList+0x1e (FPO: [Non-Fpo])
ff9c88d8 8067215d 8227a600 af873000 827d6e28 nt!VfIrpReleaseCallStackData+0x15 (FPO: [0,0,0])
ff9c88fc ba634520 81fe7cc0 821045b0 ff9c8ab4 nt!IovCallDriver+0xb8 (FPO: [Non-Fpo])
ff9c89c4 ba634725 ff9c8ab4 827d6e28 821045b0 Ntfs!NtfsPagingFileIo+0x1b2 (FPO: [Non-Fpo])
ff9c8aa0 ba631fbf ff9c8ab4 827d6e28 00000001 Ntfs!NtfsCommonRead+0x2bd (FPO: [Non-Fpo])
ff9c8c50 804e13d9 8227a520 827d6e28 806ff428 Ntfs!NtfsFsdRead+0x22d (FPO: [Non-Fpo])
ff9c8c60 80672145 8227add0 82235348 fcd14501 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
ff9c8c84 ba6d3459 ff9c8cc0 804e13d9 8227add0 nt!IovCallDriver+0xa0 (FPO: [Non-Fpo])
ff9c8c8c 804e13d9 8227add0 827d6e28 806ff428 sr!SrPassThrough+0x31 (FPO: [Non-Fpo])
ff9c8c9c 80672145 821c1008 827d6e28 fcd14501 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
ff9c8cc0 f58d70bb 81bd5298 81be9580 804e13d9 nt!IovCallDriver+0xa0 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
ff9c8d00 804fb09e 00000000 fcd145c0 fcd145d0 SYMEVENT+0xb0bb
ff9c8d14 804fb0c5 81bd5298 fcd1450a fcd145d8 nt!IopPageReadInternal+0xf3 (FPO: [Non-Fpo])
ff9c8d34 804fadec 81b3f868 fcd145f8 fcd145d8 nt!IoPageRead+0x1b (FPO: [Non-Fpo])
Closing open log file c:\debuglog3.txt



Still the same problem as before??


Cheers,
Hitchy

 

[bcastner]

Boot into Safe Mode by hitting the F8 key early and often as soon as your machine starts. Select from the boot option menu Safe Mode.

Start, Run, verifier /reset

Now restart Windows normally.

 

[Hitchy]

ok and then ...?

 

[bcastner]

With verifier off it should make your system much less brittle and hopefully prevent the blue screens of death.

 

[Hitchy]

Ok thanks very much bcastner. hopefully the problem will be less eventful, or not at all.


Cheers,
Hitchy