Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
Unable to read PsLoadedModuleList
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
KdDebuggerData.KernBase < SystemRangeStart
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x00000000 PsLoadedModuleList = 0x82908ad0
Debug session time: Sat Nov 10 23:11:54.187 2007 (GMT+2)
System Uptime: 0 days 0:16:36.814
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
Unable to read PsLoadedModuleList
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
KdDebuggerData.KernBase < SystemRangeStart
Loading Kernel Symbols
Unable to read PsLoadedModuleList
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
CS descriptor lookup failed
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get program counterGetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41287, 5f180010, 0, 0}
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
GetContextState failed, 0xD0000147
Unable to read selector for PCR for processor 0
GetContextState failed, 0xD0000147
Unable to read selector for PCR for processor 0
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get current machine context, NTSTATUS 0xC0000147
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
?: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
?: kd> !locks
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Unable to get program counterUnable to read PsLoadedModuleList
**** DUMP OF ALL RESOURCE OBJECTS ****
00000000: Unable to get value of ExpSystemResourcesList
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Black Hibernate
Rate Topic:
#41
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 14 November 2007 - 06:06 PM
I think something went wrong:
Back to top
#42
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 15 November 2007 - 03:55 AM
OK, this is much better:
as you can see I even used "!analyze -v".
is i8042prt.sys the problem? isn't this a mouse port?
how it is related to my hibernation problem?
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mtk\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x82400000 PsLoadedModuleList = 0x82508ab0
Debug session time: Wed Sep 19 22:17:50.716 2007 (GMT+2)
System Uptime: 0 days 3:08:28.865
Loading Kernel Symbols
....................................................................................................
............................................................
Loading User Symbols
....................................................................................................
................
Loading unloaded module list
.....Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+255 )
Followup: MachineOwner
---------
0: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks...............................................................................................
....................................................................................................
............................................
Resource @ 0x88c55f80 Shared 1 owning threads
Contention Count = 1
Threads: 8893bd78-01<*>
KD: Scanning for held locks...............................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
......................
34080 total locks, 1 locks currently held
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: MANUALLY_INITIATED_CRASH
DEFAULT_BUCKET_ID: VISTA_RC
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 6
LAST_CONTROL_TRANSFER: from 8d02c472 to 824acedf
STACK_TEXT:
89fb5de4 8d02c472 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1e
89fb5e14 8d02a37a 002f95e0 474b28c6 00000000 i8042prt!I8xProcessCrashDump+0x255
89fb5e5c 82437051 8736a000 872f9528 00000000 i8042prt!I8042KeyboardInterruptService+0x21e
89fb5e5c 89d8641b 8736a000 872f9528 00000000 nt!KiInterruptDispatch+0x51
WARNING: Frame IP not in any known module. Following frames may be wrong.
89fb5f84 82436e35 00000100 00000072 000001ff 0x89d8641b
89fb5f84 00000000 00000100 00000072 000001ff nt!KiChainedDispatch+0x65
STACK_COMMAND: kb
FOLLOWUP_IP:
i8042prt!I8xProcessCrashDump+255
8d02c472 83fe01 cmp esi,1
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: i8042prt
IMAGE_NAME: i8042prt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4549b180
SYMBOL_NAME: i8042prt!I8xProcessCrashDump+255
FAILURE_BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+255
BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+255
Followup: MachineOwner
---------
as you can see I even used "!analyze -v".
is i8042prt.sys the problem? isn't this a mouse port?
how it is related to my hibernation problem?
#43
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,000
- Joined: 09-September 01
- OS:Windows 7 x64
-
Country:
-
Posted 15 November 2007 - 01:54 PM
MtK, on Nov 15 2007, 04:55 AM, said:
is i8042prt.sys the problem? isn't this a mouse port?
how it is related to my hibernation problem?
how it is related to my hibernation problem?
It only shows up because you crashed it with the keyboard (hence, i8042prt). You can't use !analyze -v on a manual crash
. Anyway, run the same commands, but this time, also run the commands ".thread 8893bd78", ".reload /user", and "!thread 8893bd78" in that order.
#44
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 15 November 2007 - 02:59 PM
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mtk\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x82400000 PsLoadedModuleList = 0x82508ab0
Debug session time: Wed Sep 19 22:17:50.716 2007 (GMT+2)
System Uptime: 0 days 3:08:28.865
Loading Kernel Symbols
....................................................................................................
............................................................
Loading User Symbols
....................................................................................................
................
Loading unloaded module list
.....Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+255 )
Followup: MachineOwner
---------
0: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks...............................................................................................
....................................................................................................
............................................
Resource @ 0x88c55f80 Shared 1 owning threads
Contention Count = 1
Threads: 8893bd78-01<*>
KD: Scanning for held locks...............................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
......................
34080 total locks, 1 locks currently held
0: kd> .thread 8893bd78
Implicit thread is now 8893bd78
0: kd> .reload /user
Loading User Symbols
....................................................................................................
................
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
0: kd> !thread 8893bd78
THREAD 8893bd78 Cid 0470.0f44 Teb: 7ff8a000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
9b096c64 NotificationEvent
IRP List:
86db1de0: (0006,0220) Flags: 00020900 Mdl: 00000000
86cff100: (0006,0220) Flags: 00000884 Mdl: 00000000
Impersonation token: a0512360 (Level Impersonation)
Owning Process 88eda550 Image: svchost.exe
Wait Start TickCount 724917 Ticks: 5 (0:00:00:00.078)
Context Switch Count 115839
UserTime 00:00:00.0374
KernelTime 00:00:28.0969
Win32 Start Address sysmain!PfRbPrefetchWorker (0x6f524b78)
Stack Init 9b098000 Current 9b096a38 Base 9b098000 Limit 9b095000 Call 0
Priority 9 BasePriority 7 PriorityDecrement 1
*** ERROR: Module load completed but symbols could not be loaded for amon.sys
ChildEBP RetAddr Args to Child
9b096a50 824697c6 8893be00 8893bd78 8893be30 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
9b096a8c 8246721c 8893bd78 9b096b14 9b096d10 nt!KiSwapThread+0x36d
9b096ae8 830bed88 9b096c64 00000000 00000000 nt!KeWaitForSingleObject+0x414
9b096b08 830ba3a6 9b096d10 00000000 00000000 Ntfs!NtfsWaitOnIo+0x1c (FPO: [Non-Fpo])
9b096c2c 830b6241 9b096d10 86cd8cf8 a2d3a610 Ntfs!NtfsNonCachedIo+0x402 (FPO: [Non-Fpo])
9b096d00 830b5282 9b096d10 86cd8cf8 00c0070a Ntfs!NtfsCommonRead+0xefd (FPO: [Non-Fpo])
9b096e38 82467928 8654f498 86cd8cf8 86cd8cf8 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b096e50 8332ca5c 86548438 86cd8cf8 00000000 nt!IofCallDriver+0x63
9b096e74 8332cc18 9b096e94 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b096eac 82467928 86548438 86cd8cf8 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b096ec4 982a96b6 00000000 8715b2a8 82467928 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9b096ee8 8249ab0e 8a24ba34 8a24ba54 8893bd78 amon+0x46b6
9b096f04 82459a11 00000043 8893bd78 8a24ba60 nt!IoPageRead+0x176
9b096fb8 82457f18 c4b80000 b732a5f0 00000000 nt!MiDispatchFault+0xbde
9b097028 82497b7d 00000000 c4b80000 00000000 nt!MmAccessFault+0xe36
9b097070 825d77f1 c4b80000 00000000 9b09cbbc nt!MmCheckCachedPageState+0x69b
9b0970fc 830b4c8c 86b2c028 9b097140 000001ff nt!CcCopyRead+0x417
9b097128 830b62a7 86b9b760 86b2c028 86db1de0 Ntfs!NtfsCachedRead+0x11e (FPO: [Non-Fpo])
9b097204 830b5282 86b9b760 86db1de0 9b8a7ca0 Ntfs!NtfsCommonRead+0xf63 (FPO: [Non-Fpo])
9b097274 82467928 8654f498 86db1de0 86db1de0 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b09728c 8332ca5c 86548438 86db1de0 00000000 nt!IofCallDriver+0x63
9b0972b0 8332cc18 9b0972d0 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b0972e8 82467928 86548438 86db1de0 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b097300 982a96b6 86b2c028 8715b2a8 82467928 nt!IofCallDriver+0x63
9b097324 825c80bb 86db1de0 86db1fdc 86b2c028 amon+0x46b6
9b097344 825e084b 8715b2a8 86b2c028 00000001 nt!IopSynchronousServiceTail+0x1e0
9b0973d0 82445f7a 8715b2a8 86db1de0 00000000 nt!NtReadFile+0x646
9b0973d0 82444959 8715b2a8 86db1de0 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9b0973fc)
9b09746c 982aa26c 000007c8 00000000 00000000 nt!ZwReadFile+0x11 (FPO: [9,0,0])
9b0974a8 982aac7e 000007c8 890e2308 000001ff amon+0x526c
9b0974cc 982a92c7 890e22e8 00000000 00000000 amon+0x5c7e
9b097518 82467928 8715b2a8 86cff100 88ec0bb4 amon+0x42c7
9b097530 825c8e87 9b09cea8 88fe4c10 86475d20 nt!IofCallDriver+0x63
9b0975e8 8261857b 8715b2a8 00000000 86c7f008 nt!IopParseDevice+0xcff
9b097620 825da839 88fe4c10 00000000 86c7f008 nt!IopParseFile+0x46
9b0976b0 825cc97e 80000810 9b097708 00000240 nt!ObpLookupObjectName+0x13e
9b097710 825f1f9c 9b09795c 00000000 8654f500 nt!ObOpenObjectByName+0x13c
9b097784 8261c4fc 9b097938 00000081 9b09795c nt!IopCreateFile+0x5ec
9b0977e0 83340c2a 9b097938 00000081 9b09795c nt!IoCreateFileEx+0x9d
9b097864 83321042 85b81530 00000000 9b097938 fltmgr!FltCreateFileEx2+0xae (FPO: [Non-Fpo])
#45
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,000
- Joined: 09-September 01
- OS:Windows 7 x64
-
Country:
-
Posted 15 November 2007 - 03:12 PM
Great - same thing as previous, but now add "!irp 86db1de0", "!irp 86cff100", and "lmvm amon"
#46
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 15 November 2007 - 04:11 PM
as long as you know what ur doing...
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mtk\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x82400000 PsLoadedModuleList = 0x82508ab0
Debug session time: Wed Sep 19 22:17:50.716 2007 (GMT+2)
System Uptime: 0 days 3:08:28.865
Loading Kernel Symbols
....................................................................................................
............................................................
Loading User Symbols
....................................................................................................
................
Loading unloaded module list
.....Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+255 )
Followup: MachineOwner
---------
0: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks...............................................................................................
....................................................................................................
............................................
Resource @ 0x88c55f80 Shared 1 owning threads
Contention Count = 1
Threads: 8893bd78-01<*>
KD: Scanning for held locks...............................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
......................
34080 total locks, 1 locks currently held
0: kd> .thread 8893bd78
Implicit thread is now 8893bd78
0: kd> .reload /user
Loading User Symbols
....................................................................................................
................
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
0: kd> !thread 8893bd78
THREAD 8893bd78 Cid 0470.0f44 Teb: 7ff8a000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
9b096c64 NotificationEvent
IRP List:
86db1de0: (0006,0220) Flags: 00020900 Mdl: 00000000
86cff100: (0006,0220) Flags: 00000884 Mdl: 00000000
Impersonation token: a0512360 (Level Impersonation)
Owning Process 88eda550 Image: svchost.exe
Wait Start TickCount 724917 Ticks: 5 (0:00:00:00.078)
Context Switch Count 115839
UserTime 00:00:00.0374
KernelTime 00:00:28.0969
Win32 Start Address sysmain!PfRbPrefetchWorker (0x6f524b78)
Stack Init 9b098000 Current 9b096a38 Base 9b098000 Limit 9b095000 Call 0
Priority 9 BasePriority 7 PriorityDecrement 1
*** ERROR: Module load completed but symbols could not be loaded for amon.sys
ChildEBP RetAddr Args to Child
9b096a50 824697c6 8893be00 8893bd78 8893be30 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
9b096a8c 8246721c 8893bd78 9b096b14 9b096d10 nt!KiSwapThread+0x36d
9b096ae8 830bed88 9b096c64 00000000 00000000 nt!KeWaitForSingleObject+0x414
9b096b08 830ba3a6 9b096d10 00000000 00000000 Ntfs!NtfsWaitOnIo+0x1c (FPO: [Non-Fpo])
9b096c2c 830b6241 9b096d10 86cd8cf8 a2d3a610 Ntfs!NtfsNonCachedIo+0x402 (FPO: [Non-Fpo])
9b096d00 830b5282 9b096d10 86cd8cf8 00c0070a Ntfs!NtfsCommonRead+0xefd (FPO: [Non-Fpo])
9b096e38 82467928 8654f498 86cd8cf8 86cd8cf8 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b096e50 8332ca5c 86548438 86cd8cf8 00000000 nt!IofCallDriver+0x63
9b096e74 8332cc18 9b096e94 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b096eac 82467928 86548438 86cd8cf8 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b096ec4 982a96b6 00000000 8715b2a8 82467928 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9b096ee8 8249ab0e 8a24ba34 8a24ba54 8893bd78 amon+0x46b6
9b096f04 82459a11 00000043 8893bd78 8a24ba60 nt!IoPageRead+0x176
9b096fb8 82457f18 c4b80000 b732a5f0 00000000 nt!MiDispatchFault+0xbde
9b097028 82497b7d 00000000 c4b80000 00000000 nt!MmAccessFault+0xe36
9b097070 825d77f1 c4b80000 00000000 9b09cbbc nt!MmCheckCachedPageState+0x69b
9b0970fc 830b4c8c 86b2c028 9b097140 000001ff nt!CcCopyRead+0x417
9b097128 830b62a7 86b9b760 86b2c028 86db1de0 Ntfs!NtfsCachedRead+0x11e (FPO: [Non-Fpo])
9b097204 830b5282 86b9b760 86db1de0 9b8a7ca0 Ntfs!NtfsCommonRead+0xf63 (FPO: [Non-Fpo])
9b097274 82467928 8654f498 86db1de0 86db1de0 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b09728c 8332ca5c 86548438 86db1de0 00000000 nt!IofCallDriver+0x63
9b0972b0 8332cc18 9b0972d0 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b0972e8 82467928 86548438 86db1de0 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b097300 982a96b6 86b2c028 8715b2a8 82467928 nt!IofCallDriver+0x63
9b097324 825c80bb 86db1de0 86db1fdc 86b2c028 amon+0x46b6
9b097344 825e084b 8715b2a8 86b2c028 00000001 nt!IopSynchronousServiceTail+0x1e0
9b0973d0 82445f7a 8715b2a8 86db1de0 00000000 nt!NtReadFile+0x646
9b0973d0 82444959 8715b2a8 86db1de0 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9b0973fc)
9b09746c 982aa26c 000007c8 00000000 00000000 nt!ZwReadFile+0x11 (FPO: [9,0,0])
9b0974a8 982aac7e 000007c8 890e2308 000001ff amon+0x526c
9b0974cc 982a92c7 890e22e8 00000000 00000000 amon+0x5c7e
9b097518 82467928 8715b2a8 86cff100 88ec0bb4 amon+0x42c7
9b097530 825c8e87 9b09cea8 88fe4c10 86475d20 nt!IofCallDriver+0x63
9b0975e8 8261857b 8715b2a8 00000000 86c7f008 nt!IopParseDevice+0xcff
9b097620 825da839 88fe4c10 00000000 86c7f008 nt!IopParseFile+0x46
9b0976b0 825cc97e 80000810 9b097708 00000240 nt!ObpLookupObjectName+0x13e
9b097710 825f1f9c 9b09795c 00000000 8654f500 nt!ObOpenObjectByName+0x13c
9b097784 8261c4fc 9b097938 00000081 9b09795c nt!IopCreateFile+0x5ec
9b0977e0 83340c2a 9b097938 00000081 9b09795c nt!IoCreateFileEx+0x9d
9b097864 83321042 85b81530 00000000 9b097938 fltmgr!FltCreateFileEx2+0xae (FPO: [Non-Fpo])
0: kd> !irp 86db1de0
Irp is active with 12 stacks 11 is current (= 0x86db1fb8)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 3, 0] 0 e0 8654f498 86b2c028 8332c44a-867c4a68 Success Error Cancel
\FileSystem\Ntfs fltmgr!FltpPassThroughCompletion
Args: 000001ff 00000000 00000000 00000000
[ 3, 0] 0 1 86548438 86b2c028 00000000-00000000 pending
\FileSystem\FltMgr
Args: 000001ff 00000000 00000000 00000000
0: kd> !irp 86cff100
Irp is active with 12 stacks 12 is current (= 0x86cff2fc)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 0, 0] 8 0 8715b2a8 88ec0b58 00000000-00000000
\Driver\AMON
Args: 9b097548 01000160 00070080 00000000
0: kd> lmvm amon
start end module name
982a5000 9831f8c0 amon (no symbols)
Loaded symbol image file: amon.sys
Image path: \SystemRoot\system32\drivers\amon.sys
Image name: amon.sys
Timestamp: Thu May 03 17:27:44 2007 (4639F160)
CheckSum: 000885D4
ImageSize: 0007A8C0
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
#47
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,000
- Joined: 09-September 01
- OS:Windows 7 x64
-
Country:
-
Posted 16 November 2007 - 01:56 AM
OK - two more commands: "!fileobj 86b2c028" and "!fileobj 88ec0b58"
I need to figure out whether the write to disk is pending due to the NOD32 amon.sys driver, or if they're completely unrelated.
I need to figure out whether the write to disk is pending due to the NOD32 amon.sys driver, or if they're completely unrelated.
#48
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 16 November 2007 - 02:25 AM
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mtk\Desktop\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols;SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;c:\websymbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.x86fre.vista_gdr.070627-1500
Kernel base = 0x82400000 PsLoadedModuleList = 0x82508ab0
Debug session time: Wed Sep 19 22:17:50.716 2007 (GMT+2)
System Uptime: 0 days 3:08:28.865
Loading Kernel Symbols
....................................................................................................
............................................................
Loading User Symbols
....................................................................................................
................
Loading unloaded module list
.....Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+255 )
Followup: MachineOwner
---------
0: kd> .symfix
No downstream store given, using C:\Program Files\Debugging Tools for Windows\sym
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks...............................................................................................
....................................................................................................
............................................
Resource @ 0x88c55f80 Shared 1 owning threads
Contention Count = 1
Threads: 8893bd78-01<*>
KD: Scanning for held locks...............................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
....................................................................................................
......................
34080 total locks, 1 locks currently held
0: kd> .thread 8893bd78
Implicit thread is now 8893bd78
0: kd> .reload /user
Loading User Symbols
....................................................................................................
................
0: kd> !thread 8893bd78
THREAD 8893bd78 Cid 0470.0f44 Teb: 7ff8a000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
9b096c64 NotificationEvent
IRP List:
86db1de0: (0006,0220) Flags: 00020900 Mdl: 00000000
86cff100: (0006,0220) Flags: 00000884 Mdl: 00000000
Impersonation token: a0512360 (Level Impersonation)
Owning Process 88eda550 Image: svchost.exe
Wait Start TickCount 724917 Ticks: 5 (0:00:00:00.078)
Context Switch Count 115839
UserTime 00:00:00.0374
KernelTime 00:00:28.0969
Win32 Start Address sysmain!PfRbPrefetchWorker (0x6f524b78)
Stack Init 9b098000 Current 9b096a38 Base 9b098000 Limit 9b095000 Call 0
Priority 9 BasePriority 7 PriorityDecrement 1
*** ERROR: Module load completed but symbols could not be loaded for amon.sys
ChildEBP RetAddr Args to Child
9b096a50 824697c6 8893be00 8893bd78 8893be30 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
9b096a8c 8246721c 8893bd78 9b096b14 9b096d10 nt!KiSwapThread+0x36d
9b096ae8 830bed88 9b096c64 00000000 00000000 nt!KeWaitForSingleObject+0x414
9b096b08 830ba3a6 9b096d10 00000000 00000000 Ntfs!NtfsWaitOnIo+0x1c (FPO: [Non-Fpo])
9b096c2c 830b6241 9b096d10 86cd8cf8 a2d3a610 Ntfs!NtfsNonCachedIo+0x402 (FPO: [Non-Fpo])
9b096d00 830b5282 9b096d10 86cd8cf8 00c0070a Ntfs!NtfsCommonRead+0xefd (FPO: [Non-Fpo])
9b096e38 82467928 8654f498 86cd8cf8 86cd8cf8 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b096e50 8332ca5c 86548438 86cd8cf8 00000000 nt!IofCallDriver+0x63
9b096e74 8332cc18 9b096e94 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b096eac 82467928 86548438 86cd8cf8 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b096ec4 982a96b6 00000000 8715b2a8 82467928 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
9b096ee8 8249ab0e 8a24ba34 8a24ba54 8893bd78 amon+0x46b6
9b096f04 82459a11 00000043 8893bd78 8a24ba60 nt!IoPageRead+0x176
9b096fb8 82457f18 c4b80000 b732a5f0 00000000 nt!MiDispatchFault+0xbde
9b097028 82497b7d 00000000 c4b80000 00000000 nt!MmAccessFault+0xe36
9b097070 825d77f1 c4b80000 00000000 9b09cbbc nt!MmCheckCachedPageState+0x69b
9b0970fc 830b4c8c 86b2c028 9b097140 000001ff nt!CcCopyRead+0x417
9b097128 830b62a7 86b9b760 86b2c028 86db1de0 Ntfs!NtfsCachedRead+0x11e (FPO: [Non-Fpo])
9b097204 830b5282 86b9b760 86db1de0 9b8a7ca0 Ntfs!NtfsCommonRead+0xf63 (FPO: [Non-Fpo])
9b097274 82467928 8654f498 86db1de0 86db1de0 Ntfs!NtfsFsdRead+0x273 (FPO: [Non-Fpo])
9b09728c 8332ca5c 86548438 86db1de0 00000000 nt!IofCallDriver+0x63
9b0972b0 8332cc18 9b0972d0 86548438 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a (FPO: [Non-Fpo])
9b0972e8 82467928 86548438 86db1de0 982ed2b4 fltmgr!FltpDispatch+0xc2 (FPO: [Non-Fpo])
9b097300 982a96b6 86b2c028 8715b2a8 82467928 nt!IofCallDriver+0x63
9b097324 825c80bb 86db1de0 86db1fdc 86b2c028 amon+0x46b6
9b097344 825e084b 8715b2a8 86b2c028 00000001 nt!IopSynchronousServiceTail+0x1e0
9b0973d0 82445f7a 8715b2a8 86db1de0 00000000 nt!NtReadFile+0x646
9b0973d0 82444959 8715b2a8 86db1de0 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9b0973fc)
9b09746c 982aa26c 000007c8 00000000 00000000 nt!ZwReadFile+0x11 (FPO: [9,0,0])
9b0974a8 982aac7e 000007c8 890e2308 000001ff amon+0x526c
9b0974cc 982a92c7 890e22e8 00000000 00000000 amon+0x5c7e
9b097518 82467928 8715b2a8 86cff100 88ec0bb4 amon+0x42c7
9b097530 825c8e87 9b09cea8 88fe4c10 86475d20 nt!IofCallDriver+0x63
9b0975e8 8261857b 8715b2a8 00000000 86c7f008 nt!IopParseDevice+0xcff
9b097620 825da839 88fe4c10 00000000 86c7f008 nt!IopParseFile+0x46
9b0976b0 825cc97e 80000810 9b097708 00000240 nt!ObpLookupObjectName+0x13e
9b097710 825f1f9c 9b09795c 00000000 8654f500 nt!ObOpenObjectByName+0x13c
9b097784 8261c4fc 9b097938 00000081 9b09795c nt!IopCreateFile+0x5ec
9b0977e0 83340c2a 9b097938 00000081 9b09795c nt!IoCreateFileEx+0x9d
9b097864 83321042 85b81530 00000000 9b097938 fltmgr!FltCreateFileEx2+0xae (FPO: [Non-Fpo])
0: kd> !irp 86db1de0
Irp is active with 12 stacks 11 is current (= 0x86db1fb8)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 3, 0] 0 e0 8654f498 86b2c028 8332c44a-867c4a68 Success Error Cancel
\FileSystem\Ntfs fltmgr!FltpPassThroughCompletion
Args: 000001ff 00000000 00000000 00000000
[ 3, 0] 0 1 86548438 86b2c028 00000000-00000000 pending
\FileSystem\FltMgr
Args: 000001ff 00000000 00000000 00000000
0: kd> !irp 86cff100
Irp is active with 12 stacks 12 is current (= 0x86cff2fc)
No Mdl: No System Buffer: Thread 8893bd78: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 0, 0] 8 0 8715b2a8 88ec0b58 00000000-00000000
\Driver\AMON
Args: 9b097548 01000160 00070080 00000000
0: kd> lmvm amon
start end module name
982a5000 9831f8c0 amon (no symbols)
Loaded symbol image file: amon.sys
Image path: \SystemRoot\system32\drivers\amon.sys
Image name: amon.sys
Timestamp: Thu May 03 17:27:44 2007 (4639F160)
CheckSum: 000885D4
ImageSize: 0007A8C0
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
Unable to enumerate user-mode unloaded modules, NTSTATUS 0xC0000147
0: kd> !fileobj 86b2c028
\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002
Device Object: 0x865224a0 \Driver\volmgr
Vpb: 0x8656c070
Access: Read SharedRead SharedWrite SharedDelete
Flags: 0x40042
Synchronous IO
Cache Supported
Handle Created
File Object is currently busy and has 0 waiters.
FsContext: 0xa2d3a610 FsContext2: 0xa2d3a768
Private Cache Map: 0x86d57c68
CurrentByteOffset: 0
Cache Data:
Section Object Pointers: 8a7fa8bc
Shared Cache Map: 86d57b90 File Offset: 0 in VACB number 0
Vacb: 85770e90
Your data is at: c4b80000
0: kd> !fileobj 88ec0b58
WINDOWS\SYSTEM32\MSDTC\KTMRMTMCONTAINER00000000000000000002
Related File Object: 0x88fe4c10
Device Object: 0x865224a0 \Driver\volmgr
Vpb is NULL
Flags: 0x2
Synchronous IO
CurrentByteOffset: 0
#49
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,000
- Joined: 09-September 01
- OS:Windows 7 x64
-
Country:
-
Posted 16 November 2007 - 09:08 PM
The first IRP shows us trying to write to the file on the filesystem, but we also see a second IRP in the antivirus driver which is working on the file at the same time.
Have we tried completely removing NOD32 to see if the behavior changes at all?
Have we tried completely removing NOD32 to see if the behavior changes at all?
#50
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 17 November 2007 - 04:22 AM
I just removed it completely - No Change...
(can I put it back?)
(can I put it back?)
#51
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,000
- Joined: 09-September 01
- OS:Windows 7 x64
-
Country:
-
Posted 17 November 2007 - 09:37 AM
Yeah, I'd put it back. I just wanted to make sure it wasn't interfering. At this point, it's hard to say what the problem is, other than it appears that we're in Ntfs waiting on I/O to a file (WINDOWS\SYSTEM32\MSDTC\KTMRMTMCONTAINER00000000000000000002) and an event has been signaled we're waiting on. Usually cases like these end up being more of a live debug, so I'm thinking that if you can reproduce the problem after running msconfig to disable everything non-Microsoft, that it'll be something at the actual driver level (underneath Windows) that will be very difficult to catch. At least I can say with a fair amount of certainty that it'll be down in an actual device driver (likely the disk controller).
#52
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 17 November 2007 - 12:29 PM
I thought this would be an easy task, but first let me state this:
1. I have another PC (not notebook) with Vista with the same problem.
2. neither of these 2 installation had a working progress bar when hibernating.
I'm guess this must be something from MS.
NOD32 was a good guess since it is installed in both computers...
To your request, I did remove every non-MS service & startup item (I also tried a Diagnostic Boot), but after I restarted I tried to Hibernate but could not start the Dump process. (on a regular boot it works fine)
any minimum requirements that I should know of...?
1. I have another PC (not notebook) with Vista with the same problem.
2. neither of these 2 installation had a working progress bar when hibernating.
I'm guess this must be something from MS.
NOD32 was a good guess since it is installed in both computers...
To your request, I did remove every non-MS service & startup item (I also tried a Diagnostic Boot), but after I restarted I tried to Hibernate but could not start the Dump process. (on a regular boot it works fine)
any minimum requirements that I should know of...?
#53
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,000
- Joined: 09-September 01
- OS:Windows 7 x64
-
Country:
-
Posted 17 November 2007 - 07:38 PM
Not really, just a regular boot. I guess it's good nothing is technically broken, but it's gotta be a little frustrating.
As to it being a Windows problem, it is possible. However, I have 4 laptops, 2 IBM/Lenovo Thinkpads, a Dell, and a Compaq x64, and none of these have the issue. It is possible it's a Windows problem, yes, but it's more likely it's a hardware driver issue - if it really was a Windows problem, it should happen to everyone.
As to it being a Windows problem, it is possible. However, I have 4 laptops, 2 IBM/Lenovo Thinkpads, a Dell, and a Compaq x64, and none of these have the issue. It is possible it's a Windows problem, yes, but it's more likely it's a hardware driver issue - if it really was a Windows problem, it should happen to everyone
.
#54
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 22 December 2007 - 11:00 AM
Hi,
after the long waited Format - I did it.
The results are as bad as expected.
I Formatted & reInstalled Vista Enterprice x32.
I did a first Restart, just to check every thing is OK, I didn't install any updates, not even LAN Drivers.
Hibernate = BLACK.
I have now just installed the needed LAN Drivers, & going forward to Windows Update...
after the long waited Format - I did it.
The results are as bad as expected.
I Formatted & reInstalled Vista Enterprice x32.
I did a first Restart, just to check every thing is OK, I didn't install any updates, not even LAN Drivers.
Hibernate = BLACK.
I have now just installed the needed LAN Drivers, & going forward to Windows Update...
#55
- Junior
-
- Group: Members
- Posts: 55
- Joined: 30-October 03
- OS:Windows 7 x64
-
Country:
Posted 22 December 2007 - 02:05 PM
i guess i don't get the big deal about this issue except for you people wanting to know when it is done going into hibernate mode. Personally i have seen this problem but of coruse with my laptop i have to auto hibernate when i close my lid it has worked everytime i do this primarly for school i can pop it out look at something real quick and then close it. You people really get in a bind with ultimate or home editions. thats what i have seen through out the forums. I have the business ed. because that what the government decided to go with and it was free so i guess it woulds better to research the os before you buy or get it. I personnally have a few issue with business but i wait for sp1 before making big changes to the code of the os to see how to fix the issue. wait unsee what happen with sp1 before making big changes.
#56
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 22 December 2007 - 09:55 PM
Sorry, but this wasn't very helpfull to the discussion.
I'm not planning to site & wait for a solution, because that's the whole idea behind Helping & Sharing (see some open-source for reference).
Besides, if no one knows about this problem I doubt it would be fixed by itself in SP1.
I take this forum very seriously & the people helping here will know what to do with it when fix/problem is found...
I'm not planning to site & wait for a solution, because that's the whole idea behind Helping & Sharing (see some open-source for reference).
Besides, if no one knows about this problem I doubt it would be fixed by itself in SP1.
I take this forum very seriously & the people helping here will know what to do with it when fix/problem is found...
#57
Posted 23 December 2007 - 09:53 PM
Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.
You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.
You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.
#58
- Friend of MSFN
-
- Group: Members
- Posts: 909
- Joined: 02-December 03
Posted 24 December 2007 - 02:23 AM
waruikoohii, on Dec 24 2007, 05:53 AM, said:
Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.
First time I hear this...
waruikoohii, on Dec 24 2007, 05:53 AM, said:
You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.
The Hibernate does finish this is totally about the progress bar...
#59
- Junior
-
- Group: Members
- Posts: 69
- Joined: 17-September 06
Posted 24 December 2007 - 11:06 AM
MtK, on Dec 24 2007, 01:23 AM, said:
waruikoohii, on Dec 24 2007, 05:53 AM, said:
Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.
First time I hear this...
waruikoohii, on Dec 24 2007, 05:53 AM, said:
You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.
The Hibernate does finish this is totally about the progress bar...
As far as I know there isn't an option for a hibernation progress bar. Every computer I have vista on doesn't have the progress bar when hibernating.
#60
Posted 24 December 2007 - 10:54 PM
MtK, on Dec 24 2007, 03:23 AM, said:
waruikoohii, on Dec 24 2007, 05:53 AM, said:
Vista does not use a progress bar when going into hibernation. A black screen is 100% normal. A change request for this was entered during the Vista Beta, but Microsoft wasn't interested in putting the progress bar back in.
First time I hear this...
waruikoohii, on Dec 24 2007, 05:53 AM, said:
You said that while the screen was black, the HDD light was on? Can you try leaving the computer alone for a while to see if it actually does hibernate? As far as I can tell, it's working properly, but you interupt it before it can finish hibernating.
The Hibernate does finish this is totally about the progress bar...
There is no progress bar in Vista. None. Nada. It is non-existant. You will not find one anywhere. If you want a progress bar you are out of luck.
The black screen is completely normal. Every Vista machine looks like that when going into hibernation.
If the hibernate is finishing fine then I don't get what you're complaining about, there's no problem.
