Hallo zusammen,
auf unseren TS (mit W2K3 Enterprise) haben wir sporadisch Reboots mit folgenden Bluescreen/Bugcheck:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8a247e, The address that the exception occurred at
Arg3: f2e54a90, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
FAULTING_MODULE: 80800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4bc7bdeb
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in "0x%08lx" verweist auf Speicher in "0x%08lx". Der Vorgang "%s" konnte nicht auf dem Speicher durchgef hrt werden.
FAULTING_IP:
win32k+a247e
bf8a247e f6461e40 test byte ptr [esi+0x1e],0x40
TRAP_FRAME: f2e54a90 -- (.trap fffffffff2e54a90)
ErrCode = 00000000
eax=00000001 ebx=00000000 ecx=0000029d edx=00000001 esi=00000000 edi=bbb69dc0
eip=bf8a247e esp=f2e54b04 ebp=f2e54b1c iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
win32k+0xa247e:
bf8a247e f6461e40 test byte ptr [esi+0x1e],0x40 ds:0023:0000001e=??
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from bf84a565 to bf8a247e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f2e54b1c bf84a565 00000000 bbb69dc0 00000000 win32k+0xa247e
f2e54b78 bf83c7cd 00000000 f2e54be0 bf8b7f60 win32k+0x4a565
f2e54b84 bf8b7f60 bd915088 bbc29c98 bbc29c18 win32k+0x3c7cd
f2e54be0 bf8b6bb6 00000001 f2e54c08 bf8b7a13 win32k+0xb7f60
f2e54bec bf8b7a13 8c29bb10 00000001 00000000 win32k+0xb6bb6
f2e54c08 8094c3d2 8c29bb10 00000001 8c29bb10 win32k+0xb7a13
f2e54c94 8094c765 00000000 00000000 8c29bb10 nt+0x14c3d2
f2e54cac 8094cab7 8c29bb10 00000000 00000001 nt+0x14c765
f2e54cd0 f6a786d9 fffffffe 00000000 8ce4ba60 nt+0x14cab7
f2e54d40 8ce4ba7e e5042f68 fffffffe 00000000 SYMEVENT+0x146d9
f2e54d54 808897ec fffffffe 00000000 00f9ffdc 0x8ce4ba7e
f2e54d64 7c94845c badb0d00 00f9ffd4 00000000 nt+0x897ec
00f9ffdc 00000000 00000000 00000000 00000000 0x7c94845c
FOLLOWUP_IP:
SYMEVENT+146d9
f6a786d9 ?? ???
SYMBOL_STACK_INDEX: 9
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: SYMEVENT+146d9
MODULE_NAME: SYMEVENT
IMAGE_NAME: SYMEVENT.SYS
STACK_COMMAND: .trap fffffffff2e54a90 ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Kennt wer dieses Problem oder eine Lösung?
Mit freundlichen Grüßen
IT-RE