DEbugger Outpu (XP, SP2): The Real Culprit?

Discussion in 'Software' started by GeoffreyTransom, Jun 24, 2006.

  1. GeoffreyTransom

    GeoffreyTransom Private E-2

    Bonjour.

    I''ve got about as much debugging skill as a Springbok front-rower, so excuse me in advance if I type something completely idiotic.

    After countless BSoD's (128 in 2 days) I decided to install Debugger (and its Symbol set) and run it. I ran analyze -v on the latest minidump file, and it seems to indicate that ntoskrnl is the problem file.

    However I'm not SURE if I am reading the output correctly, and would really appreciate if anyone can tell me if I've got theright end of the pineapple.


    The Debugger output is copied below: note that the last bit of the file seems to point the finger of suspicion at ntoskrnl... but having had MS operating systems since I owned an NEC PowerMate IV+ in 1988 (i.e., pre MS-DOS 5), I am used to being thrown onto completely the wrongtrack by MS's error messages (and itsoutput in general).

    By the way, my PowerMate (which cost me NINE GRAND) had 1Mb of RAM (an additional extra), SUPER VGA (800x600), and a whopping 140Mb HDD (most PCs had 10Mb). Nowadays my watch has more HDD storage... amazing.

    Anyhow, enough reminiscing - the Debug output is listed below.

    Cheers,


    GT,
    Paris.



    ------------------

    kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003. This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG. This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG. This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8056c131, The address that the exception occurred at
    Arg3: f52aa88c, Trap Frame
    Arg4: 00000000

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    FAULTING_IP:
    nt!ObGetObjectSecurity+81
    8056c131 0fb73470 movzx esi,word ptr [eax+esi*2]

    TRAP_FRAME: f52aa88c -- (.trap fffffffff52aa88c)
    ErrCode = 00000000
    eax=c1062004 ebx=f52aa94c ecx=0000007b edx=0000007b esi=00000000 edi=00000000
    eip=8056c131 esp=f52aa900 ebp=f52aa908 iopl=0 nv up ei pl zr na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
    nt!ObGetObjectSecurity+0x81:
    8056c131 0fb73470 movzx esi,word ptr [eax+esi*2] ds:0023:c1062004=0110
    Resetting default scope

    CUSTOMER_CRASH_COUNT: 10

    DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

    BUGCHECK_STR: 0x8E

    LAST_CONTROL_TRANSFER: from 8058b780 to 8056c131

    STACK_TEXT:
    f52aa908 8058b780 0000007b e1304f2c e1d74368 nt!ObGetObjectSecurity+0x81
    f52aa934 8058b6b3 f52aa94c e1304f2c f52aab74 nt!NtDuplicateObject+0x69
    f52aa958 8058a121 e1019740 002dbf28 e1304f2c nt!FsRtlReleaseFile+0x105
    f52aa9a8 805677a0 e1019740 002dbf28 e1304f2c nt!NtQuerySystemInformation+0xb02
    f52aaba0 805674b5 002dbf28 002dbf28 849abdc0 nt!ExpAllocateHandleTableEntry+0x14b
    f52aac28 8056729a 0000004c f52aac68 00000040 nt!ObpCloseHandleTableEntry+0x1
    f52aac7c 80567bfd 00000000 84bc1708 e1d64401 nt!NtFreeVirtualMemory+0x602
    f52aad50 804de7ec 009ff5dc 00020019 009ff524 nt!ObOpenObjectByName+0x83
    f52aad64 7c90eb94 badb0d00 009ff50c 00000000 nt!KiUnexpectedInterrupt65+0x2
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    f52aad68 badb0d00 009ff50c 00000000 00000000 0x7c90eb94
    f52aad6c 009ff50c 00000000 00000000 00000000 0xbadb0d00
    f52aad70 00000000 00000000 00000000 00000000 0x9ff50c


    STACK_COMMAND: .bugcheck ; kb

    FOLLOWUP_IP:
    nt!ObGetObjectSecurity+81
    8056c131 0fb73470 movzx esi,word ptr [eax+esi*2]

    FAULTING_SOURCE_CODE:


    SYMBOL_STACK_INDEX: 0

    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: nt!ObGetObjectSecurity+81

    MODULE_NAME: nt

    IMAGE_NAME: ntoskrnl.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9
     
    GeoffreyTransom, Jun 24, 2006
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds