Debugging Tools for Windows 32-bit Version Windows XP
Questa riportata nel titolo è una metodica Microsoft che, a volte, ci toglie da situazioni scomode assolutamente irrisolvibili. Mi riferisco ad alcuni gravi errori dei quali, né il visualizzatore eventi né il bug check della schermata blu ci permettono di fare una diagnosi precisa sulla causa che la provoca, soprattutto per una serie di ragioni: la stringa alfanumerica dello stop è variabile e diversa ad ogni schermata oltre ad essere comune a molti errori diversi uno dall'altro, infatti spesso manca il riferimento preciso un file , una *.dll che ci porterebbe a diagnosi sicura. Con questa meetodica ci mettiamo in contatto tramite internet in automatico con la Microsoft la quale ci legge il file che la schermata ha provocato e ce ne dà un resoconto tramite un file Debuglog.txt localizzato nella Root C:\. Ne metto uno sotto come campione cosi vi rendete conto di cosa si tratta
:----------------------------------------------------------------------------------------
Opened log file 'c:\debuglog.txt'kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbolsSymbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbolskd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
.........................................................................................................................................
Loading User Symbols
Loading unloaded module list.................
******************************************************************************** ** Bugcheck Analysis
*********************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rdparameters are the exception record and context record. Do a .cxron the 3rd parameter and then kb to obtain a more informative stack trace.
Arguments:
Arg1: 001902fe
Arg2: a83602dc
Arg3: a835ffd8
Arg4: 80528aa7
Debugging Details:
------------------
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for FSTOPW.SYS
*** ERROR: Module load completed but symbols could not be loaded for PQV2i.sys
EXCEPTION_RECORD: a83602dc -- (.exr ffffffffa83602dc).exr ffffffffa83602dc
ExceptionAddress: 80528aa7 (nt!RealSuccessor+0x00000013)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00400004
Attempt to read from address 00400004
CONTEXT: a835ffd8 -- (.cxr ffffffffa835ffd8).cxr ffffffffa835ffd8
eax=00400000 ebx=00000000 ecx=00400000 edx=865b43d8 esi=a83603f8 edi=e2fa9530
eip=80528aa7 esp=a83603a4 ebp=a83603a4 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!RealSuccessor+0x13:
80528aa7 8b4804 mov ecx,[eax+0x4] ds:0023:00400004=????????.
cxrResetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
ERROR_CODE: (NTSTATUS) 0xc0000005 - L'istruzione a "0x%08lx" ha fatto riferimento alla memoria a "0x%08lx". La memoria non poteva essere "%s".
READ_ADDRESS: 00400004
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from 805294d4 to 80528aa7
STACK_TEXT:
a83603a4 805294d4 e2b73690 8622b4e8 a83603c4 nt!RealSuccessor+0x13a83603b4 f72e5db1 8622b650 a83603f8 a8360440 nt!RtlEnumerateGenericTableWithoutSplayingAvl+0x32a83603c4 f72e59bf 8622b388 a83603f8 00000001 Ntfs!NtfsGetNextFcbTableEntry+0x17a8360440 f72e5dc9 85fed008 8622b388 00000001 Ntfs!NtfsFlushVolume+0x43ca83604e0 f72d9385 85fed008 85dfab40 a8360000 Ntfs!NtfsCommonVolumeOpen+0x341a83605b8 804eddf9 8622b2a8 85dfab40 860aa510 Ntfs!NtfsFsdCreate+0x154a83605c8 f73c0876 85dfab40 864bec50 85dfab40 nt!IopfCallDriver+0x31a8360614 804eddf9 8622bc10 00000001 85dfad3c sr!SrCreate+0x150a8360624 f79f0325 f79f088b 8653a9c0 85dfab40 nt!IopfCallDriver+0x31WARNING: Stack unwind information not available. Following frames may be wrong.a8360658 804eddf9 8653a9c0 8622bb58 864be8b0 SiWinAcc+0x325a8360668 f735ac63 85dfad58 864be8b0 85dfab40 nt!IopfCallDriver+0x31a8360680 804eddf9 864f1518 85dfab40 85dfad7c FSTOPW+0xc63a8360690 f734b8a4 804f8b54 86541f30 86541f74 nt!IopfCallDriver+0x31a83606c0 f734a48d 86541f30 85dfab40 00000000 PQV2i+0x78a4a83606f4 f734a06e 86541ec0 86541b80 86541e08 PQV2i+0x648da83607a4 f734c535 86541e08 85dfab40 85dfab50 PQV2i+0x606ea83608a8 805b365e 86504030 00000000 85d56298 PQV2i+0x8535a8360930 805afb3f 00000000 a8360970 00000240 nt!ObpLookupObjectName+0x56aa8360984 8056a133 00000000 00000000 00000000 nt!ObOpenObjectByName+0xeba8360a00 8056aaaa a8360ba4 00100003 a8360b8c nt!IopCreateFile+0x407a8360a5c 8056d17c a8360ba4 00100003 a8360b8c nt!IoCreateFile+0x8ea8360a9c 8053c808 a8360ba4 00100003 a8360b8c nt!NtCreateFile+0x30a8360a9c 804fd569 a8360ba4 00100003 a8360b8c nt!KiFastCallEntry+0xf8a8360b40 805bc8eb a8360ba4 00100003 a8360b8c nt!ZwCreateFile+0x11a8360dac 805c4a28 f0994ad0 00000000 00000000 nt!PopFlushVolumeWorker+0xe3a8360ddc 80540fa2 805bc808 f0994ad0 00000000 nt!PspSystemThreadStartup+0x3400000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16FOLLOWUP_IP: Ntfs!NtfsGetNextFcbTableEntry+17f72e5db1 85c0 test eax,eaxSYMBOL_STACK_INDEX: 2FOLLOWUP_NAME: MachineOwnerSYMBOL_NAME: Ntfs!NtfsGetNextFcbTableEntry+17MODULE_NAME: NtfsIMAGE_NAME: Ntfs.sysDEBUG_FLR_IMAGE_TIMESTAMP: 41107eeaSTACK_COMMAND: .cxr 0xffffffffa835ffd8 ; kbFAILURE_BUCKET_ID: 0x24_Ntfs!NtfsGetNextFcbTableEntry+17BUCKET_ID: 0x24_Ntfs!NtfsGetNextFcbTableEntry+17Followup: MachineOwner---------eax=ffdff13c ebx=a83602dc ecx=00000000 edx=00000000 esi=85fed008 edi=c0000005eip=804f8925 esp=a835fdb4 ebp=a835fdcc iopl=0 nv up ei ng nz na po nccs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286nt!KeBugCheckEx+0x1b:804f8925 5d pop ebpChildEBP RetAddr Args to Child a835fdcc f72ae051 00000024 001902fe a83602dc nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])a835fdfc f72d937b 85fed008 a835fe28 80535071 Ntfs!NtfsExceptionFilter+0x1cd (FPO: [Non-Fpo])a835fe08 80535071 a835fe30 00000000 a835fe30 Ntfs!NtfsFsdCreate+0x208 (FPO: [Non-Fpo])a835fe30 80541af2 a83602dc a83605a8 a835ffd8 nt!_except_handler3+0x61 (FPO: [Uses EBP] [3,0,7])a835fe54 80541ac4 a83602dc a83605a8 a835ffd8 nt!ExecuteHandler2+0x26a835ff04 804fc700 a83602dc a835ffd8 00400004 nt!ExecuteHandler+0x24a83602c0 8053d251 a83602dc 00000000 a8360330 nt!KiDispatchException+0x13e (FPO: [Non-Fpo])a8360328 8053d202 a83603a4 80528aa7 badb0d00 nt!CommonDispatchException+0x4d (FPO: [0,20,0])a83603a4 805294d4 e2b73690 8622b4e8 a83603c4 nt!Kei386EoiHelper+0x18aa83603a4 805294d4 e2b73690 8622b4e8 a83603c4 nt!RtlEnumerateGenericTableWithoutSplayingAvl+0x32 (FPO: [Non-Fpo])a83603b4 f72e5db1 8622b650 a83603f8 a8360440 nt!RtlEnumerateGenericTableWithoutSplayingAvl+0x32 (FPO: [Non-Fpo])a83603c4 f72e59bf 8622b388 a83603f8 00000001 Ntfs!NtfsGetNextFcbTableEntry+0x17 (FPO: [Non-Fpo])a8360440 f72e5dc9 85fed008 8622b388 00000001 Ntfs!NtfsFlushVolume+0x43c (FPO: [Non-Fpo])a83604e0 f72d9385 85fed008 85dfab40 a8360000 Ntfs!NtfsCommonVolumeOpen+0x341 (FPO: [Non-Fpo])a83605b8 804eddf9 8622b2a8 85dfab40 860aa510 Ntfs!NtfsFsdCreate+0x154 (FPO: [Non-Fpo])a83605c8 f73c0876 85dfab40 864bec50 85dfab40 nt!IopfCallDriver+0x31 (FPO: [0,0,0])a8360614 804eddf9 8622bc10 00000001 85dfad3c sr!SrCreate+0x150 (FPO: [Non-Fpo])a8360624 f79f0325 f79f088b 8653a9c0 85dfab40 nt!IopfCallDriver+0x31 (FPO: [0,0,0])WARNING: Stack unwind information not available. Following frames may be wrong.a8360658 804eddf9 8653a9c0 8622bb58 864be8b0 SiWinAcc+0x325a8360668 f735ac63 85dfad58 864be8b0 85dfab40 nt!IopfCallDriver+0x31 (FPO: [0,0,0])start end module name804d7000 806ce100 nt ntkrnlpa.exe Wed Aug 04 07:58:36 2004 (41107B0C)806cf000 806ef380 hal halaacpi.dll Wed Aug 04 07:59:05 2004 (41107B29)a7e53000 a7e7cf00 kmixer kmixer.sys Wed Aug 04 08:07:46 2004 (41107D32)a814c000 a8160400 wdmaud wdmaud.sys Wed Aug 04 08:15:03 2004 (41107EE7)a827c000 a82a8400 mrxdav mrxdav.sys Wed Aug 04 08:00:49 2004 (41107B91)a83e9000 a83fe000 atintuxx atintuxx.sys Sun Apr 11 00:23:56 2004 (407873FC)a83fe000 a841b000 atinrvxx atinrvxx.sys Sun Apr 11 00:31:15 2004 (407875B3)a841b000 a842e000 atinxsxx atinxsxx.sys Sun Apr 11 00:29:51 2004 (4078755F)a89df000 a89f2600 dump_nvatabus dump_nvatabus.sys Thu Jun 03 19:40:44 2004 (40BF629C)a8a1b000 a8a3e000 Fastfat Fastfat.SYS Wed Aug 04 08:14:15 2004 (41107EB7)a8a3e000 a8a40900 Dxapi Dxapi.sys Fri Aug 17 22:53:19 2001 (3B7D843F)aae9e000 aaebfd00 afd afd.sys Wed Aug 04 08:14:13 2004 (41107EB5)aaec0000 aaee0f00 ipnat ipnat.sys Wed Aug 04 08:04:48 2004 (41107C80)aaee1000 aaf4cc80 vsdatant vsdatant.sys Wed Jun 01 23:49:56 2005 (429E2D84)aaf4d000 aaf74c00 netbt netbt.sys Wed Aug 04 08:14:36 2004 (41107ECC)aaf75000 aafcca80 tcpip tcpip.sys Wed Aug 04 08:14:39 2004 (41107ECF)aafcd000 aafdf400 ipsec ipsec.sys Wed Aug 04 08:14:27 2004 (41107EC3)bf800000 bf9c0400 win32k win32k.sys Wed Aug 04 08:17:30 2004 (41107F7A)bf9c1000 bf9d2580 dxg dxg.sys Wed Aug 04 08:00:51 2004 (41107B93)bf9d3000 bfa09000 ati2dvag ati2dvag.dll Fri Aug 20 00:38:32 2004 (41252BE8)bfa09000 bfa41000 ati2cqag ati2cqag.dll Fri Aug 20 00:38:30 2004 (41252BE6)bfa41000 bfc0e2e0 ati3duag ati3duag.dll Fri Aug 20 00:38:35 2004 (41252BEB)bfc0f000 bfc8d2a0 ativvaxx ativvaxx.dll Fri Aug 20 00:38:39 2004 (41252BEF)efa26000 efa26d00 dxgthk dxgthk.sys Fri Aug 17 22:53:12 2001 (3B7D8438)efdbe000 efdbea80 PQNTDrv PQNTDrv.SYS Tue Sep 17 01:14:30 2002 (3D8665D6)f0003000 f0003b80 Null Null.SYS Fri Aug 17 22:47:39 2001 (3B7D82EB)f09d5000 f09ddd80 HIDCLASS HIDCLASS.SYS Wed Aug 04 08:08:18 2004 (41107D52)f09e5000 f09ed900 Fips Fips.SYS Sat Aug 18 03:31:49 2001 (3B7DC585)f09f5000 f09fdf20 PQIMount PQIMount.SYS Wed Feb 25 20:51:17 2004 (403CFCB5)f1c8c000 f1c94700 netbios netbios.sys Wed Aug 04 08:03:19 2004 (41107C27)f1c9c000 f1ca4700 wanarp wanarp.sys Wed Aug 04 08:04:57 2004 (41107C89)f1cdc000 f1ce5480 NDProxy NDProxy.SYS Fri Aug 17 22:55:30 2001 (3B7D84C2)f2245000 f224a500 point32 point32.sys Fri Dec 02 00:57:55 2005 (438F8E03)f224d000 f2253780 USBSTOR USBSTOR.SYS Wed Aug 04 08:08:44 2004 (41107D6C)f2255000 f225b180 HIDPARSE HIDPARSE.SYS Wed Aug 04 08:08:15 2004 (41107D4F)f2265000 f226c880 Npfs Npfs.SYS Wed Aug 04 08:00:38 2004 (41107B86)f226d000 f2271a80 Msfs Msfs.SYS Wed Aug 04 08:00:37 2004 (41107B85)f2275000 f227a200 vga vga.sys Wed Aug 04 08:07:06 2004 (41107D0A)f2bb4000 f2bc4000 atinraxx atinraxx.sys Sun Apr 11 00:28:39 2004 (40787517)f2bc4000 f2bcfe00 STREAM STREAM.SYS Wed Aug 04 08:07:58 2004 (41107D3E)f2bd4000 f2bdd000 ATINTTXX ATINTTXX.sys Sun Apr 11 00:26:36 2004 (4078749C)f37e8000 f37ed000 flpydisk flpydisk.sys Wed Aug 04 07:59:24 2004 (41107B3C)f4675000 f467aaa0 FastPara FastPara.SYS Thu Jun 10 10:23:26 1999 (375F75FE)f553b000 f553d280 rasacd rasacd.sys Fri Aug 17 22:55:39 2001 (3B7D84CB)f5b22000 f5b29000 atinmdxx atinmdxx.sys Sun Apr 11 00:33:48 2004 (4078764C)f6537000 f656a200 update update.sys Wed Aug 04 07:58:32 2004 (41107B08)f656b000 f659b100 rdpdr rdpdr.sys Wed Aug 04 08:01:10 2004 (41107BA6)f659c000 f65ace00 psched psched.sys Wed Aug 04 08:04:16 2004 (41107C60)f65d5000 f65eb680 ndiswan ndiswan.sys Wed Aug 04 08:14:30 2004 (41107EC6)f65ec000 f65ff980 parport parport.sys Wed Aug 04 07:59:04 2004 (41107B28)f6600000 f6610280 serial serial.sys Wed Aug 04 08:15:51 2004 (41107F17)f6611000 f663b980 yukonwxp yukonwxp.sys Tue Dec 23 13:39:31 2003 (3FE83783)f663c000 f664f780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 08:07:04 2004 (41107D08)f6650000 f6717000 ati2mtag ati2mtag.sys Fri May 28 22:26:05 2004 (40B7A05D)f6717000 f6778c00 ALCXSENS ALCXSENS.SYS Mon Feb 23 19:11:09 2004 (403A423D)f6779000 f679b680 ks ks.sys Wed Aug 04 08:15:20 2004 (41107EF8)f679c000 f67bf980 portcls portcls.sys Wed Aug 04 08:15:47 2004 (41107F13)f67c0000 f6858a00 ALCXWDM ALCXWDM.SYS Mon Aug 02 15:09:17 2004 (410E3CFD)f6d86000 f6db4b00 NVSNPU NVSNPU.SYS Mon May 17 23:00:33 2004 (40A927F1)f6db5000 f6dd7e80 USBPORT USBPORT.SYS Wed Aug 04 08:08:34 2004 (41107D62)f6dd8000 f6de6100 usbhub usbhub.sys Wed Aug 04 08:08:40 2004 (41107D68)f6de8000 f6df1f00 termdd termdd.sys Wed Aug 04 07:58:52 2004 (41107B1C)f6df8000 f6e00c60 Pcouffin Pcouffin.sys Tue Jul 13 01:03:01 2004 (40F318A5)f6e08000 f6e10900 msgpc msgpc.sys Wed Aug 04 08:04:11 2004 (41107C5B)f6e18000 f6e23d00 raspptp raspptp.sys Wed Aug 04 08:14:26 2004 (41107EC2)f6e28000 f6e32200 raspppoe raspppoe.sys Wed Aug 04 08:05:06 2004 (41107C92)f6e38000 f6e44880 rasl2tp rasl2tp.sys Wed Aug 04 08:14:21 2004 (41107EBD)f6e48000 f6e55180 i8042prt i8042prt.sys Wed Aug 04 08:14:36 2004 (41107ECC)f6e58000 f6e66380 redbook redbook.sys Wed Aug 04 07:59:34 2004 (41107B46)f6e68000 f6e74180 cdrom cdrom.sys Wed Aug 04 07:59:52 2004 (41107B58)f714f000 f7151640 GearAspiWDM GearAspiWDM.SYS Sun Dec 07 16:21:24 2003 (3FD34574)f7163000 f7166280 nvnetbus nvnetbus.sys Mon May 17 23:00:52 2004 (40A92804)f720c000 f720ef80 mouhid mouhid.sys Fri Aug 17 22:47:57 2001 (3B7D82FD)f7210000 f7212580 hidusb hidusb.sys Fri Aug 17 23:02:16 2001 (3B7D8658)f7230000 f7233c80 mssmbios mssmbios.sys Wed Aug 04 08:07:47 2004 (41107D33)f7258000 f7272580 Mup Mup.sys Wed Aug 04 08:15:20 2004 (41107EF8)f7273000 f729fa80 NDIS NDIS.sys Wed Aug 04 08:14:27 2004 (41107EC3)f72a0000 f732c480 Ntfs Ntfs.sys Wed Aug 04 08:15:06 2004 (41107EEA)f732d000 f7343780 KSecDD KSecDD.sys Wed Aug 04 07:59:45 2004 (41107B51)f7344000 f73591c0 PQV2i PQV2i.sys Wed Feb 25 20:31:57 2004 (403CF82D)f735a000 f73bac80 FSTOPW FSTOPW.SYS Wed Nov 17 14:25:22 2004 (419B5142)f73bb000 f73ccf00 sr sr.sys Wed Aug 04 08:06:22 2004 (41107CDE)f73cd000 f73eb780 fltMgr fltMgr.sys Wed Aug 04 08:01:17 2004 (41107BAD)f73ec000 f7403800 SCSIPORT SCSIPORT.SYS Wed Aug 04 07:59:39 2004 (41107B4B)f7404000 f7419020 SI3112r SI3112r.sys Sat May 31 01:05:29 2003 (3ED7E3B9)f741a000 f742d600 nvatabus nvatabus.sys Thu Jun 03 19:40:44 2004 (40BF629C)f742e000 f7445480 atapi atapi.sys Wed Aug 04 07:59:41 2004 (41107B4D)f7446000 f7456a80 nvraid nvraid.sys Thu Jun 03 19:40:47 2004 (40BF629F)f7457000 f747ca80 dmio dmio.sys Wed Aug 04 08:07:13 2004 (41107D11)f747d000 f749bb80 ftdisk ftdisk.sys Fri Aug 17 22:52:41 2001 (3B7D8419)f749c000 f74acc80 pci pci.sys Wed Aug 04 08:07:45 2004 (41107D31)f74ad000 f74db000 ACPI ACPI.sys Wed Aug 04 08:07:35 2004 (41107D27)f75dc000 f75e4d00 isapnp isapnp.sys Fri Aug 17 22:58:01 2001 (3B7D8559)f75ec000 f75fae80 ohci1394 ohci1394.sys Wed Aug 04 08:10:05 2004 (41107DBD)f75fc000 f7609000 1394BUS 1394BUS.SYS Wed Aug 04 08:10:03 2004 (41107DBB)f760c000 f7616500 MountMgr MountMgr.sys Wed Aug 04 07:58:29 2004 (41107B05)f761c000 f7628200 CLASSPNP CLASSPNP.SYS Wed Aug 04 08:14:26 2004 (41107EC2)f762c000 f7639080 VolSnap VolSnap.sys Wed Aug 04 08:00:14 2004 (41107B6E)f763c000 f7644e00 disk disk.sys Wed Aug 04 07:59:53 2004 (41107B59)f774c000 f775b900 Cdfs Cdfs.SYS Wed Aug 04 08:14:09 2004 (41107EB1)f775c000 f7765a00 processr processr.sys Wed Aug 04 07:59:14 2004 (41107B32)f776c000 f7779e80 NVNRM NVNRM.SYS Mon May 17 23:00:41 2004 (40A927F9)f779c000 f77aad80 sysaudio sysaudio.sys Wed Aug 04 08:15:54 2004 (41107F1A)f77bc000 f77cab80 drmk drmk.sys Wed Aug 04 08:07:54 2004 (41107D3A)f77cc000 f77d6380 imapi imapi.sys Wed Aug 04 08:00:12 2004 (41107B6C)f785c000 f7862200 PCIIDEX PCIIDEX.SYS Wed Aug 04 07:59:40 2004 (41107B4C)f7864000 f7868900 PartMgr PartMgr.sys Sat Aug 18 03:32:23 2001 (3B7DC5A7)f786c000 f7871280 nv_agp nv_agp.sys Wed Oct 29 21:58:11 2003 (3FA029E3)f78ec000 f78f0500 watchdog watchdog.sys Wed Aug 04 08:07:32 2004 (41107D24)f790c000 f7910280 usbohci usbohci.sys Wed Aug 04 08:08:34 2004 (41107D62)f7914000 f791a800 usbehci usbehci.sys Wed Aug 04 08:08:34 2004 (41107D62)f7964000 f796ab00 fdc fdc.sys Wed Aug 04 07:59:25 2004 (41107B3D)f796c000 f7972200 kbdclass kbdclass.sys Wed Aug 04 07:58:32 2004 (41107B08)f7974000 f7978880 TDI TDI.SYS Wed Aug 04 08:07:47 2004 (41107D33)f797c000 f7980580 ptilink ptilink.sys Fri Aug 17 22:49:53 2001 (3B7D8371)f7984000 f7988080 raspti raspti.sys Fri Aug 17 22:55:32 2001 (3B7D84C4)f798c000 f7991c00 mouclass mouclass.sys Wed Aug 04 07:58:32 2004 (41107B08)f79ec000 f79ef000 BOOTVID BOOTVID.dll Fri Aug 17 22:49:09 2001 (3B7D8345)f79f0000 f79f2580 SiWinAcc SiWinAcc.sys Wed Feb 12 20:23:56 2003 (3E4A9F4C)f7abc000 f7abfc80 serenum serenum.sys Wed Aug 04 07:59:06 2004 (41107B2A)f7ac0000 f7ac2980 gameenum gameenum.sys Wed Aug 04 08:08:20 2004 (41107D54)f7ac4000 f7ac6580 ndistapi ndistapi.sys Fri Aug 17 22:55:29 2001 (3B7D84C1)f7adc000 f7addb80 kdcom kdcom.dll Fri Aug 17 22:49:10 2001 (3B7D8346)f7ade000 f7adf100 WMILIB WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)f7ae0000 f7ae1700 dmload dmload.sys Fri Aug 17 22:58:15 2001 (3B7D8567)f7b0c000 f7b0db00 ParVdm ParVdm.SYS Fri Aug 17 22:49:49 2001 (3B7D836D)f7b12000 f7b13a60 uphcleanhlp uphcleanhlp.sys Fri Mar 05 06:43:35 2004 (40481387)f7b1c000 f7b1d100 swenum swenum.sys Wed Aug 04 07:58:41 2004 (41107B11)f7b1e000 f7b1f280 USBD USBD.SYS Fri Aug 17 23:02:58 2001 (3B7D8682)f7b54000 f7b55100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)f7b82000 f7b83f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 22:49:37 2001 (3B7D8361)f7b84000 f7b85080 Beep Beep.SYS Fri Aug 17 22:47:33 2001 (3B7D82E5)f7b86000 f7b87080 mnmdd mnmdd.SYS Fri Aug 17 22:57:28 2001 (3B7D8538)f7b88000 f7b89080 RDPCDD RDPCDD.sys Fri Aug 17 22:46:56 2001 (3B7D82C0)f7ba4000 f7ba4d00 pciide pciide.sys Fri Aug 17 22:51:49 2001 (3B7D83E5)f7ba5000 f7ba6000 speedfan speedfan.sys Thu Mar 24 18:40:38 2005 (4242FB96)f7ba6000 f7ba6680 giveio giveio.sys Thu Apr 04 04:33:25 1996 (316334F5)f7bf2000 f7bf2c00 audstub audstub.sys Fri Aug 17 22:59:40 2001 (3B7D85BC)Unloaded modules:aae72000 aae9e000 rdbss.sysTimestamp: unavailable (00000000)Checksum: 00000000aadb3000 aae22000 mrxsmb.sysTimestamp: unavailable (00000000)Checksum: 00000000a81b1000 a8204000 srv.sys Timestamp: unavailable (00000000)Checksum: 00000000a7e53000 a7e7d000 kmixer.sysTimestamp: unavailable (00000000)Checksum: 00000000a7e53000 a7e7d000 kmixer.sysTimestamp: unavailable (00000000)Checksum: 00000000a7e53000 a7e7d000 kmixer.sysTimestamp: unavailable (00000000)Checksum: 00000000a7e53000 a7e7d000 kmixer.sysTimestamp: unavailable (00000000)Checksum: 00000000a7e53000 a7e7d000 kmixer.sysTimestamp: unavailable (00000000)Checksum: 00000000a80ff000 a8129000 kmixer.sysTimestamp: unavailable (00000000)Checksum: 00000000ef494000 ef495000 drmkaud.sysTimestamp: unavailable (00000000)Checksum: 00000000f780c000 f7819000 DMusic.sysTimestamp: unavailable (00000000)Checksum: 00000000f77fc000 f780a000 swmidi.sysTimestamp: unavailable (00000000)Checksum: 00000000a8129000 a814c000 aec.sys Timestamp: unavailable (00000000)Checksum: 00000000f7b38000 f7b3a000 splitter.sysTimestamp: unavailable (00000000)Checksum: 00000000a89fb000 a89fe000 PV8630.sysTimestamp: unavailable (00000000)Checksum: 00000000f37e0000 f37e5000 Cdaudio.SYSTimestamp: unavailable (00000000)Checksum: 00000000f553f000 f5542000 Sfloppy.SYSTimestamp: unavailable (00000000)Checksum: 00000000Closing open log file c:\debuglog.txt
-----------------------------------------------------------------------------------------
Due parole sulla metodica che prevede l'installazione di un programma, questa è la versione 6.6.3.5 del gennaio 2006.
che installerete sul vostro disco, non lo dovrete cercare perchè il tutto avviene in automatico:
A questo punto prima di tutto avrete in precedenza settato le cose nel modo che vedete nell'immagine che non ha bisogno di commento le diciture devono essere :
Immagine della memoria del Kernel
%SystemRoot%\MEMORY.DMP,
questo, come detto sopra vi farà trovare nella seconda localizzazione il file della seconda stringa che raccoglie tutto l'errore da analizzare con la metodica:
Ora siamo pronti per il collegamento dobbiamo essere collegati in internet aprite una finestra in emulazione dos ( esegui/cmd/ok ) e copia incollate in questa finesta questa parte fra i segni qui sotto, dopo esservi assicurati che in C:\Windows è presente il file MEMORY.DMP come avete settato ( vedi la prima immagine )
---------------------------------------------------------------------------------------
cd /d %ProgramFiles%\Debugging tools for windows\kd -z C:\WINDOWS\MEMORY.DMP.logopen c:\debuglog.txt.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols.reload;!analyze -v;r;kv;lmnt;.logclose;q
-----------------------------------------------------------------------------------------
vedrete che ci sarà un collegamento con Microsoft e vedrete procedere per un pò di tempo , non interevenite fino a che non vedete al fondo la scritta:Closing open log file c:\debuglog.txtLa prova è terminata e troverete un file come quello che copia/incollato sopra. Ora la cosa più difficile, anche per chi li manipola tutti i giorni è l'interpretazione ossia riuscire a risalire al responsabile della schermata blu con l'errore grave di sistema, extrapolandola dal risultato ottenuto.Qui sopra "ad abundantiam" metto un pò di schermate che vedrete scorrere, scusandomi ma non mi è permesso di andare oltre i 150 Kb come dimensione.
