Help Analyzing Crash Dump and Pstat

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I just analysed a DRIVER_IRQL_NOT_LESS_OR_EQUAL crash I've been getting
lately using Dumpchk.exe and Pstat.exe. Here are the results:
Filename . . . . . . .C:\WINDOWS\MEMORY.DMP
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2600
DirectoryTableBase . .0x00039000
PfnDataBase. . . . . .0x81a13000
PsLoadedModuleList . .0x8055ab20
PsActiveProcessHead. .0x80560bd8
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x000000d1
BugCheckParameter1 . .0xffffffeb
BugCheckParameter2 . .0x00000005
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0xffffffeb

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x804e2158

NumberOfRuns . . . . .0x3
NumberOfPages. . . . .0x2ff8d
Run #1
BasePage . . . . . .0x1
PageCount. . . . . .0x9e
Run #2
BasePage . . . . . .0x100
PageCount. . . . . .0xeff
Run #3
BasePage . . . . . .0x1000
PageCount. . . . . .0x2eff0


PSTAT.EXE Info:


ModuleName Load Addr Code Data Paged LinkDate
--------------
ntoskrnl.exe 804d7000 478976 93440 1243264 Wed Aug 04 03:49:48 2004
hal.dll 806ec000 35456 42624 29952 Wed Aug 04 03:29:05 2004
KDCOM.DLL f7c6f000 2560 256 1280 Fri Aug 17 18:19:10 2001
BOOTVID.dll f7b7f000 5632 3584 0 Fri Aug 17 18:19:09 2001
imagesrv.sys f772f000 74368 17280 16512 Mon Feb 16 22:26:26 2004
ACPI.sys f7701000 110336 11008 41984 Wed Aug 04 03:37:35 2004
WMILIB.SYS f7c71000 512 0 1280 Fri Aug 17 18:37:23 2001
pci.sys f76f0000 16000 1664 34176 Wed Aug 04 03:37:45 2004
isapnp.sys f776f000 8704 768 18688 Fri Aug 17 18:28:01 2001
ohci1394.sys f777f000 40960 128 3712 Wed Aug 04 03:40:05 2004
1394BUS.SYS f778f000 31744 256 14208 Wed Aug 04 03:40:03 2004
compbatt.sys f7b83000 2560 0 2944 Fri Aug 17 18:27:58 2001
BATTC.SYS f7b87000 2432 128 3072 Fri Aug 17 18:27:52 2001
viaidexp.sys f7c73000 3456 0 0 Thu Oct 18 03:42:14 2001
PCIIDEX.SYS f79ef000 5504 512 13056 Wed Aug 04 03:29:40 2004
MountMgr.sys f779f000 1408 128 33664 Wed Aug 04 03:28:29 2004
ftdisk.sys f76d1000 5888 128 102400 Fri Aug 17 18:22:41 2001
dmload.sys f7c75000 2560 128 0 Fri Aug 17 18:28:15 2001
dmio.sys f76ab000 120960 15104 1280 Wed Aug 04 03:37:13 2004
PartMgr.sys f79f7000 1920 128 11136 Fri Aug 17 23:02:23 2001
VolSnap.sys f77af000 2560 128 35200 Wed Aug 04 03:30:14 2004
atapi.sys f7693000 44928 3584 29952 Wed Aug 04 03:29:41 2004
SCSIPORT.SYS f767b000 27648 768 50816 Wed Aug 04 03:29:39 2004
disk.sys f77bf000 8320 384 18048 Wed Aug 04 03:29:53 2004
CLASSPNP.SYS f77cf000 25472 128 15360 Wed Aug 04 03:44:26 2004
fltmgr.sys f765c000 31232 3200 60672 Wed Aug 04 03:31:17 2004
sr.sys f764a000 2048 1152 54784 Wed Aug 04 03:36:22 2004
PxHelp20.sys f79ff000 7936 7616 0 Tue Oct 28 14:55:49 2003
KSecDD.sys f7633000 10368 6912 64000 Wed Aug 04 03:29:45 2004
Ntfs.sys f75a6000 96000 7040 412544 Wed Aug 04 03:45:06 2004
NDIS.sys f7579000 22272 2688 131328 Wed Aug 04 03:44:27 2004
viaagp.sys f77df000 10368 256 24192 Wed Aug 04 03:37:42 2004
Mup.sys f755e000 14592 6272 72832 Wed Aug 04 03:45:20 2004
nic1394.sys f780f000 52096 640 0 Wed Aug 04 03:28:28 2004
amdk7.sys f794f000 9344 1408 11264 Wed Aug 04 03:29:19 2004
nv4_mini.sys f71dd000 1885344 752000 25568 Fri Oct 29 22:50:09 2004
VIDEOPRT.SYS f71c9000 11008 384 50048 Wed Aug 04 03:37:04 2004
ctaud2k.sys f7159000 187008 34720 213984 Fri Apr 11 01:02:34 2003
portcls.sys f7135000 44672 10496 65536 Wed Aug 04 03:45:47 2004
drmk.sys f795f000 5504 1280 47616 Wed Aug 04 03:37:54 2004
ks.sys f7112000 31872 128 87808 Wed Aug 04 03:45:20 2004
ctoss2k.sys f70e7000 86624 78336 1728 Tue Mar 25 06:42:52 2003
ctprxy2k.sys f7ca1000 1440 64 1632 Tue Mar 25 06:43:01 2003
gameenum.sys f7c63000 1280 128 5376 Wed Aug 04 03:38:20 2004
DLH5XND5.sys f7aa7000 14912 544 4960 Mon Oct 23 23:28:13 2000
i8042prt.sys f798f000 12160 256 23040 Wed Aug 04 03:44:36 2004
mouclass.sys f7aaf000 6144 896 5888 Wed Aug 04 03:28:32 2004
kbdclass.sys f7ab7000 6912 896 6528 Wed Aug 04 03:28:32 2004
imapi.sys f799f000 11776 256 19584 Wed Aug 04 03:30:12 2004
cdrom.sys f79af000 33536 128 5888 Wed Aug 04 03:29:52 2004
redbook.sys f79bf000 6656 1152 36352 Wed Aug 04 03:29:34 2004
usbuhci.sys f7abf000 16512 384 0 Wed Aug 04 03:38:34 2004
USBPORT.SYS f70c4000 119808 1024 10752 Wed Aug 04 03:38:34 2004
fdc.sys f7ac7000 19200 256 384 Wed Aug 04 03:29:25 2004
serial.sys f79cf000 12160 384 30464 Wed Aug 04 03:45:51 2004
serenum.sys f7c67000 2944 128 7808 Wed Aug 04 03:29:06 2004
parport.sys f70b0000 67072 1280 256 Wed Aug 04 03:29:04 2004
audstub.sys f7ebb000 128 0 512 Fri Aug 17 18:29:40 2001
rasl2tp.sys f79df000 44672 512 0 Wed Aug 04 03:44:21 2004
ndistapi.sys f7c6b000 5248 128 0 Fri Aug 17 18:25:29 2001
ndiswan.sys f7099000 71552 2432 0 Wed Aug 04 03:44:30 2004
raspppoe.sys f781f000 31360 4608 0 Wed Aug 04 03:35:06 2004
raspptp.sys f782f000 40192 896 0 Wed Aug 04 03:44:26 2004
TDI.SYS f7acf000 10880 512 256 Wed Aug 04 03:37:47 2004
psched.sys f6fc0000 52480 2176 3968 Wed Aug 04 03:34:16 2004
msgpc.sys f783f000 28416 1408 512 Wed Aug 04 03:34:11 2004
ptilink.sys f7ad7000 12928 256 0 Fri Aug 17 18:19:53 2001
raspti.sys f7adf000 11008 640 0 Fri Aug 17 18:25:32 2001
rdpdr.sys f6f8f000 75520 4608 92160 Wed Aug 04 03:31:10 2004
termdd.sys f784f000 27520 768 2560 Wed Aug 04 03:28:52 2004
swenum.sys f7ca5000 384 128 640 Wed Aug 04 03:28:41 2004
update.sys f6f5b000 2304 1920 197376 Wed Aug 04 03:28:32 2004
mssmbios.sys f751a000 4480 1024 3840 Wed Aug 04 03:37:47 2004
NDProxy.SYS f785f000 29184 2176 0 Fri Aug 17 18:25:30 2001
ha10kx2k.sys f5d70000 446304 330752 1376 Wed Apr 02 21:29:43 2003
emupia2k.sys f5d4e000 42944 86272 1344 Tue Mar 25 06:43:27 2003
ctsfm2k.sys f5d2f000 116224 800 1536 Tue Mar 25 06:43:17 2003
ctac32k.sys f5d0f000 103520 19104 1344 Tue Mar 25 06:41:22 2003
hap16v2k.sys f5cee000 97728 26496 1472 Tue Apr 01 06:37:56 2003
usbhub.sys f786f000 28032 768 21120 Wed Aug 04 03:38:40 2004
USBD.SYS f7cc3000 256 0 896 Fri Aug 17 18:32:58 2001
flpydisk.sys f7b1f000 2048 1280 11776 Wed Aug 04 03:29:24 2004
Fs_Rec.SYS f7cc9000 128 128 3584 Fri Aug 17 18:19:37 2001
Null.SYS f7d64000 0 128 384 Fri Aug 17 18:17:39 2001
Beep.SYS f7ccb000 1152 0 0 Fri Aug 17 18:17:33 2001
vga.sys f7b37000 1024 128 15360 Wed Aug 04 03:37:06 2004
mnmdd.SYS f7ccd000 0 0 1792 Fri Aug 17 18:27:28 2001
RDPCDD.sys f7ccf000 0 0 1792 Fri Aug 17 18:16:56 2001
fwdrv.sys f5c4f000 94208 376832 0 Thu Apr 15 06:30:57 2004
Msfs.SYS f7b3f000 896 128 12032 Wed Aug 04 03:30:37 2004
Npfs.SYS f7b47000 1792 256 21120 Wed Aug 04 03:30:38 2004
rasacd.sys f7089000 3840 128 512 Fri Aug 17 18:25:39 2001
ipsec.sys f5c3c000 62464 2560 1536 Wed Aug 04 03:44:27 2004
tcpip.sys f5be4000 256384 42240 20096 Wed Aug 04 03:44:39 2004
aswTdi.SYS f788f000 22112 5568 0 Sat Mar 12 05:41:38 2005
netbt.sys f5bbc000 109824 1664 34048 Wed Aug 04 03:44:36 2004
afd.sys f5b9a000 4096 2048 111488 Wed Aug 04 03:44:13 2004
netbios.sys f789f000 14976 768 12160 Wed Aug 04 03:33:19 2004
rdbss.sys f5b6f000 35328 2816 111872 Wed Oct 27 22:43:57 2004
mrxsmb.sys f5ad8000 114048 20992 275456 Wed Jan 19 00:56:50 2005
Fips.SYS f78bf000 22016 768 3584 Fri Aug 17 23:01:49 2001
ipnat.sys f5ab7000 77952 37120 5888 Wed Sep 29 19:58:36 2004
wanarp.sys f78cf000 22528 896 3456 Wed Aug 04 03:34:57 2004
arp1394.sys f78df000 53504 1536 0 Wed Aug 04 03:28:28 2004
Aavmker4.SYS f7b57000 9312 3584 0 Sat Mar 12 05:40:36 2005
hidusb.sys f5e3f000 4352 128 1920 Fri Aug 17 18:32:16 2001
HIDCLASS.SYS f78ff000 21376 256 8320 Wed Aug 04 03:38:18 2004
HIDPARSE.SYS f7b5f000 11264 1408 8576 Wed Aug 04 03:38:15 2004
HidBatt.sys f7b67000 14592 128 0 Fri Aug 17 18:27:58 2001
Cdfs.SYS f792f000 6912 640 46336 Wed Aug 04 03:44:09 2004
dump_atapi.sys f59d7000 0 0 0
dump_WMILIB.SYS f7ced000 0 0 0
win32k.sys bf800000 1614464 77184 0 Wed Aug 04 03:47:30 2004
watchdog.sys f7a1f000 3712 128 8576 Wed Aug 04 03:37:32 2004
Dxapi.sys f7c4b000 6272 384 640 Fri Aug 17 18:23:19 2001
dxg.sys bf9c1000 61312 896 0 Wed Aug 04 03:30:51 2004
dxgthk.sys f7d61000 128 0 0 Fri Aug 17 18:23:12 2001
nv4_disp.dll bf9d3000 2931968 596992 0 Fri Oct 29 22:45:58 2004
ATMFD.DLL bffa0000 208512 34560 0 Wed Aug 04 05:26:56 2004
ndisuio.sys f59f7000 7168 256 768 Wed Aug 04 03:33:10 2004
mrxdav.sys f4042000 26368 5504 129024 Wed Aug 04 03:30:49 2004
wdmaud.sys f4005000 8832 2048 64384 Wed Aug 04 03:45:03 2004
sysaudio.sys f4b27000 3072 128 47360 Wed Aug 04 03:45:54 2004
ParVdm.SYS f7ca7000 1408 128 0 Fri Aug 17 18:19:49 2001
aswMon2.SYS f3f03000 29056 46080 0 Fri Mar 11 10:13:25 2005
srv.sys f3d98000 54400 8192 240896 Wed Aug 04 03:44:44 2004
PfModNT.sys f401a000 2816 10400 0 Wed Mar 05 00:49:28 2003
aswRdr.sys f3d3c000 8320 1120 0 Sat Mar 12 05:41:55 2005
kmixer.sys f2611000 14336 35840 105216 Wed Aug 04 03:37:46 2004
ntdll.dll 7c900000 503808 20480 0 Wed Aug 04 05:26:36 2004


By the looks of things, ntoskrnl.exe is the culprit. Am I right to assume
that?

Secondly, what can I do to correct the problem? If I do an XP repair from
the disk, a) would that possibly fix the problem and b) will it effect any of
my programs and settings within XP or other programs?

This crash occurs when I am using Trillian Basic 3.1 and Winamp 5.08. As far
as I can remember, I am also using Internet Explorer at the time. I am runng
avast! Virus Scanner, Spyware Guard, Kerio Personal Firewall, Proxomitron and
Gigabyte Utility Manager in the background in my taskbar.

Thanks.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

dont quote me on it. but nowadays since programs are so big and they're
written by somebody else, and they'd be written in high levle code
anyway, people do not debug at that level. Unfortunately solving the
problem is a simple matter of troubleshooting. It's not a science

You have to close many of those background programs and see if the
problem persists. Try running the 2 suspect programs(trillion and
winamp) in safe mode. that'll tell you if it's a background process
causing the porlbme. You could try upgrading or downgrading one of the
2 programs that cause the problem

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

dont quote me on it. but nowadays since programs are so big and they're
written by somebody else, and they'd be written in high levle code
anyway, people do not debug at that level. Unfortunately solving the
problem is a simple matter of troubleshooting. It's not a science

You have to close many of those background programs and see if the
problem persists. Try running the 2 suspect programs(trillion and
winamp) in safe mode. that'll tell you if it's a background process
causing the porlbme. You could try upgrading or downgrading one of the
2 programs that cause the problem

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"james hanley" wrote:

> dont quote me on it. but nowadays since programs are so big and they're
> written by somebody else, and they'd be written in high levle code
> anyway, people do not debug at that level. Unfortunately solving the
> problem is a simple matter of troubleshooting. It's not a science
>
> You have to close many of those background programs and see if the
> problem persists. Try running the 2 suspect programs(trillion and
> winamp) in safe mode. that'll tell you if it's a background process
> causing the porlbme. You could try upgrading or downgrading one of the
> 2 programs that cause the problem
>
>

OK, thanks. I think it might have been Nero Image Drive causing the problem
as I remember that it didn't pass the Windows Verification thing, or at least
that was the message i got when I enabled it.

I just figured that since the dump and pstat pointed to ntoskrnl.exe, since
it was the next lowest adress to that of the exception, that someone could
confirm that the problem was withing ntoskrnl.xe and make a suggestion.