Windbg av5flt.sys
joang40a
Messages postés
4
Statut
Membre
-
futurexpert -
futurexpert -
Bonjour,
Suite à de multiple extinction pc après démarrage (sur le bureau) je me suis renseigné sur le sujet ce qui m'a ammené a Windbg
sur les differentes analyses précédente ntoskrnl.exe était en cause ne sachant pas comment déboguer, par la cosole de récupération avec la commande EXPAND j'ai pu me dépanner. Actuellement c'est le fichier av5flt.sys qui est en cause.
C'est maintenant que j'ai besoin de personne compétente pour m'éclairer d'avantage et voir comment déboguer Merci à vous tous qui rendez de précieux service.
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [I:\WINDOWS\Minidump\Mini122107-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Fri Dec 21 17:47:14.941 2007 (GMT+1)
System Uptime: 0 days 0:03:39.500
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D4, {f7830700, ff, 1, 80512922}
Unable to load image \SystemRoot\system32\drivers\av5flt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for av5flt.sys
*** ERROR: Module load completed but symbols could not be loaded for av5flt.sys
Probably caused by : av5flt.sys ( av5flt+d25 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD (d4)
A driver unloaded without cancelling lookaside lists, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
An attempt was made to access the driver at raised IRQL after it unloaded.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f7830700, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80512922, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: f7830700
CURRENT_IRQL: ff
FAULTING_IP:
nt!ExfInterlockedInsertTailList+d
80512922 8910 mov dword ptr [eax],edx
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD4
TRAP_FRAME: f79beba4 -- (.trap 0xfffffffff79beba4)
ErrCode = 00000002
eax=f7830700 ebx=80511f1a ecx=8054f1d0 edx=efc55e68 esi=00000000 edi=804d4b49
eip=80512922 esp=f79bec18 ebp=f79bec24 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010046
nt!ExfInterlockedInsertTailList+0xd:
80512922 8910 mov dword ptr [eax],edx ds:0023:f7830700=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 804dce53 to 805266db
STACK_TEXT:
f79beb88 804dce53 0000000a f7830700 000000ff nt!KeBugCheckEx+0x19
f79beb88 80512922 0000000a f7830700 000000ff nt!KiTrap0E+0x2ad
f79bec18 804d4bbc 8054f1c8 f79bec90 efc45d25 nt!ExfInterlockedInsertTailList+0xd
f79bec24 efc45d25 efc55e38 00000000 00000000 nt!ExInitializeNPagedLookasideList+0x75
WARNING: Stack unwind information not available. Following frames may be wrong.
f79bec90 80558d13 84cd9438 84e22000 00000000 av5flt+0xd25
f79bed4c 80550cfb 0000079c 84e22000 84cd9438 nt!IopLoadDriver+0x5e0
f79bed74 804ed629 0000079c 00000000 857cc640 nt!IopLoadUnloadDriver+0x43
f79bedac 8057c73a f0a38cf4 00000000 00000000 nt!ExpWorkerThread+0xfe
f79beddc 805124c1 804ed556 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
av5flt+d25
efc45d25 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: av5flt+d25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: av5flt
IMAGE_NAME: av5flt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: 0xD4_W_av5flt+d25
BUCKET_ID: 0xD4_W_av5flt+d25
Followup: MachineOwner
---------
kd> g
^ No runnable debuggees error in 'g'
kd> g
^ No runnable debuggees error in 'g'
Suite à de multiple extinction pc après démarrage (sur le bureau) je me suis renseigné sur le sujet ce qui m'a ammené a Windbg
sur les differentes analyses précédente ntoskrnl.exe était en cause ne sachant pas comment déboguer, par la cosole de récupération avec la commande EXPAND j'ai pu me dépanner. Actuellement c'est le fichier av5flt.sys qui est en cause.
C'est maintenant que j'ai besoin de personne compétente pour m'éclairer d'avantage et voir comment déboguer Merci à vous tous qui rendez de précieux service.
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [I:\WINDOWS\Minidump\Mini122107-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Fri Dec 21 17:47:14.941 2007 (GMT+1)
System Uptime: 0 days 0:03:39.500
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D4, {f7830700, ff, 1, 80512922}
Unable to load image \SystemRoot\system32\drivers\av5flt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for av5flt.sys
*** ERROR: Module load completed but symbols could not be loaded for av5flt.sys
Probably caused by : av5flt.sys ( av5flt+d25 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD (d4)
A driver unloaded without cancelling lookaside lists, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
An attempt was made to access the driver at raised IRQL after it unloaded.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f7830700, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80512922, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: f7830700
CURRENT_IRQL: ff
FAULTING_IP:
nt!ExfInterlockedInsertTailList+d
80512922 8910 mov dword ptr [eax],edx
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD4
TRAP_FRAME: f79beba4 -- (.trap 0xfffffffff79beba4)
ErrCode = 00000002
eax=f7830700 ebx=80511f1a ecx=8054f1d0 edx=efc55e68 esi=00000000 edi=804d4b49
eip=80512922 esp=f79bec18 ebp=f79bec24 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010046
nt!ExfInterlockedInsertTailList+0xd:
80512922 8910 mov dword ptr [eax],edx ds:0023:f7830700=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 804dce53 to 805266db
STACK_TEXT:
f79beb88 804dce53 0000000a f7830700 000000ff nt!KeBugCheckEx+0x19
f79beb88 80512922 0000000a f7830700 000000ff nt!KiTrap0E+0x2ad
f79bec18 804d4bbc 8054f1c8 f79bec90 efc45d25 nt!ExfInterlockedInsertTailList+0xd
f79bec24 efc45d25 efc55e38 00000000 00000000 nt!ExInitializeNPagedLookasideList+0x75
WARNING: Stack unwind information not available. Following frames may be wrong.
f79bec90 80558d13 84cd9438 84e22000 00000000 av5flt+0xd25
f79bed4c 80550cfb 0000079c 84e22000 84cd9438 nt!IopLoadDriver+0x5e0
f79bed74 804ed629 0000079c 00000000 857cc640 nt!IopLoadUnloadDriver+0x43
f79bedac 8057c73a f0a38cf4 00000000 00000000 nt!ExpWorkerThread+0xfe
f79beddc 805124c1 804ed556 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
av5flt+d25
efc45d25 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: av5flt+d25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: av5flt
IMAGE_NAME: av5flt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: 0xD4_W_av5flt+d25
BUCKET_ID: 0xD4_W_av5flt+d25
Followup: MachineOwner
---------
kd> g
^ No runnable debuggees error in 'g'
kd> g
^ No runnable debuggees error in 'g'
