gocho | Bonjour à tous,
Aujourd'hui comme plusieurs fois ces temps ci depuis que j'ai changé de config, mon pc a subi un BSOD.
J'ai tenté d'ouvrir les fichiers dump, mais j'suis pas sur de ce que je peux en faire.
Voici le résultat que j'ai des deux fichiers dump que j'ai à ma disposition.
Si quelqu'un est habitué à ce genre de trucs 
Citation :
Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a039d899728902, 0, 519491ef0db6ff06, 101}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driv [...] ching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d899728902, Reserved
Arg2: 0000000000000000, Reserved
Arg3: 519491ef0db6ff06, Failure type dependent information
Arg4: 0000000000000101, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002cd6f00
STACK_TEXT:
fffff880`031b65d8 00000000`00000000 : 00000000`00000109 a3a039d8`99728902 00000000`00000000 519491ef`0db6ff06 : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: BAD_STACK
Followup: MachineOwner
---------
|
Citation :
Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff3000a4b50f0, 1, fffff80002f697b8, 7}
Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Could not read faulting driver name
Probably caused by : MpFilter.sys ( MpFilter+1fa90 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff3000a4b50f0, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff80002f697b8, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000007, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eaa0e0
fffff3000a4b50f0
FAULTING_IP:
nt!ObpCreateHandle+548
fffff800`02f697b8 4889442460 mov qword ptr [rsp+60h],rax
MM_INTERNAL_CODE: 7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: des2svr.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88006de5ec0 -- (.trap 0xfffff88006de5ec0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80036cf040 rbx=0000000000000000 rcx=0000000000000001
rdx=fffff8a002dfb530 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002f697b8 rsp=fffff88006de6050 rbp=00000000746c6644
r8=0000000000000000 r9=fffff88006de61b0 r10=ffffffffffffffff
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po cy
nt!ObpCreateHandle+0x548:
fffff800`02f697b8 4889442460 mov qword ptr [rsp+60h],rax ss:0018:fffff880`06de60b0=0000000000000000
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cf1b19 to fffff80002c73f00
STACK_TEXT:
fffff880`06de5d58 fffff800`02cf1b19 : 00000000`00000050 fffff300`0a4b50f0 00000000`00000001 fffff880`06de5ec0 : nt!KeBugCheckEx
fffff880`06de5d60 fffff800`02c71fee : 00000000`00000001 fffff880`06de61b0 fffff8a0`02ded100 fffffa80`05fca2e0 : nt! ?? ::FNODOBFM::`string'+0x40edb
fffff880`06de5ec0 fffff800`02f697b8 : fffff8a0`02c22ae8 fffff880`00000038 fffff980`06380410 fffffa80`00000038 : nt!KiPageFault+0x16e
fffff880`06de6050 fffff800`02f390f9 : 00000000`00000001 fffff8a0`02dfb530 00000000`00000000 00000000`00000000 : nt!ObpCreateHandle+0x548
fffff880`06de6160 fffff800`02f50ce4 : fffff880`06de6490 00000000`00000008 fffff8a0`02dfb530 00000000`00000008 : nt!ObOpenObjectByPointerWithTag+0x109
fffff880`06de6380 fffff800`02c73153 : fffffa80`05cfdb60 fffff800`00000008 fffff8a0`02c3d820 fffffa80`04bbf1a0 : nt!NtOpenProcessTokenEx+0x114
fffff880`06de6410 fffff800`02c6f6f0 : fffff880`02d00a90 fffff8a0`02c3d820 00000000`00000005 fffffa80`0471fa80 : nt!KiSystemServiceCopyEnd+0x13
fffff880`06de65a8 fffff880`02d00a90 : fffff8a0`02c3d820 00000000`00000005 fffffa80`0471fa80 fffff880`00c0bc50 : nt!KiServiceLinkage
fffff880`06de65b0 fffff8a0`02c3d820 : 00000000`00000005 fffffa80`0471fa80 fffff880`00c0bc50 fffff880`06de65e0 : MpFilter+0x1fa90
fffff880`06de65b8 00000000`00000005 : fffffa80`0471fa80 fffff880`00c0bc50 fffff880`06de65e0 00000000`00000286 : 0xfffff8a0`02c3d820
fffff880`06de65c0 fffffa80`0471fa80 : fffff880`00c0bc50 fffff880`06de65e0 00000000`00000286 00000000`00000000 : 0x5
fffff880`06de65c8 fffff880`00c0bc50 : fffff880`06de65e0 00000000`00000286 00000000`00000000 00000000`00000018 : 0xfffffa80`0471fa80
fffff880`06de65d0 fffff880`06de65e0 : 00000000`00000286 00000000`00000000 00000000`00000018 fffff880`02ce7128 : fltmgr!FltRetrieveIoPriorityInfo
fffff880`06de65d8 00000000`00000286 : 00000000`00000000 00000000`00000018 fffff880`02ce7128 fffff880`02cf53b2 : 0xfffff880`06de65e0
fffff880`06de65e0 00000000`00000000 : 00000000`00000018 fffff880`02ce7128 fffff880`02cf53b2 00000000`00000000 : 0x286
STACK_COMMAND: kb
FOLLOWUP_IP:
MpFilter+1fa90
fffff880`02d00a90 ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: MpFilter+1fa90
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MpFilter
IMAGE_NAME: MpFilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a306cf1
FAILURE_BUCKET_ID: X64_0x50_MpFilter+1fa90
BUCKET_ID: X64_0x50_MpFilter+1fa90
Followup: MachineOwner
---------
|
Je vois bien les fichiers cités etc, j'ai regardé ce qu'est le fichier mpfilter.sys mas c'est apparemment un fichier lié a système de protection de win7 :-/ |
