Awaria niebieskiego ekranu, jak odczytać wyjście WinDbg?

-1

Pobrałem kilka symboli debugowania potrzebnych przez narzędzie WinDbg. Następnie otworzyłem plik DMP utworzony przez ostatnią awarię niebieskiego ekranu. To był pokaz. Czy to problem z moim sterownikiem wideo?

WARNING: Inaccessible path: 'ImagePath'

Loading Dump File [C:\WINNT\Minidump\Mini072711-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Inaccessible path: 'ImagePath'
Symbol search path is: C:\WINNT\symbols;http://msdl.microsoft.com/download/symbols
Executable search path is: ImagePath
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.101209-1647
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Jul 27 12:52:48.208 2011 (GMT-4)
System Uptime: 0 days 3:32:55.464
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.....................
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, ba348d70, 0, 0}

Unable to load image DGAPIMon.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for DGAPIMon.SYS
*** ERROR: Module load completed but symbols could not be loaded for DGAPIMon.SYS
*** WARNING: Unable to verify timestamp for igxpmp32.sys
*** ERROR: Module load completed but symbols could not be loaded for igxpmp32.sys
Unable to load image igxpdx32.DLL, Win32 error 0n2
*** WARNING: Unable to verify timestamp for igxpdx32.DLL
*** ERROR: Module load completed but symbols could not be loaded for igxpdx32.DLL
Probably caused by : DGAPIMon.SYS ( DGAPIMon+49dd )

Followup: MachineOwner
---------

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba348d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  javaw.exe

LAST_CONTROL_TRANSFER:  from 805f894c to 805e3274

STACK_TEXT:  
a0c25ffc 805f894c eca75898 00000001 a0c26134 nt!RtlCreateSecurityDescriptor+0x2
a0c26064 80636ac7 a0c26100 eca75898 a0c26104 nt!SeQuerySecurityDescriptorInfo+0x198
a0c2607c 806379d6 e66d401c a0c26100 eca75898 nt!CmpQuerySecurityDescriptorInfo+0x23
a0c260c8 805bfe5b eda7eaa0 00000001 a0c26100 nt!CmpSecurityMethod+0xce
a0c26108 805c01c8 eda7eaa0 a0c26134 eda7ea9c nt!ObpGetObjectSecurity+0x99
a0c26138 8062f28f eda7eaa0 85448dc0 00000001 nt!ObCheckObjectAccess+0x2c
a0c26184 8062ff30 e6aaf008 0007ddf0 e6b17df4 nt!CmpDoOpen+0x2d5
a0c26384 805bf488 0007ddf0 0007ddf0 85448dc0 nt!CmpParseKey+0x5a6
a0c263fc 805bba14 00000000 a0c2643c 00000240 nt!ObpLookupObjectName+0x53c
a0c26450 80625696 00000000 8acacae8 a0c26500 nt!ObOpenObjectByName+0xea
a0c2654c a387b9dd a0c26928 82000000 a0c2665c nt!NtOpenKey+0x1c8
WARNING: Stack unwind information not available. Following frames may be wrong.
a0c265cc 80500699 badb0d00 a0c26644 00000024 DGAPIMon+0x49dd
a0c2663c 805e701e a0c26928 82000000 a0c2665c nt!ZwOpenKey+0x11
a0c268ac 805e7b2a 00000005 e729e380 00000000 nt!RtlpGetRegistryHandleAndPath+0x27a
a0c26b40 b8f93184 00000005 e729e380 a0c26ba0 nt!RtlQueryRegistryValues+0x9c
a0c26be8 b8f5885b 00000005 8538f33c 8538f43c igxpmp32+0x44184
a0c27260 b8f54a7b 88db9140 a0c27290 00000000 igxpmp32+0x985b
a0c27274 b9131729 88db9140 a0c27290 00000a0c igxpmp32+0x5a7b
a0c27338 804ef19f 88db9040 85de3f08 0000080c VIDEOPRT!pVideoPortDispatch+0xabf
a0c27348 bf86ebbd a0c27610 bf6e6cdc 00000014 nt!IopfCallDriver+0x31
a0c27378 bf86ec37 88db9040 00232150 a0c273f8 win32k!GreDeviceIoControl+0x93
a0c2739c bf376769 88db9040 00232150 a0c273f8 win32k!EngDeviceIoControl+0x1f
a0c28624 bf3b9f19 88db9040 bf6a593c bf6a5960 igxpdx32+0x8769
a0c286ac 8054167c a0c28994 80500699 badb0d00 igxpdx32+0x4bf19
a0c286ac 00000000 a0c28994 80500699 badb0d00 nt!KiFastCallEntry+0xfc


STACK_COMMAND:  kb

FOLLOWUP_IP: 
DGAPIMon+49dd
a387b9dd ??              ???

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  DGAPIMon+49dd

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: DGAPIMon

IMAGE_NAME:  DGAPIMon.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4acf7551

FAILURE_BUCKET_ID:  0x7f_8_DGAPIMon+49dd

BUCKET_ID:  0x7f_8_DGAPIMon+49dd

Followup: MachineOwner
---------

Hmm Widzę teraz, że odnosi się do javaw.exe. Czy jest to związane z JRE?

wprowadź opis zdjęcia tutaj

Czad
źródło
Proces wymieniony w minidump nie zawsze jest winowajcą, chociaż nadal jest dobrym miejscem do rozpoczęcia poszukiwań.
MBraedley,
program Java odczytujący klucz rejestru nie powinien powodować BSOD, a na pewno nie podwójnej usterki. Musi istnieć jakiś sterownik lub inny składnik, który został uruchomiony przez ten rejestr i odczytał awarię, na przykład program antywirusowy.
mihi

Odpowiedzi: