Witam! już widziałem kilkanaście wypowiedzi ale nie potrzebuje zgadywania tylko konkretów, bo po raz 100 instalować wina mi sie nie chce. A problem polega na tym:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: ***Invalid***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sun Mar 8 21:34:45.437 2009 (GMT+1)
System Uptime: 0 days 8:38:25.129
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols
Loading unloaded module list
.....................
*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for hal.dll
Unable to load image afd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for afd.sys
*** ERROR: Module load completed but symbols could not be loaded for afd.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {e8, 2, 1, 806e6a16}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** WARNING: Unable to verify timestamp for avgtdix.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdix.sys
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
*** WARNING: Unable to verify timestamp for NDIS.sys
*** ERROR: Module load completed but symbols could not be loaded for NDIS.sys
*** WARNING: Unable to verify timestamp for psched.sys
*** ERROR: Module load completed but symbols could not be loaded for psched.sys
*** WARNING: Unable to verify timestamp for NVENETFD.sys
*** ERROR: Module load completed but symbols could not be loaded for NVENETFD.sys
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_KPRCB***
******
*************************************************************************
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_KPRCB***
******
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : avgtdix.sys ( avgtdix+1cb1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000e8, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 806e6a16, address which referenced memory
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_KPRCB***
******
*************************************************************************
*************************************************************************
******
******
***Your debugger is not using the correct symbols***
******
***In order for this command to work properly, your symbol path***
***must point to .pdb files that have full type information.***
******
***Certain .pdb files (such as the public OS symbols) do not***
***contain the required information. Contact the group that***
***provided you with these symbols if you need this command to***
***work.***
******
***Type referenced: nt!_KPRCB***
******
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: avgtdix
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 493fad12
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
000000e8
CURRENT_IRQL: 2
FAULTING_IP:
hal+2a16
806e6a16 8711 xchg edx,dword ptr [ecx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from b6bc7f95 to 806e6a16
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
ba4d37d4 b6bc7f95 87c16b58 87c16c48 00000000 hal+0x2a16
ba4d3804 804f16c0 89bd5650 8641c2a0 8872d380 afd+0xff95
ba4d3834 b6c29cb1 88894753 888946e0 0b01a8c0 nt+0x1a6c0
ba4d38b0 804f16c0 00000000 888946e0 87c16c48 avgtdix+0x1cb1
ba4d38e0 b6c45942 87786f00 866dd148 00000002 nt+0x1a6c0
ba4d38f8 b6c4b471 888946e0 00000000 00000000 tcpip+0x4942
ba4d390c b6c4bf10 888946e0 00000000 00000000 tcpip+0xa471
ba4d392c b6c4fd77 866dd148 ba4d3aec 00000000 tcpip+0xaf10
ba4d39b0 b6c42ef5 899e0500 0b01a8c0 275afdcf tcpip+0xed77
ba4d3a10 b6c42b19 00000020 899e0500 b6c450b6 tcpip+0x1ef5
ba4d3a8c b6c42836 b6c828f0 899e0500 88bf00d8 tcpip+0x1b19
ba4d3b44 b6c41928 899e0500 88bf00ec 0000001c tcpip+0x1836
ba4d3b84 b6c41853 00000000 8952f2b0 88bf00ca tcpip+0x928
ba4d3bc0 b9e1ab9f 89ac8280 00000000 b94efb40 tcpip+0x853
ba4d3c14 b94ea01d 00c268c8 898d7308 00000001 NDIS+0x22b9f
ba4d3c28 b94ea1b4 89bc2a68 898d7308 00000001 psched+0x801d
ba4d3c4c b94ea5f9 898e5788 00000000 89bc2a68 psched+0x81b4
ba4d3c64 b9e1ac40 898e5780 80540990 89bb5000 psched+0x85f9
ba4d3cb4 ba1fb2e4 00c268c8 89bb55d4 00000001 NDIS+0x22c40
00000000 00000000 00000000 00000000 00000000 NVENETFD+0x32e4
STACK_COMMAND: kb
FOLLOWUP_IP:
avgtdix+1cb1
b6c29cb1 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: avgtdix+1cb1
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: avgtdix.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
na pierwszy rzut oka to mój anty wirus AVG coś mota ale czy dobrze myśle?
