Windows Crashlog Verständnissfrage

Hallo zusammen

habe hier diverse baugleiche Win Xp 64bit Systeme, auf welchen auch die gleiche Software läuft. Einer dieser Rechner neigt dazu, hin und wieder recht unvorhersehbar abzustürzen. Die RAM Riegel sind es nicht, da ich diese schon mal gegen die in einem anderen System getauscht habe. Vllt kann mir ja einer einen kurzen Tipp geben, was mir die Infos aus folgendem Crashlog sagen. Wäre für jeden Tipp sehr dankbar.

Thomas


Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available


WARNING: Dump file has been truncated. Data may be missing.

Symbol search path is: * Invalid *

• Symbol loading may be unreliable without a symbol search path. *
• Use .symfix to have the debugger choose a symbol path. *
• After setting your symbol path, use .reload to refresh symbol locations. *

Executable search path is:
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*
* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011ad0c0
Debug session time: Sun Dec 28 18:36:29.078 2008 (GMT+2)
System Uptime: 0 days 0:04:46.942
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*
* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
Loading User Symbols

Loading unloaded module list
*

• *
• Bugcheck Analysis *
• *

*

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffff84200107ca0, d, 0, fffff800010517d9}

* ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
* Kernel symbols are WRONG. Please fix symbols to do analysis.

*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*
Probably caused by : ntkrnlmp.exe ( nt!KeSynchronizeExecution+aa9 )

Followup: MachineOwner

0: kd> !analyze -v
*

• *
• Bugcheck Analysis *
• *

*

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff84200107ca0, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800010517d9, address which referenced memory

Debugging Details:

* Kernel symbols are WRONG. Please fix symbols to do analysis.

*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*

MODULE_NAME: nt

FAULTING_MODULE: fffff80001000000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42436123

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffff84200107ca0

CURRENT_IRQL: 0

FAULTING_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from fffff8000104fef4 to fffff800010501d0

STACK_TEXT:
fffff800`001078b8 fffff800`0104fef4 : 00000000`0000000a fffff842`00107ca0 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
fffff800`001078c0 fffff800`0104ef07 : fffffadf`cdbcd380 fffffadf`c3628c98 00000000`00000000 00000000`00000000 : nt!ZwUnloadKey+0x22a4
fffff800`00107a40 fffff800`010517d9 : 00000000`00000000 01c9690a`6f119042 fffff800`0118b480 fffffadf`ce873280 : nt!ZwUnloadKey+0x12b7
fffff800`00107bd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0xaa9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!KeSynchronizeExecution+aa9

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

0: kd> !analyze -v
*

• *
• Bugcheck Analysis *
• *

*

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff84200107ca0, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800010517d9, address which referenced memory

Debugging Details:

* Kernel symbols are WRONG. Please fix symbols to do analysis.

*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*
* *
* *
* Your debugger is not using the correct symbols *
* *
* In order for this command to work properly, your symbol path *
* must point to .pdb files that have full type information. *
* *
* Certain .pdb files (such as the public OS symbols) do not *
* contain the required information. Contact the group that *
* provided you with these symbols if you need this command to *
* work. *
* *
* Type referenced: nt!_KPRCB *
* *
*
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

*
*

• Symbols can not be loaded because symbol path is not initialized. *
• *
• The Symbol Path can be set by: *
• using the _NT_SYMBOL_PATH environment variable. *
• using the -y <symbol_path> argument when starting the debugger. *
• using .sympath and .sympath+ *

***

MODULE_NAME: nt

FAULTING_MODULE: fffff80001000000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42436123

READ_ADDRESS: fffff84200107ca0

CURRENT_IRQL: 0

FAULTING_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from fffff8000104fef4 to fffff800010501d0

STACK_TEXT:
fffff800`001078b8 fffff800`0104fef4 : 00000000`0000000a fffff842`00107ca0 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
fffff800`001078c0 fffff800`0104ef07 : fffffadf`cdbcd380 fffffadf`c3628c98 00000000`00000000 00000000`00000000 : nt!ZwUnloadKey+0x22a4
fffff800`00107a40 fffff800`010517d9 : 00000000`00000000 01c9690a`6f119042 fffff800`0118b480 fffffadf`ce873280 : nt!ZwUnloadKey+0x12b7
fffff800`00107bd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0xaa9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KeSynchronizeExecution+aa9
fffff800`010517d9 48837d5000 cmp qword ptr [rbp+50h],0

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!KeSynchronizeExecution+aa9

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner