T
TECH198
Guest
Can anyone confirm I'm interpreting this correctly? This is the latest dump from windows 2003 Server.. when it BSOD'ed:
Loading Dump File [C:\Program Files\Debugging Tools for Windows (x64)\File Server Blue Screen\032119-29827-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: Symbol information
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`01668000 PsLoadedModuleList = 0xfffff800`018ade90
Debug session time: Thu Mar 21 09:02:38.585 2019 (UTC + 8:00)
System Uptime: 82 days 23:48:02.068
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
..............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Unable to load image \SystemRoot\system32\DRIVERS\snapman.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for snapman.sys
*** ERROR: Module load completed but symbols could not be loaded for snapman.sys
Unable to load image \SystemRoot\system32\DRIVERS\stcvsm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for stcvsm.sys
*** ERROR: Module load completed but symbols could not be loaded for stcvsm.sys
Probably caused by : snapman.sys ( snapman+19089 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+6236346135346235
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800016dfffe to fffff800016e8610
STACK_TEXT:
fffff880`01f66838 fffff800`016dfffe : 00000000`00000003 00000000`0000000c fffff880`01f67040 fffff800`017142a0 : nt!KeBugCheck
fffff880`01f66840 fffff800`01713f6d : fffff800`018efa10 fffff800`0182bc78 fffff800`01668000 fffff880`01f66fa0 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`01f66870 fffff800`01712d45 : fffff800`0182f0fc fffff880`01f668e8 fffff880`01f66fa0 fffff800`01668000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`01f668a0 fffff800`01716036 : fffff880`01f66fa0 fffff880`01f67040 00000000`00000001 fffff880`00000015 : nt!RtlDispatchException+0x415
fffff880`01f66f80 fffff800`016f37c1 : 00000000`00000000 fffffa80`18d27100 fffffa80`00000000 fffff880`018ff002 : nt!RtlRaiseStatus+0x4e
fffff880`01f67520 fffff880`018ff089 : 00000000`00000001 fffffa80`00000001 fffff880`01f3f180 fffff880`01911100 : nt!KeReleaseMutant+0x281
fffff880`01f675d0 00000000`00000001 : fffffa80`00000001 fffff880`01f3f180 fffff880`01911100 fffffa80`17b93c30 : snapman+0x19089
fffff880`01f675d8 fffffa80`00000001 : fffff880`01f3f180 fffff880`01911100 fffffa80`17b93c30 fffff880`018fa767 : 0x1
fffff880`01f675e0 fffff880`01f3f180 : fffff880`01911100 fffffa80`17b93c30 fffff880`018fa767 ffffd8f0`00002710 : 0xfffffa80`00000001
fffff880`01f675e8 fffff880`01911100 : fffffa80`17b93c30 fffff880`018fa767 ffffd8f0`00002710 fffff880`013b3f6f : 0xfffff880`01f3f180
fffff880`01f675f0 fffffa80`17b93c30 : fffff880`018fa767 ffffd8f0`00002710 fffff880`013b3f6f fffffa80`1b0d1900 : snapman+0x2b100
fffff880`01f675f8 fffff880`018fa767 : ffffd8f0`00002710 fffff880`013b3f6f fffffa80`1b0d1900 fffffa80`17b93c30 : 0xfffffa80`17b93c30
fffff880`01f67600 ffffd8f0`00002710 : fffff880`013b3f6f fffffa80`1b0d1900 fffffa80`17b93c30 fffff880`009bf180 : snapman+0x14767
fffff880`01f67608 fffff880`013b3f6f : fffffa80`1b0d1900 fffffa80`17b93c30 fffff880`009bf180 fffff880`0190459a : 0xffffd8f0`00002710
fffff880`01f67610 fffffa80`1b0d1900 : fffffa80`17b93c30 fffff880`009bf180 fffff880`0190459a fffffa80`1b0d19f8 : stcvsm+0xdf6f
fffff880`01f67618 fffffa80`17b93c30 : fffff880`009bf180 fffff880`0190459a fffffa80`1b0d19f8 fffffa80`1b0d19f8 : 0xfffffa80`1b0d1900
fffff880`01f67620 fffff880`009bf180 : fffff880`0190459a fffffa80`1b0d19f8 fffffa80`1b0d19f8 fffffa80`17b93c30 : 0xfffffa80`17b93c30
fffff880`01f67628 fffff880`0190459a : fffffa80`1b0d19f8 fffffa80`1b0d19f8 fffffa80`17b93c30 fffffa80`17a7ec70 : 0xfffff880`009bf180
fffff880`01f67630 fffffa80`1b0d19f8 : fffffa80`1b0d19f8 fffffa80`17b93c30 fffffa80`17a7ec70 fffff880`01f67710 : snapman+0x1e59a
fffff880`01f67638 fffffa80`1b0d19f8 : fffffa80`17b93c30 fffffa80`17a7ec70 fffff880`01f67710 00000000`00000000 : 0xfffffa80`1b0d19f8
fffff880`01f67640 fffffa80`17b93c30 : fffffa80`17a7ec70 fffff880`01f67710 00000000`00000000 fffff880`01f676d8 : 0xfffffa80`1b0d19f8
fffff880`01f67648 fffffa80`17a7ec70 : fffff880`01f67710 00000000`00000000 fffff880`01f676d8 fffff880`01903f72 : 0xfffffa80`17b93c30
fffff880`01f67650 fffff880`01f67710 : 00000000`00000000 fffff880`01f676d8 fffff880`01903f72 00000000`00000001 : 0xfffffa80`17a7ec70
fffff880`01f67658 00000000`00000000 : fffff880`01f676d8 fffff880`01903f72 00000000`00000001 00000000`00000000 : 0xfffff880`01f67710
STACK_COMMAND: kb
FOLLOWUP_IP:
snapman+19089
fffff880`018ff089 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: snapman+19089
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snapman
IMAGE_NAME: snapman.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45265d99
FAILURE_BUCKET_ID: X64_0x1E_0_snapman+19089
BUCKET_ID: X64_0x1E_0_snapman+19089
Followup: MachineOwner
---------
snapman.sys belongs to Acronis Snapshot manager..
I'm addition should I be concerned about the 'Process Name' if its 'System' ?
Additionally, is the 'Image Name' and/or module Name sufficient enough?
Continue reading...
Loading Dump File [C:\Program Files\Debugging Tools for Windows (x64)\File Server Blue Screen\032119-29827-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: Symbol information
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`01668000 PsLoadedModuleList = 0xfffff800`018ade90
Debug session time: Thu Mar 21 09:02:38.585 2019 (UTC + 8:00)
System Uptime: 82 days 23:48:02.068
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
..............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Unable to load image \SystemRoot\system32\DRIVERS\snapman.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for snapman.sys
*** ERROR: Module load completed but symbols could not be loaded for snapman.sys
Unable to load image \SystemRoot\system32\DRIVERS\stcvsm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for stcvsm.sys
*** ERROR: Module load completed but symbols could not be loaded for stcvsm.sys
Probably caused by : snapman.sys ( snapman+19089 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+6236346135346235
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800016dfffe to fffff800016e8610
STACK_TEXT:
fffff880`01f66838 fffff800`016dfffe : 00000000`00000003 00000000`0000000c fffff880`01f67040 fffff800`017142a0 : nt!KeBugCheck
fffff880`01f66840 fffff800`01713f6d : fffff800`018efa10 fffff800`0182bc78 fffff800`01668000 fffff880`01f66fa0 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`01f66870 fffff800`01712d45 : fffff800`0182f0fc fffff880`01f668e8 fffff880`01f66fa0 fffff800`01668000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`01f668a0 fffff800`01716036 : fffff880`01f66fa0 fffff880`01f67040 00000000`00000001 fffff880`00000015 : nt!RtlDispatchException+0x415
fffff880`01f66f80 fffff800`016f37c1 : 00000000`00000000 fffffa80`18d27100 fffffa80`00000000 fffff880`018ff002 : nt!RtlRaiseStatus+0x4e
fffff880`01f67520 fffff880`018ff089 : 00000000`00000001 fffffa80`00000001 fffff880`01f3f180 fffff880`01911100 : nt!KeReleaseMutant+0x281
fffff880`01f675d0 00000000`00000001 : fffffa80`00000001 fffff880`01f3f180 fffff880`01911100 fffffa80`17b93c30 : snapman+0x19089
fffff880`01f675d8 fffffa80`00000001 : fffff880`01f3f180 fffff880`01911100 fffffa80`17b93c30 fffff880`018fa767 : 0x1
fffff880`01f675e0 fffff880`01f3f180 : fffff880`01911100 fffffa80`17b93c30 fffff880`018fa767 ffffd8f0`00002710 : 0xfffffa80`00000001
fffff880`01f675e8 fffff880`01911100 : fffffa80`17b93c30 fffff880`018fa767 ffffd8f0`00002710 fffff880`013b3f6f : 0xfffff880`01f3f180
fffff880`01f675f0 fffffa80`17b93c30 : fffff880`018fa767 ffffd8f0`00002710 fffff880`013b3f6f fffffa80`1b0d1900 : snapman+0x2b100
fffff880`01f675f8 fffff880`018fa767 : ffffd8f0`00002710 fffff880`013b3f6f fffffa80`1b0d1900 fffffa80`17b93c30 : 0xfffffa80`17b93c30
fffff880`01f67600 ffffd8f0`00002710 : fffff880`013b3f6f fffffa80`1b0d1900 fffffa80`17b93c30 fffff880`009bf180 : snapman+0x14767
fffff880`01f67608 fffff880`013b3f6f : fffffa80`1b0d1900 fffffa80`17b93c30 fffff880`009bf180 fffff880`0190459a : 0xffffd8f0`00002710
fffff880`01f67610 fffffa80`1b0d1900 : fffffa80`17b93c30 fffff880`009bf180 fffff880`0190459a fffffa80`1b0d19f8 : stcvsm+0xdf6f
fffff880`01f67618 fffffa80`17b93c30 : fffff880`009bf180 fffff880`0190459a fffffa80`1b0d19f8 fffffa80`1b0d19f8 : 0xfffffa80`1b0d1900
fffff880`01f67620 fffff880`009bf180 : fffff880`0190459a fffffa80`1b0d19f8 fffffa80`1b0d19f8 fffffa80`17b93c30 : 0xfffffa80`17b93c30
fffff880`01f67628 fffff880`0190459a : fffffa80`1b0d19f8 fffffa80`1b0d19f8 fffffa80`17b93c30 fffffa80`17a7ec70 : 0xfffff880`009bf180
fffff880`01f67630 fffffa80`1b0d19f8 : fffffa80`1b0d19f8 fffffa80`17b93c30 fffffa80`17a7ec70 fffff880`01f67710 : snapman+0x1e59a
fffff880`01f67638 fffffa80`1b0d19f8 : fffffa80`17b93c30 fffffa80`17a7ec70 fffff880`01f67710 00000000`00000000 : 0xfffffa80`1b0d19f8
fffff880`01f67640 fffffa80`17b93c30 : fffffa80`17a7ec70 fffff880`01f67710 00000000`00000000 fffff880`01f676d8 : 0xfffffa80`1b0d19f8
fffff880`01f67648 fffffa80`17a7ec70 : fffff880`01f67710 00000000`00000000 fffff880`01f676d8 fffff880`01903f72 : 0xfffffa80`17b93c30
fffff880`01f67650 fffff880`01f67710 : 00000000`00000000 fffff880`01f676d8 fffff880`01903f72 00000000`00000001 : 0xfffffa80`17a7ec70
fffff880`01f67658 00000000`00000000 : fffff880`01f676d8 fffff880`01903f72 00000000`00000001 00000000`00000000 : 0xfffff880`01f67710
STACK_COMMAND: kb
FOLLOWUP_IP:
snapman+19089
fffff880`018ff089 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: snapman+19089
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snapman
IMAGE_NAME: snapman.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45265d99
FAILURE_BUCKET_ID: X64_0x1E_0_snapman+19089
BUCKET_ID: X64_0x1E_0_snapman+19089
Followup: MachineOwner
---------
snapman.sys belongs to Acronis Snapshot manager..
I'm addition should I be concerned about the 'Process Name' if its 'System' ?
Additionally, is the 'Image Name' and/or module Name sufficient enough?
Continue reading...