En cierto foro, un usuario tenía con cierta frecuencia
BSOD (Blue Screen of Dead). El equipo, un portátil HP Pavilion dv5, estaba recién comprado. Lo único que había hecho con él era conectarse a Internet y no había instalado ningún software adicional ni driver. Tras tener estos problemas, fue a la tienda a pedir que se lo cambiaran por otro con lo que tuvo de nuevo el mismo problema.
Le pedí al usuario que analizara el volcado de memoria del error mediante la herramienta Windows Debugger (
http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx) y que me dejara la salida.
Para analizar el archivo .dmp, se cargan los símbolos del programa (
File /
Symbol File Path) y teclear:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Para cargar el volcado de memoria, desde el menú
File /
Open Crash Dump, se localiza en el directorio %windir%/minidump, el/los archivos pertinentes, cuyo nombre indica la fecha de creación. Mini020709-02.dmp significa que el volcado se ha producido el día 07 de 02 de 09 y es el volcado nº 02 de ese día.
Las salidas eran idénticas en todos los análisis:
Microsoft (R) Windows Debugger Version 6.11.0001.402 X86Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\David\Escritorio\Mini020709-02.dmp]Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbolsExecutable search path is: Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTS PersonalBuilt by: 6001.18145.x86fre.vistasp1_gdr.080917-1612Machine Name:Kernel base = 0x81c0c000 PsLoadedModuleList = 0x81d23c70Debug session time: Sat Feb 7 16:46:48.583 2009 (GMT+1)System Uptime: 0 days 0:26:51.651Loading Kernel Symbols...............................................................................................................................................................................................................Loading User SymbolsLoading unloaded module list....******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 110b, 80a0006, 8694d7b0}
*** WARNING: Unable to verify timestamp for NetMotCM.sys*** ERROR: Module load completed but symbols could not be loaded for NetMotCM.sysGetPointerFromAddress: unable to read from 81d43868Unable to read MiSystemVaType memory at 81d23420*** WARNING: Unable to verify timestamp for nvraid.sys*** ERROR: Module load completed but symbols could not be loaded for nvraid.sys*** WARNING: Unable to verify timestamp for aliide.sys*** ERROR: Module load completed but symbols could not be loaded for aliide.sys*** WARNING: Unable to verify timestamp for amdide.sys*** ERROR: Module load completed but symbols could not be loaded for amdide.sys*** WARNING: Unable to verify timestamp for cmdide.sys*** ERROR: Module load completed but symbols could not be loaded for cmdide.sys*** WARNING: Unable to verify timestamp for viaide.sys*** ERROR: Module load completed but symbols could not be loaded for viaide.sys*** WARNING: Unable to verify timestamp for nvstor.sys*** ERROR: Module load completed but symbols could not be loaded for nvstor.sys*** WARNING: Unable to verify timestamp for iaStor.sys*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys*** WARNING: Unable to verify timestamp for iastorv.sys*** ERROR: Module load completed but symbols could not be loaded for iastorv.sys*** WARNING: Unable to verify timestamp for lsi_scsi.sys*** ERROR: Module load completed but symbols could not be loaded for lsi_scsi.sys*** WARNING: Unable to verify timestamp for hpcisss.sys*** ERROR: Module load completed but symbols could not be loaded for hpcisss.sys*** WARNING: Unable to verify timestamp for adp94xx.sys*** ERROR: Module load completed but symbols could not be loaded for adp94xx.sys*** WARNING: Unable to verify timestamp for adpahci.sys*** ERROR: Module load completed but symbols could not be loaded for adpahci.sys*** WARNING: Unable to verify timestamp for adpu160m.sys*** ERROR: Module load completed but symbols could not be loaded for adpu160m.sys*** WARNING: Unable to verify timestamp for adpu320.sys*** ERROR: Module load completed but symbols could not be loaded for adpu320.sys*** WARNING: Unable to verify timestamp for djsvs.sys*** ERROR: Module load completed but symbols could not be loaded for djsvs.sys*** WARNING: Unable to verify timestamp for arc.sys*** ERROR: Module load completed but symbols could not be loaded for arc.sys*** WARNING: Unable to verify timestamp for arcsas.sys*** ERROR: Module load completed but symbols could not be loaded for arcsas.sys*** WARNING: Unable to verify timestamp for uliahci.sys*** ERROR: Module load completed but symbols could not be loaded for uliahci.sys*** WARNING: Unable to verify timestamp for ulsata2.sys*** ERROR: Module load completed but symbols could not be loaded for ulsata2.sys*** WARNING: Unable to verify timestamp for vsmraid.sys*** ERROR: Module load completed but symbols could not be loaded for vsmraid.sys*** WARNING: Unable to verify timestamp for elxstor.sys*** ERROR: Module load completed but symbols could not be loaded for elxstor.sys*** WARNING: Unable to verify timestamp for iirsp.sys*** ERROR: Module load completed but symbols could not be loaded for iirsp.sys*** WARNING: Unable to verify timestamp for iteatapi.sys*** ERROR: Module load completed but symbols could not be loaded for iteatapi.sys*** WARNING: Unable to verify timestamp for iteraid.sys*** ERROR: Module load completed but symbols could not be loaded for iteraid.sys*** WARNING: Unable to verify timestamp for lsi_fc.sys*** ERROR: Module load completed but symbols could not be loaded for lsi_fc.sys*** WARNING: Unable to verify timestamp for lsi_sas.sys*** ERROR: Module load completed but symbols could not be loaded for lsi_sas.sys*** WARNING: Unable to verify timestamp for megasas.sys*** ERROR: Module load completed but symbols could not be loaded for megasas.sys*** WARNING: Unable to verify timestamp for megasr.sys*** ERROR: Module load completed but symbols could not be loaded for megasr.sys*** WARNING: Unable to verify timestamp for mraid35x.sys*** ERROR: Module load completed but symbols could not be loaded for mraid35x.sys*** WARNING: Unable to verify timestamp for nfrd960.sys*** ERROR: Module load completed but symbols could not be loaded for nfrd960.sys*** WARNING: Unable to verify timestamp for ql2300.sys*** ERROR: Module load completed but symbols could not be loaded for ql2300.sys*** WARNING: Unable to verify timestamp for ql40xx.sys*** ERROR: Module load completed but symbols could not be loaded for ql40xx.sys*** WARNING: Unable to verify timestamp for sisraid2.sys*** ERROR: Module load completed but symbols could not be loaded for sisraid2.sys*** WARNING: Unable to verify timestamp for sisraid4.sys*** ERROR: Module load completed but symbols could not be loaded for sisraid4.sys*** WARNING: Unable to verify timestamp for symc8xx.sys*** ERROR: Module load completed but symbols could not be loaded for symc8xx.sys*** WARNING: Unable to verify timestamp for sym_hi.sys*** ERROR: Module load completed but symbols could not be loaded for sym_hi.sys*** WARNING: Unable to verify timestamp for sym_u3.sys*** ERROR: Module load completed but symbols could not be loaded for sym_u3.sys*** WARNING: Unable to verify timestamp for ulsata.sys*** ERROR: Module load completed but symbols could not be loaded for ulsata.sys*** ERROR: Module load completed but symbols could not be loaded for spldr.sys*** WARNING: Unable to verify timestamp for hpdskflt.sys*** ERROR: Module load completed but symbols could not be loaded for hpdskflt.sys*** WARNING: Unable to verify timestamp for SynTP.sys*** ERROR: Module load completed but symbols could not be loaded for SynTP.sys*** WARNING: Unable to verify timestamp for enecir.sys*** ERROR: Module load completed but symbols could not be loaded for enecir.sys*** WARNING: Unable to verify timestamp for Accelerometer.sys*** ERROR: Module load completed but symbols could not be loaded for Accelerometer.sys*** WARNING: Unable to verify timestamp for nvlddmkm.sys*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys*** WARNING: Unable to verify timestamp for NETw5v32.sys*** ERROR: Module load completed but symbols could not be loaded for NETw5v32.sys*** WARNING: Unable to verify timestamp for Rtlh86.sys*** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys*** WARNING: Unable to verify timestamp for jmcr.sys*** ERROR: Module load completed but symbols could not be loaded for jmcr.sys*** WARNING: Unable to verify timestamp for HpqKbFiltr.sys*** ERROR: Module load completed but symbols could not be loaded for HpqKbFiltr.sys*** WARNING: Unable to verify timestamp for stwrt.sys*** ERROR: Module load completed but symbols could not be loaded for stwrt.sys*** WARNING: Unable to verify timestamp for drmk.sys*** ERROR: Module load completed but symbols could not be loaded for drmk.sys*** WARNING: Unable to verify timestamp for nvhda32v.sys*** ERROR: Module load completed but symbols could not be loaded for nvhda32v.sys*** WARNING: Unable to verify timestamp for SYMTDI.SYS*** ERROR: Module load completed but symbols could not be loaded for SYMTDI.SYS*** WARNING: Unable to verify timestamp for SYMEVENT.SYS*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS*** WARNING: Unable to verify timestamp for SYMREDRV.SYS*** ERROR: Module load completed but symbols could not be loaded for SYMREDRV.SYS*** WARNING: Unable to verify timestamp for SYMDNS.SYS*** ERROR: Module load completed but symbols could not be loaded for SYMDNS.SYS*** WARNING: Unable to verify timestamp for SYMNDISV.SYS*** ERROR: Module load completed but symbols could not be loaded for SYMNDISV.SYS*** WARNING: Unable to verify timestamp for SYMFW.SYS*** ERROR: Module load completed but symbols could not be loaded for SYMFW.SYS*** WARNING: Unable to verify timestamp for SymIMv.sys*** ERROR: Module load completed but symbols could not be loaded for SymIMv.sys*** WARNING: Unable to verify timestamp for SRTSPX.SYS*** ERROR: Module load completed but symbols could not be loaded for SRTSPX.SYS*** WARNING: Unable to verify timestamp for SPBBCDrv.sys*** ERROR: Module load completed but symbols could not be loaded for SPBBCDrv.sys*** WARNING: Unable to verify timestamp for vfs101x.sys*** ERROR: Module load completed but symbols could not be loaded for vfs101x.sys*** WARNING: Unable to verify timestamp for IDSvix86.sys*** ERROR: Module load completed but symbols could not be loaded for IDSvix86.sys*** WARNING: Unable to verify timestamp for eeCtrl.sys*** ERROR: Module load completed but symbols could not be loaded for eeCtrl.sys*** WARNING: Unable to verify timestamp for EraserUtilRebootDrv.sys*** ERROR: Module load completed but symbols could not be loaded for EraserUtilRebootDrv.sys*** WARNING: Unable to verify timestamp for dump_iaStor.sys*** ERROR: Module load completed but symbols could not be loaded for dump_iaStor.sys*** WARNING: Unable to verify timestamp for win32k.sys*** ERROR: Module load completed but symbols could not be loaded for win32k.sys*** WARNING: Unable to verify timestamp for TSDDD.dll*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll*** WARNING: Unable to verify timestamp for cdd.dll*** ERROR: Module load completed but symbols could not be loaded for cdd.dll*** WARNING: Unable to verify timestamp for spsys.sys*** ERROR: Module load completed but symbols could not be loaded for spsys.sys*** WARNING: Unable to verify timestamp for CO_Mon.sys*** ERROR: Module load completed but symbols could not be loaded for CO_Mon.sys*** ERROR: Symbol file could not be found. Defaulted to export symbols for peauth.sys - *** WARNING: Unable to verify timestamp for secdrv.SYS*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS*** WARNING: Unable to verify timestamp for SRTSP.SYS*** ERROR: Module load completed but symbols could not be loaded for SRTSP.SYS*** WARNING: Unable to verify timestamp for NAVEX15.SYS*** ERROR: Module load completed but symbols could not be loaded for NAVEX15.SYS*** WARNING: Unable to verify timestamp for NAVENG.SYS*** ERROR: Module load completed but symbols could not be loaded for NAVENG.SYSProbably caused by : NetMotCM.sys ( NetMotCM+2181 )
Followup: MachineOwner---------
0: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************
BAD_POOL_CALLER (c2)The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.Arguments:Arg1: 00000007, Attempt to free pool which was already freedArg2: 0000110b, (reserved)Arg3: 080a0006, Memory contents of the pool blockArg4: 8694d7b0, Address of the block of pool being deallocated
Debugging Details:------------------
GetPointerFromAddress: unable to read from 81d43868Unable to read MiSystemVaType memory at 81d23420
POOL_ADDRESS: GetPointerFromAddress: unable to read from 81d43868Unable to read MiSystemVaType memory at 81d23420 8694d7b0
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 81cfa00c to 81cd90e3
STACK_TEXT: 81d01b5c 81cfa00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e81d01bd0 81cf93ae 8694d7b0 00000000 81d01c28 nt!ExFreePoolWithTag+0x17f81d01be0 914a6181 8694d7b0 86921e53 86921d50 nt!ExFreePool+0xfWARNING: Stack unwind information not available. Following frames may be wrong.81d01c28 8ecf6b37 81c604c4 869c9320 00000000 NetMotCM+0x218181d01c64 8ecf99fd 87500028 86921d50 869194e8 USBPORT!USBPORT_Core_iCompleteDoneTransfer+0x6cb81d01c94 8ecfb06a 87500028 39585043 87500bf8 USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x4f581d01cc0 8ecf4274 87500028 87500bf8 87500002 USBPORT!USBPORT_Core_UsbIocDpc_Worker+0x12281d01ce8 81cc2450 87500c04 34776478 00000000 USBPORT!USBPORT_Xdpc_Worker+0x27481d01d50 81cc0edd 00000000 0000000e 00000000 nt!KiRetireDpcList+0x14781d01d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49
STACK_COMMAND: kb
FOLLOWUP_IP: NetMotCM+2181914a6181 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NetMotCM+2181
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NetMotCM
IMAGE_NAME: NetMotCM.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3be7ec01
FAILURE_BUCKET_ID: 0xc2_7_NetMotCM+2181
BUCKET_ID: OLD_IMAGE_NetMotCM.sys
Followup: MachineOwner
Era sorprendente ver toda la morralla de drivers que había instalado el OEM, pero, aparentemente, la causa del error apuntaba al driver NetMotCM.sys:
*** WARNING: Unable to verify timestamp for NetMotCM.sys*** ERROR: Module load completed but symbols could not be loaded for NetMotCM.sysGetPointerFromAddress: unable to read from 81d43868Unable to read MiSystemVaType memory at 81d23420
...
IMAGE_NAME:
NetMotCM.sys Entonces, le pedí al usuario que me indicara a qué dispositivo pertenecía dicho driver y de qué fabricante era, puesto que no se trataba de un driver de Windows (no se habían podido cargar los símbolos para él). En la entrada Propiedades del menú contextual del fichero, pudo determinar que el driver era propiedad de Motorola; concretamente pertenecía al módem USB SB4200, que había instalado el mismo usuario con unos drivers que tenía guardados en el CD que se proporcionaba con el mismo módem. El problema se hubiera podido solucionar instalando la versión más reciente del controlador, pero accedí a la web del fabricante y éste no ofrecía soporte para Windows Vista, con lo cual le dije al usuario que le pidiera a la operadora de Internet un router, por ser mucho menos problemáticos que los módems USB y mucho más compatibles. Tras tirar de un punto de restauración anterior a la instalación del susodicho driver, se solucionó el molesto problema.
.JPG)
.JPG)
.JPG)
.JPG)
.JPG)
.JPG)
