long_int Posted August 30, 2010 Report Share Posted August 30, 2010 Greetings. I know how to view kernel dumps on Windows but I don't know very much about interpreting them. Obviously, the dump below indicates ntkrpamp.exe as being the problematic executable. I don't know what the flagged memory addresses mean or anything about the stack dump. Reading the dump itself leads me to believe it's not exactly possible to pinpoint the specific cause. However, I've been reading other threads similar to this issue and suggestions were made that this can be the result of anti-virus software or corrupted virtual memory.Is anyone able to break this dump down and help me understand it better?Microsoft (R) Windows Debugger Version 6.12.0002.633 X86Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\Documents and Settings\Chris\Desktop\MEMORY.DMP]Kernel Summary Dump File: Only kernel address space is availableSymbol search path is: C:\Windows\SymbolsExecutable search path is: Windows XP Kernel Version 2600 (Service Pack 3) MP (8 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 2600.xpsp.080413-2111Machine Name:Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720Debug session time: Mon Aug 30 01:54:28.515 2010 (UTC - 4:00)System Uptime: 0 days 0:55:50.135Loading Kernel Symbols...........................................................................................................Loading User SymbolsLoading unloaded module list..............******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck A, {968baa0, 1c, 0, 80502cb7}Probably caused by : ntkrpamp.exe ( nt!KiUnlinkThread+7 )Followup: MachineOwner---------0: kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************IRQL_NOT_LESS_OR_EQUAL (a)An attempt was made to access a pageable (or completely invalid) address at aninterrupt request level (IRQL) that is too high. This is usuallycaused by drivers using improper addresses.If a kernel debugger is available get the stack backtrace.Arguments:Arg1: 0968baa0, memory referencedArg2: 0000001c, IRQLArg3: 00000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)Arg4: 80502cb7, address which referenced memoryDebugging Details:------------------READ_ADDRESS: 0968baa0 CURRENT_IRQL: 1cFAULTING_IP: nt!KiUnlinkThread+780502cb7 8b10 mov edx,dword ptr [eax]DEFAULT_BUCKET_ID: DRIVER_FAULTBUGCHECK_STR: 0xAPROCESS_NAME: IdleTRAP_FRAME: 8055123c -- (.trap 0xffffffff8055123c)ErrCode = 00000000eax=0968baa0 ebx=8968bae0 ecx=8968b9e8 edx=00000102 esi=8968b9e8 edi=00000000eip=80502cb7 esp=805512b0 ebp=805512c4 iopl=0 nv up ei pl nz na po nccs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202nt!KiUnlinkThread+0x7:80502cb7 8b10 mov edx,dword ptr [eax] ds:0023:0968baa0=????????Resetting default scopeLAST_CONTROL_TRANSFER: from 80502cb7 to 805446e0STACK_TEXT: 8055123c 80502cb7 badb0d00 00000102 89075020 nt!KiTrap0E+0x238805512b0 80502d1e 8968bad8 8968bae0 00000102 nt!KiUnlinkThread+0x7805512c4 80502f15 00000000 805512e0 00000000 nt!KiUnwaitThread+0x12805512f0 8050212e ccd654bc 00000088 80551418 nt!KiWaitTest+0xab805513fc 8050231b 8055c0c0 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x7a80551428 80545e6f 8055c4c0 00000000 00034588 nt!KiTimerExpiration+0xb180551450 80545d54 00000000 0000000e 00000000 nt!KiRetireDpcList+0x6180551454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28STACK_COMMAND: kbFOLLOWUP_IP: nt!KiUnlinkThread+780502cb7 8b10 mov edx,dword ptr [eax]SYMBOL_STACK_INDEX: 1SYMBOL_NAME: nt!KiUnlinkThread+7FOLLOWUP_NAME: MachineOwnerMODULE_NAME: ntIMAGE_NAME: ntkrpamp.exeDEBUG_FLR_IMAGE_TIMESTAMP: 4802516aFAILURE_BUCKET_ID: 0xA_nt!KiUnlinkThread+7BUCKET_ID: 0xA_nt!KiUnlinkThread+7Followup: MachineOwner--------- Quote Link to comment Share on other sites More sharing options...
-pops- Posted August 30, 2010 Report Share Posted August 30, 2010 Do you have Norton installed on the machine? Quote Link to comment Share on other sites More sharing options...
MANEMAN Posted September 1, 2010 Report Share Posted September 1, 2010 Hi there and welcome.Using "BlueScreen View" it is now possible to interpret mini-dumps very easily.The website for BlueScreen View is "Nirsoft". - A site that often gets blocked by firewalls for no apparent reason.Direct download for BlueScreen View is mirrored here at Softpedia: http://download.softpedia.com/dl/5665d4150d1ade70c1b67b7e1fe575cd/4c7e375c/100134999/software/system/bluescreenview.zipFor further, and more detailed explanations of the software, the manufacturers website is here: http://www.nirsoft.net/utils/blue_screen_view.htmlFor what it is worth, and from past experience of the "ntkrpamp.exe" error, I would think that your current problem is bad RAM. (Diagnosis by long distance is never the best diagnosis though)As the computer will not boot, I would suggest running the Microsoft memory test (RAM) software which boots from a CD.You can get that here: http://www.softpedia.com/get/Tweak/Memory-Tweak/Microsoft-Windows-Memory-Diagnostic.shtmlJohn.(And Yeah Norton will give blue screens, and strangle and choke your system. If you've got it on, - get it off. :) Same goes for McAfee. Too much bloat, and too many cogs going around in the background. :( ) Quote Link to comment Share on other sites More sharing options...
MANEMAN Posted September 2, 2010 Report Share Posted September 2, 2010 C'mon "long_ int ERVAL"..... Give us some feedback will ya ! :) The guy down the road has built a complete house while you have been friggin' around with one computer fault !Pull ya finger out and let us know what's happening.Have you downloaded "BlueScreen View" ? Do you have Norton installed ?Is the problem solved ?Have you died from stress ? - Have you made arrangements for your remaining relatives to contact us ?Do you want anymore help from us or not ?Speaks to me baby ! John. Quote Link to comment Share on other sites More sharing options...
bludgard Posted September 3, 2010 Report Share Posted September 3, 2010 Seems that long_int(erval) must have gotten a little overwhelmed by all the technical jargon being thrown about.I'm sure s/he will be around after a much needed recovery spell. :0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.