Jump to content

BSOD: ntkrpamp.exe at fault


Recommended Posts

Greetings. I know how to view kernel dumps on Windows but I don't know very much about interpreting them. Obviously, the dump below indicates ntkrpamp.exe as being the problematic executable. I don't know what the flagged memory addresses mean or anything about the stack dump. Reading the dump itself leads me to believe it's not exactly possible to pinpoint the specific cause. However, I've been reading other threads similar to this issue and suggestions were made that this can be the result of anti-virus software or corrupted virtual memory.

Is anyone able to break this dump down and help me understand it better?

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Chris\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: C:\Windows\Symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (8 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Aug 30 01:54:28.515 2010 (UTC - 4:00)
System Uptime: 0 days 0:55:50.135
Loading Kernel Symbols
...............................................................
............................................
Loading User Symbols

Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {968baa0, 1c, 0, 80502cb7}

Probably caused by : ntkrpamp.exe ( nt!KiUnlinkThread+7 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0968baa0, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80502cb7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 0968baa0

CURRENT_IRQL: 1c

FAULTING_IP:
nt!KiUnlinkThread+7
80502cb7 8b10 mov edx,dword ptr [eax]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: Idle

TRAP_FRAME: 8055123c -- (.trap 0xffffffff8055123c)
ErrCode = 00000000
eax=0968baa0 ebx=8968bae0 ecx=8968b9e8 edx=00000102 esi=8968b9e8 edi=00000000
eip=80502cb7 esp=805512b0 ebp=805512c4 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!KiUnlinkThread+0x7:
80502cb7 8b10 mov edx,dword ptr [eax] ds:0023:0968baa0=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 80502cb7 to 805446e0

STACK_TEXT:
8055123c 80502cb7 badb0d00 00000102 89075020 nt!KiTrap0E+0x238
805512b0 80502d1e 8968bad8 8968bae0 00000102 nt!KiUnlinkThread+0x7
805512c4 80502f15 00000000 805512e0 00000000 nt!KiUnwaitThread+0x12
805512f0 8050212e ccd654bc 00000088 80551418 nt!KiWaitTest+0xab
805513fc 8050231b 8055c0c0 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x7a
80551428 80545e6f 8055c4c0 00000000 00034588 nt!KiTimerExpiration+0xb1
80551450 80545d54 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
80551454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiUnlinkThread+7
80502cb7 8b10 mov edx,dword ptr [eax]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiUnlinkThread+7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a

FAILURE_BUCKET_ID: 0xA_nt!KiUnlinkThread+7

BUCKET_ID: 0xA_nt!KiUnlinkThread+7

Followup: MachineOwner
---------

Link to comment
Share on other sites

Hi there and welcome.

Using "BlueScreen View" it is now possible to interpret mini-dumps very easily.

The website for BlueScreen View is "Nirsoft". - A site that often gets blocked by firewalls for no apparent reason.

Direct download for BlueScreen View is mirrored here at Softpedia: http://download.softpedia.com/dl/5665d4150d1ade70c1b67b7e1fe575cd/4c7e375c/100134999/software/system/bluescreenview.zip

For further, and more detailed explanations of the software, the manufacturers website is here: http://www.nirsoft.net/utils/blue_screen_view.html

For what it is worth, and from past experience of the "ntkrpamp.exe" error, I would think that your current problem is bad RAM. (Diagnosis by long distance is never the best diagnosis though)

As the computer will not boot, I would suggest running the Microsoft memory test (RAM) software which boots from a CD.

You can get that here: http://www.softpedia.com/get/Tweak/Memory-Tweak/Microsoft-Windows-Memory-Diagnostic.shtml

John.

(And Yeah Norton will give blue screens, and strangle and choke your system.

If you've got it on, - get it off. :)

Same goes for McAfee. Too much bloat, and too many cogs going around in the background. :( )

Link to comment
Share on other sites

C'mon "long_ int ERVAL"..... Give us some feedback will ya ! :)

The guy down the road has built a complete house while you have been friggin' around with one computer fault !

Pull ya finger out and let us know what's happening.

Have you downloaded "BlueScreen View" ? Do you have Norton installed ?

Is the problem solved ?

Have you died from stress ? - Have you made arrangements for your remaining relatives to contact us ?

Do you want anymore help from us or not ?

Speaks to me baby ! :rolleyes:

John.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy