Jakiś czas temu pisałem o problemach z BSOD-ami na rożnych maszynach
(PC/notebook) związanych ze sterownikiem interfejsu audio na USB firmy
ESI model UGM96.
Wg analizy minidump'ów przez WinDbg odpowiada za to sterownik kontrolera
UGMDRV.sys przedstawiony na zrzucie ekranu:
http://img39.imageshack.us/img39/5176/esidrivers.jpg
Czy z pomocą narzędzia Verifier.exe wchodzącego w skład Windows,
jest możliwość "zmuszenia" delikwenta do normalnego zachowania (tj nie
powodowania konfliktów systemowych)?
Pzdr, OMSON
P.S. Przykładowa analiza zrzutu minidump:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini072109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Tue Jul 21 02:28:57.890 2009 (GMT+2)
System Uptime: 0 days 0:13:37.655
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...........................................................
Loading User Symbols
Loading unloaded module list
.............
Unable to load image UGMDRV.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for UGMDRV.sys
*** ERROR: Module load completed but symbols could not be loaded for
UGMDRV.sys
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b04a258a, aedee1c8, 0}
Probably caused by : UGMDRV.sys ( UGMDRV+d58a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b04a258a, The address that the exception occurred at
Arg3: aedee1c8, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod "0x%08lx"
odwołuje się do pamięci pod adresem "0x%08lx". Pamięć nie może być "%s".
FAULTING_IP:
UGMDRV+d58a
b04a258a 8b5004 mov edx,dword ptr [eax+4]
TRAP_FRAME: aedee1c8 -- (.trap 0xffffffffaedee1c8)
ErrCode = 00000000
eax=00000000 ebx=88e1dcdc ecx=8949a000 edx=00000001 esi=89278350
edi=8949a000
eip=b04a258a esp=aedee23c ebp=00000000 iopl=0 nv up ei ng nz ac
po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010293
UGMDRV+0xd58a:
b04a258a 8b5004 mov edx,dword ptr [eax+4]
ds:0023:00000004=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: SONARPDR.exe
LAST_CONTROL_TRANSFER: from 00000000 to b04a258a
STACK_TEXT:
00000000 00000000 00000000 00000000 00000000 UGMDRV+0xd58a
STACK_COMMAND: kb
FOLLOWUP_IP:
UGMDRV+d58a
b04a258a 8b5004 mov edx,dword ptr [eax+4]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: UGMDRV+d58a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: UGMDRV
IMAGE_NAME: UGMDRV.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49eedfaf
FAILURE_BUCKET_ID: 0x8E_UGMDRV+d58a
BUCKET_ID: 0x8E_UGMDRV+d58a
Followup: MachineOwner
---------
Received on Fri Aug 14 12:15:16 2009
To archiwum zostało wygenerowane przez hypermail 2.1.8 : Fri 14 Aug 2009 - 12:42:01 MET DST