Logo GNT
Actualités Tests & Guides Bons Plans
GTA 6 iPhone 17 Copilot Switch 2 Temu ChatGPT Tesla
OVH Cloud OVH Cloud
Entraide Windows Windows 2000 Win 2000 Pro ecran bleu

ecran bleu

1 réponse
Avatar
lavache
Bonjour,
j'ai une machine qui fait a location de ecran bleu.
J'a activer le Dump de memoir complet.
apres Analyse je ne compren pas rien :(
cause ntoskrnl.exe ( nt!ExFreePoolWithTag+156 )
sa me dit rien.

Quelqu'un a une idée
Sébas



Microsoft (R) Windows Debugger Version 6.5.0003.7

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C:\winnt\MEMORY.DMP]

Kernel Complete Dump File: Full address space is available

Symbol search path is:
SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible

Product: WinNt

Kernel base = 0x80400000 PsLoadedModuleList = 0x804814c0

Debug session time: Tue Nov 1 00:04:44.522 2005 (GMT-5)

System Uptime: 0 days 1:14:05.953

Loading Kernel Symbols

............................................................................
..................

Loading unloaded module list

........

Loading User Symbols

****************************************************************************
***

* *

* Bugcheck Analysis *

* *

****************************************************************************
***

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 8046ac08, 0, 0}

Probably caused by : ntoskrnl.exe ( nt!ExFreePoolWithTag+156 )

Followup: MachineOwner

---------

kd> .reload

Loading Kernel Symbols

............................................................................
..................

Loading unloaded module list

........

Loading User Symbols

kd> !analyze -v

****************************************************************************
***

* *

* Bugcheck Analysis *

* *

****************************************************************************
***

KMODE_EXCEPTION_NOT_HANDLED (1e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: 8046ac08, The address that the exception occurred at

Arg3: 00000000, Parameter 0 of the exception

Arg4: 00000000, Parameter 1 of the exception

Debugging Details:

------------------



EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction "0x%08lx" emploie
l'adresse m moire "0x%08lx". La m moire ne peut pas tre "%s".

FAULTING_IP:

nt!ExFreePoolWithTag+156

8046ac08 f60701 test byte ptr [edi],0x1

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 00000000

READ_ADDRESS: 00000000

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0x1E

EXCEPTION_RECORD: eb84fc14 -- (.exr ffffffffeb84fc14)

ExceptionAddress: 8046ac08 (nt!ExFreePoolWithTag+0x00000156)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000000

Parameter[1]: 00000000

Attempt to read from address 00000000

CONTEXT: eb84f86c -- (.cxr ffffffffeb84f86c)

eax=00000000 ebx=00000000 ecx=00000001 edx=0021349c esi=81c77328
edi=00000000

eip=8046ac08 esp=eb84fcdc ebp=eb84fcfc iopl=0 nv up ei pl zr na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246

nt!ExFreePoolWithTag+0x156:

8046ac08 f60701 test byte ptr [edi],0x1 ds:0023:00000000=??

Resetting default scope

LAST_CONTROL_TRANSFER: from 804d7c99 to 8046ac08

STACK_TEXT:

eb84fcfc 804d7c99 81c77330 e56c6946 00000000 nt!ExFreePoolWithTag+0x156

eb84fd28 804d5da0 81c773b0 820c3c40 81c773c8 nt!ObpFreeObject+0x14f

eb84fd40 8044e9a5 81c773c8 80064b7c 00000000 nt!ObpRemoveObjectRoutine+0xde

eb84fd64 804391be 00000000 81c70208 80064bd4 nt!ObfDereferenceObject+0x149

eb84fd88 804394b5 e37e1e88 00000000 00000000 nt!MiSegmentDelete+0x12e

eb84fda8 80454a24 00000000 00000000 00000000
nt!MiDereferenceSegmentThread+0x97

eb84fddc 80469212 8043941e 00000000 00000000 nt!PspSystemThreadStartup+0x54

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16



FOLLOWUP_IP:

nt!ExFreePoolWithTag+156

8046ac08 f60701 test byte ptr [edi],0x1

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!ExFreePoolWithTag+156

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 427b58bb

STACK_COMMAND: .cxr ffffffffeb84f86c ; kb

FAILURE_BUCKET_ID: 0x1E_nt!ExFreePoolWithTag+156

BUCKET_ID: 0x1E_nt!ExFreePoolWithTag+156

Followup: MachineOwner

---------
Signaler un problème avec ce contenu

1 réponse

Supprimer
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire

Veuillez sélectionner un problème

Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
Avatar
MAC GYVER
"lavache" a écrit dans le message de news:
uSVe3f$
Bonjour,
j'ai une machine qui fait a location de ecran bleu.
J'a activer le Dump de memoir complet.
apres Analyse je ne compren pas rien :(
cause ntoskrnl.exe ( nt!ExFreePoolWithTag+156 )
sa me dit rien.

Quelqu'un a une idée
Sébas

Salut,

F8 au démarrage puis dernière bonne config connue.
Si inefficace alors boot sur le cd win2000 puis installer/réparer.

a+