Krischan
New Member
- Joined
- Dec 1, 2015
- Messages
- 1
- Thread Author
- #1
Hi guys,
my wifes computer came down with a buttload of bluescreens over evening and we have no idea, why.
I got a memory dump and tried to use the debugger but I'm not really getting anything useful (for my knowhow level) of it.
Maybe one of you guys can do it?:
as you can see, I found the information, to look for the parameter 1 there from some blog entry but i'm really not an expert and can't do anything about the output.
I'd be really glad for your help
my wifes computer came down with a buttload of bluescreens over evening and we have no idea, why.
I got a memory dump and tried to use the debugger but I'm not really getting anything useful (for my knowhow level) of it.
Maybe one of you guys can do it?:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E1, {fffff800041d54b0, 2, fffffa800f85de00, fffffa800f85de00}
Probably caused by : ntkrnlmp.exe ( nt!IopProcessWorkItem+0 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WORKER_THREAD_RETURNED_AT_BAD_IRQL (e1)
Arguments:
Arg1: fffff800041d54b0, address of worker routine (do ln on this to find guilty driver)
Arg2: 0000000000000002, IRQL returned at (should have been 0, but isn't).
Arg3: fffffa800f85de00, workitem parameter
Arg4: fffffa800f85de00, workitem address
Debugging Details:
------------------
FAULTING_IP:
nt!IopProcessWorkItem+0
fffff800`041d54b0 fff3 push rbx
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xE1
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80003f678fe to fffff80003edbc40
STACK_TEXT:
fffff880`035bdb68 fffff800`03f678fe : 00000000`000000e1 fffff800`041d54b0 00000000`00000002 fffffa80`0f85de00 : nt!KeBugCheckEx
fffff880`035bdb70 fffff800`04175b86 : 00000000`00000000 fffffa80`0c79d040 00000000`00000080 fffffa80`0c7625d0 : nt! ?? ::FNODOBFM::`string'+0x57bc6
fffff880`035bdc00 fffff800`03ecd0e6 : fffff880`03389180 fffffa80`0c79d040 fffff880`033940c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`035bdc40 00000000`00000000 : fffff880`035be000 fffff880`035b8000 fffff880`035bd8a0 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!IopProcessWorkItem+0
fffff800`041d54b0 fff3 push rbx
SYMBOL_NAME: nt!IopProcessWorkItem+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5625815c
FAILURE_BUCKET_ID: X64_0xE1_nt!IopProcessWorkItem+0
BUCKET_ID: X64_0xE1_nt!IopProcessWorkItem+0
Followup: MachineOwner
---------
4: kd> ln fffff800041d54b0
(fffff800`041d54b0) nt!IopProcessWorkItem | (fffff800`041d54f8) nt!NtWaitForMultipleObjects
Exact matches:
nt!IopProcessWorkItem = <no type information>
4: kd> g
^ No runnable debuggees error in 'g'as you can see, I found the information, to look for the parameter 1 there from some blog entry but i'm really not an expert and can't do anything about the output.
I'd be really glad for your help
