BSOD: ntkrnlmp.exe Please help

#1
Help would be appreciated in determining the cause of my BSOD. I have done as much as I can by reading help forums, and I got as far as running the minidump file in Windows Debugger..

I have attached the dmp file

View attachment 16209


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64<br>
Copyright (c) Microsoft Corporation. All rights reserved.<br>


Loading Dump File [C:\Users\Baden\Desktop\090611-23337-01 - Copy.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: <a href="http://msdl.microsoft.com/download/symbols" target="_blank">http://msdl.microsoft.com/download/symbols</a>
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03419000 PsLoadedModuleList = 0xfffff800`0365e670
Debug session time: Tue Sep 6 16:12:49.219 2011 (UTC - 7:00)
System Uptime: 1 days 2:07:19.795
Loading Kernel Symbols
...............................................................
................................................................
..............................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************<br>
* *
* Bugcheck Analysis *
* *
*******************************************************************************<br>

Use !analyze -v to get detailed debugging information.

BugCheck 18, {0, fffffa800805ab28, 2, ffffffffffffffff}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+49d71 )

Followup: MachineOwner
---------

0: kd&gt; !analyze -v
*******************************************************************************<br>
* *
* Bugcheck Analysis *
* *
*******************************************************************************<br>

REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: fffffa800805ab28, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.

Debugging Details:
------------------


DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

BUGCHECK_STR: 0x18

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80003436944 to fffff80003495c40

STACK_TEXT:
fffff880`090339f8 fffff800`03436944 : 00000000`00000018 00000000`00000000 fffffa80`0805ab28 00000000`00000002 : nt!KeBugCheckEx
fffff880`09033a00 fffff800`0375f455 : fffff880`09033ca0 00000000`00000000 fffffa80`0805ab28 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x49d71
fffff880`09033a60 fffff800`03494ed3 : fffffa80`0748c920 fffffa80`0748c920 00000000`00000000 00000000`001b1b40 : nt!NtSetInformationThread+0x254
fffff880`09033c20 00000000`773713ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`03aee798 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773713ea


STACK_COMMAND: kb

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+49d71
fffff800`03436944 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+49d71

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3

FAILURE_BUCKET_ID: X64_0x18_VRF_OVER_DEREFERENCE_nt!_??_::FNODOBFM::_string_+49d71

BUCKET_ID: X64_0x18_VRF_OVER_DEREFERENCE_nt!_??_::FNODOBFM::_string_+49d71

Followup: MachineOwner
---------
 


Last edited:

kaos

Senior Member
#3
ok , good news, ure pc will be sorted

start the pc
hold F8
click safe mode with command prompt
when windows has loaded you will see a black box ( command promt)

type
verifier /reset
hit enter
reboot pc

done :)
 


#4
Thanks kaos! I will give it a try. Curious, how do you determine it is the verifier causing it?
 


kaos

Senior Member
#5
If you look at the minidump information . At the line bucket id it says verified enabled vista minidump . the only time it shows this is if verifier is enabled
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.