BSOD: ntkrnlmp.exe Please help

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by ubiubi, Sep 6, 2011.

  1. ubiubi

    ubiubi New Member

    Joined:
    Sep 6, 2011
    Messages:
    6
    Likes Received:
    0
    Help would be appreciated in determining the cause of my BSOD. I have done as much as I can by reading help forums, and I got as far as running the minidump file in Windows Debugger..

    I have attached the dmp file

    View attachment 16209


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64<br>
    Copyright (c) Microsoft Corporation. All rights reserved.<br>


    Loading Dump File [C:\Users\Baden\Desktop\090611-23337-01 - Copy.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: <a href="http://msdl.microsoft.com/download/symbols" target="_blank">http://msdl.microsoft.com/download/symbols</a>
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (3 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
    Machine Name:
    Kernel base = 0xfffff800`03419000 PsLoadedModuleList = 0xfffff800`0365e670
    Debug session time: Tue Sep 6 16:12:49.219 2011 (UTC - 7:00)
    System Uptime: 1 days 2:07:19.795
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................................
    Loading User Symbols
    Loading unloaded module list
    .............
    *******************************************************************************<br>
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************<br>

    Use !analyze -v to get detailed debugging information.

    BugCheck 18, {0, fffffa800805ab28, 2, ffffffffffffffff}

    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+49d71 )

    Followup: MachineOwner
    ---------

    0: kd&gt; !analyze -v
    *******************************************************************************<br>
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************<br>

    REFERENCE_BY_POINTER (18)
    Arguments:
    Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
    Arg2: fffffa800805ab28, Object whose reference count is being lowered
    Arg3: 0000000000000002, Reserved
    Arg4: ffffffffffffffff, Reserved
    The reference count of an object is illegal for the current state of the object.
    Each time a driver uses a pointer to an object the driver calls a kernel routine
    to increment the reference count of the object. When the driver is done with the
    pointer the driver calls another kernel routine to decrement the reference count.
    Drivers must match calls to the increment and decrement routines. This bugcheck
    can occur because an object's reference count goes to zero while there are still
    open handles to the object, in which case the fourth parameter indicates the number
    of opened handles. It may also occur when the object’s reference count drops below zero
    whether or not there are open handles to the object, and in that case the fourth parameter
    contains the actual value of the pointer references count.

    Debugging Details:
    ------------------


    DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

    BUGCHECK_STR: 0x18

    PROCESS_NAME: svchost.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from fffff80003436944 to fffff80003495c40

    STACK_TEXT:
    fffff880`090339f8 fffff800`03436944 : 00000000`00000018 00000000`00000000 fffffa80`0805ab28 00000000`00000002 : nt!KeBugCheckEx
    fffff880`09033a00 fffff800`0375f455 : fffff880`09033ca0 00000000`00000000 fffffa80`0805ab28 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x49d71
    fffff880`09033a60 fffff800`03494ed3 : fffffa80`0748c920 fffffa80`0748c920 00000000`00000000 00000000`001b1b40 : nt!NtSetInformationThread+0x254
    fffff880`09033c20 00000000`773713ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`03aee798 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773713ea


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt! ?? ::FNODOBFM::`string'+49d71
    fffff800`03436944 cc int 3

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+49d71

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3

    FAILURE_BUCKET_ID: X64_0x18_VRF_OVER_DEREFERENCE_nt!_??_::FNODOBFM::_string_+49d71

    BUCKET_ID: X64_0x18_VRF_OVER_DEREFERENCE_nt!_??_::FNODOBFM::_string_+49d71

    Followup: MachineOwner
    ---------
     
    #1 ubiubi, Sep 6, 2011
    Last edited: Sep 6, 2011
  2. ubiubi

    ubiubi New Member

    Joined:
    Sep 6, 2011
    Messages:
    6
    Likes Received:
    0
  3. kaos

    kaos Senior Member

    Joined:
    May 9, 2011
    Messages:
    1,747
    Likes Received:
    33
    ok , good news, ure pc will be sorted

    start the pc
    hold F8
    click safe mode with command prompt
    when windows has loaded you will see a black box ( command promt)

    type
    verifier /reset
    hit enter
    reboot pc

    done :)
     
  4. ubiubi

    ubiubi New Member

    Joined:
    Sep 6, 2011
    Messages:
    6
    Likes Received:
    0
    Thanks kaos! I will give it a try. Curious, how do you determine it is the verifier causing it?
     
  5. kaos

    kaos Senior Member

    Joined:
    May 9, 2011
    Messages:
    1,747
    Likes Received:
    33
    If you look at the minidump information . At the line bucket id it says verified enabled vista minidump . the only time it shows this is if verifier is enabled
     

Share This Page

Loading...