- Thread Author
- #1
Hi,
My computer freezes randomly. The error in event viewer is "event 41 kernel power 63". I had tried windbg. I am neither a developer, nor an expert. I am new to this forum. Below is the code generated from whatever little analysis I could do.
I'd be grateful, if anyone can help me out.
My computer freezes randomly. The error in event viewer is "event 41 kernel power 63". I had tried windbg. I am neither a developer, nor an expert. I am new to this forum. Below is the code generated from whatever little analysis I could do.
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Apps\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.23569.amd64fre.win7sp1_ldr.161007-0600
Machine Name:
Kernel base = 0xfffff800`03656000 PsLoadedModuleList = 0xfffff800`03898730
Debug session time: Sat Nov 26 22:08:54.071 2016 (UTC + 5:30)
System Uptime: 0 days 21:12:13.945
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
.....................Page 1d3664 not present in the dump file. Type ".hh dbgerr004" for details
...........Page 1d16a4 not present in the dump file. Type ".hh dbgerr004" for details
............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........
************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffffa8009b685f4, fffff880207cbb40, 0}
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for em018_64.dat -
*** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : em018_64.dat ( em018_64+225f4 )
Followup: MachineOwner
---------
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffffa8009b685f4, Address of the instruction which caused the bugcheck
Arg3: fffff880207cbb40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
FAULTING_MODULE: fffff80003656000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5829848c
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
em018_64+225f4
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx
CONTEXT: fffff880207cbb40 -- (.cxr 0xfffff880207cbb40;r)
rax=ffffffffb9b6bc9a rbx=000000001aaebda2 rcx=000000000000020b
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000061073000
rip=fffffa8009b685f4 rsp=fffff880207cc520 rbp=00000000000f3000
r8=0000000000000000 r9=0000000000000000 r10=0000000061080000
r11=0000000000000000 r12=fffff880207cc5b0 r13=fffffa801147fa08
r14=00000000000f3000 r15=0000000060f80000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210283
em018_64+0x225f4:
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx ds:002b:00000000`1aaebcb2=????
Last set context:
rax=ffffffffb9b6bc9a rbx=000000001aaebda2 rcx=000000000000020b
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000061073000
rip=fffffa8009b685f4 rsp=fffff880207cc520 rbp=00000000000f3000
r8=0000000000000000 r9=0000000000000000 r10=0000000061080000
r11=0000000000000000 r12=fffff880207cc5b0 r13=fffffa801147fa08
r14=00000000000f3000 r15=0000000060f80000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210283
em018_64+0x225f4:
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx ds:002b:00000000`1aaebcb2=????
Resetting default scope
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffffa8009b644b5 to fffffa8009b685f4
STACK_TEXT:
fffff880`207cc520 fffffa80`09b644b5 : fffffa80`0781e600 00000000`00000000 fffffa80`0781e6f8 00000000`00000000 : em018_64+0x225f4
fffff880`207cc590 fffffa80`09b6410d : fffffa80`5f7f20e8 fffffa80`1147fa08 fffff880`207cc858 fffffa80`0781e6f8 : em018_64+0x1e4b5
fffff880`207cc600 fffffa80`09b6e79c : fffffa80`09a674b8 fffff800`03879bc0 fffff880`207cc858 fffffa80`0781e6f8 : em018_64+0x1e10d
fffff880`207cc670 fffff880`0472c935 : 00000000`00000001 fffffa80`09a674b8 fffff800`03879bc0 fffff8a0`0036e4e0 : em018_64+0x2879c
fffff880`207cc6d0 fffff800`039ebcb8 : 00000000`00000000 00000000`00000001 fffff800`03879bc0 00000000`00000000 : ehdrv+0x1c935
fffff880`207cc700 fffff800`039eb9f2 : fffffa80`0781e6a0 fffffa80`111e2d28 fffffa80`078acd20 00000000`00000001 : nt!FsRtlReleaseFile+0x1468
fffff880`207cc760 fffff800`039e7ba7 : fffffa80`078acce0 fffffa80`111e2b10 fffff880`207cca10 fffff880`207cca08 : nt!FsRtlReleaseFile+0x11a2
fffff880`207cc8b0 fffff800`039e7eae : ffffe46b`00000004 fffffa80`111e2b10 fffff880`207cca10 00000000`00000021 : nt!ObCheckObjectAccess+0x25f7
fffff880`207cc9a0 fffff800`036c5693 : 00000000`000007ac fffffa80`1107eb50 00000000`0025e008 00000000`00000001 : nt!NtMapViewOfSection+0x2be
fffff880`207cca70 00000000`76dbbfba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3a23
00000000`0025dfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76dbbfba
FOLLOWUP_IP:
em018_64+225f4
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: em018_64+225f4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: em018_64
IMAGE_NAME: em018_64.dat
STACK_COMMAND: .cxr 0xfffff880207cbb40 ; kb
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:wrong_symbols
FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8}
Followup: MachineOwner
---------
I'd be grateful, if anyone can help me out.
![DSC_0571[1].webp](https://data.windowsforum.com/attachments/24/24699-ee8cf1c8dd3d5613121706c4a30f45a8.jpg?hash=gKN35Iyh3t)
