Windows 7 Event 41 kernel power 63

mediator · Nov 27, 2016

Hi,

My computer freezes randomly. The error in event viewer is "event 41 kernel power 63". I had tried windbg. I am neither a developer, nor an expert. I am new to this forum. Below is the code generated from whatever little analysis I could do.

Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Apps\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.23569.amd64fre.win7sp1_ldr.161007-0600
Machine Name:
Kernel base = 0xfffff800`03656000 PsLoadedModuleList = 0xfffff800`03898730
Debug session time: Sat Nov 26 22:08:54.071 2016 (UTC + 5:30)
System Uptime: 0 days 21:12:13.945
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
.....................Page 1d3664 not present in the dump file. Type ".hh dbgerr004" for details
...........Page 1d16a4 not present in the dump file. Type ".hh dbgerr004" for details
............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........

************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffffa8009b685f4, fffff880207cbb40, 0}

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for em018_64.dat -
*** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : em018_64.dat ( em018_64+225f4 )

Followup: MachineOwner
---------

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffffa8009b685f4, Address of the instruction which caused the bugcheck
Arg3: fffff880207cbb40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

Unable to open image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\sym\ntoskrnl.exe\57F7B8335e6000\ntoskrnl.exe
The system cannot find the file specified.

*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

FAULTING_MODULE: fffff80003656000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 5829848c

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
em018_64+225f4
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx

CONTEXT: fffff880207cbb40 -- (.cxr 0xfffff880207cbb40;r)
rax=ffffffffb9b6bc9a rbx=000000001aaebda2 rcx=000000000000020b
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000061073000
rip=fffffa8009b685f4 rsp=fffff880207cc520 rbp=00000000000f3000
r8=0000000000000000 r9=0000000000000000 r10=0000000061080000
r11=0000000000000000 r12=fffff880207cc5b0 r13=fffffa801147fa08
r14=00000000000f3000 r15=0000000060f80000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210283
em018_64+0x225f4:
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx ds:002b:00000000`1aaebcb2=????
Last set context:
rax=ffffffffb9b6bc9a rbx=000000001aaebda2 rcx=000000000000020b
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000061073000
rip=fffffa8009b685f4 rsp=fffff880207cc520 rbp=00000000000f3000
r8=0000000000000000 r9=0000000000000000 r10=0000000061080000
r11=0000000000000000 r12=fffff880207cc5b0 r13=fffffa801147fa08
r14=00000000000f3000 r15=0000000060f80000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210283
em018_64+0x225f4:
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx ds:002b:00000000`1aaebcb2=????
Resetting default scope

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0x3B

CURRENT_IRQL: 0

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

LAST_CONTROL_TRANSFER: from fffffa8009b644b5 to fffffa8009b685f4

STACK_TEXT:
fffff880`207cc520 fffffa80`09b644b5 : fffffa80`0781e600 00000000`00000000 fffffa80`0781e6f8 00000000`00000000 : em018_64+0x225f4
fffff880`207cc590 fffffa80`09b6410d : fffffa80`5f7f20e8 fffffa80`1147fa08 fffff880`207cc858 fffffa80`0781e6f8 : em018_64+0x1e4b5
fffff880`207cc600 fffffa80`09b6e79c : fffffa80`09a674b8 fffff800`03879bc0 fffff880`207cc858 fffffa80`0781e6f8 : em018_64+0x1e10d
fffff880`207cc670 fffff880`0472c935 : 00000000`00000001 fffffa80`09a674b8 fffff800`03879bc0 fffff8a0`0036e4e0 : em018_64+0x2879c
fffff880`207cc6d0 fffff800`039ebcb8 : 00000000`00000000 00000000`00000001 fffff800`03879bc0 00000000`00000000 : ehdrv+0x1c935
fffff880`207cc700 fffff800`039eb9f2 : fffffa80`0781e6a0 fffffa80`111e2d28 fffffa80`078acd20 00000000`00000001 : nt!FsRtlReleaseFile+0x1468
fffff880`207cc760 fffff800`039e7ba7 : fffffa80`078acce0 fffffa80`111e2b10 fffff880`207cca10 fffff880`207cca08 : nt!FsRtlReleaseFile+0x11a2
fffff880`207cc8b0 fffff800`039e7eae : ffffe46b`00000004 fffffa80`111e2b10 fffff880`207cca10 00000000`00000021 : nt!ObCheckObjectAccess+0x25f7
fffff880`207cc9a0 fffff800`036c5693 : 00000000`000007ac fffffa80`1107eb50 00000000`0025e008 00000000`00000001 : nt!NtMapViewOfSection+0x2be
fffff880`207cca70 00000000`76dbbfba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3a23
00000000`0025dfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76dbbfba

FOLLOWUP_IP:
em018_64+225f4
fffffa80`09b685f4 6642394c3818 cmp word ptr [rax+r15+18h],cx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: em018_64+225f4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: em018_64

IMAGE_NAME: em018_64.dat

STACK_COMMAND: .cxr 0xfffff880207cbb40 ; kb

BUCKET_ID: WRONG_SYMBOLS

FAILURE_BUCKET_ID: WRONG_SYMBOLS

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:wrong_symbols

FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8}

Followup: MachineOwner
---------

I'd be grateful, if anyone can help me out.

kemical · Nov 29, 2016

Hi,
there can be a number of reasons for no dump file creation and a failing HDD is a prime candidate. I'm not saying your hard drive is actually failing but it is a possibility.

Try running a chkdsk making sure whichever method you use from the guide that you search for and repair broken sectors:
Link Removed

If the chkdsk fails to run or can't repair, then run Seatools for Windows as this will check if it's a viable drive:
How to use SeaTools for Windows

mediator said:
What do you suggest, which SSD should I get?

A good all round SSD is the Samsung 850 I use a 500GB model for my main drive and they are extremely fast.

mediator · Nov 29, 2016

I left Seatools Running at night. In the morning I woke and saw BSOD (attached). "A process or thread crucial to system operation has unexpectedly exited or been terminated". That also failed to create a dump. Somehow I have a feeling that my HDD is failing because even the boot process was acting strange a month back where it said something like 'no hdd found' or 'no start up entry found', basically saying that it could not find the linux boot operation and the connected boot options, and then it automatically worked.

Anyways, SSD costs a bomb. So I'm looking for SSHD. But anyways, thanks a lot for your support.

kemical · Nov 30, 2016

mediator said:
I left Seatools Running at night.

You don't actually need to run it overnight as the test completes in a few minutes or so.

Can you try running Seatools again but watch for the result this time?

Do you have the actual dump file or didn't it create one?

mediator · Nov 30, 2016

It did not create any dump files. I tried 'Fix All' option and it gave BSOD, as attached previously, while doing something called long check I guess. But its funny that suddenly Sleep mode is working now. I do not understand why my system is working so strange. Bizarre!

kemical · Nov 30, 2016

mediator said:
I tried 'Fix All' option and it gave BSOD, as attached previously, while doing something called long check I guess.

Even though the machine blue screened it's possible that Seatools repaired something when you ran 'Fix all'.

Please run a chkdsk, and ensure that you check off the boxes to search for and repair broken sectors.

Please keep an eye out for bsod's and make a note of what the result.

mediator · Dec 1, 2016

Ya, I ran chkdsk. No corrections this time. Sleep is working. But lets see. If I get a dump, I'll surely bug you again.

Thank you so much

kemical · Dec 1, 2016

Hi Mediator,
thanks for the update and your very welcome by the way. As you said, any problems then please post back. All the best..

I forgot to add that do keep an eye on the HDD as it might be failing slowly but surely. In any case just pop back if issues should arise again.

mediator · Dec 2, 2016

Sure. Thanks

Windows 7 Event 41 kernel power 63

mediator

New Member

kemical

mediator

New Member

Attachments

kemical

Windows Forum Admin

mediator

New Member

kemical

Windows Forum Admin

mediator

New Member

kemical

Windows Forum Admin

mediator

New Member

Similar threads