Recommended Posts

I am trying to make some sence out of reading a .dmp file. Below is the output I am getting. Any thoughts to what this error means?

I am not sure if the .dmp file loaded properly. Does the error below refer to the memory dump or an improperly loaded .dmp file?

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini121808-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\Windows\I386

Unable to load image ntoskrnl.exe, Win32 error 0n2
Loading symbols for 804d7000 ntoskrnl.exe -> ntoskrnl.exe
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
ModLoad: 804d7000 806cf680 ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Thu Dec 18 20:34:10.353 2008 (GMT-6)
System Uptime: 0 days 5:09:37.046
Unable to load image ntoskrnl.exe, Win32 error 0n2
Loading symbols for 804d7000 ntoskrnl.exe -> ntoskrnl.exe
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
ModLoad: 804d7000 806cf680 ntoskrnl.exe
Loading Kernel Symbols
.ModLoad: 806d0000 806f0300 hal.dll
.ModLoad: bada8000 bada9b80 kdcom.dll
.ModLoad: bacb8000 bacbb000 BOOTVID.dll
.ModLoad: ba779000 ba7a6d80 ACPI.sys
.ModLoad: badaa000 badab100 WMILIB.SYS
.ModLoad: ba768000 ba778a80 pci.sys
.ModLoad: ba8a8000 ba8b1180 isapnp.sys
.ModLoad: bae70000 bae70d00 pciide.sys
.ModLoad: bab28000 bab2e180 PCIIDEX.SYS
.ModLoad: ba8b8000 ba8c2580 MountMgr.sys
.ModLoad: ba749000 ba767880 ftdisk.sys
.ModLoad: badac000 badad700 dmload.sys
.ModLoad: ba723000 ba748700 dmio.sys
.ModLoad: bab30000 bab34d00 PartMgr.sys
.ModLoad: ba8c8000 ba8d4c80 VolSnap.sys
.ModLoad: ba70b000 ba722900 atapi.sys
.ModLoad: ba6f1000 ba70ac00 nvata.sys
.ModLoad: ba8d8000 ba8e0e00 disk.sys
.ModLoad: ba8e8000 ba8f4180 CLASSPNP.SYS
.ModLoad: ba6d1000 ba6f0b00 fltMgr.sys
.ModLoad: ba6bf000 ba6d0f00 sr.sys
.ModLoad: ba6a8000 ba6be880 KSecDD.sys
.ModLoad: ba695000 ba6a7f00 WudfPf.sys
.ModLoad: ba608000 ba694600 Ntfs.sys
.ModLoad: ba5db000 ba607980 NDIS.sys
.ModLoad: ba5c1000 ba5dab80 Mup.sys
.ModLoad: baa78000 baa86000 AmdK8.sys
.ModLoad: baa88000 baa97c00 serial.sys
.ModLoad: bad5c000 bad5fd80 serenum.sys
.ModLoad: ba565000 ba578900 parport.sys
.ModLoad: baa98000 baaa4d00 i8042prt.sys
.ModLoad: bac70000 bac76000 kbdclass.sys
.ModLoad: bac78000 bac7c300 usbohci.sys
.ModLoad: ba541000 ba564200 USBPORT.SYS
.ModLoad: bac80000 bac87600 usbehci.sys
.ModLoad: bac88000 bac8d200 RTL8139.SYS
.ModLoad: ba519000 ba541000 HDAudBus.sys
.ModLoad: baaa8000 baab2480 imapi.sys
.ModLoad: baab8000 baac5440 AFS2K.SYS
.ModLoad: baac8000 baad7600 cdrom.sys
.ModLoad: baad8000 baae6100 redbook.sys
.ModLoad: ba4f6000 ba518700 ks.sys
.ModLoad: baae8000 baaf2000 nvnetbus.sys
.ModLoad: ba41b000 ba4f5b00 NVNRM.SYS
.ModLoad: ba03c000 ba403d60 nv4_mini.sys
.ModLoad: ba028000 ba03bf00 VIDEOPRT.SYS
.ModLoad: baf1a000 baf1ac00 audstub.sys
.ModLoad: ba938000 ba944880 rasl2tp.sys
.ModLoad: bad6c000 bad6e780 ndistapi.sys
.ModLoad: ba011000 ba027580 ndiswan.sys
.ModLoad: ba948000 ba952200 raspppoe.sys
.ModLoad: ba958000 ba963d00 raspptp.sys
.ModLoad: bac90000 bac94a80 TDI.SYS
.ModLoad: ba000000 ba010e00 psched.sys
.ModLoad: ba968000 ba970900 msgpc.sys
.ModLoad: bac98000 bac9c580 ptilink.sys
.ModLoad: baca0000 baca4080 raspti.sys
.ModLoad: b9fd0000 b9fffe80 rdpdr.sys
.ModLoad: ba978000 ba981f00 termdd.sys
.ModLoad: baca8000 bacada00 mouclass.sys
.ModLoad: badee000 badef100 swenum.sys
.ModLoad: b9f4a000 b9fa7f00 update.sys
.
ModLoad: bad88000 bad8bc80 mssmbios.sys
.ModLoad: ba988000 ba991e80 NDProxy.SYS
.ModLoad: ba998000 ba9a6880 usbhub.sys
.ModLoad: badf2000 badf3280 USBD.SYS
.ModLoad: ba9a8000 ba9b6400 NVENETFD.sys
.ModLoad: b7412000 b788b000 RtkHDAud.sys
.ModLoad: b73ee000 b7411a80 portcls.sys
.ModLoad: ba9d8000 ba9e6b00 drmk.sys
.ModLoad: badf8000 badf9f00 Fs_Rec.SYS
.ModLoad: baf23000 baf23b80 Null.SYS
.ModLoad: badfa000 badfb080 Beep.SYS
.ModLoad: bab68000 bab6d200 vga.sys
.ModLoad: badfc000 badfd080 mnmdd.SYS
.ModLoad: badfe000 badff080 RDPCDD.sys
.ModLoad: bab70000 bab74a80 Msfs.SYS
.ModLoad: bab78000 bab7f880 Npfs.SYS
.ModLoad: bad40000 bad42280 rasacd.sys
.ModLoad: b737a000 b738c600 ipsec.sys
.ModLoad: b7321000 b7379380 tcpip.sys
.ModLoad: b72f9000 b7320c00 netbt.sys
.ModLoad: b72d7000 b72f8d00 afd.sys
.ModLoad: ba9e8000 ba9f0780 netbios.sys
.ModLoad: b72ac000 b72d6e80 rdbss.sys
.ModLoad: b723c000 b72ab780 mrxsmb.sys
.ModLoad: baa08000 baa12e00 Fips.SYS
.ModLoad: b7216000 b723b500 ipnat.sys
.ModLoad: baa18000 baa20700 wanarp.sys
.ModLoad: baa38000 baa47900 Cdfs.SYS
.ModLoad: bab80000 bab87d80 usbccgp.sys
.ModLoad: b9fb8000 b9fba880 hidusb.sys
.ModLoad: baa48000 baa51000 HIDCLASS.SYS
.ModLoad: bab88000 bab8e180 HIDPARSE.SYS
.ModLoad: baa68000 baa70900 LVUSBSta.sys
.ModLoad: b7922000 b7925b00 usbscan.sys
.ModLoad: bab90000 bab96500 usbprint.sys
.ModLoad: bab98000 bab9d440 HPZius12.sys
.ModLoad: b791e000 b7920f80 mouhid.sys
.ModLoad: baaf8000 bab04600 HPZid412.sys
.ModLoad: b7912000 b7915dc0 HPZipr12.sys
.ModLoad: b70f7000 b7110c00 dump_nvata.sys
.ModLoad: bae04000 bae05100 dump_WMILIB.SYS
.ModLoad: bf800000 bf9c2c80 win32k.sys
.ModLoad: bad9c000 bad9e900 Dxapi.sys
.ModLoad: babc0000 babc4500 watchdog.sys
.ModLoad: bf9c3000 bf9d4600 dxg.sys
.ModLoad: bafae000 bafaed00 dxgthk.sys
.ModLoad: bf9d5000 bfe1e280 nv4_disp.dll
.ModLoad: b6576000 b6579900 ndisuio.sys
.ModLoad: b5ae4000 b5b10180 mrxdav.sys
.ModLoad: bae38000 bae39a80 ParVdm.SYS
.ModLoad: b5a42000 b5a93800 srv.sys
.ModLoad: bac58000 bac5ca00 LVPr2Mon.sys
.ModLoad: b566d000 b5681480 wdmaud.sys
.ModLoad: b56b2000 b56c0d80 sysaudio.sys
.ModLoad: b5384000 b53c4a80 HTTP.sys
.ModLoad: b4ef9000 b4f23180 kmixer.sys

Loading User Symbols
Loading unloaded module list
..............................................
Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded exts extension DLL
Loaded kext extension DLL
Loaded kdexts extension DLL
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, 8894a000, 8894a138, a270000}

Probably caused by : ntoskrnl.exe ( nt!KeContextToKframes+1eb )

Followup: MachineOwner
---------
---------

Link to post
Share on other sites

try this

http://www.iexbeta.com/board/lofiversion/i...php/t48617.html

are you getting a stop code..

There is no real error in this log. everything is loading, just a kernel stamp issue.

The loading of the Kernel is a issue, normally a bad drive (or going bad.. ), strangly MS is reporting a bad keyboard causing this error message also.

a blue screen stop code would be better.. Maybe..

Link to post
Share on other sites

I have not been able to get the computer to blue screen while in my possession. That is why I tried reading the .dmp file. This computer is one I have sold to somebody. I have changed every part on it. I also have reloaded it. I am starting to thing they have an environmental problem at their house.

Link to post
Share on other sites
a blue screen stop code would be better.. Maybe..

It's there:

BugCheck 19, {20, 8894a000, 8894a138, a270000}
Probably caused by : ntoskrnl.exe

BugCheck 19 => Stop error 0x00000019: BAD_POOL_HEADER

(actually I think this indicates the bad pool header occurs on startup, but not sure)

Sources cited

http://www.aumha.org/a/stop.php

http://msdn.microsoft.com/en-gb/library/ms793223.aspx

Your first parameter is 0x20

8894a000 is The pool entry that should have been found

8894a138 is The next pool entry

The cause is The pool block header size is corrupt.

A pool header issue is a problem with Windows memory allocation. Device driver issues are probably the most common, but this can have diverse causes including bad sectors or other disk write issues, and problems with some routers. (By theory, RAM problems would be suspect for memory pool issues, but I haven’t been able to confirm this as a cause.)

http://support.microsoft.com/?kbid=892260&sd=RMVP

http://support.microsoft.com/?kbid=925259&sd=RMVP

http://support.microsoft.com/?kbid=884585&sd=RMVP

http://support.microsoft.com/?kbid=905795&sd=RMVP

Any chance the machine was infected with w32.bolzano or W32.Funlove. ? They can alter ntoskrnl.exe causing these errors.

http://www.symantec.com/security_response/...-121515-4146-99

The virus modifies only 2 bytes in a security API called SeAccessCheck that is part of ntoskrnl.exe. This way Bolzano is able to give full access to all users to each file regardless of its protection,

Try the ntoskrnl.exe fix tool for funlove that symantec provides

http://www.sarc.com/avcenter/venc/data/dos...9.fix.tool.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...