Informática

[Hitman 47]

Interpretar fichero MiniDump.dmp

Hola, Tenemos un servidor 2003 server EE que durante el ultimo mes ha tenido varios reinicios

Mirando los logs he visto solo el mensaje informando de la parada del sistema:

Event ID: 6008
The previous system shutdown at 17:25:23 AM on 8/04/2011 was unexpected.
(la fecha es ficticia)

pero no acabo de ver una causa clara del problema

Evento de Información
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffadc00000058, 0x0000000000000000, 0xfffffadcb51ec0b4, 0x0000000000000000). A dump was saved in: C:\WINDOWS\Minidump\Mini080411-01.dmp.



El analisis del DUMP es este:
(como se puede interpretar?)



Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
*** WARNING: Unable to verify checksum for ntkrnlmp.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (16 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_rtm.070216-1710
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
Debug session time: Mon Sep 12 07:48:06.344 2011 (UTC + 2:00)
System Uptime: 4 days 7:43:35.606
*** WARNING: Unable to verify checksum for ntkrnlmp.exe
Loading Kernel Symbols
.................................................. .............
.................................................. ..............
.
Loading User Symbols
Loading unloaded module list
...
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffadc00000058, 0, fffffadcb51ec0b4, 0}

Unable to load image PROCEXP100.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for PROCEXP100.SYS
*** ERROR: Module load completed but symbols could not be loaded for PROCEXP100.SYS

Could not read faulting driver name
Probably caused by : PROCEXP100.SYS ( PROCEXP100+10b4 )

Followup: MachineOwner
---------

3: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffadc00000058, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffffadcb51ec0b4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: fffffadc00000058

FAULTING_IP:
PROCEXP100+10b4
fffffadc`b51ec0b4 0fb74158 movzx eax,word ptr [rcx+58h]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR: 0x50

PROCESS_NAME: procexp64.exe

CURRENT_IRQL: 1

TRAP_FRAME: fffffadca0e25620 -- (.trap 0xfffffadca0e25620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffadc00000000
rdx=fffffa8006344650 rsi=0000000000000000 rdi=0000000000000000
rip=fffffadcb51ec0b4 rsp=fffffadca0e257b0 rbp=fffffadca0e25cf0
r8=000000000000001d r9=5000c688ca000000 r10=5000c688cae70055
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
PROCEXP100+0x10b4:
fffffadc`b51ec0b4 0fb74158 movzx eax,word ptr [rcx+58h] ds:0001:fffffadc`00000058=????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800010a58f2 to fffff8000102e950

STACK_TEXT:
fffffadc`a0e25548 fffff800`010a58f2 : 00000000`00000050 fffffadc`00000058 00000000`00000000 fffffadc`a0e25620 : nt!KeBugCheckEx
fffffadc`a0e25550 fffff800`0102d519 : fffffadc`dab46040 fffffadc`dcd63990 00000000`00000000 fffffadc`00000000 : nt!MmAccessFault+0xa1f
fffffadc`a0e25620 fffffadc`b51ec0b4 : fffffadc`db91d830 fffffadc`a0e25cf0 fffffadc`db91d830 fffffadc`db91d830 : nt!KiPageFault+0x119
fffffadc`a0e257b0 fffffadc`db91d830 : fffffadc`a0e25cf0 fffffadc`db91d830 fffffadc`db91d830 fffffadc`0000001d : PROCEXP100+0x10b4
fffffadc`a0e257b8 fffffadc`a0e25cf0 : fffffadc`db91d830 fffffadc`db91d830 fffffadc`0000001d fffffadc`00000000 : 0xfffffadc`db91d830
fffffadc`a0e257c0 fffffadc`db91d830 : fffffadc`db91d830 fffffadc`0000001d fffffadc`00000000 fffffadc`de509958 : 0xfffffadc`a0e25cf0
fffffadc`a0e257c8 fffffadc`db91d830 : fffffadc`0000001d fffffadc`00000000 fffffadc`de509958 00000000`00000000 : 0xfffffadc`db91d830
fffffadc`a0e257d0 fffffadc`0000001d : fffffadc`00000000 fffffadc`de509958 00000000`00000000 00000000`00000000 : 0xfffffadc`db91d830
fffffadc`a0e257d8 fffffadc`00000000 : fffffadc`de509958 00000000`00000000 00000000`00000000 fffff800`0102e8c0 : 0xfffffadc`0000001d
fffffadc`a0e257e0 fffffadc`de509958 : 00000000`00000000 00000000`00000000 fffff800`0102e8c0 00000000`00000010 : 0xfffffadc`00000000
fffffadc`a0e257e8 00000000`00000000 : 00000000`00000000 fffff800`0102e8c0 00000000`00000010 ffffffff`ffffffff : 0xfffffadc`de509958


STACK_COMMAND: kb

FOLLOWUP_IP:
PROCEXP100+10b4
fffffadc`b51ec0b4 0fb74158 movzx eax,word ptr [rcx+58h]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: PROCEXP100+10b4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: PROCEXP100

IMAGE_NAME: PROCEXP100.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 43beeb59

FAILURE_BUCKET_ID: X64_0x50_PROCEXP100+10b4

BUCKET_ID: X64_0x50_PROCEXP100+10b4

Followup: MachineOwner
---------





Gracias