Windows 2000 w. SP4 Crash [NEW DUMP POSTED]

Hi out there
I am a bit in doubt how to read this crash - I have downloaded the small util debugwiz from this bbs and run it against a minidump from a crashed windows 2000 server - but - could some give me a few notes on exactly where and what the caused the crash - do I read this correctly that the crash is caused by a corrupted stack in this sequence:
STACK_TEXT:
80473ff0 bfe68856 00000000 0246c800 88e8cf1c nt!KiSystemFatalException+0xe
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8

Can somebody help me by interpreting exactly what is going wrong here?
Thanks in advance - thomas iwang


Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.4.0004.4
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\Minidump\Mini011305-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINNT;C:\WINNT\system32;C:\WINNT\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x80484520
Debug session time: Thu Jan 13 08:06:18.582 2005 (GMT+1)
System Uptime: not available
Loading Kernel Symbols
.................................................................................................
Loading unloaded module list
.....
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {d, 0, 0, 0}

Probably caused by : netbt.sys ( netbt!TdiSendDatagram+1bc )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from bfe68856 to 80469fb6

STACK_TEXT:
80473ff0 bfe68856 00000000 0246c800 88e8cf1c nt!KiSystemFatalException+0xe
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8
804740ec bf93aaef 88e44530 ff2215ac 860a6438 tcpip!ARPSendBCast+0x2a1
8047411c bf93a380 88e8e702 80474158 00000001 tcpip!ARPTransmit+0x10b
80474148 bf93a72e 88e43828 ff2215ac 860a6438 tcpip!SendIPPacket+0x12b
8047424c bf93a111 bf975a74 88990d02 88427b28 tcpip!IPTransmit+0x2aed
804742bc bf939f0d 8842003a 152215ac 88d60008 tcpip!UDPSend+0x433
804742e0 bf939f85 bf939f9a 8888eb10 00000032 tcpip!TdiSendDatagram+0x131
80474318 bf936d23 88d60008 88d6009c 88e63a90 tcpip!UDPSendDatagram+0x4d
8047432c 8041de41 88e63a90 88d60008 80474390 tcpip!TCPDispatchInternalDeviceControl+0xce
80474340 bf918db6 88e42828 8888eb28 8888ea68 nt!IopfCallDriver+0x35
80474368 bf923abb 80474390 8888eb10 00000032 netbt!TdiSendDatagram+0x1bc
804743ac bf923917 8888ea68 ac1522ff 00000032 netbt!UdpSendDatagram+0x14f
804743f4 bf90f32a 8888ea68 00000000 88840f02 netbt!UdpSendNSBcast+0x28b
8047443c bf90e6f1 88840f02 00000000 88840f14 netbt!MSnodeCompletion+0x1ba
80474460 804322e8 88a2b290 88a2b248 611d7dcb netbt!TimerExpiry+0x5f
80474560 804321ce 80470370 ffdff848 ffdff000 nt!KiTimerListExpire+0x112
8047458c 80465728 80483ca0 00000000 0274a78e nt!KiTimerExpiration+0xb6
804745a4 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47
804745ac 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x28


FOLLOWUP_IP:
netbt!TdiSendDatagram+1bc
bf918db6 8b4d14 mov ecx,[ebp+0x14]

SYMBOL_STACK_INDEX: d

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: netbt!TdiSendDatagram+1bc

MODULE_NAME: netbt

IMAGE_NAME: netbt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3f15ab1a

STACK_COMMAND: kb

FAILURE_BUCKET_ID: 0x7f_d_netbt!TdiSendDatagram+1bc

BUCKET_ID: 0x7f_d_netbt!TdiSendDatagram+1bc

Followup: MachineOwner
---------

eax=ffdff13c ebx=0000007f ecx=88eaf008 edx=804740c4 esi=88e44530 edi=88fb06f0
eip=80469fb6 esp=80473fdc ebp=80473ff0 iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
nt!KiSystemFatalException+0xe:
80469fb6 c3 ret
ChildEBP RetAddr Args to Child
80473ff0 bfe68856 00000000 0246c800 88e8cf1c nt!KiSystemFatalException+0xe (FPO: [0,0] TrapFrame @ 80473ff0)
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339 (FPO: [Non-Fpo])
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f (FPO: [Non-Fpo])
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8 (FPO: [Non-Fpo])
804740ec bf93aaef 88e44530 ff2215ac 860a6438 tcpip!ARPSendBCast+0x2a1 (FPO: [Non-Fpo])
8047411c bf93a380 88e8e702 80474158 00000001 tcpip!ARPTransmit+0x10b (FPO: [Non-Fpo])
80474148 bf93a72e 88e43828 ff2215ac 860a6438 tcpip!SendIPPacket+0x12b (FPO: [Non-Fpo])
8047424c bf93a111 bf975a74 88990d02 88427b28 tcpip!IPTransmit+0x2aed (FPO: [Non-Fpo])
804742bc bf939f0d 8842003a 152215ac 88d60008 tcpip!UDPSend+0x433 (FPO: [Non-Fpo])
804742e0 bf939f85 bf939f9a 8888eb10 00000032 tcpip!TdiSendDatagram+0x131 (FPO: [Non-Fpo])
80474318 bf936d23 88d60008 88d6009c 88e63a90 tcpip!UDPSendDatagram+0x4d (FPO: [Non-Fpo])
8047432c 8041de41 88e63a90 88d60008 80474390 tcpip!TCPDispatchInternalDeviceControl+0xce (FPO: [2,0,2])
80474340 bf918db6 88e42828 8888eb28 8888ea68 nt!IopfCallDriver+0x35 (FPO: [0,0,2])
80474368 bf923abb 80474390 8888eb10 00000032 netbt!TdiSendDatagram+0x1bc (FPO: [Non-Fpo])
804743ac bf923917 8888ea68 ac1522ff 00000032 netbt!UdpSendDatagram+0x14f (FPO: [Non-Fpo])
804743f4 bf90f32a 8888ea68 00000000 88840f02 netbt!UdpSendNSBcast+0x28b (FPO: [Non-Fpo])
8047443c bf90e6f1 88840f02 00000000 88840f14 netbt!MSnodeCompletion+0x1ba (FPO: [Non-Fpo])
80474460 804322e8 88a2b290 88a2b248 611d7dcb netbt!TimerExpiry+0x5f (FPO: [EBP 0x80474560] [4,1,4])
80474560 804321ce 80470370 ffdff848 ffdff000 nt!KiTimerListExpire+0x112 (FPO: [Non-Fpo])
8047458c 80465728 80483ca0 00000000 0274a78e nt!KiTimerExpiration+0xb6 (FPO: [Non-Fpo])
start end module name
80062000 80076460 hal halmacpi.dll Fri Mar 21 03:04:42 2003 (3E7A733A)
80400000 8059dd00 nt ntkrnlmp.exe Tue Jun 10 23:42:11 2003 (3EE650B3)
a0000000 a018e000 win32k win32k.sys unavailable (FFFFFFFE)
a018e000 a0191000 awvid5 awvid5.dll unavailable (FFFFFFFE)
a0191000 a0192000 AWDDI AWDDI.DLL unavailable (FFFFFFFE)
a0192000 a01b5000 atiraged atiraged.DLL unavailable (FFFFFFFE)
a07e0000 a07ed000 RDPDD RDPDD.dll unavailable (FFFFFFFE)
bd492000 bd4947a0 TDPIPE TDPIPE.SYS Fri Mar 21 22:43:10 2003 (3E7B876E)
bddea000 bddffee0 RDPWD RDPWD.SYS Tue Apr 08 07:54:37 2003 (3E92641D)
be25c000 be25ef20 spud spud.sys Sat Nov 20 00:36:27 1999 (3835DEFB)
be3a0000 be3c23c0 Fastfat Fastfat.SYS Wed Jan 15 20:48:39 2003 (3E25BB17)
be3f3000 be402a20 ipsec ipsec.sys Wed Apr 30 01:04:59 2003 (3EAF051B)
be693000 be69ba60 termdd termdd.sys Fri Mar 21 22:43:08 2003 (3E7B876C)
be853000 be865600 mqac mqac.sys Tue Mar 25 13:27:48 2003 (3E804B44)
becae000 becbcfe0 Cdfs Cdfs.SYS Wed Apr 16 05:58:53 2003 (3E9CD4FD)
bed3e000 bed79bc0 srv srv.sys Wed Apr 30 01:05:07 2003 (3EAF0523)
bee42000 bee5f4a0 afd afd.sys Wed Apr 30 10:45:29 2003 (3EAF8D29)
bf7c8000 bf82e240 mrxsmb mrxsmb.sys Fri May 23 00:46:57 2003 (3ECD5361)
bf841000 bf86b9c0 rdbss rdbss.sys Fri May 23 00:47:05 2003 (3ECD5369)
bf90c000 bf933e00 netbt netbt.sys Wed Jul 16 21:44:26 2003 (3F15AB1A)
bf934000 bf985060 tcpip tcpip.sys Wed Apr 30 01:05:31 2003 (3EAF053B)
bf9ae000 bf9b16c0 dump_scsiport dump_scsiport.sys Tue Feb 25 20:18:04 2003 (3E5BC16C)
bfbee000 bfc183a0 update update.sys Wed Apr 16 06:22:01 2003 (3E9CDA69)
bfc19000 bfc34b40 ks ks.sys Wed Apr 16 06:02:11 2003 (3E9CD5C3)
bfc47000 bfc6a060 rdpdr rdpdr.sys Fri Mar 21 22:43:14 2003 (3E7B8772)
bfc8f000 bfc91740 awlegacy awlegacy.sys Tue Sep 12 00:19:37 2000 (39BD5A79)
bfc93000 bfca9ba0 ndiswan ndiswan.sys Wed Apr 30 01:05:01 2003 (3EAF051D)
bfcaa000 bfcbb1c0 atiragem atiragem.sys Sat Nov 06 00:43:11 1999 (38236B8F)
bfcbc000 bfce0400 e100bnt5 e100bnt5.sys Thu Aug 19 22:26:54 2004 (41250D0E)
bfe3a000 bfe4f640 Mup Mup.sys Wed Jan 15 20:54:01 2003 (3E25BC59)
bfe50000 bfe79aa0 NDIS NDIS.sys Wed Apr 30 01:05:01 2003 (3EAF051D)
bfe7a000 bfefc5a0 Ntfs Ntfs.sys Fri May 09 21:46:45 2003 (3EBC05A5)
bfefd000 bff0e7c0 KSecDD KSecDD.sys Wed Mar 26 22:37:44 2003 (3E821DA8)
bff0f000 bff211c0 Dfs Dfs.sys Wed Feb 12 03:19:06 2003 (3E49AF1A)
bff80000 bff920c0 SCSIPORT SCSIPORT.SYS Sat May 17 03:11:02 2003 (3EC58C26)
bff93000 bffbafa0 vxio vxio.sys Wed Jul 28 02:06:52 2004 (4106EE1C)
bffbb000 bffd7220 ftdisk ftdisk.sys Tue Apr 01 00:21:58 2003 (3E88BF86)
bffd8000 bffffc20 ACPI ACPI.sys Wed Jan 15 20:44:22 2003 (3E25BA16)
eb000000 eb00e6a0 pci pci.sys Wed Jan 15 20:44:07 2003 (3E25BA07)
eb010000 eb01b680 isapnp isapnp.sys Wed Jan 15 20:43:47 2003 (3E25B9F3)
eb020000 eb02dd00 aic78xx aic78xx.sys Thu Oct 07 02:06:14 1999 (37FBE3F6)
eb030000 eb03faa0 adpu160m adpu160m.sys Wed Jan 15 20:42:27 2003 (3E25B9A3)
eb040000 eb048700 CLASSPNP CLASSPNP.SYS Wed Jan 15 20:42:51 2003 (3E25B9BB)
eb050000 eb05a000 dcdbas32 dcdbas32.sys Thu Aug 05 04:25:19 2004 (41119A8F)
eb070000 eb07c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 20:47:20 2003 (3E25BAC8)
eb080000 eb08b680 i8042prt i8042prt.sys Wed Apr 16 06:00:59 2003 (3E9CD57B)
eb090000 eb09f400 serial serial.sys Wed Apr 16 06:19:39 2003 (3E9CD9DB)
eb0a0000 eb0aca80 rasl2tp rasl2tp.sys Wed Apr 30 01:05:06 2003 (3EAF0522)
eb0b0000 eb0bbc40 raspptp raspptp.sys Thu May 15 01:47:00 2003 (3EC2D574)
eb0c0000 eb0cea20 parallel parallel.sys Wed Jan 15 20:47:14 2003 (3E25BAC2)
eb0d0000 eb0d9000 dcdesm32 dcdesm32.sys Thu Aug 05 04:26:51 2004 (41119AEB)
eb120000 eb129be0 usbhub usbhub.sys Wed Mar 19 00:30:41 2003 (3E77AC21)
eb130000 eb139ce0 NDProxy NDProxy.SYS Fri Oct 01 01:25:35 1999 (37F3F16F)
eb140000 eb148fa0 Npfs Npfs.SYS Sun Oct 10 01:58:07 1999 (37FFD68F)
eb150000 eb158680 msgpc msgpc.sys Wed Jan 15 20:54:25 2003 (3E25BC71)
eb160000 eb1681a0 netbios netbios.sys Tue Oct 12 21:34:19 1999 (38038D3B)
eb180000 eb188240 Fips Fips.SYS Tue May 09 17:28:29 2000 (39182E9D)
eb280000 eb287500 MountMgr MountMgr.sys Fri Dec 19 19:57:52 2003 (3FE34A30)
eb288000 eb28e1c0 perc2 perc2.sys Fri Oct 27 21:34:46 2000 (39F9D8D6)
eb290000 eb297720 disk disk.sys Wed Jan 15 20:43:05 2003 (3E25B9C9)
eb2d0000 eb2d4400 ptilink ptilink.sys Wed Jan 15 20:47:15 2003 (3E25BAC3)
eb2e0000 eb2e40e0 raspti raspti.sys Fri Oct 08 22:45:10 1999 (37FE57D6)
eb308000 eb30fd00 wanarp wanarp.sys Fri Aug 16 14:25:01 2002 (3D5CEF1D)
eb310000 eb3148c0 TDTCP TDTCP.SYS Fri Mar 21 22:43:08 2003 (3E7B876C)
eb350000 eb3561c0 dump_perc2 dump_perc2.sys Fri Oct 27 21:34:46 2000 (39F9D8D6)
eb358000 eb35ef60 aw_host5 aw_host5.sys Tue Sep 12 00:19:26 2000 (39BD5A6E)
eb370000 eb377000 fdc fdc.sys unavailable (FFFFFFFE)
eb378000 eb37ca60 flpydisk flpydisk.sys Wed Jan 15 20:42:52 2003 (3E25B9BC)
eb388000 eb38dec0 kbdclass kbdclass.sys Thu Feb 20 17:37:30 2003 (3E55044A)
eb398000 eb39d400 mouclass mouclass.sys Thu Feb 20 17:37:45 2003 (3E550459)
eb3a8000 eb3aea20 EFS EFS.SYS Wed Jan 15 20:46:55 2003 (3E25BAAF)
eb3c0000 eb3c6100 parport parport.sys Wed Jan 15 20:47:13 2003 (3E25BAC1)
eb3d0000 eb3d5fc0 openhci openhci.sys Sat Mar 01 01:28:59 2003 (3E5FFECB)
eb3e0000 eb3e5240 Msfs Msfs.SYS Wed Oct 27 01:21:32 1999 (3816377C)
eb3e8000 eb3ecfc0 USBD USBD.SYS Wed Jan 22 18:05:33 2003 (3E2ECF5D)
eb3f8000 eb3fec40 cdrom cdrom.sys Wed Jan 15 20:43:04 2003 (3E25B9C8)
eb400000 eb408000 QntmDLT QntmDLT.sys Thu Nov 20 20:03:04 2003 (3FBD0FE8)
eb410000 eb412a20 BOOTVID BOOTVID.dll Thu Nov 04 02:24:33 1999 (3820E051)
eb414000 eb416d00 PartMgr PartMgr.sys Wed Jan 15 20:43:07 2003 (3E25B9CB)
eb418000 eb41b400 Gernuwa Gernuwa.sys Tue Sep 12 00:18:22 2000 (39BD5A2E)
eb4b8000 eb4bb640 serenum serenum.sys Wed Jan 15 20:47:01 2003 (3E25BAB5)
eb4c4000 eb4c7580 vga vga.sys Sat Sep 25 20:37:40 1999 (37ED1674)
eb4c8000 eb4ca9a0 TAPE TAPE.SYS Wed Jan 15 20:43:11 2003 (3E25B9CF)
eb4d0000 eb4d22e0 ndistapi ndistapi.sys Wed Jan 15 20:54:15 2003 (3E25BC67)
eb4e0000 eb4e3e60 TDI TDI.SYS Wed Jan 15 20:56:26 2003 (3E25BCEA)
eb4e4000 eb4e7e40 ASPI32 ASPI32.SYS Sat Sep 11 01:46:10 1999 (37D99842)
eb500000 eb501d20 Diskperf Diskperf.sys Wed Feb 12 22:34:38 2003 (3E4ABDEE)
eb502000 eb5036c0 perc2hib perc2hib.sys Fri Oct 27 21:34:51 2000 (39F9D8DB)
eb528000 eb529ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 20:53:30 2003 (3E25BC3A)
eb530000 eb531e40 rasacd rasacd.sys Sat Sep 25 20:41:23 1999 (37ED1753)
eb552000 eb554000 ParVdm ParVdm.SYS unavailable (FFFFFFFE)
eb5c8000 eb5c8f80 WMILIB WMILIB.SYS Sat Sep 25 20:36:47 1999 (37ED163F)
eb627000 eb627c60 PORTACCESSOR PORTACCESSOR.sys Thu Mar 11 23:21:14 2004 (4050E65A)
eb629000 eb629a40 audstub audstub.sys Sat Sep 25 20:35:33 1999 (37ED15F5)
eb63e000 eb63ed80 swenum swenum.sys Sat Sep 25 20:36:31 1999 (37ED162F)
eb69b000 eb69b9e0 Null Null.SYS Sat Sep 25 20:34:58 1999 (37ED15D2)
eb69f000 eb69fee0 Beep Beep.SYS Thu Oct 21 00:18:59 1999 (380E3FD3)
eb6a5000 eb6a5f80 mnmdd mnmdd.SYS Sat Sep 25 20:37:40 1999 (37ED1674)

Unloaded modules:
eb6f2000 eb6f3000 BCMmodem2k.s
Timestamp: unavailable (00000000)
Checksum: 00000000
bff22000 bff80000 vxboot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb170000 eb179000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb3c8000 eb3cd000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
eb4bc000 eb4bf000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

The wiz isnt tracking this crash. you're going to need to help it.

Using the tool, select your dump and hit the advanced button.
Change this:

Code:

 -logo c:\debuglog.txt -c[B]  "!analyze -v;r;kv;lmtn;.logclose;q "[/B] -y SRV*c:\symbols*http://msdl.microsoft.com/download

to this:

Code:

-logo c:\debuglog.txt -c [B] "!analyze -v;.trap 80473ff0;r;kv;.logclose;q "[/B]  -y blah blah

 

Allo, allo, tiwang, are you out there?

 

hi
yes - i am here - as I used to say - don't panic - this we have the servers to do for us..
anyway - I modified the string for the debugger and got this report from that handy little debugwiz - but can somebody out there help me by interpreting the output - I guess that the cause for the cras is a bug in netbt.sys - but we do not normally have servers crashing in that way - can some help me here by explaining to me what I am looking at - where is that @#£$€ cause for that crash:
btw - where do we get the trap adress for the debugwiz from ??

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.4.0004.4
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\Minidump\Mini011305-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINNT;C:\WINNT\system32;C:\WINNT\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x80484520
Debug session time: Thu Jan 13 08:06:18.582 2005 (GMT+1)
System Uptime: not available
Loading Kernel Symbols
.................................................................................................
Loading unloaded module list
.....
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {d, 0, 0, 0}

Probably caused by : netbt.sys ( netbt!TdiSendDatagram+1bc )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from bfe68856 to 80469fb6

STACK_TEXT:
80473ff0 bfe68856 00000000 0246c800 88e8cf1c nt!KiSystemFatalException+0xe
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8
804740ec bf93aaef 88e44530 ff2215ac 860a6438 tcpip!ARPSendBCast+0x2a1
8047411c bf93a380 88e8e702 80474158 00000001 tcpip!ARPTransmit+0x10b
80474148 bf93a72e 88e43828 ff2215ac 860a6438 tcpip!SendIPPacket+0x12b
8047424c bf93a111 bf975a74 88990d02 88427b28 tcpip!IPTransmit+0x2aed
804742bc bf939f0d 8842003a 152215ac 88d60008 tcpip!UDPSend+0x433
804742e0 bf939f85 bf939f9a 8888eb10 00000032 tcpip!TdiSendDatagram+0x131
80474318 bf936d23 88d60008 88d6009c 88e63a90 tcpip!UDPSendDatagram+0x4d
8047432c 8041de41 88e63a90 88d60008 80474390 tcpip!TCPDispatchInternalDeviceControl+0xce
80474340 bf918db6 88e42828 8888eb28 8888ea68 nt!IopfCallDriver+0x35
80474368 bf923abb 80474390 8888eb10 00000032 netbt!TdiSendDatagram+0x1bc
804743ac bf923917 8888ea68 ac1522ff 00000032 netbt!UdpSendDatagram+0x14f
804743f4 bf90f32a 8888ea68 00000000 88840f02 netbt!UdpSendNSBcast+0x28b
8047443c bf90e6f1 88840f02 00000000 88840f14 netbt!MSnodeCompletion+0x1ba
80474460 804322e8 88a2b290 88a2b248 611d7dcb netbt!TimerExpiry+0x5f
80474560 804321ce 80470370 ffdff848 ffdff000 nt!KiTimerListExpire+0x112
8047458c 80465728 80483ca0 00000000 0274a78e nt!KiTimerExpiration+0xb6
804745a4 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47
804745ac 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x28


FOLLOWUP_IP:
netbt!TdiSendDatagram+1bc
bf918db6 8b4d14 mov ecx,[ebp+0x14]

SYMBOL_STACK_INDEX: d

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: netbt!TdiSendDatagram+1bc

MODULE_NAME: netbt

IMAGE_NAME: netbt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3f15ab1a

STACK_COMMAND: kb

FAILURE_BUCKET_ID: 0x7f_d_netbt!TdiSendDatagram+1bc

BUCKET_ID: 0x7f_d_netbt!TdiSendDatagram+1bc

Followup: MachineOwner
---------

eax=ffdff13c ebx=0000007f ecx=88eaf008 edx=804740c4 esi=88e44530 edi=88fb06f0
eip=80469fb6 esp=80473fdc ebp=80473ff0 iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
nt!KiSystemFatalException+0xe:
80469fb6 c3 ret
ChildEBP RetAddr Args to Child
80473ff0 bfe68856 00000000 0246c800 88e8cf1c nt!KiSystemFatalException+0xe (FPO: [0,0] TrapFrame @ 80473ff0)
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339 (FPO: [Non-Fpo])
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f (FPO: [Non-Fpo])
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8 (FPO: [Non-Fpo])
804740ec bf93aaef 88e44530 ff2215ac 860a6438 tcpip!ARPSendBCast+0x2a1 (FPO: [Non-Fpo])
8047411c bf93a380 88e8e702 80474158 00000001 tcpip!ARPTransmit+0x10b (FPO: [Non-Fpo])
80474148 bf93a72e 88e43828 ff2215ac 860a6438 tcpip!SendIPPacket+0x12b (FPO: [Non-Fpo])
8047424c bf93a111 bf975a74 88990d02 88427b28 tcpip!IPTransmit+0x2aed (FPO: [Non-Fpo])
804742bc bf939f0d 8842003a 152215ac 88d60008 tcpip!UDPSend+0x433 (FPO: [Non-Fpo])
804742e0 bf939f85 bf939f9a 8888eb10 00000032 tcpip!TdiSendDatagram+0x131 (FPO: [Non-Fpo])
80474318 bf936d23 88d60008 88d6009c 88e63a90 tcpip!UDPSendDatagram+0x4d (FPO: [Non-Fpo])
8047432c 8041de41 88e63a90 88d60008 80474390 tcpip!TCPDispatchInternalDeviceControl+0xce (FPO: [2,0,2])
80474340 bf918db6 88e42828 8888eb28 8888ea68 nt!IopfCallDriver+0x35 (FPO: [0,0,2])
80474368 bf923abb 80474390 8888eb10 00000032 netbt!TdiSendDatagram+0x1bc (FPO: [Non-Fpo])
804743ac bf923917 8888ea68 ac1522ff 00000032 netbt!UdpSendDatagram+0x14f (FPO: [Non-Fpo])
804743f4 bf90f32a 8888ea68 00000000 88840f02 netbt!UdpSendNSBcast+0x28b (FPO: [Non-Fpo])
8047443c bf90e6f1 88840f02 00000000 88840f14 netbt!MSnodeCompletion+0x1ba (FPO: [Non-Fpo])
80474460 804322e8 88a2b290 88a2b248 611d7dcb netbt!TimerExpiry+0x5f (FPO: [EBP 0x80474560] [4,1,4])
80474560 804321ce 80470370 ffdff848 ffdff000 nt!KiTimerListExpire+0x112 (FPO: [Non-Fpo])
8047458c 80465728 80483ca0 00000000 0274a78e nt!KiTimerExpiration+0xb6 (FPO: [Non-Fpo])
start end module name
80062000 80076460 hal halmacpi.dll Fri Mar 21 03:04:42 2003 (3E7A733A)
80400000 8059dd00 nt ntkrnlmp.exe Tue Jun 10 23:42:11 2003 (3EE650B3)
a0000000 a018e000 win32k win32k.sys unavailable (FFFFFFFE)
a018e000 a0191000 awvid5 awvid5.dll unavailable (FFFFFFFE)
a0191000 a0192000 AWDDI AWDDI.DLL unavailable (FFFFFFFE)
a0192000 a01b5000 atiraged atiraged.DLL unavailable (FFFFFFFE)
a07e0000 a07ed000 RDPDD RDPDD.dll unavailable (FFFFFFFE)
bd492000 bd4947a0 TDPIPE TDPIPE.SYS Fri Mar 21 22:43:10 2003 (3E7B876E)
bddea000 bddffee0 RDPWD RDPWD.SYS Tue Apr 08 07:54:37 2003 (3E92641D)
be25c000 be25ef20 spud spud.sys Sat Nov 20 00:36:27 1999 (3835DEFB)
be3a0000 be3c23c0 Fastfat Fastfat.SYS Wed Jan 15 20:48:39 2003 (3E25BB17)
be3f3000 be402a20 ipsec ipsec.sys Wed Apr 30 01:04:59 2003 (3EAF051B)
be693000 be69ba60 termdd termdd.sys Fri Mar 21 22:43:08 2003 (3E7B876C)
be853000 be865600 mqac mqac.sys Tue Mar 25 13:27:48 2003 (3E804B44)
becae000 becbcfe0 Cdfs Cdfs.SYS Wed Apr 16 05:58:53 2003 (3E9CD4FD)
bed3e000 bed79bc0 srv srv.sys Wed Apr 30 01:05:07 2003 (3EAF0523)
bee42000 bee5f4a0 afd afd.sys Wed Apr 30 10:45:29 2003 (3EAF8D29)
bf7c8000 bf82e240 mrxsmb mrxsmb.sys Fri May 23 00:46:57 2003 (3ECD5361)
bf841000 bf86b9c0 rdbss rdbss.sys Fri May 23 00:47:05 2003 (3ECD5369)
bf90c000 bf933e00 netbt netbt.sys Wed Jul 16 21:44:26 2003 (3F15AB1A)
bf934000 bf985060 tcpip tcpip.sys Wed Apr 30 01:05:31 2003 (3EAF053B)
bf9ae000 bf9b16c0 dump_scsiport dump_scsiport.sys Tue Feb 25 20:18:04 2003 (3E5BC16C)
bfbee000 bfc183a0 update update.sys Wed Apr 16 06:22:01 2003 (3E9CDA69)
bfc19000 bfc34b40 ks ks.sys Wed Apr 16 06:02:11 2003 (3E9CD5C3)
bfc47000 bfc6a060 rdpdr rdpdr.sys Fri Mar 21 22:43:14 2003 (3E7B8772)
bfc8f000 bfc91740 awlegacy awlegacy.sys Tue Sep 12 00:19:37 2000 (39BD5A79)
bfc93000 bfca9ba0 ndiswan ndiswan.sys Wed Apr 30 01:05:01 2003 (3EAF051D)
bfcaa000 bfcbb1c0 atiragem atiragem.sys Sat Nov 06 00:43:11 1999 (38236B8F)
bfcbc000 bfce0400 e100bnt5 e100bnt5.sys Thu Aug 19 22:26:54 2004 (41250D0E)
bfe3a000 bfe4f640 Mup Mup.sys Wed Jan 15 20:54:01 2003 (3E25BC59)
bfe50000 bfe79aa0 NDIS NDIS.sys Wed Apr 30 01:05:01 2003 (3EAF051D)
bfe7a000 bfefc5a0 Ntfs Ntfs.sys Fri May 09 21:46:45 2003 (3EBC05A5)
bfefd000 bff0e7c0 KSecDD KSecDD.sys Wed Mar 26 22:37:44 2003 (3E821DA8)
bff0f000 bff211c0 Dfs Dfs.sys Wed Feb 12 03:19:06 2003 (3E49AF1A)
bff80000 bff920c0 SCSIPORT SCSIPORT.SYS Sat May 17 03:11:02 2003 (3EC58C26)
bff93000 bffbafa0 vxio vxio.sys Wed Jul 28 02:06:52 2004 (4106EE1C)
bffbb000 bffd7220 ftdisk ftdisk.sys Tue Apr 01 00:21:58 2003 (3E88BF86)
bffd8000 bffffc20 ACPI ACPI.sys Wed Jan 15 20:44:22 2003 (3E25BA16)
eb000000 eb00e6a0 pci pci.sys Wed Jan 15 20:44:07 2003 (3E25BA07)
eb010000 eb01b680 isapnp isapnp.sys Wed Jan 15 20:43:47 2003 (3E25B9F3)
eb020000 eb02dd00 aic78xx aic78xx.sys Thu Oct 07 02:06:14 1999 (37FBE3F6)
eb030000 eb03faa0 adpu160m adpu160m.sys Wed Jan 15 20:42:27 2003 (3E25B9A3)
eb040000 eb048700 CLASSPNP CLASSPNP.SYS Wed Jan 15 20:42:51 2003 (3E25B9BB)
eb050000 eb05a000 dcdbas32 dcdbas32.sys Thu Aug 05 04:25:19 2004 (41119A8F)
eb070000 eb07c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 20:47:20 2003 (3E25BAC8)
eb080000 eb08b680 i8042prt i8042prt.sys Wed Apr 16 06:00:59 2003 (3E9CD57B)
eb090000 eb09f400 serial serial.sys Wed Apr 16 06:19:39 2003 (3E9CD9DB)
eb0a0000 eb0aca80 rasl2tp rasl2tp.sys Wed Apr 30 01:05:06 2003 (3EAF0522)
eb0b0000 eb0bbc40 raspptp raspptp.sys Thu May 15 01:47:00 2003 (3EC2D574)
eb0c0000 eb0cea20 parallel parallel.sys Wed Jan 15 20:47:14 2003 (3E25BAC2)
eb0d0000 eb0d9000 dcdesm32 dcdesm32.sys Thu Aug 05 04:26:51 2004 (41119AEB)
eb120000 eb129be0 usbhub usbhub.sys Wed Mar 19 00:30:41 2003 (3E77AC21)
eb130000 eb139ce0 NDProxy NDProxy.SYS Fri Oct 01 01:25:35 1999 (37F3F16F)
eb140000 eb148fa0 Npfs Npfs.SYS Sun Oct 10 01:58:07 1999 (37FFD68F)
eb150000 eb158680 msgpc msgpc.sys Wed Jan 15 20:54:25 2003 (3E25BC71)
eb160000 eb1681a0 netbios netbios.sys Tue Oct 12 21:34:19 1999 (38038D3B)
eb180000 eb188240 Fips Fips.SYS Tue May 09 17:28:29 2000 (39182E9D)
eb280000 eb287500 MountMgr MountMgr.sys Fri Dec 19 19:57:52 2003 (3FE34A30)
eb288000 eb28e1c0 perc2 perc2.sys Fri Oct 27 21:34:46 2000 (39F9D8D6)
eb290000 eb297720 disk disk.sys Wed Jan 15 20:43:05 2003 (3E25B9C9)
eb2d0000 eb2d4400 ptilink ptilink.sys Wed Jan 15 20:47:15 2003 (3E25BAC3)
eb2e0000 eb2e40e0 raspti raspti.sys Fri Oct 08 22:45:10 1999 (37FE57D6)
eb308000 eb30fd00 wanarp wanarp.sys Fri Aug 16 14:25:01 2002 (3D5CEF1D)
eb310000 eb3148c0 TDTCP TDTCP.SYS Fri Mar 21 22:43:08 2003 (3E7B876C)
eb350000 eb3561c0 dump_perc2 dump_perc2.sys Fri Oct 27 21:34:46 2000 (39F9D8D6)
eb358000 eb35ef60 aw_host5 aw_host5.sys Tue Sep 12 00:19:26 2000 (39BD5A6E)
eb370000 eb377000 fdc fdc.sys unavailable (FFFFFFFE)
eb378000 eb37ca60 flpydisk flpydisk.sys Wed Jan 15 20:42:52 2003 (3E25B9BC)
eb388000 eb38dec0 kbdclass kbdclass.sys Thu Feb 20 17:37:30 2003 (3E55044A)
eb398000 eb39d400 mouclass mouclass.sys Thu Feb 20 17:37:45 2003 (3E550459)
eb3a8000 eb3aea20 EFS EFS.SYS Wed Jan 15 20:46:55 2003 (3E25BAAF)
eb3c0000 eb3c6100 parport parport.sys Wed Jan 15 20:47:13 2003 (3E25BAC1)
eb3d0000 eb3d5fc0 openhci openhci.sys Sat Mar 01 01:28:59 2003 (3E5FFECB)
eb3e0000 eb3e5240 Msfs Msfs.SYS Wed Oct 27 01:21:32 1999 (3816377C)
eb3e8000 eb3ecfc0 USBD USBD.SYS Wed Jan 22 18:05:33 2003 (3E2ECF5D)
eb3f8000 eb3fec40 cdrom cdrom.sys Wed Jan 15 20:43:04 2003 (3E25B9C8)
eb400000 eb408000 QntmDLT QntmDLT.sys Thu Nov 20 20:03:04 2003 (3FBD0FE8)
eb410000 eb412a20 BOOTVID BOOTVID.dll Thu Nov 04 02:24:33 1999 (3820E051)
eb414000 eb416d00 PartMgr PartMgr.sys Wed Jan 15 20:43:07 2003 (3E25B9CB)
eb418000 eb41b400 Gernuwa Gernuwa.sys Tue Sep 12 00:18:22 2000 (39BD5A2E)
eb4b8000 eb4bb640 serenum serenum.sys Wed Jan 15 20:47:01 2003 (3E25BAB5)
eb4c4000 eb4c7580 vga vga.sys Sat Sep 25 20:37:40 1999 (37ED1674)
eb4c8000 eb4ca9a0 TAPE TAPE.SYS Wed Jan 15 20:43:11 2003 (3E25B9CF)
eb4d0000 eb4d22e0 ndistapi ndistapi.sys Wed Jan 15 20:54:15 2003 (3E25BC67)
eb4e0000 eb4e3e60 TDI TDI.SYS Wed Jan 15 20:56:26 2003 (3E25BCEA)
eb4e4000 eb4e7e40 ASPI32 ASPI32.SYS Sat Sep 11 01:46:10 1999 (37D99842)
eb500000 eb501d20 Diskperf Diskperf.sys Wed Feb 12 22:34:38 2003 (3E4ABDEE)
eb502000 eb5036c0 perc2hib perc2hib.sys Fri Oct 27 21:34:51 2000 (39F9D8DB)
eb528000 eb529ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 20:53:30 2003 (3E25BC3A)
eb530000 eb531e40 rasacd rasacd.sys Sat Sep 25 20:41:23 1999 (37ED1753)
eb552000 eb554000 ParVdm ParVdm.SYS unavailable (FFFFFFFE)
eb5c8000 eb5c8f80 WMILIB WMILIB.SYS Sat Sep 25 20:36:47 1999 (37ED163F)
eb627000 eb627c60 PORTACCESSOR PORTACCESSOR.sys Thu Mar 11 23:21:14 2004 (4050E65A)
eb629000 eb629a40 audstub audstub.sys Sat Sep 25 20:35:33 1999 (37ED15F5)
eb63e000 eb63ed80 swenum swenum.sys Sat Sep 25 20:36:31 1999 (37ED162F)
eb69b000 eb69b9e0 Null Null.SYS Sat Sep 25 20:34:58 1999 (37ED15D2)
eb69f000 eb69fee0 Beep Beep.SYS Thu Oct 21 00:18:59 1999 (380E3FD3)
eb6a5000 eb6a5f80 mnmdd mnmdd.SYS Sat Sep 25 20:37:40 1999 (37ED1674)

Unloaded modules:
eb6f2000 eb6f3000 BCMmodem2k.s
Timestamp: unavailable (00000000)
Checksum: 00000000
bff22000 bff80000 vxboot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb170000 eb179000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb3c8000 eb3cd000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
eb4bc000 eb4bf000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

your change didnt take.

 

Errrr - Joe, I understand all the words but the meaning completely escapes me.

What do he do now?

 

for some reason, he did not successfully change the advanced options to read "!analyze -v;.trap 80473ff0;r;kv;.logclose;q "

 

hi again
hmmm - thanks any way - I cannot explain why it missed but if I for some reason cannot get this debugwiz right I expect that I can feed kd directly with these parameters - or ?? I'll try tomorrow morning

 

hi again - now I noticed what happened - when I started debugwiz the first thing I did was to change the settings for "advanced" with the command for kd - afterwards I browsed for the dump-image - when I select a dump the "advanced" settings I made where overwritten - I just had to do it "upside-down" - here is the new report:
Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.4.0004.4
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\Minidump\Mini011305-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download
Executable search path is: C:\WINNT;C:\WINNT\system32;C:\WINNT\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x80484520
Debug session time: Thu Jan 13 08:06:18.582 2005 (GMT+1)
System Uptime: not available
Loading Kernel Symbols
.................................................................................................
Loading unloaded module list
.....
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {d, 0, 0, 0}

Probably caused by : netbt.sys ( netbt!TdiSendDatagram+1bc )

Followup: MachineOwner
---------

0: kd> !analyze -v;.trap 80473ff0;r;kv;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from bfe68856 to 80469fb6

STACK_TEXT:
80473ff0 bfe68856 00000000 0246c800 88e8cf1c nt!KiSystemFatalException+0xe
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8
804740ec bf93aaef 88e44530 ff2215ac 860a6438 tcpip!ARPSendBCast+0x2a1
8047411c bf93a380 88e8e702 80474158 00000001 tcpip!ARPTransmit+0x10b
80474148 bf93a72e 88e43828 ff2215ac 860a6438 tcpip!SendIPPacket+0x12b
8047424c bf93a111 bf975a74 88990d02 88427b28 tcpip!IPTransmit+0x2aed
804742bc bf939f0d 8842003a 152215ac 88d60008 tcpip!UDPSend+0x433
804742e0 bf939f85 bf939f9a 8888eb10 00000032 tcpip!TdiSendDatagram+0x131
80474318 bf936d23 88d60008 88d6009c 88e63a90 tcpip!UDPSendDatagram+0x4d
8047432c 8041de41 88e63a90 88d60008 80474390 tcpip!TCPDispatchInternalDeviceControl+0xce
80474340 bf918db6 88e42828 8888eb28 8888ea68 nt!IopfCallDriver+0x35
80474368 bf923abb 80474390 8888eb10 00000032 netbt!TdiSendDatagram+0x1bc
804743ac bf923917 8888ea68 ac1522ff 00000032 netbt!UdpSendDatagram+0x14f
804743f4 bf90f32a 8888ea68 00000000 88840f02 netbt!UdpSendNSBcast+0x28b
8047443c bf90e6f1 88840f02 00000000 88840f14 netbt!MSnodeCompletion+0x1ba
80474460 804322e8 88a2b290 88a2b248 611d7dcb netbt!TimerExpiry+0x5f
80474560 804321ce 80470370 ffdff848 ffdff000 nt!KiTimerListExpire+0x112
8047458c 80465728 80483ca0 00000000 0274a78e nt!KiTimerExpiration+0xb6
804745a4 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47
804745ac 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x28


FOLLOWUP_IP:
netbt!TdiSendDatagram+1bc
bf918db6 8b4d14 mov ecx,[ebp+0x14]

SYMBOL_STACK_INDEX: d

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: netbt!TdiSendDatagram+1bc

MODULE_NAME: netbt

IMAGE_NAME: netbt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3f15ab1a

STACK_COMMAND: kb

FAILURE_BUCKET_ID: 0x7f_d_netbt!TdiSendDatagram+1bc

BUCKET_ID: 0x7f_d_netbt!TdiSendDatagram+1bc

Followup: MachineOwner
---------

ErrCode = 000053a8
eax=00000000 ebx=00000000 ecx=88eaf008 edx=80474088 esi=88e44530 edi=88fb06f0
eip=bfe68856 esp=80474064 ebp=80474094 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
NDIS!ndisMIsLoopbackPacket+0x339:
bfe68856 ff972c010000 call dword ptr [edi+0x12c] ds:0023:88fb081c=????????
Last set context:
eax=00000000 ebx=00000000 ecx=88eaf008 edx=80474088 esi=88e44530 edi=88fb06f0
eip=bfe68856 esp=80474064 ebp=80474094 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
NDIS!ndisMIsLoopbackPacket+0x339:
bfe68856 ff972c010000 call dword ptr [edi+0x12c] ds:0023:88fb081c=????????
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
80474094 bfe688ec 804740ac 88e8e5e8 88fb06f0 NDIS!ndisMIsLoopbackPacket+0x339 (FPO: [Non-Fpo])
804740b4 bfe505ae 88e4453c 860a6438 88e8e788 NDIS!ndisMLoopbackPacketX+0x1f (FPO: [Non-Fpo])
804740c8 bf93aa6e 00000000 860a6438 88e8e788 NDIS!ndisMSendX+0xc8 (FPO: [Non-Fpo])
804740ec bf93aaef 88e44530 ff2215ac 860a6438 tcpip!ARPSendBCast+0x2a1 (FPO: [Non-Fpo])
8047411c bf93a380 88e8e702 80474158 00000001 tcpip!ARPTransmit+0x10b (FPO: [Non-Fpo])
80474148 bf93a72e 88e43828 ff2215ac 860a6438 tcpip!SendIPPacket+0x12b (FPO: [Non-Fpo])
8047424c bf93a111 bf975a74 88990d02 88427b28 tcpip!IPTransmit+0x2aed (FPO: [Non-Fpo])
804742bc bf939f0d 8842003a 152215ac 88d60008 tcpip!UDPSend+0x433 (FPO: [Non-Fpo])
804742e0 bf939f85 bf939f9a 8888eb10 00000032 tcpip!TdiSendDatagram+0x131 (FPO: [Non-Fpo])
80474318 bf936d23 88d60008 88d6009c 88e63a90 tcpip!UDPSendDatagram+0x4d (FPO: [Non-Fpo])
8047432c 8041de41 88e63a90 88d60008 80474390 tcpip!TCPDispatchInternalDeviceControl+0xce (FPO: [2,0,2])
80474340 bf918db6 88e42828 8888eb28 8888ea68 nt!IopfCallDriver+0x35 (FPO: [0,0,2])
80474368 bf923abb 80474390 8888eb10 00000032 netbt!TdiSendDatagram+0x1bc (FPO: [Non-Fpo])
804743ac bf923917 8888ea68 ac1522ff 00000032 netbt!UdpSendDatagram+0x14f (FPO: [Non-Fpo])
804743f4 bf90f32a 8888ea68 00000000 88840f02 netbt!UdpSendNSBcast+0x28b (FPO: [Non-Fpo])
8047443c bf90e6f1 88840f02 00000000 88840f14 netbt!MSnodeCompletion+0x1ba (FPO: [Non-Fpo])
80474460 804322e8 88a2b290 88a2b248 611d7dcb netbt!TimerExpiry+0x5f (FPO: [EBP 0x80474560] [4,1,4])
80474560 804321ce 80470370 ffdff848 ffdff000 nt!KiTimerListExpire+0x112 (FPO: [Non-Fpo])
8047458c 80465728 80483ca0 00000000 0274a78e nt!KiTimerExpiration+0xb6 (FPO: [Non-Fpo])
804745a4 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47 (FPO: [0,1,0])
Closing open log file c:\debuglog.txt

 

ok - what I see is of course that the trap address is the top of the stack - but what is causing this trap - I would expect that I was looking for "something" related to windows terminal service because this server is using printer-mapping from pc-clients via terminal-service - and I have never seen this run stable - but I cannot track that trace down to something which make sense to me - can some help me decoding this?

 

Hi Joe (or anyone with some goodies to this problem)

Couldn't you try to give me some hints what I am looking for - I am a bit stucked in this problem. What can it look like - some netbios stuff which has ******* up ? if I look at the functions called - RetiredpcList - SendNSBcast etc etc it could maybe look like some browserservice ?

regards /Ti

 

One of the code guys will hopefully take a look at this fairly soon. We seem to have lots more dump code than dump-code analysts and they may have just lost track of the thread. I'll send a heads-up.

 

i am too tired to look at this tonite, ill get to it tho.

 

This is caused by a problem with the registered miniport driver, aka your NIC drivers. You need to review any NDIS miniport drivers registered.

 

hi out there
I try to dig deeper in this crash - can you tell me why you conclude this ?
regards /ti

 

Because the line of code it was executing is deferencing a pointer to a miniport driver, and the pointer is pointing into dead space.

NDIS!ndisMIsLoopbackPacket+0x339:
bfe68856 ff972c010000 call dword ptr [edi+0x12c] ds:0023:88fb081c=????????

 

hi joe
thanks a lot - Is there a way where I can tell if this ndisMIsLoopbackpacket rutine from the windows tcp-ip runtime or part of Intels driver library ?
When you write "dead space" - is this memory which has been freed or how can I interpret this? The DS register is poiting to nowhere - can I locate the instruction which loaded this register?
regards /ti

 

btw - got a new dump - server crashed again friday:

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.4.0004.4
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINNT;C:\WINNT\system32;C:\WINNT\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer
Kernel base = 0x80400000 PsLoadedModuleList = 0x80484520
Debug session time: Fri Jan 21 13:00:58.432 2005 (GMT+1)
System Uptime: 8 days 4:51:30.516
Loading Kernel Symbols
.................................................................................................
Loading unloaded module list
.....
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {d, 0, 0, 0}

*** ERROR: Module load completed but symbols could not be loaded for e100bnt5.sys
Probably caused by : e100bnt5.sys ( e100bnt5+a912 )

Followup: MachineOwner
---------

1: kd> !analyze -v;.trap eb427890;r;kv;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from bfe68856 to 80469fb6

STACK_TEXT:
eb427890 bfe68856 00000036 00000000 08000000 nt!KiSystemFatalException+0xe
eb427934 bfe688ec eb42794c 88e44748 88f16130 NDIS!ndisMIsLoopbackPacket+0x339
eb427954 bfe505ae 88e448e8 8614e438 8720f968 NDIS!ndisMLoopbackPacketX+0x1f
eb427968 bf93680b 00000000 8614e438 88e448e8 NDIS!ndisMSendX+0xc8
eb427990 bf93671e 88e448e8 8614e438 86951fa8 tcpip!ARPSendData+0x1a1
eb4279c0 bf936bfa 88e44802 eb427ab0 00000001 tcpip!ARPTransmit+0x74
eb427ab4 bf937722 bf975a58 00000002 8720f968 tcpip!IPTransmit+0x5ef
eb427b00 bf937ac5 87d42e02 00000001 00000020 tcpip!SendACK+0x3e4
eb427b1c bf938702 00000002 bf975a64 00000002 tcpip!ProcessPerCpuTCBDelayQ+0x19d
eb427b2c bf9348d1 00000000 bf934875 00000000 tcpip!ProcessTCBDelayQ+0x4c
eb427b40 bf93487c bfe71216 88e448e8 88eaf570 tcpip!TCPRcvComplete+0xea
eb427b44 bfe71216 88e448e8 88eaf570 88eaf008 tcpip!ARPRcvComplete+0x5
eb427b98 bfcc6912 88f16100 eb427bb8 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x407
WARNING: Stack unwind information not available. Following frames may be wrong.
eb427cfc bfcc6e9e 88eaf000 88eaf3d0 88f16130 e100bnt5+0xa912
eb427d28 bfe5abb8 88eaf000 80470370 89092848 e100bnt5+0xae9e
eb427d3c 80465728 88eaf3e4 88eaf3d0 00000000 NDIS!ndisMDpcX+0x2b
eb427d54 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47
eb427d5c 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x28


FOLLOWUP_IP:
e100bnt5+a912
bfcc6912 57 push edi

SYMBOL_STACK_INDEX: d

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: e100bnt5+a912

MODULE_NAME: e100bnt5

IMAGE_NAME: e100bnt5.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41250d0e

STACK_COMMAND: kb

FAILURE_BUCKET_ID: 0x7f_d_e100bnt5+a912

BUCKET_ID: 0x7f_d_e100bnt5+a912

Followup: MachineOwner
---------

ErrCode = 00007928
eax=00000000 ebx=00000000 ecx=88ef1d88 edx=eb427928 esi=869c249a edi=88f16130
eip=bfe68856 esp=eb427904 ebp=eb427934 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
NDIS!ndisMIsLoopbackPacket+0x339:
bfe68856 ff972c010000 call dword ptr [edi+0x12c]{NDIS!ethFilterLockHandler (bfe7122f)} ds:0023:88f1625c=bfe7122f
Last set context:
eax=00000000 ebx=00000000 ecx=88ef1d88 edx=eb427928 esi=869c249a edi=88f16130
eip=bfe68856 esp=eb427904 ebp=eb427934 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
NDIS!ndisMIsLoopbackPacket+0x339:
bfe68856 ff972c010000 call dword ptr [edi+0x12c]{NDIS!ethFilterLockHandler (bfe7122f)} ds:0023:88f1625c=bfe7122f
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
eb427934 bfe688ec eb42794c 88e44748 88f16130 NDIS!ndisMIsLoopbackPacket+0x339 (FPO: [Non-Fpo])
eb427954 bfe505ae 88e448e8 8614e438 8720f968 NDIS!ndisMLoopbackPacketX+0x1f (FPO: [Non-Fpo])
eb427968 bf93680b 00000000 8614e438 88e448e8 NDIS!ndisMSendX+0xc8 (FPO: [Non-Fpo])
eb427990 bf93671e 88e448e8 8614e438 86951fa8 tcpip!ARPSendData+0x1a1 (FPO: [Non-Fpo])
eb4279c0 bf936bfa 88e44802 eb427ab0 00000001 tcpip!ARPTransmit+0x74 (FPO: [Non-Fpo])
eb427ab4 bf937722 bf975a58 00000002 8720f968 tcpip!IPTransmit+0x5ef (FPO: [Non-Fpo])
eb427b00 bf937ac5 87d42e02 00000001 00000020 tcpip!SendACK+0x3e4 (FPO: [Non-Fpo])
eb427b1c bf938702 00000002 bf975a64 00000002 tcpip!ProcessPerCpuTCBDelayQ+0x19d (FPO: [Non-Fpo])
eb427b2c bf9348d1 00000000 bf934875 00000000 tcpip!ProcessTCBDelayQ+0x4c (FPO: [0,0,2])
eb427b40 bf93487c bfe71216 88e448e8 88eaf570 tcpip!TCPRcvComplete+0xea (FPO: [0,0,3])
eb427b44 bfe71216 88e448e8 88eaf570 88eaf008 tcpip!ARPRcvComplete+0x5 (FPO: [1,0,0])
eb427b98 bfcc6912 88f16100 eb427bb8 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x407 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
eb427cfc bfcc6e9e 88eaf000 88eaf3d0 88f16130 e100bnt5+0xa912
eb427d28 bfe5abb8 88eaf000 80470370 89092848 e100bnt5+0xae9e
eb427d3c 80465728 88eaf3e4 88eaf3d0 00000000 NDIS!ndisMDpcX+0x2b (FPO: [4,0,3])
eb427d54 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47 (FPO: [0,1,0])
eb427d5c 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x28
Closing open log file c:\debuglog.txt

 

what have you changed?

 

hi again
nothing - i am innocent - why are you asking? - what do you "suspect" ????