hallo erstmal!
ich hab bereits das gesamte internet abgegrast, aber keine nützliche antwort gefunden.
deswegen schau ich jetzt hier rein und hoffe, dass ihr mir helfen könnt.
ich bekomme häufiger einen bluescreen angezeigt, wenn ich bestimmte spiel zocken will.
hab ein neues speicherabbild erstellt und die dump-datei mit dem KERNEL-Debugger gescannt.
da hab ich folgendes ergebnis bekommen
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Dokumente und Einstellungen\BB\Eigene Dateien\Speicherabbild\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Sat Mar 3 15:17:24.031 2007 (GMT+1)
System Uptime: 0 days 0:13:20.607
Loading Kernel Symbols
..................................................................... .......................................................
Loading User Symbols
..................................
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 81b79e22, f9af19a8, 0}
*** WARNING: Unable to verify checksum for ~deafa4.tmp
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ~deafa4.tmp -
*** WARNING: Unable to verify checksum for ~df394b.tmp
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ~df394b.tmp -
Probably caused by : redbook.sys ( redbook!RedBookSendToNextDriver+35 )
Followup: MachineOwner
---------
kd> .reload
Loading Kernel Symbols
..................................................................... .......................................................
Loading User Symbols
..................................
Loading unloaded module list
............
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81b79e22, The address that the exception occurred at
Arg3: f9af19a8, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for ~deafa4.tmp
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ~deafa4.tmp -
*** WARNING: Unable to verify checksum for ~df394b.tmp
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ~df394b.tmp -
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in "0x%08lx" verweist auf Speicher in "0x%08lx". Der Vorgang "%s" konnte nicht auf dem Speicher durchgef hrt werden.
FAULTING_IP:
+ffffffff81b79e22
81b79e22 6681384d5a cmp word ptr [eax],5A4Dh
TRAP_FRAME: f9af19a8 -- (.trap fffffffff9af19a8)
ErrCode = 00000000
eax=00eb3000 ebx=81b79e8f ecx=00000000 edx=f992e06f esi=00eb3000 edi=00000000
eip=81b79e22 esp=f9af1a1c ebp=f9af1a1c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
81b79e22 6681384d5a cmp word ptr [eax],5A4Dh ds:0023:00eb3000=?? ??
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: mainapp.exe
LAST_CONTROL_TRANSFER: from 8051dea6 to 805339ae
STACK_TEXT:
f9af1570 8051dea6 0000008e c0000005 81b79e22 nt!KeBugCheckEx+0x1b
f9af1938 804dfada f9af1954 00000000 f9af19a8 nt!KiDispatchException+0x3b1
f9af19a0 804dfa86 f9af1a1c 81b79e22 badb0d00 nt!CommonDispatchException+0x4d
f9af19cc 804e434b 81709030 00000000 00000023 nt!Kei386EoiHelper+0x18a
f9af1a1c 81b79db9 f9af1a2c 81b7a18a f9af1a90 nt!KeRemoveDeviceQueue+0x3d
WARNING: Frame IP not in any known module. Following frames may be wrong.
f9af1b08 804e3d77 81709030 816c6270 815cd190 0x81b79db9
f9af1b18 f9b42a35 f9af1b64 f9b43c28 815a8020 nt!IopfCallDriver+0x31
f9af1a90 81b79dc6 00000000 8145a000 f9af1b20 redbook!RedBookSendToNextDriver+0x35
f9af1bdc 804e3d77 81738200 816c6270 00000000 0x81b79dc6
f9af1c44 8056a9ab 816c63b8 81795968 816c6270 nt!IopfCallDriver+0x31
f9af1cf0 804e2af1 804ed4a8 ffffffff f9af1d34 nt!IopSynchronousServiceTail+0x60
f9af1d34 804df06b 000000fc 00000000 00000000 nt!_except_handler3
f9af1d34 7c91eb94 000000fc 00000000 00000000 nt!KiFastCallEntry+0xf8
0012ec24 7c91d8ef 7c801671 000000fc 00000000 ntdll!KiFastSystemCallRet
0012ec28 7c801671 000000fc 00000000 00000000 ntdll!ZwDeviceIoControlFile+0xc
0012ec88 10028828 000000fc 0004d004 01600000 kernel32!DeviceIoControl+0xdd
0012ecec 10013524 000000fc 0000037d 01564668 _deafa4!DllMain+0xf5e8
0012ed10 1000a171 000000fc 0000037d 01564668 _deafa4+0x13524
0012ed34 1000e427 01564605 0000037d 01564668 _deafa4+0xa171
0012ed58 1000de46 00000006 0000037d 01564668 _deafa4+0xe427
0012ee04 10008557 0012f450 00000000 01560646 _deafa4+0xde46
0012ee60 7c80262a 0000000c 7c802600 00000000 _deafa4+0x8557
0012ee68 7c802600 00000000 00000000 01400178 kernel32!WaitForSingleObjectEx+0xe5
0012f454 0143cd18 10046a58 10035d80 00000000 kernel32!WaitForSingleObjectEx+0xd8
0012f670 10028ddf 00000001 7c920945 7c92094e 0x143cd18
0012f6ac 100330bb 0012f6c4 01563628 00000000 _deafa4!DllMain+0xfb9f
0012f828 100333de 01563958 100495c0 00000008 _deafa4!DllMain+0x19e7b
0012f848 100339a6 00000001 00000097 01563628 _deafa4!DllMain+0x1a19e
0012f874 66738f2a 00000001 0141bd68 00000008 _deafa4!Ox12345678+0x25
0012f894 66738a1b 0143cce0 0141bd68 00000008 _df394b!Ox12121212+0x35598
0012f904 66703eb3 0014cec8 0012fca8 00001000 _df394b!Ox12121212+0x35089
0012fc24 7c80feff 6679091c 67008945 7c80fecf _df394b!Ox12121212+0x521
7c91ee18 565308ec 8bfc5557 458b0c5d 0440f708 kernel32!GlobalFree+0x3b
7c91ee20 458b0c5d 0440f708 00000006 00ab850f 0x565308ec
7c91ee24 0440f708 00000006 00ab850f 45890000 0x458b0c5d
7c91ee28 00000000 00ab850f 45890000 10458bf8 0x440f708
STACK_COMMAND: kb
FOLLOWUP_IP:
redbook!RedBookSendToNextDriver+35
f9b42a35 5d pop ebp
SYMBOL_STACK_INDEX: 7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: redbook
IMAGE_NAME: redbook.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 41107b46
SYMBOL_NAME: redbook!RedBookSendToNextDriver+35
FAILURE_BUCKET_ID: 0x8E_redbook!RedBookSendToNextDriver+35
BUCKET_ID: 0x8E_redbook!RedBookSendToNextDriver+35
Followup: MachineOwner
---------
kd> lmvm redbook
start end module name
f9b42000 f9b50100 redbook (pdb symbols) c:\symbols\redbook.pdb\1E1D4F22947E487A8472B5E01CF664D51\redbook.pdb
Loaded symbol image file: redbook.sys
Image path: \SystemRoot\System32\DRIVERS\redbook.sys
Image name: redbook.sys
Timestamp: Wed Aug 04 07:59:34 2004 (41107B46)
CheckSum: 0001286A
ImageSize: 0000E100
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
also wird wohl der redbook.sys-treiber schuld an dem blue-screen sein, oder?
jetzt ist jedoch meine frage: wie kann ich den reparieren oder ersetzen?
hoffe ihr könnt mir dabei helfen