PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Win 8 - Brauche Hilfe bei WinDbg


Uran_235
2013-06-20, 15:41:41
Symbol search path is: srv*c:\symbols\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16581.amd64fre.win8_gdr.130410-1505
Machine Name:
Kernel base = 0xfffff802`b6e7a000 PsLoadedModuleList = 0xfffff802`b7146a20
Debug session time: Thu Jun 20 15:18:02.534 2013 (UTC + 2:00)
System Uptime: 4 days 15:59:32.578
Loading Kernel Symbols
...............................................................
................................................................
..........Page 107137 not present in the dump file. Type ".hh dbgerr004" for details
...........................Page 1495fb not present in the dump file. Type ".hh dbgerr004" for details
.
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007f6`efb7f018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff8800151ad90, fffff8800fcb56b0, 0}

*** ERROR: Module load completed but symbols could not be loaded for aswFsBlk.SYS
Page 22a878 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : aswFsBlk.SYS ( aswFsBlk+77d9 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8800151ad90, Address of the instruction which caused the bugcheck
Arg3: fffff8800fcb56b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

Page 22a878 not present in the dump file. Type ".hh dbgerr004" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

FAULTING_IP:
fltmgr!FltpExpandFilePathWorker+60
fffff880`0151ad90 44886d78 mov byte ptr [rbp+78h],r13b

CONTEXT: fffff8800fcb56b0 -- (.cxr 0xfffff8800fcb56b0)
rax=00000000000010c3 rbx=fffffa800a9b0470 rcx=fffffa800a9b0470
rdx=fffff8800fcb7000 rsi=fffffa800a9b0470 rdi=0000000000000000
rip=fffff8800151ad90 rsp=fffff8800fcb60b0 rbp=fffff8800fcb61b0
r8=000000000000fffe r9=fffff8800fcb1000 r10=fffff880074f8406
r11=00000000000051d0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
fltmgr!FltpExpandFilePathWorker+0x60:
fffff880`0151ad90 44886d78 mov byte ptr [rbp+78h],r13b ss:0018:fffff880`0fcb6228=bb
Resetting default scope

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: firefox.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff8800152193d to fffff8800151ad90

STACK_TEXT:
fffff880`0fcb60b0 fffff880`0152193d : 00000000`00000000 00000000`c00000bb fffffa80`0a9b0000 00000000`00000000 : fltmgr!FltpExpandFilePathWorker+0x60
fffff880`0fcb6220 fffff880`01503e39 : fffffa80`0a9b0470 fffff880`014dd232 00000000`c000009a fffffa80`07582100 : fltmgr!FltpGetNormalizedFileNameWorker+0x1d93d
fffff880`0fcb6280 fffff880`014e0e62 : c00000bb`07582000 fffff880`0fcb7000 fffff880`0fcb1000 fffffa80`07582108 : fltmgr!FltpCreateFileNameInformation+0x388
fffff880`0fcb62f0 fffff880`014db66e : fffffa80`075820a0 fffffa80`0a9b0470 fffff880`014fa010 fffffa80`07555d00 : fltmgr!HandleStreamListNotSupported+0x102
fffff880`0fcb6330 fffff880`014de474 : 00000000`00000150 00000000`00000000 fffffa80`07555bd0 fffffa80`0d7a2908 : fltmgr!FltpGetFileNameInformation+0xa0e
fffff880`0fcb63b0 fffff880`0bd7a7d9 : 00000000`00000000 00000000`00000001 00000000`00000010 00000000`00000000 : fltmgr!FltGetFileNameInformation+0x1b4
fffff880`0fcb6430 fffff880`0bd7a32d : 00000000`00000001 fffffa80`0d7a2908 00000000`00000244 fffff880`0fcb650c : aswFsBlk+0x77d9
fffff880`0fcb6470 fffff880`014d6844 : fffffa80`106178e0 fffff880`0fcb6559 fffffa80`0d7a29a8 fffffa80`0d7a2830 : aswFsBlk+0x732d
fffff880`0fcb64b0 fffff880`014d7a6c : fffff880`0fcb6630 fffff880`0fcb6600 00000000`00000000 fffff802`b72db400 : fltmgr!FltpPerformPreCallbacks+0x324
fffff880`0fcb65c0 fffff880`01502349 : fffffa80`07f3d8a0 fffffa80`106178e0 fffff880`02a00000 00000000`00000801 : fltmgr!FltpPassThroughInternal+0x8c
fffff880`0fcb65f0 fffff802`b72a6818 : 00000000`00000000 00000000`00000005 fffffa80`10617978 00000000`000007ff : fltmgr!FltpCreate+0x339
fffff880`0fcb66a0 fffff802`b72a38c5 : fffffa80`0b1b91d0 fffffa80`0b1b91d0 00000000`000001b6 fffffa80`0748cc90 : nt!IopParseDevice+0x173c
fffff880`0fcb6880 fffff802`b72b3238 : 00000000`00000000 fffff880`0fcb6a48 00000000`00000040 fffffa80`06d8df20 : nt!ObpLookupObjectName+0x806
fffff880`0fcb69d0 fffff802`b72ae3de : 00000000`00000000 00000000`00000000 01ce6db8`3d826e01 01ce6db8`3f809939 : nt!ObOpenObjectByName+0x258
fffff880`0fcb6aa0 fffff802`b72bc8d9 : 00000000`242ff670 00000000`00100001 00000000`242ff610 00000000`00000000 : nt!IopCreateFile+0x37c
fffff880`0fcb6b40 fffff802`b6ed3453 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateFile+0x79
fffff880`0fcb6bd0 000007f9`9756313a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`242ff568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007f9`9756313a


FOLLOWUP_IP:
aswFsBlk+77d9
fffff880`0bd7a7d9 8bd8 mov ebx,eax

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: aswFsBlk+77d9

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: aswFsBlk

IMAGE_NAME: aswFsBlk.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 518b6294

STACK_COMMAND: .cxr 0xfffff8800fcb56b0 ; kb

FAILURE_BUCKET_ID: 0x3B_aswFsBlk+77d9

BUCKET_ID: 0x3B_aswFsBlk+77d9

Followup: MachineOwner
---------



Was hat nun Windows zum Absturz gebracht? aswFsBlk.SYS?

Ectoplasma
2013-06-20, 16:13:33
Was hat nun Windows zum Absturz gebracht? aswFsBlk.SYS?

Kann schon sein. Hast du mal geschaut, ob das überhaupt der echte Avast-Treiber ist? Schau mal hier (http://www.file.net/process/aswfsblk.sys.html).

Uran_235
2013-06-20, 16:21:23
Muss ja, diese hat eine Digitale Signatur.