Hi Everyone,
I have a fatal system error. Windbg asks me to use
!analyze -v command to analyze. Here is the crash
file (below) that I got. I have seen explaination on
Bugcheck on this mail list. Unfortunately, I do not
understand and am still new with debugging Windows
drivers.
The first first time that you saw a crashdump file,
which documentation did you read to understand a
crashdump file? From the crashdump file, would I know
which line in my C code causes the crash?
Thanks in advance.
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {f1f36000, 2, 0, 80402957}
Probably caused by : AmccDrv.sys (
AmccDrv!DpcForIsr+19d )
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely
invalid) address at an
interrupt request level (IRQL) that is too high. This
is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack
backtrace.
Arguments:
Arg1: f1f36000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write
operation
Arg4: 80402957, address which referenced memory
Debugging Details:
READ_ADDRESS: f1f36000
CURRENT_IRQL: 2
FAULTING_IP:
nt!RtlMoveMemory+1b
80402957 f3a5 rep movsd
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 8042bef7 to 80455994
STACK_TEXT:
f201fac4 8042bef7 00000003 f201fb0c f1f36000
nt!RtlpBreakWithStatusInstruction
f201faf4 8042c2bb 00000003 f1f36000 80402957
nt!KiBugCheckDebugBreak+0x31
f201fe80 80467e7f 00000000 f1f36000 00000002
nt!KeBugCheckEx+0x390
f201fe80 80402957 00000000 f1f36000 00000002
nt!KiTrap0E+0x27c
f201ff14 8006421f f1d11000 f1f36000 00000710
nt!RtlMoveMemory+0x1b
f201ff34 80064e92 00000710 fd8b80c8 002fe6b8
hal!HalpCopyBufferMap+0x61
f201ff7c 80064cc5 fd8b1f40 fd8183e8 fd8b8001
hal!HalpMapTransfer+0x174
f201ffa4 f213d11d fd8b1f40 fd8183e8 fd8b80c9
hal!IoMapTransfer+0x73
f201ffe0 80463ee4 fd8d20a4 fd8d2030 00000000
AmccDrv!DpcForIsr+0x19d
[c:\ntddk\src\general\dma\readwrite.c @ 270]
f201fff4 8040254c f20d3c64 00000000 00000000
nt!KiRetireDpcList+0x30
FOLLOWUP_IP:
AmccDrv!DpcForIsr+19d
f213d11d 8945f8 mov [ebp-0x8],eax
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: AmccDrv!DpcForIsr+19d
MODULE_NAME: AmccDrv
IMAGE_NAME: AmccDrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3e1f1110
STACK_COMMAND: kb
BUCKET_ID: 0xA_AmccDrv!DpcForIsr+19d
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com