sr.sys causing BSOD's..?

OSR_Community_User · August 10, 2007, 2:17am

Help… My pc has recently started crashing with the sr.sys as the culprit. I did a screen capture of it. Hopefully someone can help. I’d hate to wipe out the OS (XP pro) and start all over.

C:\Program Files\Support Tools>dumpchk C:\memory.dmp
Loading dump file C:\memory.dmp
----- 32 bit Kernel Summary Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 00039000
PfnDataBase 81035000
PsLoadedModuleList 8055a620
PsActiveProcessHead 805606d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 0000007e
BugCheckParameter1 c0000005
BugCheckParameter2 f83a6382
BugCheckParameter3 f88d6c44
BugCheckParameter4 f88d6940
PaeEnabled 00000000
KdDebuggerDataBlock 8054c260

SUMMARY_DUMP32:
DumpOptions 504d4453
HeaderSize 00004000
BitmapSize 00013ff0
Pages 00003b11
Bitmap.SizeOfBitMap 00013ff0

KiProcessorBlock at 80559520
1 KiProcessorBlock entries:
ffdff120

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Mon Aug 06 13:11:03 2007
System Uptime: 0 days 0:19:40
start end module name
804d7000 806eb500 nt Checksum: 0021EF64 Timestamp: Wed Feb 28 01:10:41 2007 (45E54711)

Unloaded modules:
b494a000 b4975000 kmixer.sys Timestamp: Mon Aug 06 12:58:29 2007 (46B77D65)
b494a000 b4975000 kmixer.sys Timestamp: Mon Aug 06 12:55:16 2007 (46B77CA4)
b4a15000 b4a40000 kmixer.sys Timestamp: Mon Aug 06 12:52:41 2007 (46B77C09)
f89dd000 f89df000 splitter.sys Timestamp: Mon Aug 06 12:52:25 2007 (46B77BF9)
b573b000 b5766000 kmixer.sys Timestamp: Mon Aug 06 12:52:21 2007 (46B77BF5)
f8aa9000 f8aaa000 drmkaud.sys Timestamp: Mon Aug 06 12:52:01 2007 (46B77BE1)
b5926000 b5933000 DMusic.sys Timestamp: Mon Aug 06 12:52:01 2007 (46B77BE1)
b5936000 b5944000 swmidi.sys Timestamp: Mon Aug 06 12:52:01 2007 (46B77BE1)
b5766000 b5789000 aec.sys Timestamp: Mon Aug 06 12:52:01 2007 (46B77BE1)
f89d7000 f89d9000 splitter.sys Timestamp: Mon Aug 06 12:52:01 2007 (46B77BE1)
f8597000 f85a0000 processr.sys Timestamp: Mon Aug 06 12:51:37 2007 (46B77BC9)
f880f000 f8814000 Cdaudio.SYS Timestamp: Mon Aug 06 12:51:36 2007 (46B77BC8)
f8115000 f8118000 Sfloppy.SYS Timestamp: Mon Aug 06 12:51:36 2007 (46B77BC8)

Finished dump check

I don’t know what to look for or what to do with this info. Thanx in advance…

OSR_Community_User · August 10, 2007, 7:42am

There’s nothing to go on here. Minimally, a !analyze -v is needed from
WinDbg.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Friday, August 10, 2007 02:18
To: Windows File Systems Devs Interest List
Subject: [ntfsd] sr.sys causing BSOD’s…?

Help… My pc has recently started crashing with the sr.sys as the
culprit. I did a screen capture of it. Hopefully someone can help. I’d
hate to wipe out the OS (XP pro) and start all over.

C:\Program Files\Support Tools>dumpchk C:\memory.dmp
Loading dump file C:\memory.dmp
----- 32 bit Kernel Summary Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 00039000
PfnDataBase 81035000
PsLoadedModuleList 8055a620
PsActiveProcessHead 805606d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 0000007e
BugCheckParameter1 c0000005
BugCheckParameter2 f83a6382
BugCheckParameter3 f88d6c44
BugCheckParameter4 f88d6940
PaeEnabled 00000000
KdDebuggerDataBlock 8054c260

SUMMARY_DUMP32:
DumpOptions 504d4453
HeaderSize 00004000
BitmapSize 00013ff0
Pages 00003b11
Bitmap.SizeOfBitMap 00013ff0

KiProcessorBlock at 80559520
1 KiProcessorBlock entries:
ffdff120

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Mon Aug 06 13:11:03 2007
System Uptime: 0 days 0:19:40
start end module name
804d7000 806eb500 nt Checksum: 0021EF64 Timestamp: Wed
Feb 28 01:10:41 2007 (45E54711)

Unloaded modules:
b494a000 b4975000 kmixer.sys Timestamp: Mon Aug 06 12:58:29 2007
(46B77D65)
b494a000 b4975000 kmixer.sys Timestamp: Mon Aug 06 12:55:16 2007
(46B77CA4)
b4a15000 b4a40000 kmixer.sys Timestamp: Mon Aug 06 12:52:41 2007
(46B77C09)
f89dd000 f89df000 splitter.sys Timestamp: Mon Aug 06 12:52:25 2007
(46B77BF9)
b573b000 b5766000 kmixer.sys Timestamp: Mon Aug 06 12:52:21 2007
(46B77BF5)
f8aa9000 f8aaa000 drmkaud.sys Timestamp: Mon Aug 06 12:52:01 2007
(46B77BE1)
b5926000 b5933000 DMusic.sys Timestamp: Mon Aug 06 12:52:01 2007
(46B77BE1)
b5936000 b5944000 swmidi.sys Timestamp: Mon Aug 06 12:52:01 2007
(46B77BE1)
b5766000 b5789000 aec.sys Timestamp: Mon Aug 06 12:52:01 2007
(46B77BE1)
f89d7000 f89d9000 splitter.sys Timestamp: Mon Aug 06 12:52:01 2007
(46B77BE1)
f8597000 f85a0000 processr.sys Timestamp: Mon Aug 06 12:51:37 2007
(46B77BC9)
f880f000 f8814000 Cdaudio.SYS Timestamp: Mon Aug 06 12:51:36 2007
(46B77BC8)
f8115000 f8118000 Sfloppy.SYS Timestamp: Mon Aug 06 12:51:36 2007
(46B77BC8)

Finished dump check

I don’t know what to look for or what to do with this info. Thanx in
advance…

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · August 11, 2007, 1:44am

Hmmm… I used dumpchk.exe. it’s a microsoft support tool…? What makes WinDbg better…? I searched for WinDbg and found it. Is this the correct page to download it from…? http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx

If so… Is this what I need…? Reduced download size: Windows XP Service Pack 2
(File size: 145 MB - Most customers want this package.)

Help… or if that isn’t correct, could you please point me in the right direction.

Thanx.
ps. Computer has been all day and just crashed about 30 minutes ago…

OSR_Community_User · August 11, 2007, 2:11am

WinDbg is in interactive kernel debugger; dumpchk is just a post mortem
analysis tool. That being said, if you have never used WinDbg, then
you’re in for a steep learning curve, but you’ll never be able to solve
this problem with DumpChk, unless someone just happens to guess
correctly. So, if you want to proceed, prepare to spend so time.

You want (assuming you’re using an x86):

http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

For an x64:

http://www.microsoft.com/whdc/devtools/debugging/install64bit.mspx

You don’t need to download the symbols; just use symbol server.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Saturday, August 11, 2007 01:44
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] sr.sys causing BSOD’s…?

Hmmm… I used dumpchk.exe. it’s a microsoft support tool…? What
makes WinDbg better…? I searched for WinDbg and found it. Is this the
correct page to download it from…?
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx

If so… Is this what I need…? Reduced download size: Windows XP Service
Pack 2
(File size: 145 MB - Most customers want this package.)

Help… or if that isn’t correct, could you please point me in the right
direction.

Thanx.
ps. Computer has been all day and just crashed about 30 minutes ago…

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · August 11, 2007, 3:06am

WOW…! thanx for the heads up on the steep learning curve…!

PAGEDUMP blah blah blah… HUH…? WTF…! 319 megs worth… jeez. I’m worn out just looking at it. lol… I’m afraid it’s too steep a curve for me. I love computers and know how they work pretty well but that was like a different language. I didn’t have a clue what to do after I opened the file.

What do I do now…? Is it possible to find someone local that can diagnose this issue for me or simply wipe the drive and reinstall…?

Thanx for the previous reply.

OSR_Community_User · August 11, 2007, 4:39am

“windbg -z” is better then dumpchk

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntfsd…
> Hmmm… I used dumpchk.exe. it’s a microsoft support tool…? What makes
WinDbg better…? I searched for WinDbg and found it. Is this the correct page
to download it from…?
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx
>
> If so… Is this what I need…? Reduced download size: Windows XP Service Pack
2
> (File size: 145 MB - Most customers want this package.)
>
> Help… or if that isn’t correct, could you please point me in the right
direction.
>
> Thanx.
> ps. Computer has been all day and just crashed about 30 minutes ago…
>
>

OSR_Community_User · August 11, 2007, 4:53am

I’ve seen a few poorly written drivers that attach to the chain and sr.sys pops up as the culprit when it wasnt the problem child in almost all of the cases. If your machine can at least start up and allow you to take a look at the filter driver load order you may be able to get a clue as to what is really blowing up (or more likely not handling a call correctly or at all which is causing SR.SYS to explode). There are a few tools out there that allow you to do it like (Google Filter Driver Load Order / etc)

As for sr.sys it is the Microsoft System Recovery filter.

Outside of that… There is always the learning curve with windbg.

OSR_Community_User · August 12, 2007, 3:05am

I am stumped on this debugging stuff. Is there a certain part of I am supposed to look for…? Can someone please give me a crash course with this… On a scale of 1 to 10… how difficult is WinDbg to learn…?

How do I start my pc up to look at a filter driver…? Isn’t the EVENT VIEWER something I can look at…?

This is from the event viewer from when it crashed on me tonight at 7:28pm
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 8/11/2007
Time: 7:28:27 PM
User: N/A
Computer: JEEP
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0xf83a6382, 0xf88d6c44, 0xf88d6940). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Is any of that helpful…?

Thank you…

OSR_Community_User · August 12, 2007, 3:47am

>look for…? Can someone please give me a crash course with this… On a scale
of

1 to 10… how difficult is WinDbg to learn…?

The same complexity as, say, gdb. The same complexity as any other tool with
complex command line, but the most base commands like “g”, “kb”, “dv” and “bp”
are trivial.

C:\WINDOWS\MEMORY.DMP.

windbg -z DumpFileName

To set up the Windows symbols, create a directory for downloaded PDBs, and then
say in WinDbg:

.symfix DirectoryForDownloadedPdbs

then save the workspace to avoid typing .symfix on each WinDbg start.

This will cause WinDbg to auto-download PDBs from Microsoft on demand.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com