trfletch2006
Geek Trainee
Hi all, my friend has a computer that every so often reboots for no reason, it did it yesterday (monday) and last thursday. I have the mini dump file but I don't understand it that well and wondered if anyone can make sense of it. Cheers
Microsoft ® Windows Debugger Version 6.6.0003.5
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini062606-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Mon Jun 26 13:40:29.543 2006 (GMT+1)
System Uptime: 0 days 4:31:35.606
Loading Kernel Symbols
.......................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
************************************************************
*******************
* *
* Bugcheck Analysis *
* *
************************************************************
*******************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {0, ff, 1, e1491c68}
Probably caused by : ntoskrnl.exe ( nt!SepCreateImpersonationTokenDacl+5d )
Followup: MachineOwner
---------
kd> !analyze -v
************************************************************
*******************
* *
* Bugcheck Analysis *
* *
************************************************************
*******************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: e1491c68, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000000
CURRENT_IRQL: ff
FAULTING_IP:
+ffffffffe1491c68
e1491c68 010500000000 add [00000000],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 80581af1 to e1491c68
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f51c5c64 80581af1 00000001 ffdff120 20206553 0xe1491c68
f51c5c88 805708f5 e1491a90 e2de6da8 f51c5cfc nt!SepCreateImpersonationTokenDacl+0x5d
f51c5d30 8056c39b fffffffe 000f01ff 00000001 nt!NtOpenThreadTokenEx+0x100
f51c5d4c 804df06b fffffffe 000f01ff 00000001 nt!NtOpenThreadToken+0x18
f51c5d4c 7c90eb94 fffffffe 000f01ff 00000001 nt!KiFastCallEntry+0xf8
0084fce0 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!SepCreateImpersonationTokenDacl+5d
80581af1 8bf8 mov edi,eax
FAULTING_SOURCE_CODE:
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!SepCreateImpersonationTokenDacl+5d
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 41108004
FAILURE_BUCKET_ID: 0xD1_W_nt!SepCreateImpersonationTokenDacl+5d
BUCKET_ID: 0xD1_W_nt!SepCreateImpersonationTokenDacl+5d
Followup: MachineOwner
---------
Microsoft ® Windows Debugger Version 6.6.0003.5
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini062606-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Mon Jun 26 13:40:29.543 2006 (GMT+1)
System Uptime: 0 days 4:31:35.606
Loading Kernel Symbols
.......................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
************************************************************
*******************
* *
* Bugcheck Analysis *
* *
************************************************************
*******************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {0, ff, 1, e1491c68}
Probably caused by : ntoskrnl.exe ( nt!SepCreateImpersonationTokenDacl+5d )
Followup: MachineOwner
---------
kd> !analyze -v
************************************************************
*******************
* *
* Bugcheck Analysis *
* *
************************************************************
*******************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: e1491c68, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000000
CURRENT_IRQL: ff
FAULTING_IP:
+ffffffffe1491c68
e1491c68 010500000000 add [00000000],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 80581af1 to e1491c68
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f51c5c64 80581af1 00000001 ffdff120 20206553 0xe1491c68
f51c5c88 805708f5 e1491a90 e2de6da8 f51c5cfc nt!SepCreateImpersonationTokenDacl+0x5d
f51c5d30 8056c39b fffffffe 000f01ff 00000001 nt!NtOpenThreadTokenEx+0x100
f51c5d4c 804df06b fffffffe 000f01ff 00000001 nt!NtOpenThreadToken+0x18
f51c5d4c 7c90eb94 fffffffe 000f01ff 00000001 nt!KiFastCallEntry+0xf8
0084fce0 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!SepCreateImpersonationTokenDacl+5d
80581af1 8bf8 mov edi,eax
FAULTING_SOURCE_CODE:
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!SepCreateImpersonationTokenDacl+5d
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 41108004
FAILURE_BUCKET_ID: 0xD1_W_nt!SepCreateImpersonationTokenDacl+5d
BUCKET_ID: 0xD1_W_nt!SepCreateImpersonationTokenDacl+5d
Followup: MachineOwner
---------
