truble
10-24-2009, 12:13 PM
On 10/23/09, I had a system crash with a BSOD. I downloaded and installed the debugger, loaded the dump and got the results, below:
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 300, a7513688, 0}
*** WARNING: Unable to verify timestamp for PCTCore.sys
*** ERROR: Module load completed but symbols could not be loaded for PCTCore.sys
Probably caused by : PCTCore.sys ( PCTCore+27b63 )
Followup: MachineOwner
---------
0: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000300, The address that the exception occurred at
Arg3: a7513688, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+fc
00000300 ?? ???
TRAP_FRAME: a7513808 -- (.trap 0xffffffffa7513808)
ErrCode = 00000002
eax=0dce0800 ebx=8a8280a0 ecx=00000000 edx=8a82a008 esi=e559b000 edi=000001ff
eip=8054c1cb esp=a751387c ebp=a75138d0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExAllocatePoolWithTag+0x863:
8054c1cb 8906 mov dword ptr [esi],eax ds:0023:e559b000=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: services.exe
LAST_CONTROL_TRANSFER: from c072acd8 to 00000300
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
a75136f8 c072acd8 00000000 00000000 00000000 0x300
a751370c 80516563 e559b000 c072acd8 00000000 0xc072acd8
a7513784 80520239 00000000 e559b000 c072acd8 nt!MiDispatchFault+0x145
a75137f0 80544578 00000001 e559b000 00000000 nt!MmAccessFault+0x877
a75137f0 8054c1cb 00000001 e559b000 00000000 nt!KiTrap0E+0xd0
a75138d0 805bfdd1 00000001 00000000 7153624f nt!ExAllocatePoolWithTag+0x863
a75138f4 805c0184 e4476580 a7513920 a7513914 nt!ObpGetObjectSecurity+0x53
a7513924 8062ebde e4476580 89603720 00000001 nt!ObCheckObjectAccess+0x2c
a7513970 8062f468 e1035758 00411918 00000000 nt!CmpDoOpen+0x256
a7513b68 805bf444 00411918 00000000 89603720 nt!CmpParseKey+0x558
a7513be0 805bb9d0 00000000 a7513c20 00000040 nt!ObpLookupObjectName+0x53c
a7513c34 80624d07 00000000 8a7f4320 80615a01 nt!ObOpenObjectByName+0xea
a7513d08 b7dfab63 007ee460 00020019 007ee3b8 nt!NtOpenKey+0x1af
a7513d50 8054161c 007ee460 00020019 007ee3b8 PCTCore+0x27b63
a7513d50 7c90e4f4 007ee460 00020019 007ee3b8 nt!KiFastCallEntry+0xfc
007ee3f8 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
PCTCore+27b63
b7dfab63 ?? ???
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: PCTCore+27b63
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PCTCore
IMAGE_NAME: PCTCore.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a92100d
FAILURE_BUCKET_ID: 0x8E_PCTCore+27b63
BUCKET_ID: 0x8E_PCTCore+27b63
************
I have seen several posts about PCTCore.sys being a a PC Tools file. I subscribe to Spyware Doctor and Registry Mechanic. Just yesterday, I downloaded and installed the latest version of both. This crash occurred prior to the latest download. Any past experience or knowledge about PCTCore.sys that could help me?
Thanks,
Jim
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 300, a7513688, 0}
*** WARNING: Unable to verify timestamp for PCTCore.sys
*** ERROR: Module load completed but symbols could not be loaded for PCTCore.sys
Probably caused by : PCTCore.sys ( PCTCore+27b63 )
Followup: MachineOwner
---------
0: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000300, The address that the exception occurred at
Arg3: a7513688, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+fc
00000300 ?? ???
TRAP_FRAME: a7513808 -- (.trap 0xffffffffa7513808)
ErrCode = 00000002
eax=0dce0800 ebx=8a8280a0 ecx=00000000 edx=8a82a008 esi=e559b000 edi=000001ff
eip=8054c1cb esp=a751387c ebp=a75138d0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExAllocatePoolWithTag+0x863:
8054c1cb 8906 mov dword ptr [esi],eax ds:0023:e559b000=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: services.exe
LAST_CONTROL_TRANSFER: from c072acd8 to 00000300
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
a75136f8 c072acd8 00000000 00000000 00000000 0x300
a751370c 80516563 e559b000 c072acd8 00000000 0xc072acd8
a7513784 80520239 00000000 e559b000 c072acd8 nt!MiDispatchFault+0x145
a75137f0 80544578 00000001 e559b000 00000000 nt!MmAccessFault+0x877
a75137f0 8054c1cb 00000001 e559b000 00000000 nt!KiTrap0E+0xd0
a75138d0 805bfdd1 00000001 00000000 7153624f nt!ExAllocatePoolWithTag+0x863
a75138f4 805c0184 e4476580 a7513920 a7513914 nt!ObpGetObjectSecurity+0x53
a7513924 8062ebde e4476580 89603720 00000001 nt!ObCheckObjectAccess+0x2c
a7513970 8062f468 e1035758 00411918 00000000 nt!CmpDoOpen+0x256
a7513b68 805bf444 00411918 00000000 89603720 nt!CmpParseKey+0x558
a7513be0 805bb9d0 00000000 a7513c20 00000040 nt!ObpLookupObjectName+0x53c
a7513c34 80624d07 00000000 8a7f4320 80615a01 nt!ObOpenObjectByName+0xea
a7513d08 b7dfab63 007ee460 00020019 007ee3b8 nt!NtOpenKey+0x1af
a7513d50 8054161c 007ee460 00020019 007ee3b8 PCTCore+0x27b63
a7513d50 7c90e4f4 007ee460 00020019 007ee3b8 nt!KiFastCallEntry+0xfc
007ee3f8 00000000 00000000 00000000 00000000 0x7c90e4f4
STACK_COMMAND: kb
FOLLOWUP_IP:
PCTCore+27b63
b7dfab63 ?? ???
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: PCTCore+27b63
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PCTCore
IMAGE_NAME: PCTCore.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a92100d
FAILURE_BUCKET_ID: 0x8E_PCTCore+27b63
BUCKET_ID: 0x8E_PCTCore+27b63
************
I have seen several posts about PCTCore.sys being a a PC Tools file. I subscribe to Spyware Doctor and Registry Mechanic. Just yesterday, I downloaded and installed the latest version of both. This crash occurred prior to the latest download. Any past experience or knowledge about PCTCore.sys that could help me?
Thanks,
Jim