Ich habe die Symbole auch mal von Microsoft-Server geladen und getestet.
Bekomme auch wie ihr das selbe Ergebniss.
Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\TEMP\Mini071704-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*e:\SymbolPath*
http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp2.030422-1633
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054a230
Debug session time: Sat Jul 17 09:10:31 2004
System Uptime: 0 days 0:58:04.651
Loading Kernel Symbols
.....................................................................................................
Loading unloaded module list
..........
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {8562077c, 2, 0, 80516a55}
Probably caused by : memory_corruption ( nt!MiDeletePte+15d )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 8562077c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80516a55, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 8562077c
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiDeletePte+15d
80516a55 8b420c mov eax,[edx+0xc]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 80516e65 to 80516a55
TRAP_FRAME: ef893b38 -- (.trap ffffffffef893b38)
ErrCode = 00000000
eax=00939eee ebx=c00052fc ecx=003134fa edx=85620770 esi=00ee5360 edi=0001b824
eip=80516a55 esp=ef893bac ebp=ef893bd0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!MiDeletePte+0x15d:
80516a55 8b420c mov eax,[edx+0xc] ds:0023:8562077c=????????
Resetting default scope
STACK_TEXT:
ef893bd0 80516e65 c00052fc 014bf000 00000000 nt!MiDeletePte+0x15d
ef893c90 8050fda9 00000000 01590fff 00000000 nt!MiDeleteVirtualAddresses+0x149
ef893ca8 80595d96 01490000 01590fff ef893d64 nt!MiDeleteFreeVm+0x1d
ef893d4c 805306a4 ffffffff 0012dae0 0012db28 nt!NtFreeVirtualMemory+0x42e
ef893d4c 7ffe0304 ffffffff 0012dae0 0012db28 nt!KiSystemService+0xc9
0012da88 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4
FOLLOWUP_IP:
nt!MiDeletePte+15d
80516a55 8b420c mov eax,[edx+0xc]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!MiDeletePte+15d
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 3ea80977
STACK_COMMAND: .trap ffffffffef893b38 ; kb
IMAGE_NAME: memory_corruption
BUCKET_ID: 0xA_nt!MiDeletePte+15d
Followup: MachineOwner
---------
Wenn man aber die Symbole (171 MB) von Micrososft komplett runterladet und installiert, bekommt man das andere Ergebniss!
Ich möchte das noch mal ergänzen mit meinem Test.
Ich habe aus dem Symbolordner der Vollversion die *.exe Dateien rausgenommen.
Dann bekommen ich auch das selbe Ergebniss wie ihr.
Könnt ihr testen wenn ihr auch mal die *.exe Symbole ladet.
Daher der Unterschied.
Viele Grüße
Fiona