savrt.sys

25/07/2006 - 01:20 por Adriana Morgado | Informe spam

buenas tardes =),

Continuando con mi problema de reseteo de la pc, he probado a pasarle sin
problemas ahora el windbg, obtengo lo siguiente

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Mon Jul 24 12:32:53.094 2006 (GMT-5)
System Uptime: 2 days 16:55:12.937
lkd> .sympath
Symbol search path is:
SRV*d:\DebugSymbols*http://msdl.microsoft.com/download/symbols
lkd> .opendump mini072406-02.dmp

Loading Dump File [D:\Tools volcado\mini072406-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Opened 'mini072406-02.dmp'
||0:lkd> g
Symbol search path is:
SRV*d:\DebugSymbols*http://msdl.microsoft.com/download/symbols;D:\Tools
volcado\tools\Simbolos
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Mon Jul 24 08:19:08.343 2006 (GMT-5)
System Uptime: 0 days 0:00:51.890
Loading Kernel Symbols
..
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, f5eab313, f0fba7b4, 0}

Probably caused by : savrt.sys ( savrt+28313 )

Followup: MachineOwner

eaxs780eb3 ebx=f0fba8bc ecx=e2cf4244 edx000000 esi=e1518020 edi=e2cf3010
eip=f5eab313 esp=f0fba828 ebp=f0fba8b8 iopl=0 nv up ei pl zr na pe nc
cs08 ss10 ds23 es23 fs30 gs00 efl010246
savrt+0x28313:
f5eab313 668b5003 mov dx,word ptr [eax+3]
ds:0023:73780eb6=????
||1:kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f5eab313, The address that the exception occurred at
Arg3: f0fba7b4, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
savrt+28313
f5eab313 668b5003 mov dx,word ptr [eax+3]

TRAP_FRAME: f0fba7b4 -- (.trap fffffffff0fba7b4)
ErrCode = 00000000
eaxs780eb3 ebx=f0fba8bc ecx=e2cf4244 edx000000 esi=e1518020 edi=e2cf3010
eip=f5eab313 esp=f0fba828 ebp=f0fba8b8 iopl=0 nv up ei pl zr na pe nc
cs08 ss10 ds23 es23 fs30 gs00 efl010246
savrt+0x28313:
f5eab313 668b5003 mov dx,word ptr [eax+3]
ds:0023:73780eb6=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: ccApp.exe

LAST_CONTROL_TRANSFER: from 00000000 to f5eab313

STACK_TEXT:
f0fba8b8 00000000 00000000 00000000 f5e9c749 savrt+0x28313

STACK_COMMAND: kb

FOLLOWUP_IP:
savrt+28313
f5eab313 668b5003 mov dx,word ptr [eax+3]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: savrt

IMAGE_NAME: savrt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 430f857b

SYMBOL_NAME: savrt+28313

FAILURE_BUCKET_ID: 0x8E_savrt+28313

BUCKET_ID: 0x8E_savrt+28313

Followup: MachineOwner

||1:kd> lmvm savrt
start end module name
f5e83000 f5edb000 savrt T (no symbols)
Loaded symbol image file: savrt.sys
Image path: savrt.sys
Image name: savrt.sys
Timestamp: Fri Aug 26 16:11:23 2005 (430F857B)
CheckSum: 0005FAE7
ImageSize: 00058000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
||1:kd> .reload
Loading Kernel Symbols
..
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
||1:kd> .reload
Loading Kernel Symbols
..
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
||1:kd> .reload
Loading Kernel Symbols
..
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
||1:kd> !analyze -show
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

que pasa con este archivo de savrt.sys? si este es del symantec, que esta
mal al ejecutar este herramienta o mejor dicho como la traduzco?, tengo el
archivo dmp que deseo local, estoy ejecutando esto localmente; le pase la
aplicación tune up y al parecer tenía errores con el registro cf mmm no
recuerdo pero lo reparo, se reinicio la pc y no hubo problemas, espere
alrededor de 2 horas para encenderla e inicio sin problemas también, pero
esta mañana que se inicio envio losmismos problemas, primero prende y se
queda la pantalla negra, reseteo y cuando cargar envia el mismo problema de
winlogon exe, hasta el tercer reseteo carga sin problemas, mietras esta
operando no presenta problemas solo al iniciarse la primera vez, que pasa?

gracias totales

Siga el debate

2 respuestas

Tengo una respuesta

DRAGON AGE™: INQUISITION – Matadragones

Leer las respuestas

#1 Enrique [MVP Windows]

25/07/2006 - 03:29 | Informe spam

¿Está instalado Norton Antivirus en ese PC? ¿Cuál es la versión?

Las versiones antiguas de Norton, de Symantec, creaban muchos problemas e Windows XP. De hecho, no recomendamos utilizar nada de Symantec en Windows XP.

Si hay algo de Symantec instalado, quítalo (si es que se puede) y reinicia el sistema.

Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
Date un paseo por mi Blog: http://ekort.blogspot.com
(despiértame si me quieres escribir)

Vista x86 (TM) Beta 2 Build 5456.5
IE7 Beta 3 Build 5450.4 en XP-SP2

"El secreto de la felicidad no es hacer siempre lo que se quiere,
sino querer siempre lo que se hace"

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.
________________________________________________________________________________
"Adriana Morgado" escribió en el mensaje news:
buenas tardes =),

Continuando con mi problema de reseteo de la pc, he probado a pasarle sin
problemas ahora el windbg, obtengo lo siguiente

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Mon Jul 24 12:32:53.094 2006 (GMT-5)
System Uptime: 2 days 16:55:12.937
lkd> .sympath
Symbol search path is:
SRV*d:\DebugSymbols*http://msdl.microsoft.com/download/symbols
lkd> .opendump mini072406-02.dmp

Loading Dump File [D:\Tools volcado\mini072406-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Opened 'mini072406-02.dmp'
||0:lkd> g
Symbol search path is:
SRV*d:\DebugSymbols*http://msdl.microsoft.com/download/symbols;D:\Tools
volcado\tools\Simbolos
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Mon Jul 24 08:19:08.343 2006 (GMT-5)
System Uptime: 0 days 0:00:51.890
Loading Kernel Symbols
.
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, f5eab313, f0fba7b4, 0}

Probably caused by : savrt.sys ( savrt+28313 )

Followup: MachineOwner

eaxs780eb3 ebxðfba8bc ecxâcf4244 edx000000 esiá518020 ediâcf3010
eipõeab313 espðfba828 ebpðfba8b8 iopl=0 nv up ei pl zr na pe nc
cs08 ss10 ds23 es23 fs30 gs00 efl010246
savrt+0x28313:
f5eab313 668b5003 mov dx,word ptr [eax+3]
ds:0023:73780eb6=????
||1:kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f5eab313, The address that the exception occurred at
Arg3: f0fba7b4, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
savrt+28313
f5eab313 668b5003 mov dx,word ptr [eax+3]

TRAP_FRAME: f0fba7b4 -- (.trap fffffffff0fba7b4)
ErrCode = 00000000
eaxs780eb3 ebxðfba8bc ecxâcf4244 edx000000 esiá518020 ediâcf3010
eipõeab313 espðfba828 ebpðfba8b8 iopl=0 nv up ei pl zr na pe nc
cs08 ss10 ds23 es23 fs30 gs00 efl010246
savrt+0x28313:
f5eab313 668b5003 mov dx,word ptr [eax+3]
ds:0023:73780eb6=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: ccApp.exe

LAST_CONTROL_TRANSFER: from 00000000 to f5eab313

STACK_TEXT:
f0fba8b8 00000000 00000000 00000000 f5e9c749 savrt+0x28313

STACK_COMMAND: kb

FOLLOWUP_IP:
savrt+28313
f5eab313 668b5003 mov dx,word ptr [eax+3]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: savrt

IMAGE_NAME: savrt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 430f857b

SYMBOL_NAME: savrt+28313

FAILURE_BUCKET_ID: 0x8E_savrt+28313

BUCKET_ID: 0x8E_savrt+28313

Followup: MachineOwner

||1:kd> lmvm savrt
start end module name
f5e83000 f5edb000 savrt T (no symbols)
Loaded symbol image file: savrt.sys
Image path: savrt.sys
Image name: savrt.sys
Timestamp: Fri Aug 26 16:11:23 2005 (430F857B)
CheckSum: 0005FAE7
ImageSize: 00058000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
||1:kd> .reload
Loading Kernel Symbols
.
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
||1:kd> .reload
Loading Kernel Symbols
.
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
||1:kd> .reload
Loading Kernel Symbols
.
Loading User Symbols
Loading unloaded module list
.
Unable to load image savrt.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
||1:kd> !analyze -show
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

que pasa con este archivo de savrt.sys? si este es del symantec, que esta
mal al ejecutar este herramienta o mejor dicho como la traduzco?, tengo el
archivo dmp que deseo local, estoy ejecutando esto localmente; le pase la
aplicación tune up y al parecer tenía errores con el registro cf mmm no
recuerdo pero lo reparo, se reinicio la pc y no hubo problemas, espere
alrededor de 2 horas para encenderla e inicio sin problemas también, pero
esta mañana que se inicio envio losmismos problemas, primero prende y se
queda la pantalla negra, reseteo y cuando cargar envia el mismo problema de
winlogon exe, hasta el tercer reseteo carga sin problemas, mietras esta
operando no presenta problemas solo al iniciarse la primera vez, que pasa?

gracias totales

Leer las otras respuestas

Preguntas similares

Busqueda sugerida :