Ru-Board.club
← Вернуться в раздел «Microsoft Windows»

» BSOD: Win7 x64 - mpsdrv.sys + ekrn.exe - как исправить?

Автор: frmreg
Дата сообщения: 15.05.2010 17:30
Win7 x64 начала регулярно выпадать в BSOD с пометкой DRIVER_IRQL_NOT_LESS_OR_EQUAL.

Затрагиваются следующие модули:

NOD 32 Antivirus:
PROCESS_NAME: ekrn.exe

Microsoft Protection Service Driver:
MODULE_NAME: mpsdrv
IMAGE_NAME: mpsdrv.sys

Компу буквально неделя, перед продажей фирма тестировала комп и проводила MemTest дважды, т.е. проблемы с памятью маловероятны.

Какие могут быть варианты решения проблемы?



Техданные крэша:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\051510-17612-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\local cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`01c0b000 PsLoadedModuleList = 0xfffff800`01e48e50
Debug session time: Sat May 15 17:11:52.934 2010 (UTC + 3:00)
System Uptime: 0 days 1:06:29.653
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {15740c, 2, 0, fffff88009d2ebf0}

Unable to load image \SystemRoot\system32\DRIVERS\epfwwfpr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for epfwwfpr.sys
*** ERROR: Module load completed but symbols could not be loaded for epfwwfpr.sys
Probably caused by : mpsdrv.sys ( mpsdrv!memcpy+1c0 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000000015740c, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88009d2ebf0, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001eb30e0
000000000015740c

CURRENT_IRQL: 2

FAULTING_IP:
mpsdrv!memcpy+1c0
fffff880`09d2ebf0 8a040a mov al,byte ptr [rdx+rcx]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: ekrn.exe

TRAP_FRAME: fffff8800a926b20 -- (.trap 0xfffff8800a926b20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800d066e40 rbx=0000000000000000 rcx=fffffa800c8d3dd4
rdx=0000057ff3883638 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88009d2ebf0 rsp=fffff8800a926cb8 rbp=0000000000000001
r8=00000000000000b5 r9=0000000000000000 r10=fffffa80098bb880
r11=fffffa800c8d3d20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
mpsdrv!memcpy+0x1c0:
fffff880`09d2ebf0 8a040a mov al,byte ptr [rdx+rcx] ds:d070:00000000`0015740c=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c7ab69 to fffff80001c7b600

STACK_TEXT:
fffff880`0a9269d8 fffff800`01c7ab69 : 00000000`0000000a 00000000`0015740c 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0a9269e0 fffff800`01c797e0 : 00000000`00000004 00000000`00000070 00000000`00000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`0a926b20 fffff880`09d2ebf0 : fffff880`09d2831f 00000000`00000000 00000000`000000b5 00000000`00000102 : nt!KiPageFault+0x260
fffff880`0a926cb8 fffff880`09d2831f : 00000000`00000000 00000000`000000b5 00000000`00000102 00000000`000007ff : mpsdrv!memcpy+0x1c0
fffff880`0a926cc0 fffff880`019afd82 : fffffa80`0f5b8700 fffff880`0a926f48 fffff880`0a926f48 fffff880`0a926f10 : mpsdrv!MpsGetFwpAuthData+0x150f
fffff880`0a926d30 fffff880`019bba38 : 00000000`00000000 fffff880`0a927110 fffff880`0a926ec0 fffff880`0a926f48 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x142
fffff880`0a926dd0 fffff880`019bca31 : fffffa80`0f5b8700 fffff880`0a927110 fffff880`0a926f10 fffff880`0a927560 : NETIO!StreamCalloutProcessData+0x48
fffff880`0a926e20 fffff880`019bda68 : fffff880`0a926f10 fffff880`0a927560 fffff880`0a927101 fffffa80`0f5b8700 : NETIO!StreamCalloutProcessingLoop+0xa1
fffff880`0a926eb0 fffff880`0199e4fa : fffff880`0a927110 fffff880`09d28150 fffffa80`00000001 fffffa80`0db60014 : NETIO!StreamProcessCallout+0x1e8
fffff880`0a926fa0 fffff880`01987619 : fffff880`019c0014 fffffa80`0f07e3e0 fffffa80`0a1d46f8 fffff880`0a927560 : NETIO! ?? ::FNODOBFM::`string'+0x71e2
fffff880`0a9270c0 fffff880`01988bb1 : fffff880`0a920014 fffffa80`0f07e3e0 fffffa80`0db60cc0 fffff880`00000000 : NETIO!ArbitrateAndEnforce+0x2a9
fffff880`0a927190 fffff880`019bff33 : fffff880`0a927634 fffffa80`0f07e3e0 00000000`00000001 fffff880`0a927560 : NETIO!KfdClassify+0x934
fffff880`0a927500 fffff880`019c051a : 00000000`00000000 00000000`00010000 00000000`001d352b fffffa80`0db60c00 : NETIO!StreamInternalClassify+0xf3
fffff880`0a9275d0 fffff880`019c090e : 00000000`00000014 00000000`00000100 00000000`00000000 fffffa80`0eef0ae0 : NETIO!StreamInject+0x1ca
fffff880`0a9276a0 fffff880`01c7ddd7 : fffffa80`0db60b50 00000000`00000118 fffffa80`098bb750 00000000`00000000 : NETIO!FwppStreamInject+0x12e
fffff880`0a927730 fffff880`09de83c1 : fffffa80`0ec41c60 fffffa80`0ec26160 fffffa80`0ec26101 fffffa80`09dd4b00 : fwpkclnt!FwpsStreamInjectAsync0+0xcf
fffff880`0a927790 fffffa80`0ec41c60 : fffffa80`0ec26160 fffffa80`0ec26101 fffffa80`09dd4b00 fffffa80`00000118 : epfwwfpr+0x123c1
fffff880`0a927798 fffffa80`0ec26160 : fffffa80`0ec26101 fffffa80`09dd4b00 fffffa80`00000118 00000000`00000014 : 0xfffffa80`0ec41c60
fffff880`0a9277a0 fffffa80`0ec26101 : fffffa80`09dd4b00 fffffa80`00000118 00000000`00000014 fffffa80`00010000 : 0xfffffa80`0ec26160
fffff880`0a9277a8 fffffa80`09dd4b00 : fffffa80`00000118 00000000`00000014 fffffa80`00010000 fffffa80`098bb750 : 0xfffffa80`0ec26101
fffff880`0a9277b0 fffffa80`00000118 : 00000000`00000014 fffffa80`00010000 fffffa80`098bb750 00000000`000000b5 : 0xfffffa80`09dd4b00
fffff880`0a9277b8 00000000`00000014 : fffffa80`00010000 fffffa80`098bb750 00000000`000000b5 fffff880`09de82f8 : 0xfffffa80`00000118
fffff880`0a9277c0 fffffa80`00010000 : fffffa80`098bb750 00000000`000000b5 fffff880`09de82f8 00000000`00000000 : 0x14
fffff880`0a9277c8 fffffa80`098bb750 : 00000000`000000b5 fffff880`09de82f8 00000000`00000000 fffff880`09de9167 : 0xfffffa80`00010000
fffff880`0a9277d0 00000000`000000b5 : fffff880`09de82f8 00000000`00000000 fffff880`09de9167 fffffa80`0a3fdf60 : 0xfffffa80`098bb750
fffff880`0a9277d8 fffff880`09de82f8 : 00000000`00000000 fffff880`09de9167 fffffa80`0a3fdf60 fffffa80`0a3fdf68 : 0xb5
fffff880`0a9277e0 00000000`00000000 : fffff880`09de9167 fffffa80`0a3fdf60 fffffa80`0a3fdf68 00000000`00000000 : epfwwfpr+0x122f8


STACK_COMMAND: kb

FOLLOWUP_IP:
mpsdrv!memcpy+1c0
fffff880`09d2ebf0 8a040a mov al,byte ptr [rdx+rcx]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: mpsdrv!memcpy+1c0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mpsdrv

IMAGE_NAME: mpsdrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcc79

FAILURE_BUCKET_ID: X64_0xD1_mpsdrv!memcpy+1c0

BUCKET_ID: X64_0xD1_mpsdrv!memcpy+1c0

Followup: MachineOwner
---------

4: kd> lmv m mpsdrv
start end module name
fffff880`09d20000 fffff880`09d38000 mpsdrv (pdb symbols) c:\local cache\mpsdrv.pdb\E5391FD89B864C96AAC97B74520A8A261\mpsdrv.pdb
Loaded symbol image file: mpsdrv.sys
Mapped memory image file: c:\local cache\mpsdrv.sys\4A5BCC7918000\mpsdrv.sys
Image path: \SystemRoot\System32\drivers\mpsdrv.sys
Image name: mpsdrv.sys
Timestamp: Tue Jul 14 03:08:25 2009 (4A5BCC79)
CheckSum: 0001C76E
ImageSize: 00018000
File version: 6.1.7600.16385
Product version: 6.1.7600.16385
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mpsdrv.sys
OriginalFilename: mpsdrv.sys
ProductVersion: 6.1.7600.16385
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileDescription: Microsoft Protection Service Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.


Добавлено:
Для начала отключил сканирование антивирусом файлов в реалтайме. Посмотрим, повторится ли BSOD.
Автор: HDD
Дата сообщения: 16.05.2010 03:24
frmreg
1) Использовать фильтр, что б не создавать дубли DRIVER_IRQL_NOT_LESS_OR_EQUAL
2) Использовать тэги и в частности тэг [more][/more]

Страницы: 1

Предыдущая тема: Курсор уводит в право при нажатии ПКМ


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.