WinDbg: Unable to get verifier list
in [Chips]
|
Prev: Several Ntoskrnl BSOD crashes over the last week, but different stopcodes
Next: Windows can't handle NTFS on external hard disks?
From: Yousuf Khan on 10 Jan 2010 16:49 I've been attempting to get to the bottom of a recurring BSOD crash happening on my system. I've already had 4 crashes so far over the past two weeks. So I've identified that NTOSKRNL.EXE is involved in all of them so far. It always somewhere in the stack. So I enabled Driver Verifier on NTOSKRNL, as well as HAL.DLL, NTFS.SYS, and FLTMGR.SYS which were also identified on the stack during various of the events. Okay so I had my latest crash yesterday, and it occurred on NTOSKRNL as well. The Verifier was already enabled on the system prior to this crash, and then when go to Windbg and execute the "!verifier" command, it comes back with the message, "Unable to get verifier list". Why not, it should be enabled? When I check them on the command-prompt I get the following output back, and they confirm that all of the files are being monitored. So can somebody familiar with Driver Verifier and Windbg help me out here? Yousuf Khan *** >verifier /query 10/01/2010, 3:30:34 PM Level: 0000009B RaiseIrqls: 314843045 AcquireSpinLocks: 1893615496 SynchronizeExecutions: 0 AllocationsAttempted: 90514901 AllocationsSucceeded: 90514901 AllocationsSucceededSpecialPool: 7614086 AllocationsWithNoTag: 0 AllocationsFailed: 0 AllocationsFailedDeliberately: 0 Trims: 2452146 UnTrackedPool: 2872921 Verified drivers: Name: ntoskrnl.exe, loads: 1, unloads: 0 CurrentPagedPoolAllocations: 83397 CurrentNonPagedPoolAllocations: 77485 PeakPagedPoolAllocations: 87305 PeakNonPagedPoolAllocations: 77674 PagedPoolUsageInBytes: 49624396 NonPagedPoolUsageInBytes: 11791484 PeakPagedPoolUsageInBytes: 49827760 PeakNonPagedPoolUsageInBytes: 12139000 Name: hal.dll, loads: 1, unloads: 0 CurrentPagedPoolAllocations: 0 CurrentNonPagedPoolAllocations: 4 PeakPagedPoolAllocations: 8 PeakNonPagedPoolAllocations: 6 PagedPoolUsageInBytes: 0 NonPagedPoolUsageInBytes: 992 PeakPagedPoolUsageInBytes: 768 PeakNonPagedPoolUsageInBytes: 32784 Name: fltmgr.sys, loads: 1, unloads: 0 CurrentPagedPoolAllocations: 2 CurrentNonPagedPoolAllocations: 7161 PeakPagedPoolAllocations: 16 PeakNonPagedPoolAllocations: 7173 PagedPoolUsageInBytes: 16 NonPagedPoolUsageInBytes: 1166244 PeakPagedPoolUsageInBytes: 3440 PeakNonPagedPoolUsageInBytes: 1169508 Name: ntfs.sys, loads: 1, unloads: 0 CurrentPagedPoolAllocations: 32443 CurrentNonPagedPoolAllocations: 28514 PeakPagedPoolAllocations: 33133 PeakNonPagedPoolAllocations: 29174 PagedPoolUsageInBytes: 9261776 NonPagedPoolUsageInBytes: 1880368 PeakPagedPoolUsageInBytes: 9472944 PeakNonPagedPoolUsageInBytes: 1965028
From: Jose on 10 Jan 2010 17:28 On Jan 10, 4:49 pm, Yousuf Khan <bbb...(a)yahoo.com> wrote: > I've been attempting to get to the bottom of a recurring BSOD crash > happening on my system. I've already had 4 crashes so far over the past > two weeks. So I've identified that NTOSKRNL.EXE is involved in all of > them so far. It always somewhere in the stack. So I enabled Driver > Verifier on NTOSKRNL, as well as HAL.DLL, NTFS.SYS, and FLTMGR.SYS which > were also identified on the stack during various of the events. > > Okay so I had my latest crash yesterday, and it occurred on NTOSKRNL as > well. The Verifier was already enabled on the system prior to this > crash, and then when go to Windbg and execute the "!verifier" command, > it comes back with the message, "Unable to get verifier list". Why not, > it should be enabled? > > When I check them on the command-prompt I get the following output back, > and they confirm that all of the files are being monitored. So can > somebody familiar with Driver Verifier and Windbg help me out here? > > Yousuf Khan > > *** > > >verifier /query > 10/01/2010, 3:30:34 PM > Level: 0000009B > RaiseIrqls: 314843045 > AcquireSpinLocks: 1893615496 > SynchronizeExecutions: 0 > AllocationsAttempted: 90514901 > AllocationsSucceeded: 90514901 > AllocationsSucceededSpecialPool: 7614086 > AllocationsWithNoTag: 0 > AllocationsFailed: 0 > AllocationsFailedDeliberately: 0 > Trims: 2452146 > UnTrackedPool: 2872921 > > Verified drivers: > > Name: ntoskrnl.exe, loads: 1, unloads: 0 > CurrentPagedPoolAllocations: 83397 > CurrentNonPagedPoolAllocations: 77485 > PeakPagedPoolAllocations: 87305 > PeakNonPagedPoolAllocations: 77674 > PagedPoolUsageInBytes: 49624396 > NonPagedPoolUsageInBytes: 11791484 > PeakPagedPoolUsageInBytes: 49827760 > PeakNonPagedPoolUsageInBytes: 12139000 > > Name: hal.dll, loads: 1, unloads: 0 > CurrentPagedPoolAllocations: 0 > CurrentNonPagedPoolAllocations: 4 > PeakPagedPoolAllocations: 8 > PeakNonPagedPoolAllocations: 6 > PagedPoolUsageInBytes: 0 > NonPagedPoolUsageInBytes: 992 > PeakPagedPoolUsageInBytes: 768 > PeakNonPagedPoolUsageInBytes: 32784 > > Name: fltmgr.sys, loads: 1, unloads: 0 > CurrentPagedPoolAllocations: 2 > CurrentNonPagedPoolAllocations: 7161 > PeakPagedPoolAllocations: 16 > PeakNonPagedPoolAllocations: 7173 > PagedPoolUsageInBytes: 16 > NonPagedPoolUsageInBytes: 1166244 > PeakPagedPoolUsageInBytes: 3440 > PeakNonPagedPoolUsageInBytes: 1169508 > > Name: ntfs.sys, loads: 1, unloads: 0 > CurrentPagedPoolAllocations: 32443 > CurrentNonPagedPoolAllocations: 28514 > PeakPagedPoolAllocations: 33133 > PeakNonPagedPoolAllocations: 29174 > PagedPoolUsageInBytes: 9261776 > NonPagedPoolUsageInBytes: 1880368 > PeakPagedPoolUsageInBytes: 9472944 > PeakNonPagedPoolUsageInBytes: 1965028 If you are using the small memory dump you will have that message. You need to adjust your Startup and Recovery Debugging information to do a complete memory dump and try again with a new dump file. Did you get nothing useful from !analyze -v
From: Mark Hobley on 10 Jan 2010 18:08 Yousuf Khan <bbbl67(a)yahoo.com> wrote: > I've been attempting to get to the bottom of a recurring BSOD crash > happening on my system. I've already had 4 crashes so far over the past > two weeks. So I've identified that NTOSKRNL.EXE is involved in all of > them so far. If you think the problem is with the IBM PC hardware chips, then I would boot the system with an Ubuntu live CD, and see if that operates normally. If it does, then the problem that you are experiencing is probably software related. In my experience, the blue screen of death is usually a software problem. I have no known fixes for this. Is this a new system? Or is it a system that has been working previously and now crashes more often? Have you changed something on the system? Has the harware changed? Has any software been updated? (Beware of automatic updates) Try disabling some hardware (sound drivers, network interfaces), and switching to a standard VGA display setting, if the system lets you do this. (On some systems it is necessary to remove pin 12 from the VGA cable). > Okay so I had my latest crash yesterday Some systems do crash several times a day. If all else fails, I would look at migration to an open source based system. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Yousuf Khan on 10 Jan 2010 23:48 Jose wrote: > If you are using the small memory dump you will have that message. > > You need to adjust your Startup and Recovery Debugging information to > do a complete memory dump and try again with a new dump file. Ah, I see, okay, then I'll go change that then. > Did you get nothing useful from !analyze -v Well yes, I found out that NTOSKRNL is involved in all of them. :-) Yousuf Khan
From: Yousuf Khan on 11 Jan 2010 00:10
Mark Hobley wrote: > Yousuf Khan <bbbl67(a)yahoo.com> wrote: >> I've been attempting to get to the bottom of a recurring BSOD crash >> happening on my system. I've already had 4 crashes so far over the past >> two weeks. So I've identified that NTOSKRNL.EXE is involved in all of >> them so far. > > If you think the problem is with the IBM PC hardware chips, then I would > boot the system with an Ubuntu live CD, and see if that operates normally. You don't have to tell me twice about that, as the system is already running the latest Ubuntu in multi-boot. The problem doesn't occur on Ubuntu, so far as I can tell, however it doesn't run Ubuntu for very long periods of time either. The Windows crashes are spaced out 3 or 4 days apart, and I can't run Ubuntu on it for this long to test it. This particular system is a home server, it runs a few background apps that are only available on Windows, so it is limited to running Ubuntu only occasionally, like for example when Windows crashes. :-) > If it does, then the problem that you are experiencing is probably > software related. In my experience, the blue screen of death is usually a > software problem. I have no known fixes for this. > > Is this a new system? No, it's a pretty mature system now. I built it and upgrade it myself. It's an AMD A64X2-4200+ w/ 4GB RAM, and it runs in either 32-bit WinXP SP3 or 64-bit Ubuntu 9.10. > Or is it a system that has been working previously and now crashes more often? Yes. > Have you changed something on the system? > Has the harware changed? > Has any software been updated? (Beware of automatic updates) Actually, the only change that I made to the system is that I added a second external USB HD to it. It had a previous USB HD already attached to it before, which is still attached to it, but then I picked up a second one right after Boxing Day. Come to think of it, the first crash occurred just a couple of days after that. I'm willing to entertain the possibility that this new external drive is somehow to blame, but I don't see why. It's just using a standard Microsoft USB Mass Storage driver, and so was the previous external drive. I don't think it could be due to power supply issues as I upgraded the system's power supply early last year to a high-capacity Zalman 650W unit. Yousuf Khan |