I think I've got it....Spfw is the driver and I'm not certain, but I think that is related to my firewall, which is securepoint 3.6.
MODULE_NAME: spfw
IMAGE_NAME: spfw.sys
(This problem far pre-dated the installation of the firewall, but the installation of the firewall has made it worse. The first crash of this sort happened in July actually, going by the memory dump files, and then again about once a month, until I installed the firewall. Then it increased, and is now happening 3-4 times a day.)
Can anyone tell me why a firewall would have a driver? I still don't have the source of the problem, just the aggravating condition.
Thanks, believe it or not that was helpful! I had my doubts, but I figured it out.
NOW, is there anyone out there who can make sense of this output?
====================================================================
Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini110404-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: h:\i386
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Thu Nov 04 21:39:23 2004
System Uptime: 0 days 0:49:14.057
Loading Kernel Symbols
.........................................................................................................
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {80569198, 2, 0, 80569198}
*** WARNING: Unable to verify timestamp for spfw.sys
*** ERROR: Module load completed but symbols could not be loaded for spfw.sys
Probably caused by : spfw.sys ( spfw+5268 )
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 80569198, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80569198, address which referenced memory
STACK_TEXT:
f7cc1a18 fc809268 ff358a18 80d8bbf0 f7cc1adc nt!RtlEqualSid+0x2b
WARNING: Stack unwind information not available. Following frames may be wrong.
f7cc1a28 00000002 f7cc1adc 00000000 fc806b38 spfw+0x5268
"An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace. "
So does this mean that a driver causing an IRQ conflict, and which driver?
Denny Denham
2 Intern
•
18.8K Posts
0
November 5th, 2004 14:00
The information here may be helpful.
hal4000
24 Posts
0
November 5th, 2004 17:00
MODULE_NAME: spfw
IMAGE_NAME: spfw.sys
(This problem far pre-dated the installation of the firewall, but the installation of the firewall has made it worse. The first crash of this sort happened in July actually, going by the memory dump files, and then again about once a month, until I installed the firewall. Then it increased, and is now happening 3-4 times a day.)
Can anyone tell me why a firewall would have a driver? I still don't have the source of the problem, just the aggravating condition.
hal4000
24 Posts
0
November 5th, 2004 17:00
NOW, is there anyone out there who can make sense of this output?
====================================================================
Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini110404-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: h:\i386
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Thu Nov 04 21:39:23 2004
System Uptime: 0 days 0:49:14.057
Loading Kernel Symbols
.........................................................................................................
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {80569198, 2, 0, 80569198}
*** WARNING: Unable to verify timestamp for spfw.sys
*** ERROR: Module load completed but symbols could not be loaded for spfw.sys
Probably caused by : spfw.sys ( spfw+5268 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 80569198, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80569198, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 80569198
CURRENT_IRQL: 2
FAULTING_IP:
nt!RtlEqualSid+2b
80569198 32c0 xor al,al
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from fc809268 to 80569198
TRAP_FRAME: f7cc19a0 -- (.trap fffffffff7cc19a0)
ErrCode = 00000000
eax=ff358a05 ebx=00000002 ecx=fc80ad88 edx=00000302 esi=ff358a18 edi=80d8bbf0
eip=80569198 esp=f7cc1a14 ebp=00000000 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!RtlEqualSid+0x2b:
80569198 32c0 xor al,al
Resetting default scope
STACK_TEXT:
f7cc1a18 fc809268 ff358a18 80d8bbf0 f7cc1adc nt!RtlEqualSid+0x2b
WARNING: Stack unwind information not available. Following frames may be wrong.
f7cc1a28 00000002 f7cc1adc 00000000 fc806b38 spfw+0x5268
FAILED_INSTRUCTION_ADDRESS:
nt!RtlEqualSid+2b
80569198 32c0 xor al,al
FOLLOWUP_IP:
spfw+5268
fc809268 ?? ???
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: spfw+5268
MODULE_NAME: spfw
IMAGE_NAME: spfw.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 40c97605
STACK_COMMAND: .trap fffffffff7cc19a0 ; kb
BUCKET_ID: 0xA_CODE_AV_BAD_IP_spfw+5268
Followup: MachineOwner
---------
===============================================================
===============================================================
The only part that is in English:
"An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace. "
So does this mean that a driver causing an IRQ conflict, and which driver?