Analyse d’un stop 7F


Nous allons analyser ensemble un dump relatif à des problème de crash réguliers sur un serveur de fichiers.


D’abord, regardons sur quel type de serveur le crash s’est produit :


0: kd> vertarget


Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible


Product: Server, suite: TerminalServer SingleUserTS


Built by: 3790.srv03_sp1_rtm.050324-1447


Kernel base = 0x80800000 PsLoadedModuleList = 0x808af988


Debug session time: Tue Oct 21 02:22:03.749 2008 (GMT+2)


System Uptime: 6 days 7:23:43.156



Il s’agit donc d’un serveur 2003 en SP1, un premier plan d’action serait de le mettre à jour en SP2 🙂


D’autre part, le serveur semble avoir tourné pendant 6 jours avant la génération du dump.


Aussi, chaque crash ou stop est associé un code qui définie le type de problème rencontré, examinons le stop en question :


0: kd> .bugcheck


Bugcheck code 0000007F


Arguments 00000008 80042000 00000000 00000000


C’est un stop 7F avec le paramètre  00000008 ….intéressant !!


Les documents techniques qui détaillent ce type de stop, font référence à un problème de stack overflow :


“Bug Check 0x7F: UNEXPECTED_KERNEL_MODE_TRAP


The UNEXPECTED_KERNEL_MODE_TRAP bug check has a value of 0x0000007F. This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.


This trap could be a bound trap (a trap the kernel is not permitted to catch) or a double fault (a fault that occurred while processing an earlier fault, which always results in a system failure).



0x00000008, or Double Fault, indicates that an exception occurs during a call to the handler for a prior exception. Typically, the two exceptions are handled serially. However, there are several exceptions that cannot be handled serially, and in this situation the processor signals a double fault. There are two common causes of a double fault:
A kernel stack overflow Or A hardware problem”


Ok, nous savons maintenant qu’il peut s’agir d’un stack overflow ..il va falloir se mettre sur le thread qui a causé le crash pour en savoir plus :


0: kd> .tss 0x28


eax=854b8300 ebx=854b8310 ecx=00000003 edx=89756000 esi=89fc3f30 edi=89756000


eip=bae30bf7 esp=f78f7f88 ebp=f78f81b8 iopl=0         nv up ei ng nz na pe nc


cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286


q57xp32+0x9bf7:


bae30bf7 53              push    ebx


0: kd> .thread


Implicit thread is now 8ab868d0


0: kd> !thread


THREAD 8ab868d0  Cid 0004.0048  Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0


IRP List:


    859c0370: (0006,0220) Flags: 00000010  Mdl: 00000000


    85391008: (0006,0220) Flags: 00000884  Mdl: 00000000


    8a02af68: (0006,0094) Flags: 00000000  Mdl: 00000000


Not impersonating


DeviceMap                 d6402818


Owning Process            8ab8a238       Image:         System


Wait Start TickCount      34881482       Ticks: 0


Context Switch Count      21126271            


UserTime                  00:00:00.000


KernelTime                00:03:14.531


Start Address nt!ExpWorkerThread (0x8083f671)


Stack Init f78fb000 Current f78f9150 Base f78fb000 Limit f78f8000 Call 0


Priority 12 BasePriority 12 PriorityDecrement 0


ChildEBP RetAddr  Args to Child             


00000000 bae30bf7 00000000 00000000 00000000 nt!_KiTrap08+0x75 (FPO: TSS 28:0)


WARNING: Stack unwind information not available. Following frames may be wrong.


f78f81b8 bae29c53 89756000 89fc3f30 8975bf54 q57xp32+0x9bf7


f78f8200 bae29edb 854b8310 f78f8278 f78f8248 q57xp32+0x2c53


f78f8210 bae2a199 02756000 878032e0 897ef950 q57xp32+0x2edb


f78f8248 f76ee804 00000001 f78f8278 00000000 q57xp32+0x3199


f78f8260 80a7a24f 897ef850 00000000 86e62a20 NDIS!ndisMProcessSGList+0x90


f78f828c f76ee6fe 86e62a20 897ef850 878032c0 hal!HalBuildScatterGatherList+0x1c7


f78f82e4 f76d249d 8a3d5008 854b8310 862fe230 NDIS!ndisMAllocSGList+0xd9


f78f8300 ba782f37 89e90290 854b8310 89d16c48 NDIS!ndisMSendX+0x1a0


f78f8328 ba78223a 8a3d5008 854b8310 8638eae8 tcpip!IPRcvComplete+0x12d3


f78f8350 ba782622 8638ea02 f78f8402 00000001 tcpip!IPRcvComplete+0x5d6


f78f848c ba783c01 ba7bbbb8 862fe2a4 862fe230 tcpip!IPRcvComplete+0x9be


f78f84fc ba783da0 f3b3f555 00000002 875d30c0 tcpip!IPRcvComplete+0x1f9d


f78f8524 ba784478 00000001 00000000 00000002 tcpip!IPRcvComplete+0x213c


f78f8558 bab209ac 875d3008 89443364 89d2d540 tcpip!IPRcvComplete+0x2814


f78f857c bab29a46 89e8e000 89429058 89e8e000 msiscsi+0x99ac


f78f8624 bab2c101 01429058 84f25502 84f2552c msiscsi+0x12a46


f78f8644 bab1a435 808a5180 84f25502 00000000 msiscsi+0x15101


f78f866c bab036ca 8a02b65c 89e8e000 f78f8698 msiscsi+0x3435


f78f867c bab03afc 897c31a0 84f2552c 884b7d28 iscsiprt!RaCallMiniportStartIo+0x1e


f78f8698 bab0c182 84f2552c 870a48a0 89d17e18 iscsiprt!RaidAdapterPostScatterGatherExecute+0x5e


f78f86b8 bab07823 00000000 00000001 00000000 iscsiprt!RaUnitStartIo+0xc4


f78f86d8 bab0b575 89d17e18 014b7d28 00000000 iscsiprt!RaidStartIoPacket+0x49


f78f86fc bab0c8a6 89d17d30 884b7d28 84c6d270 iscsiprt!RaidUnitSubmitRequest+0x63


f78f8718 bab06844 89d17d30 884b7d28 f78f873c iscsiprt!RaUnitScsiIrp+0x92


f78f8728 8083f9d0 89d17c78 884b7d28 89e8caa0 iscsiprt!RaDriverScsiIrp+0x2a


f78f873c f7409440 884b7d28 884b7dfc 884b7d28 nt!IofCallDriver+0x45


f78f8764 f74094e0 89cfba88 884b7d28 884b7d28 mpio!MPIOReadWrite+0x19e


f78f8830 f7409b34 89cfba88 84c6d1f0 884b7dd8 mpio!MPIOPdoHandleRequest+0x76


f78f8848 f7408945 89cfbb40 884b7d28 884b7d28 mpio!MPIOPdoInternalDeviceControl+0x3c


f78f8870 f740916f 89cfba88 89cfbd78 01000000 mpio!MPIOPdoCommonDeviceControl+0x1fb


f78f8890 f74062ef 89cfba88 884b7d28 f78f88b4 mpio!MPIOPdoDispatch+0x8f


f78f88a0 8083f9d0 89cfba88 884b7d28 84f25480 mpio!MPIOGlobalDispatch+0x19


f78f88b4 f7139a20 84f25480 68d0e000 f78f88f8 nt!IofCallDriver+0x45


f78f88c4 f7139635 84f25480 89419b70 85a52e2c CLASSPNP!SubmitTransferPacket+0xbb


f78f88f8 f7139712 00000000 00001000 85a52e50 CLASSPNP!ServiceTransferRequest+0x1e4


f78f891c 8083f9d0 89419ab8 00000000 8ab96b38 CLASSPNP!ClassReadWrite+0x159


f78f8930 f74d80cf 8756c3a8 85a52e50 f78f8954 nt!IofCallDriver+0x45


f78f8940 8083f9d0 893e7780 85a52cc0 85a52cc0 PartMgr+0x10cf


f78f8954 f73b4802 890bd008 8756c3a8 89595d08 nt!IofCallDriver+0x45


La, il n’y a pas de doute, nous somme bien en présence d’un beau “stack overflow”.


En effet, chaque thread a le droit à un espace limité pour gérer la stack.


Ici la limite est à f78fb000  (on commence la stack à à l’adresse f78f8000 ) : Stack Init f78fb000 Current f78f9150 Base f78fb000 Limit f78f8000


Le dernier appel a été fait à l’adresse f78f81b8 ;  par conséquent l’appel d’après aurait utiliser de la mémoire et dépasser ainsi la limite du f78f8000 d’où le stack overflow et le crash.


Voici les détails de consommation de la stack au moment du Stop:


  Module      Stack Usage Percentage


fltMgr                280          2


volsnap               584          5


Ntfs                 4844        42


iscsiprt              188          2


NDIS                  140          1


msiscsi               276          2


q57xp32               144          1


CLASSPNP              104          1


mfetdik               144          1


hal                    44          0


dmio                  328          3


tcpip                 600          5


mpio                  356          3


PartMgr                16          0


mfehidk               660          6


nt                   1988        17


df2k                  848          7


Nous constatons que Ntfs utilise 42% de celle-ci ce qui est beaucoup. Maintenant si l’on regarde attentivement la stack nous allons constater que c’est le driver df2k.sys qui est réentrant dans le file system.


0: kd> kv 100


ChildEBP RetAddr  Args to Child             


00000000 bae30bf7 00000000 00000000 00000000 nt!_KiTrap08+0x75


WARNING: Stack unwind information not available. Following frames may be wrong.


f78f81b8 bae29c53 89756000 89fc3f30 8975bf54 q57xp32+0x9bf7


f78f8200 bae29edb 854b8310 f78f8278 f78f8248 q57xp32+0x2c53


f78f8210 bae2a199 02756000 878032e0 897ef950 q57xp32+0x2edb


f78f8248 f76ee804 00000001 f78f8278 00000000 q57xp32+0x3199


f78f8260 80a7a24f 897ef850 00000000 86e62a20 NDIS!ndisMProcessSGList+0x90


f78f828c f76ee6fe 86e62a20 897ef850 878032c0 hal!HalBuildScatterGatherList+0x1c7


f78f82e4 f76d249d 8a3d5008 854b8310 862fe230 NDIS!ndisMAllocSGList+0xd9


f78f8300 ba782f37 89e90290 854b8310 89d16c48 NDIS!ndisMSendX+0x1a0


f78f8328 ba78223a 8a3d5008 854b8310 8638eae8 tcpip!IPRcvComplete+0x12d3


f78f8350 ba782622 8638ea02 f78f8402 00000001 tcpip!IPRcvComplete+0x5d6


f78f848c ba783c01 ba7bbbb8 862fe2a4 862fe230 tcpip!IPRcvComplete+0x9be


f78f84fc ba783da0 f3b3f555 00000002 875d30c0 tcpip!IPRcvComplete+0x1f9d


f78f8524 ba784478 00000001 00000000 00000002 tcpip!IPRcvComplete+0x213c


f78f8558 bab209ac 875d3008 89443364 89d2d540 tcpip!IPRcvComplete+0x2814


f78f857c bab29a46 89e8e000 89429058 89e8e000 msiscsi+0x99ac


f78f8624 bab2c101 01429058 84f25502 84f2552c msiscsi+0x12a46


f78f8644 bab1a435 808a5180 84f25502 00000000 msiscsi+0x15101


f78f866c bab036ca 8a02b65c 89e8e000 f78f8698 msiscsi+0x3435


f78f867c bab03afc 897c31a0 84f2552c 884b7d28 iscsiprt!RaCallMiniportStartIo+0x1e


f78f8698 bab0c182 84f2552c 870a48a0 89d17e18 iscsiprt!RaidAdapterPostScatterGatherExecute+0x5e


f78f86b8 bab07823 00000000 00000001 00000000 iscsiprt!RaUnitStartIo+0xc4


f78f86d8 bab0b575 89d17e18 014b7d28 00000000 iscsiprt!RaidStartIoPacket+0x49


f78f86fc bab0c8a6 89d17d30 884b7d28 84c6d270 iscsiprt!RaidUnitSubmitRequest+0x63


f78f8718 bab06844 89d17d30 884b7d28 f78f873c iscsiprt!RaUnitScsiIrp+0x92


f78f8728 8083f9d0 89d17c78 884b7d28 89e8caa0 iscsiprt!RaDriverScsiIrp+0x2a


f78f873c f7409440 884b7d28 884b7dfc 884b7d28 nt!IofCallDriver+0x45


f78f8764 f74094e0 89cfba88 884b7d28 884b7d28 mpio!MPIOReadWrite+0x19e


f78f8830 f7409b34 89cfba88 84c6d1f0 884b7dd8 mpio!MPIOPdoHandleRequest+0x76


f78f8848 f7408945 89cfbb40 884b7d28 884b7d28 mpio!MPIOPdoInternalDeviceControl+0x3c


f78f8870 f740916f 89cfba88 89cfbd78 01000000 mpio!MPIOPdoCommonDeviceControl+0x1fb


f78f8890 f74062ef 89cfba88 884b7d28 f78f88b4 mpio!MPIOPdoDispatch+0x8f


f78f88a0 8083f9d0 89cfba88 884b7d28 84f25480 mpio!MPIOGlobalDispatch+0x19


f78f88b4 f7139a20 84f25480 68d0e000 f78f88f8 nt!IofCallDriver+0x45


f78f88c4 f7139635 84f25480 89419b70 85a52e2c CLASSPNP!SubmitTransferPacket+0xbb


f78f88f8 f7139712 00000000 00001000 85a52e50 CLASSPNP!ServiceTransferRequest+0x1e4


f78f891c 8083f9d0 89419ab8 00000000 8ab96b38 CLASSPNP!ClassReadWrite+0x159


f78f8930 f74d80cf 8756c3a8 85a52e50 f78f8954 nt!IofCallDriver+0x45


f78f8940 8083f9d0 893e7780 85a52cc0 85a52cc0 PartMgr+0x10cf


f78f8954 f73b4802 890bd008 8756c3a8 89595d08 nt!IofCallDriver+0x45


f78f899c f73cdfa3 8756c3a8 010bd008 04000000 dmio!voldiskiostart+0x482


f78f89ec f73bf8dc 8756c3a8 f78f8a44 f78f8a38 dmio!vol_subdisksio_start+0x107


f78f8a5c f73b5e2c 8712c408 00000001 00000001 dmio!volkiostart+0x32c


f78f8a88 f73b85e2 88dc1a60 85a52cc0 8ab50418 dmio!volrdwr+0xa0


f78f8a9c 8083f9d0 88dc1a60 85a52cc0 85a52e98 dmio!volread+0x58


f78f8ab0 f73899c4 8ab2d248 88db7af0 88d246d0 nt!IofCallDriver+0x45


f78f8ac8 8083f9d0 88d246d0 85a52cc0 85a52cc0 volsnap+0x19c4


f78f8adc f70d9881 88db7a38 88db7af0 88ba5c98 nt!IofCallDriver+0x45


f78f8b34 f70dae17 88db7a38 85a52cc0 85a52cc0 df2k+0x6881


f78f8b5c f701d0ce f78f8e40 f78f8d40 f701c702 df2k+0x7e17


f78f8b68 f701c702 f78f8e40 88db7a38 9c09a000 Ntfs!NtfsSingleAsync+0x91


f78f8d40 f701a75e f78f8e40 85a52cc0 88ba5c98 Ntfs!NtfsNonCachedIo+0x2db


f78f8e2c f701d8de f78f8e40 85a52cc0 00000001 Ntfs!NtfsCommonRead+0xaf5


f78f8fd8 8083f9d0 88be6718 85a52cc0 85a52cc0 Ntfs!NtfsFsdRead+0x113


f78f8fec f7117b43 88f2aae8 85a52cc0 88eeb008 nt!IofCallDriver+0x45


f78f9010 f7117d03 f78f9030 88f2aae8 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b


f78f9048 8083f9d0 88f2aae8 85a52cc0 88db7af0 fltMgr!FltpDispatch+0x11f


f78f905c f70d8ab1 89944588 89944640 88fcd5c0 nt!IofCallDriver+0x45


f78f9100 f70dae17 89944588 85a52cc0 85a52ebc df2k+0x5ab1


f78f9128 ba9efa40 88d1da08 89705218 88bed008 df2k+0x7e17


f78f913c 8083f9d0 88aacf10 85a52cc0 85a52cc0 SYMEVENT!SYMEvent_AllocVMData+0x5f00


f78f9150 f7117d36 0010e000 8a0d1768 00000000 nt!IofCallDriver+0x45


f78f917c 8083f9d0 88d1da08 85a52cc0 85a52cc0 fltMgr!FltpDispatch+0x152


f78f9190 8082f0de 83e86308 8ab868d0 83e862f8 nt!IofCallDriver+0x45


f78f91a8 8082f17c 88f04f0c 83e86330 83e86310 nt!IoPageRead+0x109


f78f922c 80849ce5 00000001 c16ce000 c0305b38 nt!MiDispatchFault+0xd2a


f78f9288 8082fd4f 00000000 c16ce000 00000000 nt!MmAccessFault+0x64a


f78f92b8 80845b53 c16ce000 00000000 f78f93e4 nt!MmCheckCachedPageState+0x48e


f78f9300 80845d5a 88ba5b60 f78f9340 00001000 nt!CcMapAndRead+0x93


f78f9394 8092f599 88f04f90 f78f93d4 00001000 nt!CcPinFileData+0x24a


f78f9408 f7054d25 88f04f90 f78f9440 00001000 nt!CcPinRead+0xc4


f78f9430 f704842b 84f7a168 88ba5c98 0010e000 Ntfs!NtfsPinStream+0x76


f78f945c f7049751 84f7a168 88be67f8 00870000 Ntfs!NtfsMapOrPinPageInBitmap+0x9d


f78f94d8 f704851f 84f7a168 88be67f8 0087312e Ntfs!NtfsAllocateBitmapRun+0x4b


f78f9614 f7040136 84f7a168 88be67f8 87342a00 Ntfs!NtfsAllocateClusters+0x9fd


f78f96d4 f7047e53 84f7a168 87342a00 00000020 Ntfs!NtfsAllocateAttribute+0x156


f78f9774 f704835c 84f7a168 d6650468 00000020 Ntfs!NtfsCreateNonresidentWithValue+0xde


f78f9874 f706e627 84f7a168 d6650468 d1911898 Ntfs!NtfsConvertToNonresident+0x2ec


f78f99cc f7076cc4 84f7a168 d6650468 00000240 Ntfs!NtfsChangeAttributeValue+0x467


f78f9ab8 f7071d04 84f7a168 d6650468 000fe6ad Ntfs!NtfsAddToAttributeList+0x177


f78f9ca0 f7047a50 84f7a168 d6650530 f78f9cd0 Ntfs!NtfsAddAttributeAllocation+0xf71


f78f9d64 f70845ef 84f7a168 8523cc68 d6650530 Ntfs!NtfsAddAllocation+0x397


f78f9e74 f7041c94 84f7a168 8523cc68 859c0370 Ntfs!NtfsSetAllocationInfo+0x3dd


f78f9ee0 f701d2fb 84f7a168 859c0370 00000000 Ntfs!NtfsCommonSetInformation+0x48c


f78f9f48 8083f9d0 88be6718 859c0370 859c0370 Ntfs!NtfsFsdSetInformation+0xa3


f78f9f5c f7117b43 88f2aae8 859c0370 88eeb008 nt!IofCallDriver+0x45


f78f9f80 f7117d03 f78f9fa0 88f2aae8 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b


f78f9fb8 8083f9d0 88f2aae8 859c0370 88db7af0 fltMgr!FltpDispatch+0x11f


f78f9fcc f70d8ab1 89944588 89944640 f78fa0e8 nt!IofCallDriver+0x45


f78fa070 f70dae17 89944588 859c0370 859c056c df2k+0x5ab1


f78fa098 ba9ef7b1 859c056c 859c0590 f78fa0e8 df2k+0x7e17


f78fa0b0 ba9f8d68 89944588 00000000 f78fa0e8 SYMEVENT!SYMEvent_AllocVMData+0x5c71


f78fa0cc ba9ef91b f78fa0e8 8082b0b9 ba9ef9e3 SYMEVENT!EventObjectCreate+0xba8


f78fa10c 8083f9d0 88aacf10 859c0370 859c0370 SYMEVENT!SYMEvent_AllocVMData+0x5ddb


f78fa120 f7117b43 88d1da08 859c0370 88bed008 nt!IofCallDriver+0x45


f78fa144 f7117d03 f78fa164 88d1da08 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b


f78fa17c 8083f9d0 88d1da08 859c0370 859c0370 fltMgr!FltpDispatch+0x11f


f78fa190 8098911f 85391008 84c497a0 f78fa434 nt!IofCallDriver+0x45


f78fa1c8 f707e07c 0123cc68 00000013 85391018 nt!IoSetInformation+0x1c2


f78fa1f4 f706c7b7 84c497a0 85391008 d66506b8 Ntfs!NtfsCompleteLargeAllocation+0x40


f78fa3f4 f70531e5 84c497a0 85391008 f78fa434 Ntfs!NtfsCommonCreate+0x1472


f78fa4f8 8083f9d0 88be6718 85391008 85391008 Ntfs!NtfsFsdCreate+0x17d


f78fa50c f7117b43 00000000 85391008 85391198 nt!IofCallDriver+0x45


f78fa530 f71255af f78fa550 88f2aae8 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b


f78fa56c 8083f9d0 88f2aae8 85391008 853911d8 fltMgr!FltpCreate+0x23b


f78fa580 f70da51c 8081fd79 899446b0 899446f4 nt!IofCallDriver+0x45


f78fa5b0 f70d942b 899446b0 85391008 00000000 df2k+0x751c


f78fa5e4 f70d8fed 89944640 85391008 89944588 df2k+0x642b


f78fa690 f70dae17 89944588 85391008 853911e0 df2k+0x5fed


f78fa6b8 ba9ef8a1 853911e0 85391204 f78fa718 df2k+0x7e17


f78fa6e0 ba9f8d58 89944588 00000000 f78fa718 SYMEVENT!SYMEvent_AllocVMData+0x5d61


f78fa6fc ba9ef91b f78fa718 8082b0b9 ba9ef9e3 SYMEVENT!EventObjectCreate+0xb98


f78fa73c 8083f9d0 88aacf10 85391008 85391008 SYMEVENT!SYMEvent_AllocVMData+0x5ddb


f78fa750 f7117b43 00000000 85391008 85391204 nt!IofCallDriver+0x45


f78fa774 f71255af f78fa794 88d1da08 00000000 fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b


f78fa7b0 8083f9d0 88d1da08 85391008 85391008 fltMgr!FltpCreate+0x23b


f78fa7c4 8092e269 f78fa96c 88dc1a48 00000000 nt!IofCallDriver+0x45


f78fa8ac 80936caa 88dc1a60 00000000 88e62860 nt!IopParseDevice+0xa35


f78fa92c 80936aa5 00000000 f78fa96c 00000240 nt!ObpLookupObjectName+0x5a9


f78fa980 80936f27 00000000 00000000 00000100 nt!ObOpenObjectByName+0xea


f78fa9fc 80936ff8 8a2f22e4 0012019f f78fab7c nt!IopCreateFile+0x447


f78faa58 8092ed98 8a2f22e4 0012019f f78fab7c nt!IoCreateFile+0xa3


f78faa98 80834d3f 8a2f22e4 0012019f f78fab7c nt!NtCreateFile+0x30


f78faa98 8083c1ec 8a2f22e4 0012019f f78fab7c nt!KiFastCallEntry+0xfc


f78fab3c f7396acb 8a2f22e4 0012019f f78fab7c nt!ZwCreateFile+0x11


f78fabc4 f739c6f7 8a2f22d0 00000001 f78fabec volsnap+0xeacb


f78fabf8 f73a5d5d 86a966e0 12c00000 00000000 volsnap+0x146f7


f78fad50 f73945e5 8aa020d8 851a5798 8ab868d0 volsnap+0x1dd5d


f78fad6c 809180a0 875603d0 88eb2ab8 808b70dc volsnap+0xc5e5


f78fad80 8083f72e 875603d0 00000000 8ab868d0 nt!IopProcessWorkItem+0x13


f78fadac 8092ccff 875603d0 00000000 00000000 nt!ExpWorkerThread+0xeb


f78faddc 80841a96 8083f671 00000001 00000000 nt!PspSystemThreadStartup+0x2e


00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


La stack contient aussi plusieurs occurrences du module SYMEVENT qui est connu pour causer des problèmes de stack overflow



La solution au problème rencontré passera par:


– Désinstallation ou mise à jour du composant Df2K.sys


– Suivi des recommandations de Symantec pour la partie Symevent : http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002071208532048?Open&src=w


 Mounia


Windows Core Technical Lead

Comments (0)

Skip to main content