BSOD caused by ntkrpamp.exe
I am somewhat familiar with how to deal with BSOD crash dumps, but not really versed on how to interpret. This is what I got in one of my computers, not really sure what is triggering or what to do. Any help will be appreciated.
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Fri Jul 3 03:25:40.109 2009 (GMT-7)
System Uptime: 0 days 0:01:06.812
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 805c314f, a5c90a48, 0}
Probably caused by : ntkrpamp.exe ( nt!ObInsertObject+1ad )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805c314f, The address that the exception occurred at
Arg3: a5c90a48, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ObInsertObject+1ad
805c314f 8b4e1c mov ecx,dword ptr [esi+1Ch]
TRAP_FRAME: a5c90a48 -- (.trap 0xffffffffa5c90a48)
ErrCode = 00000000
eax=a5c90bb8 ebx=00000000 ecx=8a5bde00 edx=00000000 esi=00000001 edi=00000000
eip=805c314f esp=a5c90abc ebp=a5c90b8c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
nt!ObInsertObject+0x1ad:
805c314f 8b4e1c mov ecx,dword ptr [esi+1Ch] ds:0023:0000001d=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: explorer.exe
LAST_CONTROL_TRANSFER: from 805d0e99 to 805c314f
STACK_TEXT:
a5c90b8c 805d0e99 89325be0 a5c90bb8 001f0fff nt!ObInsertObject+0x1ad
a5c90ce4 805d11b9 00dce5f8 001f0fff 00000000 nt!PspCreateProcess+0x635
a5c90d38 8054162c 00dce5f8 001f0fff 00000000 nt!NtCreateProcessEx+0x77
a5c90d38 7c90e514 00dce5f8 001f0fff 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00dcec64 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObInsertObject+1ad
805c314f 8b4e1c mov ecx,dword ptr [esi+1Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObInsertObject+1ad
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3
FAILURE_BUCKET_ID: 0x8E_nt!ObInsertObject+1ad
BUCKET_ID: 0x8E_nt!ObInsertObject+1ad
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
804d7000 806e4000 nt # (pdb symbols) c:\symbols\ntkrpamp.pdb\909FE6B806E4444B9230BAAF21EC5C271\ntkrpamp.pdb
Loaded symbol image file: ntkrpamp.exe
Mapped memory image file: c:\symbols\ntkrpamp.exe\498C11D320d000\ntkrpamp.exe
Image path: ntkrpamp.exe
Image name: ntkrpamp.exe
Timestamp: Fri Feb 06 02:32:51 2009 (498C11D3)
CheckSum: 001F9D43
ImageSize: 0020D000
File version: 5.1.2600.5755
Product version: 5.1.2600.5755
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0405.04b0
CompanyName: Microsoft Corporation
ProductName: OperačnĂ* systĂ©m Microsoft® Windows®
InternalName: ntkrpamp.exe
OriginalFilename: ntkrpamp.exe
ProductVersion: 5.1.2600.5755
FileVersion: 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. Všechna práva vyhrazena.
Re: BSOD caused by ntkrpamp.exe
There is one thing that I don't understand and don't like, which is at the end of the above quote. it is:
ProductName: OperačnĂ* systĂ©m Microsoft® Windows®
InternalName: ntkrpamp.exe
OriginalFilename: ntkrpamp.exe
ProductVersion: 5.1.2600.5755
FileVersion: 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. Všechna práva vyhrazena.
Why in the name of everything that's holy is there what seems to be Russian in the above?? is that from the computer that contains the crash file or from the computer where WinDbg was run? (different computers)
Re: BSOD caused by ntkrpamp.exe
looks like you are using vista did you recently update your service pack from 1 to 2 i think problem is there that some software or driver need to update in order to work with sp2. else see this for more help http://forums.techarena.in/operating...ms/1028413.htm
Re: BSOD caused by ntkrpamp.exe
Actually the computer with the problem has Win XP Pro SP 3 as operating system.
Re: BSOD caused by ntkrpamp.exe
ntkrpamp.exe is a process associated with Microsoft Windows Operating System from Microsoft Corporation. This process is required for essential applications to work properly and ntkrpamp.exe should not be disabled.
To find ntkrpamp.exe related errors, click here to run a free scan.
Note: It is highly recommended to Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings.
Re: BSOD caused by ntkrpamp.exe
Quote:
Originally Posted by
SalVatore
ntkrpamp.exe is a process associated with Microsoft Windows Operating System from Microsoft Corporation. This process is required for essential applications to work properly and ntkrpamp.exe should not be disabled.
Thanks. That much I know. But anything else in that analysis gives any direction of what caused the problem? like, what do I look at to know where else to keep digging?
Re: BSOD caused by ntkrpamp.exe
ntkrpamp.exe should not be disabled, required for essential applications to work properly.Check this thread for more information : Blue Screen of Death caused by ntkrpamp.exe