Re: Bug check: 0x000000d1 (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33)

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jonathan Maltz [MS-MVP] (jmaltz_at_mvps.org)
Date: 05/28/04 

Date: Fri, 28 May 2004 17:58:21 -0400

Hi,

Just to add on to what's already been said, George - look familiar:

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at
an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

Is this is the first time it happened, don't worry. If it continues, you
may have a problem 

-- 
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find out
here
Only reply by newsgroup.  I do not do technical support via email.  Any
emails I have not authorized are deleted before I see them.
"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
news:%231YRQ5OREHA.3348@TK2MSFTNGP09.phx.gbl...
> Download WinDbg from (i have never used VS .NET to look at memory dumps,
so
> i do not know how it works):
> http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
>
> and install (you can install on any machine, if you do not want to install
> it on the server).
>
> Set the Symbol Path (File->Symbol File Path) as per the instructions here:
> http://www.microsoft.com/whdc/devtools/debugging/symbols.mspx
>
> Take the complete memory dump, and run (if it has not already told you the
> causing file):
>
> !analyze -v
>
> With the complete dump, it is much easier, because everything you need is
in
> the dump, and you do not need to manually specify paths to files.
>
> -- 
> Regards,
> Kristofer Gafvert - IIS MVP
> http://www.ilopia.com - When you need help!
>
>
> "George Valkov" <null@somewhere.com> wrote in message
> news:ewVxXlOREHA.3720@TK2MSFTNGP09.phx.gbl...
> > I have Visual Studio 2003 Professional installed and .DMP files are
> > associated with it, but I don't know what should I do next. I found a
link
> > to WinBug and I'm going to install it in a day or two. I will also set
my
> > system to make complete memory dumps. My system is stable (20 days
uptime
> > record and then a power outage :-) but just in case (it will be
> interesting
> > to learn something new).
> >
> > About driver updates:
> > There's nothing to update, except the Sound from Creative and Video from
> > ATI, but my hardware is old.
> > Although there are driver updates, they are written in such bad a manner
> > that to force customers to upgrade their hardware. New drivers from ATI
> > causes screen corruption and system instability. New drivers from
Creative
> > cause loud sound and distortion.
> >
> > I've verified the Security Logging options and there is no change in it.
I
> > was just curious about, because I had a problem with it (since from the
RC
> 1
> > or 2 beta testing version) and I am currently using a workaround for it.
> > I will describe it the next post.
> >
> > Thank You Kristofer!
> >
> > George Valkov
> >
> >
> > "Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
> > news:eD1CPMDREHA.620@TK2MSFTNGP10.phx.gbl...
> > > Hi George!
> > >
> > > I think that this was "just a" blue screen. I don't think that you
need
> to
> > > worry about the policy being changed, this is normal, also see:
> > >
> > >
> >
>
http://www.eventid.net/display.asp?eventid=612&eventno=208&source=Security&phase=1
> > >
> > > I tried to get the name of the file that caused your blue screen,
using
> > > windbg, but it doesn't seem to include the information i need for that
> (i
> > > suppose i do not have the same drivers on my machine, as you have on
> > yours).
> > >
> > > Since you were using the sound card, a guess is that something is not
> > > working properly with your sound card driver. Is an update available?
> > >
> > > -- 
> > > Regards,
> > > Kristofer Gafvert - IIS MVP
> > > http://www.ilopia.com - When you need help!
> > >
> > >
> > > "George Valkov" <null@somewhere.com> wrote in message
> > > news:%23UclC4AREHA.3660@tk2msftngp13.phx.gbl...
> > > > The server is up to date. Only one renamed Admiinstrator account.
> > Helluva
> > > > strong NTLM account passwords for all accounts (built in Admin,
Power
> > User
> > > > and User) with LM hash disabled.
> > > > I was loged on as a limmited user and saving a wav file to non
system
> > > > partition disk with Sony Sound Forge 7. Sound file properties: 192
> kHz,
> > 32
> > > > bit floating point.
> > > > Running programs:
> > > > Media Player 9, jetAudio 6, Media Encoder 9 (broadcating live audio
> > > captured
> > > > from line-in on Sound Blaster Audio PCI 128), Command Prompt run as
> > built
> > > > in administrator.
> > > >
> > > > [System Log] PM 07:48:13
> > > > The previous system shutdown at 07:46:25 on 27.5.2004 Ç. was
> unexpected.
> > > >
> > > > [System Log] PM 07:48:14
> > > > The computer has rebooted from a bugcheck.  The bugcheck was:
> 0x000000d1
> > > > (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33). A dump was saved
in:
> > > > F:\WINDOWS\Minidump\Mini052704-01.dmp.
> > > >
> > > > [Security Log]
> > > > No suspictious events. Only anonymous and guest logon events.
> > > >
> > > > First security event after restart:
> > > > [Security Log] PM 07:48:13
> > > > Audit Policy Change:
> > > >  New Policy:
> > > >   Success Failure
> > > >       +     + Logon/Logoff
> > > >       -     - Object Access
> > > >       -     - Privilege Use
> > > >       +     + Account Management
> > > >       +     + Policy Change
> > > >       -     - System
> > > >       -     - Detailed Tracking
> > > >       -     - Directory Service Access
> > > >       +     + Account Logon
> > > >
> > > >  Changed By:
> > > >     User Name: THE-BOSS$
> > > >     Domain Name: 59
> > > >     Logon ID: (0x0,0x3E7)
> > > >
> > > > [comment]
> > > > Why the hell the system it self changes the security policy?
> > > > This server is absolutely free from any viruses and malicious code.
> > > >
> > > >
> > > > George Valkov
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Quantcast