Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-21949-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a04000 PsLoadedModuleList = 0xfffff800`02c41e50
Debug session time: Mon Aug 9 19:46:16.242 2010 (GMT-4)
System Uptime: 0 days 0:09:08.288
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41790, fffffa800105d770, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33946 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa800105d770
Arg3: 000000000000ffff
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41790
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: perfmon.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002ae7ede to fffff80002a74600
STACK_TEXT:
fffff880`0b317828 fffff800`02ae7ede : 00000000`0000001a 00000000`00041790 fffffa80`0105d770 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0b317830 fffff800`02aa7cc9 : 00000000`00000000 00000000`65ee5fff fffffa80`00000000 fffff800`00000000 : nt! ?? ::FNODOBFM::`string'+0x33946
fffff880`0b3179f0 fffff800`02d8e170 : fffffa80`038ae170 0007ffff`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`0b317b10 fffff800`02d8e57b : 00000010`00000000 00000000`64b90000 fffffa80`00000001 fffffa80`05c90540 : nt!MiUnmapViewOfSection+0x1b0
fffff880`0b317bd0 fffff800`02a73853 : fffffa80`042edb60 00000000`00000000 fffffa80`04333b30 00000000`09c988b0 : nt!NtUnmapViewOfSection+0x5f
fffff880`0b317c20 00000000`777dfffa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0024c328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777dfffa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+33946
fffff800`02ae7ede cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+33946
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33946
BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33946
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-21543-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a04000 PsLoadedModuleList = 0xfffff800`02c41e50
Debug session time: Mon Aug 9 19:35:55.265 2010 (GMT-4)
System Uptime: 0 days 0:55:48.701
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {48, 2, 1, fffff80002a5d19d}
Probably caused by : memory_corruption ( nt!MiDereferenceControlAreaPfn+5d )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000048, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a5d19d, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cac0e0
0000000000000048
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiDereferenceControlAreaPfn+5d
fffff800`02a5d19d f00fba69481f lock bts dword ptr [rcx+48h],1Fh
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: rundll32.exe
TRAP_FRAME: fffff88007a81070 -- (.trap 0xfffff88007a81070)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=001430006e696268 rbx=0000000000000000 rcx=fffff8a010ae5020
rdx=0000000001a5e000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a6b3cd rsp=fffff88007a81208 rbp=0000000000000007
r8=0000000000001000 r9=0000000000000080 r10=0000000000001000
r11=fffff8a010ae5000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!memcpy+0xbd:
fffff800`02a6b3cd 488941e0 mov qword ptr [rcx-20h],rax ds:3000:fffff8a0`10ae5000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a73b69 to fffff80002a74600
STACK_TEXT:
fffff880`07a808e8 fffff800`02a73b69 : 00000000`0000000a 00000000`00000048 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`07a808f0 fffff800`02a727e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`07a80a30 fffff800`02a5d19d : 00000000`0000002f 00000000`0000007f fffffa80`02350c80 00000000`000bc598 : nt!KiPageFault+0x260
fffff880`07a80bc0 fffff800`02a37c7c : 00000000`00000002 00000000`00000000 fffffa80`01d49300 00000000`00000000 : nt!MiDereferenceControlAreaPfn+0x5d
fffff880`07a80c30 fffff800`02b351dd : fffffa80`01d49300 fffff880`07a80d80 00000000`00000080 00000000`000a0877 : nt!MiRestoreTransitionPte+0xcc
fffff880`07a80c90 fffff800`02ae3a1e : 00000000`00000000 fffff880`07a80d80 fffff800`02c00b40 00000000`00000000 : nt!MiRemoveLowestPriorityStandbyPage+0x2ad
fffff880`07a80d10 fffff800`02a90b82 : 00000000`00000001 fffff8a0`10ae5000 fffff880`07a81070 fffff6fc`50085728 : nt! ?? ::FNODOBFM::`string'+0x29bf7
fffff880`07a80e00 fffff800`02a8ebd1 : 00000000`0009d424 00000000`00000001 fffff880`07a810f0 fffff800`02a7a6ef : nt!MiDispatchFault+0x8c2
fffff880`07a80f10 fffff800`02a726ee : 00000000`00000001 00000000`00000000 fffff880`07a81500 00000000`02bd0000 : nt!MmAccessFault+0x8f1
fffff880`07a81070 fffff800`02a6b3cd : fffff800`02cfdd73 00000000`00000000 fffff880`07a815f0 fffff880`07a815f0 : nt!KiPageFault+0x16e
fffff880`07a81208 fffff800`02cfdd73 : 00000000`00000000 fffff880`07a815f0 fffff880`07a815f0 00000000`02bd0000 : nt!memcpy+0xbd
fffff880`07a81210 fffff800`02cf99a7 : fffff8a0`00001000 fffff880`02bd0000 fffff8a0`00000000 00000000`00143000 : nt!HvpReadFileImageAndBuildMap+0x123
fffff880`07a812c0 fffff800`02cf95d6 : 00000000`02c00000 fffff8a0`07337000 01cb37f6`17c6ffd3 fffff8a0`0c66f420 : nt!HvLoadHive+0xd7
fffff880`07a81320 fffff800`02cf6052 : 00000000`00000000 00000000`00000002 fffff8a0`0c66ffc8 00000000`00000001 : nt!HvInitializeHive+0x262
fffff880`07a81380 fffff800`02cf6bed : fffff880`07a81520 fffff880`07a815f0 ffffffff`80000970 fffff880`07a81a28 : nt!CmpInitializeHive+0x4a6
fffff880`07a81470 fffff800`02cf9aae : 00000000`00000000 fffff800`00000000 fffff880`07a817d8 fffff880`07a817d1 : nt!CmpInitHiveFromFile+0x249
fffff880`07a81590 fffff800`02cfc423 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpCmdHiveOpen+0x8a
fffff880`07a81780 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmLoadKey+0x1a7
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiDereferenceControlAreaPfn+5d
fffff800`02a5d19d f00fba69481f lock bts dword ptr [rcx+48h],1Fh
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiDereferenceControlAreaPfn+5d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xA_nt!MiDereferenceControlAreaPfn+5d
BUCKET_ID: X64_0xA_nt!MiDereferenceControlAreaPfn+5d
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-20904-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a64000 PsLoadedModuleList = 0xfffff800`02ca1e50
Debug session time: Mon Aug 9 19:50:21.553 2010 (GMT-4)
System Uptime: 0 days 0:02:55.989
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff80202adb752, 2, 8, fffff80202adb752}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff80202adb752, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff80202adb752, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d0c0e0
fffff80202adb752
CURRENT_IRQL: 2
FAULTING_IP:
+5925952f01feddc4
fffff802`02adb752 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Steam.exe
TRAP_FRAME: fffff880073bf810 -- (.trap 0xfffff880073bf810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000007ef20001 rbx=0000000000000000 rcx=fffff880073bf960
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80202adb752 rsp=fffff880073bf9a0 rbp=fffffa80057f58e0
r8=0000000000000000 r9=0000000000000000 r10=0000000000002000
r11=fffffa80036a897c r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
fffff802`02adb752 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ad3b69 to fffff80002ad4600
FAILED_INSTRUCTION_ADDRESS:
+5925952f01feddc4
fffff802`02adb752 ?? ???
STACK_TEXT:
fffff880`073bf6c8 fffff800`02ad3b69 : 00000000`0000000a fffff802`02adb752 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff880`073bf6d0 fffff800`02ad27e0 : fffffa80`04eef320 fffffa80`057f58e0 00000000`1b59576a fffff800`02c4ee80 : nt!KiBugCheckDispatch+0x69
fffff880`073bf810 fffff802`02adb752 : fffffa80`057f58e0 fffffa80`057f58e0 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`073bf9a0 fffffa80`057f58e0 : fffffa80`057f58e0 00000000`00000000 00000000`00000000 00000000`00000200 : 0xfffff802`02adb752
fffff880`073bf9a8 fffffa80`057f58e0 : 00000000`00000000 00000000`00000000 00000000`00000200 00000000`00000000 : 0xfffffa80`057f58e0
fffff880`073bf9b0 00000000`00000000 : 00000000`00000000 00000000`00000200 00000000`00000000 00000000`00000000 : 0xfffffa80`057f58e0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02ad27e0 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_nt!KiPageFault+260
BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_nt!KiPageFault+260
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-14539-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a03000 PsLoadedModuleList = 0xfffff800`02c40e50
Debug session time: Mon Aug 9 18:39:23.661 2010 (GMT-4)
System Uptime: 0 days 0:03:43.097
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {5003, fffff90000812000, 2eca, fffff900c22d2009}
Probably caused by : win32k.sys ( win32k!memset+b0 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005003, The subtype of the bugcheck.
Arg2: fffff90000812000
Arg3: 0000000000002eca
Arg4: fffff900c22d2009
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_5003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff880090e3ee0 -- (.trap 0xfffff880090e3ee0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c5400000 rbx=0000000000000000 rcx=fffff900c5748000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff96000113c10 rsp=fffff880090e4078 rbp=0000000000000001
r8=0000000000000028 r9=0000000000014378 r10=000000000000007f
r11=0000000000000034 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
win32k!memset+0xb0:
fffff960`00113c10 480fc311 movnti qword ptr [rcx],rdx ds:0001:fffff900`c5748000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ae2d98 to fffff80002a73600
STACK_TEXT:
fffff880`090e3b78 fffff800`02ae2d98 : 00000000`0000001a 00000000`00005003 fffff900`00812000 00000000`00002eca : nt!KeBugCheckEx
fffff880`090e3b80 fffff800`02a8fb82 : 00000000`00000001 fffff900`c5748000 fffff880`090e3ee0 fffff6fc`8062ba40 : nt! ?? ::FNODOBFM::`string'+0x29f97
fffff880`090e3c70 fffff800`02a8dbd1 : 00000000`000bea5d 00000000`00000000 fffff880`09004490 fffff8a0`0186c8e8 : nt!MiDispatchFault+0x8c2
fffff880`090e3d80 fffff800`02a716ee : 00000000`00000001 fffff900`c5400000 fffff880`090e4000 fffff880`090e4008 : nt!MmAccessFault+0x8f1
fffff880`090e3ee0 fffff960`00113c10 : fffff960`00102a12 fffff900`c0746010 00000000`00000000 fffff960`00246ffc : nt!KiPageFault+0x16e
fffff880`090e4078 fffff960`00102a12 : fffff900`c0746010 00000000`00000000 fffff960`00246ffc 00000000`00000000 : win32k!memset+0xb0
fffff880`090e4080 fffff960`00103f2b : 00000000`00000000 fffff880`090e4220 00000000`00000001 fffff960`001015e6 : win32k!AllocateObject+0xf2
fffff880`090e40c0 fffff960`000db4a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1fb
fffff880`090e41b0 fffff960`000db01e : 00000472`00000780 00000000`00000472 00000000`01080030 00000000`00000780 : win32k!hsurfCreateCompatibleSurface+0x3bc
fffff880`090e4280 fffff800`02a72853 : fffffa80`046f0b60 fffff880`090e43e0 00000000`00000000 fffff900`c00bf010 : win32k!GreCreateCompatibleBitmap+0x26e
fffff880`090e4360 00000000`73ad2dd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0016cc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ad2dd9
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!memset+b0
fffff960`00113c10 480fc311 movnti qword ptr [rcx],rdx
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: win32k!memset+b0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4bdc4376
FAILURE_BUCKET_ID: X64_0x1a_5003_win32k!memset+b0
BUCKET_ID: X64_0x1a_5003_win32k!memset+b0
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-14523-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a1e000 PsLoadedModuleList = 0xfffff800`02c5be50
Debug session time: Mon Aug 9 18:34:31.432 2010 (GMT-4)
System Uptime: 0 days 0:06:47.868
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8a201bb708c, 0, fffff80002d770cc, 5}
Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MiApplyCompressedFixups+40 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8a201bb708c, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002d770cc, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc60e0
fffff8a201bb708c
FAULTING_IP:
nt!MiApplyCompressedFixups+40
fffff800`02d770cc 0fb603 movzx eax,byte ptr [rbx]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88007afc310 -- (.trap 0xfffff88007afc310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a001bb5000 rbx=0000000000000000 rcx=fffffa80061df6e0
rdx=fffff88008590000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002d770cc rsp=fffff88007afc4a0 rbp=0000000000000003
r8=fffff8a201bb708c r9=fffffffff7d60000 r10=0000000000000fff
r11=fffff88008590000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!MiApplyCompressedFixups+0x40:
fffff800`02d770cc 0fb603 movzx eax,byte ptr [rbx] ds:6120:00000000`00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b0d801 to fffff80002a8e600
STACK_TEXT:
fffff880`07afc1a8 fffff800`02b0d801 : 00000000`00000050 fffff8a2`01bb708c 00000000`00000000 fffff880`07afc310 : nt!KeBugCheckEx
fffff880`07afc1b0 fffff800`02a8c6ee : 00000000`00000000 fffff8a2`01bb708c fffffa80`00000000 00001f80`010100da : nt! ?? ::FNODOBFM::`string'+0x40ecb
fffff880`07afc310 fffff800`02d770cc : fffff880`07afc580 00000000`00000000 fffffa80`047049e0 fffffa80`06196168 : nt!KiPageFault+0x16e
fffff880`07afc4a0 fffff800`02d76f45 : fffff880`08590000 ffffffff`f7d60000 00000000`00023000 fffffa80`007f5ea0 : nt!MiApplyCompressedFixups+0x40
fffff880`07afc4f0 fffff800`02d6417c : fffffa80`00000000 fffffa80`06196060 00000000`00000000 00000000`00000000 : nt!MiPerformFixups+0x65
fffff880`07afc540 fffff800`02a7fb4c : fffffa80`007f5ea0 fffffa80`05d56f50 00000000`00000000 fffff800`02a80000 : nt!MiRelocateImagePfn+0x114
fffff880`07afc5a0 fffff800`02a35db4 : fffffa80`05d56e90 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWaitForInPageComplete+0x89c
fffff880`07afc680 fffff800`02cef97a : 00000000`00000000 fffffa80`0592f280 00000000`00000001 fffffa80`0592f280 : nt!MiPfCompletePrefetchIos+0x54
fffff880`07afc6b0 fffff800`02eec76d : 00000000`0000005d 00000000`0000005d fffffa80`0592f280 fffff880`07afc778 : nt!MmPrefetchPages+0x13a
fffff880`07afc710 fffff800`02ef478e : fffff8a0`00000000 fffff8a0`00000000 fffff8a0`0000002b 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x21d
fffff880`07afc810 fffff800`02ef5327 : 00000000`00000000 fffff880`07afcca0 fffff880`07afca08 fffff8a0`010a3060 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`07afc960 fffff800`02f018fe : fffff880`07afca08 fffff880`07afca01 fffffa80`06033bc0 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`07afc9d0 fffff800`02f0602e : 00000000`00000000 00000000`0149f710 00000000`0000004f 00000000`07920201 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`07afcab0 fffff800`02a8d853 : fffffa80`06196060 00000000`00000000 00000000`00000001 00000000`00000000 : nt!NtSetSystemInformation+0xb91
fffff880`07afcc20 00000000`76e3144a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0149f6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e3144a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiApplyCompressedFixups+40
fffff800`02d770cc 0fb603 movzx eax,byte ptr [rbx]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiApplyCompressedFixups+40
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x50_nt!MiApplyCompressedFixups+40
BUCKET_ID: X64_0x50_nt!MiApplyCompressedFixups+40
Followup: MachineOwner
---------
While I am looking at drivers, please enable Driver Verifier and let it run for 36 hours. It it encounters a faulty driver, it will crash creating a dump file the, hopefully, identifies the driver. Upload this dump file.