Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02e09000 PsLoadedModuleList = 0xfffff800`03046e50
Debug session time: Sun Feb 27 16:36:43.487 2011 (GMT-5)
System Uptime: 0 days 0:02:30.203
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {e3, fffffa8009361011, 522f3b4, 0}
Probably caused by : ntkrnlmp.exe ( nt!VerifierBugCheckIfAppropriate+3c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000e3, Kernel Zw API called with user-mode address as parameter.
Arg2: fffffa8009361011, Address inside the driver making the incorrect API call.
Arg3: 000000000522f3b4, User-mode address used as API parameter.
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_e3
FAULTING_IP:
+5ae952f01e5da28
fffffa80`09361011 3d05000080 cmp eax,80000005h
FOLLOWUP_IP:
nt!VerifierBugCheckIfAppropriate+3c
fffff800`033043dc cc int 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800033043dc to fffff80002e79740
STACK_TEXT:
fffff880`03f99558 fffff800`033043dc : 00000000`000000c4 00000000`000000e3 fffffa80`09361011 00000000`0522f3b4 : nt!KeBugCheckEx
fffff880`03f99560 fffff800`03304ec5 : fffffa80`074d0d00 00000000`00000032 00000000`00000080 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`03f995a0 fffff800`0330639e : 00000000`00000080 00000000`00000032 00000000`00000000 fffff800`0330639e : nt!ViZwCheckAddress+0x35
fffff880`03f995e0 fffff800`033095c8 : fffffa80`09361011 00000000`00000000 fffffa80`09360edb fffff800`02e74f30 : nt!ViZwCheckUnicodeString+0x2e
fffff880`03f99620 fffffa80`09361011 : 00000000`0522f3b4 fffff980`168c0da0 00000000`0522f3c4 00000000`00000018 : nt!VfZwQueryDirectoryFile+0x88
fffff880`03f996b0 00000000`0522f3b4 : fffff980`168c0da0 00000000`0522f3c4 00000000`00000018 fffff880`03f99778 : 0xfffffa80`09361011
fffff880`03f996b8 fffff980`168c0da0 : 00000000`0522f3c4 00000000`00000018 fffff880`03f99778 fffff980`168c0da0 : 0x522f3b4
fffff880`03f996c0 00000000`0522f3c4 : 00000000`00000018 fffff880`03f99778 fffff980`168c0da0 fffffa80`00000260 : 0xfffff980`168c0da0
fffff880`03f996c8 00000000`00000018 : fffff880`03f99778 fffff980`168c0da0 fffffa80`00000260 fffff800`00000003 : 0x522f3c4
fffff880`03f996d0 fffff880`03f99778 : fffff980`168c0da0 fffffa80`00000260 fffff800`00000003 fffff880`03f94001 : 0x18
fffff880`03f996d8 fffff980`168c0da0 : fffffa80`00000260 fffff800`00000003 fffff880`03f94001 fffff880`03f99728 : 0xfffff880`03f99778
fffff880`03f996e0 fffffa80`00000260 : fffff800`00000003 fffff880`03f94001 fffff880`03f99728 00000000`00000001 : 0xfffff980`168c0da0
fffff880`03f996e8 fffff800`00000003 : fffff880`03f94001 fffff880`03f99728 00000000`00000001 00000000`000101d0 : 0xfffffa80`00000260
fffff880`03f996f0 fffff880`03f94001 : fffff880`03f99728 00000000`00000001 00000000`000101d0 fffff980`173a2fc0 : 0xfffff800`00000003
fffff880`03f996f8 fffff880`03f99728 : 00000000`00000001 00000000`000101d0 fffff980`173a2fc0 00000000`00000000 : 0xfffff880`03f94001
fffff880`03f99700 00000000`00000001 : 00000000`000101d0 fffff980`173a2fc0 00000000`00000000 ffffffff`800007f4 : 0xfffff880`03f99728
fffff880`03f99708 00000000`000101d0 : fffff980`173a2fc0 00000000`00000000 ffffffff`800007f4 00000000`00100010 : 0x1
fffff880`03f99710 fffff980`173a2fc0 : 00000000`00000000 ffffffff`800007f4 00000000`00100010 00000000`0522f3b4 : 0x101d0
fffff880`03f99718 00000000`00000000 : ffffffff`800007f4 00000000`00100010 00000000`0522f3b4 00000000`00000260 : 0xfffff980`173a2fc0
STACK_COMMAND: kb
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!VerifierBugCheckIfAppropriate+3c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4cc791bd
FAILURE_BUCKET_ID: X64_0xc4_e3_VRF_nt!VerifierBugCheckIfAppropriate+3c
BUCKET_ID: X64_0xc4_e3_VRF_nt!VerifierBugCheckIfAppropriate+3c
Followup: MachineOwner
---------