Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010312-27346-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a11000 PsLoadedModuleList = 0xfffff800`02c56670
Debug session time: Tue Jan 3 18:52:30.813 2012 (UTC - 7:00)
System Uptime: 0 days 7:03:45.000
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {10, 2, 0, fffff880014010f9}
Probably caused by : NETIO.SYS ( NETIO!RtlGetNextExpiredTimerWheelEntry+ea )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880014010f9, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc0100
0000000000000010
CURRENT_IRQL: 2
FAULTING_IP:
NETIO!RtlGetNextExpiredTimerWheelEntry+ea
fffff880`014010f9 8b4210 mov eax,dword ptr [rdx+10h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: PandoraSaga.ex
TRAP_FRAME: fffff80000ba2580 -- (.trap 0xfffff80000ba2580)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000002de92d0 rbx=0000000000000000 rcx=fffffa80062398f8
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880014010f9 rsp=fffff80000ba2718 rbp=00000000000001f4
r8=000000000183ef08 r9=fffffa8006238000 r10=000000000183f708
r11=000000000000007c r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
NETIO!RtlGetNextExpiredTimerWheelEntry+0xea:
fffff880`014010f9 8b4210 mov eax,dword ptr [rdx+10h] ds:8c50:00000000`00000010=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a8d1e9 to fffff80002a8dc40
STACK_TEXT:
fffff800`00ba2438 fffff800`02a8d1e9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`00ba2440 fffff800`02a8be60 : fffff800`00ba2e00 fffffa80`0654ce70 fffffa80`05186600 00000000`0183f6e6 : nt!KiBugCheckDispatch+0x69
fffff800`00ba2580 fffff880`014010f9 : fffff880`040cd0cc 00000000`0183f468 fffff880`00e92f19 00000000`000003e8 : nt!KiPageFault+0x260
fffff800`00ba2718 fffff880`040cd0cc : 00000000`0183f468 fffff880`00e92f19 00000000`000003e8 fffff880`04336688 : NETIO!RtlGetNextExpiredTimerWheelEntry+0xea
fffff800`00ba2720 fffff800`02a995fc : fffff800`00ba28d8 00000000`00000000 00000000`00000003 00000000`00000000 : afd!AfdTimerWheelHandler+0xbc
fffff800`00ba27a0 fffff800`02a99496 : fffffa80`077f0be8 fffffa80`077f0be8 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
fffff800`00ba2810 fffff800`02a9937e : 0000003b`327b22c6 fffff800`00ba2e88 00000000`0018de65 fffff800`02c06f28 : nt!KiProcessExpiredTimerList+0xc6
fffff800`00ba2e60 fffff800`02a99167 : fffff800`02c03ecc fffffa80`0018de65 fffffa80`0568f050 00000000`00000065 : nt!KiTimerExpiration+0x1be
fffff800`00ba2f00 fffff800`02a90765 : 00000000`00000000 fffffa80`05186680 00000000`00000000 fffff880`0110bf5c : nt!KiRetireDpcList+0x277
fffff800`00ba2fb0 fffff800`02a9057c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KyRetireDpcList+0x5
fffff880`0a15ebe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!RtlGetNextExpiredTimerWheelEntry+ea
fffff880`014010f9 8b4210 mov eax,dword ptr [rdx+10h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETIO!RtlGetNextExpiredTimerWheelEntry+ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381
FAILURE_BUCKET_ID: X64_0xD1_NETIO!RtlGetNextExpiredTimerWheelEntry+ea
BUCKET_ID: X64_0xD1_NETIO!RtlGetNextExpiredTimerWheelEntry+ea
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010312-24102-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a4e000 PsLoadedModuleList = 0xfffff800`02c93670
Debug session time: Tue Jan 3 19:23:17.187 2012 (UTC - 7:00)
System Uptime: 0 days 0:27:28.763
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffffffffffd20, 2, 0, fffff80002a9185a}
Probably caused by : ntkrnlmp.exe ( nt!KeQueryValuesProcess+a0 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffffffffd20, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a9185a, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfd100
fffffffffffffd20
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeQueryValuesProcess+a0
fffff800`02a9185a 488b8120fdffff mov rax,qword ptr [rcx-2E0h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: PandoraSaga.ex
TRAP_FRAME: fffff8800894a460 -- (.trap 0xfffff8800894a460)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=000000000000012c rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a9185a rsp=fffff8800894a5f0 rbp=0000000000000000
r8=00000000fffffcca r9=fffffa8007187090 r10=fffffa8007187030
r11=fffffa800533f3f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
nt!KeQueryValuesProcess+0xa0:
fffff800`02a9185a 488b8120fdffff mov rax,qword ptr [rcx-2E0h] ds:0001:ffffffff`fffffd20=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002aca1e9 to fffff80002acac40
STACK_TEXT:
fffff880`0894a318 fffff800`02aca1e9 : 00000000`0000000a ffffffff`fffffd20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0894a320 fffff800`02ac8e60 : 00000000`14b86b48 fffffa80`0714e5d0 00000000`00000000 fffff880`0894a670 : nt!KiBugCheckDispatch+0x69
fffff880`0894a460 fffff800`02a9185a : 00000000`00000090 fffff800`02f65945 fffffa80`0533f3e0 00000000`00000090 : nt!KiPageFault+0x260
fffff880`0894a5f0 fffff800`02d87b2c : fffffa80`0533f3e0 00000000`00000000 fffff880`0894aca0 00000000`00000090 : nt!KeQueryValuesProcess+0xa0
fffff880`0894a620 fffff800`02d868fa : 00000000`00000000 00000000`00007670 00000000`14b875c0 00000000`14b86b48 : nt!ExpCopyProcessInfo+0x1f8
fffff880`0894a6e0 fffff800`02dd49f6 : 00000000`14b80050 fffff880`00100400 fffff880`0894a870 00000000`00000000 : nt!ExpGetProcessInformation+0x14b
fffff880`0894a830 fffff800`02dd5449 : 00000000`14b80050 fffff800`02dd53fc 00000000`00000005 00000000`00010246 : nt!ExpQuerySystemInformation+0xfb4
fffff880`0894abe0 fffff800`02ac9ed3 : 00000000`00000001 00000000`14b80038 00000000`00000001 00000000`002d0000 : nt!NtQuerySystemInformation+0x4d
fffff880`0894ac20 00000000`770c167a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0038e708 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770c167a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeQueryValuesProcess+a0
fffff800`02a9185a 488b8120fdffff mov rax,qword ptr [rcx-2E0h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeQueryValuesProcess+a0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KeQueryValuesProcess+a0
BUCKET_ID: X64_0xA_nt!KeQueryValuesProcess+a0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010312-19796-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a0c000 PsLoadedModuleList = 0xfffff800`02c51670
Debug session time: Tue Jan 3 21:05:54.053 2012 (UTC - 7:00)
System Uptime: 0 days 1:41:19.240
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff88002e68610, 2, 1, fffff80002a91682}
Probably caused by : ntkrnlmp.exe ( nt!KiTimerWaitTest+1e2 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff88002e68610, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a91682, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cbb100
fffff88002e68610
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiTimerWaitTest+1e2
fffff800`02a91682 f0490fbaaf9044000000 lock bts qword ptr [r15+4490h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: PandoraSaga.ex
TRAP_FRAME: fffff88002f93600 -- (.trap 0xfffff88002f93600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000102 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a91682 rsp=fffff88002f93790 rbp=fffffa8007bc1128
r8=fffff88002f66301 r9=0000000000000004 r10=000000000000003c
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!KiTimerWaitTest+0x1e2:
fffff800`02a91682 f0490fbaaf9044000000 lock bts qword ptr [r15+4490h],0 ds:0004:00000000`00004490=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a881e9 to fffff80002a88c40
STACK_TEXT:
fffff880`02f934b8 fffff800`02a881e9 : 00000000`0000000a fffff880`02e68610 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`02f934c0 fffff800`02a86e60 : fffff880`00000000 fffffa80`00000000 fffff880`13c246cc fffffa80`07bc1128 : nt!KiBugCheckDispatch+0x69
fffff880`02f93600 fffff800`02a91682 : fffff880`02f934c0 00000000`00000000 00000000`00000000 00000000`00000022 : nt!KiPageFault+0x260
fffff880`02f93790 fffff800`02a9443d : fffffa80`07bc1120 fffffa80`05821b28 fffffa80`05821b28 00000000`00000102 : nt!KiTimerWaitTest+0x1e2
fffff880`02f93810 fffff800`02a9437e : 0000000e`278269f9 fffff880`02f93e88 00000000`0005f23c fffff880`02f66d08 : nt!KiProcessExpiredTimerList+0x6d
fffff880`02f93e60 fffff800`02a94167 : fffff880`02f641c3 fffffa80`0005f23c fffffa80`06803000 00000000`0000003c : nt!KiTimerExpiration+0x1be
fffff880`02f93f00 fffff800`02a8b765 : 00000000`00000000 fffffa80`050ba060 00000000`00000000 fffff880`130560b0 : nt!KiRetireDpcList+0x277
fffff880`02f93fb0 fffff800`02a8b57c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KyRetireDpcList+0x5
fffff880`098f2be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTimerWaitTest+1e2
fffff800`02a91682 f0490fbaaf9044000000 lock bts qword ptr [r15+4490h],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiTimerWaitTest+1e2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KiTimerWaitTest+1e2
BUCKET_ID: X64_0xA_nt!KiTimerWaitTest+1e2
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010412-16411-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a11000 PsLoadedModuleList = 0xfffff800`02c56670
Debug session time: Wed Jan 4 09:53:35.795 2012 (UTC - 7:00)
System Uptime: 0 days 0:30:31.371
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {2ec, 2, 0, fffff80002a5485a}
Probably caused by : ntkrnlmp.exe ( nt!KeQueryValuesProcess+a0 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000002ec, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a5485a, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc0100
00000000000002ec
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeQueryValuesProcess+a0
fffff800`02a5485a 488b8120fdffff mov rax,qword ptr [rcx-2E0h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: swtor.exe
TRAP_FRAME: fffff88007d63460 -- (.trap 0xfffff88007d63460)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=00000000000005cc
rdx=00000000000000f7 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a5485a rsp=fffff88007d635f0 rbp=0000000000000000
r8=00000000000002e5 r9=fffffa8007770630 r10=fffffa80077705d0
r11=fffffa8007329490 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!KeQueryValuesProcess+0xa0:
fffff800`02a5485a 488b8120fdffff mov rax,qword ptr [rcx-2E0h] ds:0001:00000000`000002ec=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a8d1e9 to fffff80002a8dc40
STACK_TEXT:
fffff880`07d63318 fffff800`02a8d1e9 : 00000000`0000000a 00000000`000002ec 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`07d63320 fffff800`02a8be60 : 00000000`0179fc78 fffffa80`07773b30 00000000`00000000 fffff880`07d63670 : nt!KiBugCheckDispatch+0x69
fffff880`07d63460 fffff800`02a5485a : 00000000`000000a0 fffff800`02f28945 fffffa80`07329480 00000000`000000a0 : nt!KiPageFault+0x260
fffff880`07d635f0 fffff800`02d4ab2c : fffffa80`07329480 00000000`00000000 fffff880`07d63ca0 00000000`000000a0 : nt!KeQueryValuesProcess+0xa0
fffff880`07d63620 fffff800`02d498fa : 00000000`00000000 00000000`0000c6a8 00000000`0179fe88 00000000`0179fc78 : nt!ExpCopyProcessInfo+0x1f8
fffff880`07d636e0 fffff800`02d979f6 : 00000000`017938e0 fffffa80`0000e400 fffff880`07d63870 00000000`00000000 : nt!ExpGetProcessInformation+0x14b
fffff880`07d63830 fffff800`02d98449 : 00000000`017938e0 00000000`0195f030 00000000`00000005 00000000`fffd5000 : nt!ExpQuerySystemInformation+0xfb4
fffff880`07d63be0 fffff800`02a8ced3 : 00000000`00000001 00000000`cbcfd000 00000000`fffd5001 00000000`cbcf0000 : nt!NtQuerySystemInformation+0x4d
fffff880`07d63c20 00000000`7756167a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0195e5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7756167a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeQueryValuesProcess+a0
fffff800`02a5485a 488b8120fdffff mov rax,qword ptr [rcx-2E0h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeQueryValuesProcess+a0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KeQueryValuesProcess+a0
BUCKET_ID: X64_0xA_nt!KeQueryValuesProcess+a0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010512-17565-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a0b000 PsLoadedModuleList = 0xfffff800`02c50670
Debug session time: Wed Jan 4 23:43:52.613 2012 (UTC - 7:00)
System Uptime: 0 days 13:15:09.189
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff880008ee610, 2, 1, fffff80002a8ecf7}
Probably caused by : ntkrnlmp.exe ( nt!KiSignalSynchronizationObject+137 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff880008ee610, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a8ecf7, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cba100
fffff880008ee610
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiSignalSynchronizationObject+137
fffff800`02a8ecf7 f0490fbaae9044000000 lock bts qword ptr [r14+4490h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: audiodg.exe
TRAP_FRAME: fffff88003e5d970 -- (.trap 0xfffff88003e5d970)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a8ecf7 rsp=fffff88003e5db00 rbp=fffffa80051e63a0
r8=0000000000000000 r9=00000000000002a8 r10=fffffa8004604570
r11=0000000000100002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!KiSignalSynchronizationObject+0x137:
fffff800`02a8ecf7 f0490fbaae9044000000 lock bts qword ptr [r14+4490h],0 ds:00000000`00004490=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a871e9 to fffff80002a87c40
STACK_TEXT:
fffff880`03e5d828 fffff800`02a871e9 : 00000000`0000000a fffff880`008ee610 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`03e5d830 fffff800`02a85e60 : fffffa80`00000000 fffff8a0`011a29d0 00000000`00000000 fffffa80`06878df8 : nt!KiBugCheckDispatch+0x69
fffff880`03e5d970 fffff800`02a8ecf7 : 00000000`00000001 fffffa80`0532d4f0 00000000`00000000 ffffddf1`7541a25c : nt!KiPageFault+0x260
fffff880`03e5db00 fffff800`02a8bca6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiSignalSynchronizationObject+0x137
fffff880`03e5db50 fffff800`02d70b50 : fffff880`00000000 00000000`00000001 fffffa80`04604500 fffff8a0`0edea001 : nt!KeSetEvent+0x106
fffff880`03e5dbc0 fffff800`02a86ed3 : fffffa80`05355060 fffff880`03e5dca0 00000000`00000000 fffffa80`06878df0 : nt!NtSetEvent+0x90
fffff880`03e5dc20 00000000`772913fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0252f868 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772913fa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSignalSynchronizationObject+137
fffff800`02a8ecf7 f0490fbaae9044000000 lock bts qword ptr [r14+4490h],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiSignalSynchronizationObject+137
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KiSignalSynchronizationObject+137
BUCKET_ID: X64_0xA_nt!KiSignalSynchronizationObject+137
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010812-16364-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a4f000 PsLoadedModuleList = 0xfffff800`02c94670
Debug session time: Sun Jan 8 10:02:40.370 2012 (UTC - 7:00)
System Uptime: 0 days 0:27:51.946
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002acb081}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002acb081
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: swtor.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002acb1e9 to fffff80002acbc40
STACK_TEXT:
fffff880`02f6ace8 fffff800`02acb1e9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02f6acf0 fffff800`02ac96b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f6ae30 fffff800`02acb081 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
00000000`0000002b 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x1a6
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`02ac96b2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\XplicitMind\Windows_NT6_BSOD_jcgriff2\010812-20077-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a52000 PsLoadedModuleList = 0xfffff800`02c97670
Debug session time: Sun Jan 8 10:22:49.165 2012 (UTC - 7:00)
System Uptime: 0 days 0:18:28.351
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffa7ffffffe58, 2, 1, fffff80002aeee11}
Probably caused by : memory_corruption ( nt!MiUnlinkFreeOrZeroedPage+181 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa7ffffffe58, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002aeee11, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d01100
fffffa7ffffffe58
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiUnlinkFreeOrZeroedPage+181
fffff800`02aeee11 48893cc2 mov qword ptr [rdx+rax*8],rdi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: MsMpEng.exe
TRAP_FRAME: fffff88009713f90 -- (.trap 0xfffff88009713f90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffffffffffffca rbx=0000000000000000 rcx=0000000000000008
rdx=fffffa8000000008 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002aeee11 rsp=fffff88009714120 rbp=000000000000002b
r8=0000000000000000 r9=0000000000000000 r10=fffffa8003902ed8
r11=fffff80002c44e80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiUnlinkFreeOrZeroedPage+0x181:
fffff800`02aeee11 48893cc2 mov qword ptr [rdx+rax*8],rdi ds:fffffa7f`fffffe58=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ace1e9 to fffff80002acec40
STACK_TEXT:
fffff880`09713e48 fffff800`02ace1e9 : 00000000`0000000a fffffa7f`fffffe58 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`09713e50 fffff800`02acce60 : fffffa80`018f5df0 fffff880`09714010 ffffffff`ffffffff fffffa80`03402810 : nt!KiBugCheckDispatch+0x69
fffff880`09713f90 fffff800`02aeee11 : fffff6fc`4002beb0 fffff6fc`c00c1d30 f8a006a1`f6400400 00001f80`00000000 : nt!KiPageFault+0x260
fffff880`09714120 fffff800`02af3648 : fffff880`09714200 00000000`0011562b fffffa80`03402810 00000000`00000000 : nt!MiUnlinkFreeOrZeroedPage+0x181
fffff880`09714190 fffff800`02afb57b : 00000000`00000000 ffffffff`00000000 ffffffff`ffffffff 00000000`00000056 : nt!MiRemoveAnyPage+0x1d8
fffff880`097142b0 fffff800`02af7e3e : fffff980`183b9000 00000000`0fb69040 fffff880`00000000 00000000`00001000 : nt!MmCopyToCachedPage+0xa0b
fffff880`097144a0 fffff800`02af83f4 : fffffa80`072317a0 00000000`0fb69040 fffff880`097145e0 00000000`03f80000 : nt!CcMapAndCopyInToCache+0x20e
fffff880`09714590 fffff880`01248bf6 : 00000000`00000000 fffff880`09714800 fffffa80`04b6ce40 00000000`00000000 : nt!CcCopyWrite+0x194
fffff880`09714620 fffff880`012491a3 : fffffa80`04b6ce40 fffff980`1dc1cc10 fffff880`09714801 fffff880`09714800 : Ntfs!NtfsCommonWrite+0x3390
fffff880`097147d0 fffff800`02f74c16 : fffff980`1dc1cc10 fffff980`1dc1cc10 fffffa80`05628030 fffffa80`07c0e8a0 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`09714890 fffff880`010c3bcf : fffff980`1dc1cfb0 fffff880`09714940 fffffa80`07ae1be0 fffffa80`07c0e8a0 : nt!IovCallDriver+0x566
fffff880`097148f0 fffff880`010c26df : fffffa80`057e5a10 fffffa80`057e5a10 fffffa80`057e5a00 fffff980`1dc1cc10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`09714980 fffff800`02f74c16 : fffff980`1dc1cc10 00000000`00000002 fffff980`1dc1cc10 00000000`00000000 : fltmgr!FltpDispatch+0xcf
fffff880`097149e0 fffff800`02dd721b : 00000000`00000001 fffffa80`07cfbb00 00000000`00000001 fffffa80`05b117c0 : nt!IovCallDriver+0x566
fffff880`09714a40 fffff800`02de1c83 : fffff980`1dc1cff8 fffff880`09714ca0 fffffa80`07cfbb00 fffffa80`07cfbb74 : nt!IopSynchronousServiceTail+0xfb
fffff880`09714ab0 fffff800`02acded3 : 00000000`00000801 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWriteFile+0x7e2
fffff880`09714bb0 00000000`7788139a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`038bc888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7788139a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiUnlinkFreeOrZeroedPage+181
fffff800`02aeee11 48893cc2 mov qword ptr [rdx+rax*8],rdi
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiUnlinkFreeOrZeroedPage+181
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xA_nt!MiUnlinkFreeOrZeroedPage+181
BUCKET_ID: X64_0xA_nt!MiUnlinkFreeOrZeroedPage+181
Followup: MachineOwner
---------
Your blue screens are system related, the following possibilities exist.