Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-9547-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`0285a000 PsLoadedModuleList = 0xfffff800`02a97e50
Debug session time: Tue Jan 10 18:46:51.153 2012 (UTC - 7:00)
System Uptime: 0 days 0:19:46.495
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {2b, 2, 0, fffff800028d5e13}
Probably caused by : ntkrnlmp.exe ( nt!KiProcessExpiredTimerList+103 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000002b, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800028d5e13, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002b020e0
000000000000002b
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiProcessExpiredTimerList+103
fffff800`028d5e13 0fb6432b movzx eax,byte ptr [rbx+2Bh]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88002d8c450 -- (.trap 0xfffff88002d8c450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000b rbx=0000000000000000 rcx=fffffa800ab6c0e0
rdx=0000000000000102 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800028d5e13 rsp=fffff88002d8c5e0 rbp=fffffa800ab64148
r8=fffff88002d66301 r9=0000000000000002 r10=0000000000000018
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!KiProcessExpiredTimerList+0x103:
fffff800`028d5e13 0fb6432b movzx eax,byte ptr [rbx+2Bh] ds:00000000`0000002b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800028c9ca9 to fffff800028ca740
STACK_TEXT:
fffff880`02d8c308 fffff800`028c9ca9 : 00000000`0000000a 00000000`0000002b 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02d8c310 fffff800`028c8920 : 00000000`00000001 00000000`00000000 fffff880`02d8c580 fffff880`014e5fc6 : nt!KiBugCheckDispatch+0x69
fffff880`02d8c450 fffff800`028d5e13 : fffffa80`0ab6c100 fffffa80`09751788 fffffa80`09751788 00000000`00000102 : nt!KiPageFault+0x260
fffff880`02d8c5e0 fffff800`028d64be : 00000002`c334e59b fffff880`02d8cc58 00000000`00012918 fffff880`02d66888 : nt!KiProcessExpiredTimerList+0x103
fffff880`02d8cc30 fffff800`028d5cb7 : 00000000`c263b4c1 00000000`00012918 00000000`c263b46e 00000000`00000018 : nt!KiTimerExpiration+0x1be
fffff880`02d8ccd0 fffff800`028d2eea : fffff880`02d64180 fffff880`02d6f040 00000000`00000001 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff880`02d8cd80 00000000`00000000 : fffff880`02d8d000 fffff880`02d87000 fffff880`02d8cd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiProcessExpiredTimerList+103
fffff800`028d5e13 0fb6432b movzx eax,byte ptr [rbx+2Bh]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiProcessExpiredTimerList+103
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+103
BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+103
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-9999-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`0280a000 PsLoadedModuleList = 0xfffff800`02a47e50
Debug session time: Tue Jan 10 18:48:16.814 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:23.157
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {2c, 2, 0, fffff80002885e13}
Probably caused by : ntkrnlmp.exe ( nt!KiProcessExpiredTimerList+103 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000002c, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002885e13, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ab20e0
000000000000002c
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiProcessExpiredTimerList+103
fffff800`02885e13 0fb6432b movzx eax,byte ptr [rbx+2Bh]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff880009fc450 -- (.trap 0xfffff880009fc450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000b rbx=0000000000000000 rcx=fffffa800bc280e0
rdx=0000000000000102 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002885e13 rsp=fffff880009fc5e0 rbp=fffffa800bc20148
r8=fffff880009b4301 r9=0000000000000002 r10=00000000000000cc
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt!KiProcessExpiredTimerList+0x103:
fffff800`02885e13 0fb6432b movzx eax,byte ptr [rbx+2Bh] ds:00000000`0000002b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002879ca9 to fffff8000287a740
STACK_TEXT:
fffff880`009fc308 fffff800`02879ca9 : 00000000`0000000a 00000000`0000002c 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`009fc310 fffff800`02878920 : 00000000`00000006 00000000`00000001 fffffa80`0a70dd30 00000000`000009c4 : nt!KiBugCheckDispatch+0x69
fffff880`009fc450 fffff800`02885e13 : fffffa80`0bc28100 fffffa80`0b940798 fffffa80`0b940798 00000000`00000102 : nt!KiPageFault+0x260
fffff880`009fc5e0 fffff800`028864be : 00000000`0dcd8392 fffff880`009fcc58 00000000`000005cc fffff880`009b5f08 : nt!KiProcessExpiredTimerList+0x103
fffff880`009fcc30 fffff800`02885cb7 : 00000000`03f086c1 00000000`000005cc 00000000`03f08611 00000000`000000cc : nt!KiTimerExpiration+0x1be
fffff880`009fccd0 fffff800`02882eea : fffff880`009b2180 fffff880`009bd040 00000000`00000001 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff880`009fcd80 00000000`00000000 : fffff880`009fd000 fffff880`009f7000 fffff880`009fcd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiProcessExpiredTimerList+103
fffff800`02885e13 0fb6432b movzx eax,byte ptr [rbx+2Bh]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiProcessExpiredTimerList+103
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+103
BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+103
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-9562-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02859000 PsLoadedModuleList = 0xfffff800`02a96e50
Debug session time: Tue Jan 10 18:55:11.268 2012 (UTC - 7:00)
System Uptime: 0 days 0:05:54.235
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002bc4883, 0, ffffffffffffffff}
Probably caused by : memory_corruption ( nt!MmCreateSection+3b7 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002bc4883, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MmCreateSection+3b7
fffff800`02bc4883 488b4010 mov rax,qword ptr [rax+10h]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002b010e0
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880069a1158 -- (.exr 0xfffff880069a1158)
ExceptionAddress: fffff80002bc4883 (nt!MmCreateSection+0x00000000000003b7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff880069a1200 -- (.trap 0xfffff880069a1200)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=5741564155415441 rbx=0000000000000000 rcx=0000000000000038
rdx=0000000000000070 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002bc4883 rsp=fffff880069a1390 rbp=0000000001000000
r8=0000000000000160 r9=fffff880069a1178 r10=fffffa800a150a80
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MmCreateSection+0x3b7:
fffff800`02bc4883 488b4010 mov rax,qword ptr [rax+10h] ds:57415641`55415451=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002903a39 to fffff800028c9740
STACK_TEXT:
fffff880`069a0988 fffff800`02903a39 : 00000000`0000001e ffffffff`c0000005 fffff800`02bc4883 00000000`00000000 : nt!KeBugCheckEx
fffff880`069a0990 fffff800`028c8d82 : fffff880`069a1158 00000000`0000000c fffff880`069a1200 00000000`00000000 : nt!KiDispatchException+0x1b9
fffff880`069a1020 fffff800`028c768a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`069a1200 fffff800`02bc4883 : 00000000`00000004 00000000`01000000 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a
fffff880`069a1390 fffff800`02bba013 : fffff880`069a15f0 00000000`00000000 fffff880`069a1698 fffffa80`0ab6c048 : nt!MmCreateSection+0x3b7
fffff880`069a15a0 fffff800`02d26a23 : 00000000`00000000 fffff8a0`026d27f0 00000000`00000000 00000000`00000001 : nt!NtCreateSection+0x162
fffff880`069a1620 fffff800`02d26fb1 : 00000000`00000000 fffff8a0`026d27f0 fffffa80`0b1be0e0 fffff880`00000060 : nt!PfpFileBuildReadSupport+0x163
fffff880`069a1710 fffff800`02d2f0ce : fffff8a0`00000000 fffff8a0`00000003 fffff8a0`0000007c fffff8a0`00000000 : nt!PfpPrefetchFilesTrickle+0x121
fffff880`069a1810 fffff800`02d2fc67 : 00000000`00000000 fffff880`069a1ca0 fffff880`069a1a08 fffff8a0`013c7060 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`069a1960 fffff800`02d3c23e : fffff880`069a1a08 fffff880`069a1a01 fffffa80`0b9bc920 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`069a19d0 fffff800`02d4096e : 00000000`00000000 00000000`01b5f470 00000000`0000004f 00000000`069dd001 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`069a1ab0 fffff800`028c8993 : fffffa80`0bac4b60 00000000`00000000 000007fe`f95f7901 00000000`00000000 : nt!NtSetSystemInformation+0xb91
fffff880`069a1c20 00000000`770d144a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01b5f448 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770d144a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MmCreateSection+3b7
fffff800`02bc4883 488b4010 mov rax,qword ptr [rax+10h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MmCreateSection+3b7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!MmCreateSection+3b7
BUCKET_ID: X64_0x1E_c0000005_nt!MmCreateSection+3b7
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-10202-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02809000 PsLoadedModuleList = 0xfffff800`02a46e50
Debug session time: Tue Jan 10 19:21:07.192 2012 (UTC - 7:00)
System Uptime: 0 days 0:24:55.534
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {22, fffff8a00aa6a000, 1, 0}
GetPointerFromAddress: unable to read from fffff80002ab10e0
GetUlongFromAddress: unable to read from fffff80002a1f1b0
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+72f8 )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000022,
Arg2: fffff8a00aa6a000
Arg3: 0000000000000001
Arg4: 0000000000000000
Debugging Details:
------------------
GetUlongFromAddress: unable to read from fffff80002a1f1b0
BUGCHECK_STR: 0x19_22
POOL_ADDRESS: fffff8a00aa6a000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TrustedInstall
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800028cec80 to fffff80002879740
STACK_TEXT:
fffff880`03b7b868 fffff800`028cec80 : 00000000`00000019 00000000`00000022 fffff8a0`0aa6a000 00000000`00000001 : nt!KeBugCheckEx
fffff880`03b7b870 fffff800`029ae518 : 00000000`00000000 fffff880`03b7b9c0 fffff880`03b7b930 fffff8a0`00000001 : nt! ?? ::FNODOBFM::`string'+0x72f8
fffff880`03b7b900 fffff800`02b07aa7 : 00000000`00000001 fffff8a0`09e5c0c0 00000000`31334d43 00000000`00000001 : nt!ExFreePoolWithTag+0x468
fffff880`03b7b9b0 fffff800`02b055b4 : fffff8a0`00000000 fffff880`03b7ba01 fffff8a0`00000001 fffff880`024ab000 : nt!HvFreeHive+0x147
fffff880`03b7ba30 fffff800`02b05191 : fffff8a0`07257990 fffff880`03b7bca0 00000000`00000000 00000000`00000006 : nt!CmUnloadKey+0x190
fffff880`03b7ba70 fffff800`02878993 : fffffa80`09a48b60 000007fe`fe203110 00000000`00000001 fffffa80`0adc5501 : nt!NtUnloadKey2+0x4e4
fffff880`03b7bc20 00000000`778615da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00addc58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x778615da
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+72f8
fffff800`028cec80 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+72f8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x19_22_nt!_??_::FNODOBFM::_string_+72f8
BUCKET_ID: X64_0x19_22_nt!_??_::FNODOBFM::_string_+72f8
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-9984-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`0284c000 PsLoadedModuleList = 0xfffff800`02a89e50
Debug session time: Tue Jan 10 20:35:46.405 2012 (UTC - 7:00)
System Uptime: 0 days 1:13:37.731
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002ba3ff5, fffff880078e3ed0, 0}
Probably caused by : memory_corruption ( nt!MiSwitchBaseAddress+49 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002ba3ff5, Address of the instruction which caused the bugcheck
Arg3: fffff880078e3ed0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiSwitchBaseAddress+49
fffff800`02ba3ff5 48017810 add qword ptr [rax+10h],rdi
CONTEXT: fffff880078e3ed0 -- (.cxr 0xfffff880078e3ed0)
rax=0808080808080808 rbx=fffff8a002bd0e70 rcx=fffffa8009868a30
rdx=fffff8a002bd0fb0 rsi=fffff8a002b92860 rdi=0808080808080808
rip=fffff80002ba3ff5 rsp=fffff880078e48a0 rbp=fffffa8009868a30
r8=fffff6fc4003f090 r9=fffff6fc4003f090 r10=00000000ffffffff
r11=fffffa80096d9ff8 r12=fffffa8009868a30 r13=fffff6fc4003f090
r14=fffff8a002bd0e70 r15=000007fefb380000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!MiSwitchBaseAddress+0x49:
fffff800`02ba3ff5 48017810 add qword ptr [rax+10h],rdi ds:002b:08080808`08080818=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002ba3ff5
STACK_TEXT:
fffff880`078e48a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiSwitchBaseAddress+0x49
FOLLOWUP_IP:
nt!MiSwitchBaseAddress+49
fffff800`02ba3ff5 48017810 add qword ptr [rax+10h],rdi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiSwitchBaseAddress+49
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff880078e3ed0 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x3B_nt!MiSwitchBaseAddress+49
BUCKET_ID: X64_0x3B_nt!MiSwitchBaseAddress+49
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-9640-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`0284e000 PsLoadedModuleList = 0xfffff800`02a8be50
Debug session time: Tue Jan 10 21:20:23.383 2012 (UTC - 7:00)
System Uptime: 0 days 0:44:02.725
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a039d89d31b737, 0, a7613d734f85f9e5, 101}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89d31b737, Reserved
Arg2: 0000000000000000, Reserved
Arg3: a7613d734f85f9e5, Failure type dependent information
Arg4: 0000000000000101, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800028be740
STACK_TEXT:
fffff880`0317d5d8 00000000`00000000 : 00000000`00000109 a3a039d8`9d31b737 00000000`00000000 a7613d73`4f85f9e5 : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: BAD_STACK
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Couch3ater\DMP FILE\011012-9219-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02800000 PsLoadedModuleList = 0xfffff800`02a3de50
Debug session time: Tue Jan 10 22:19:10.905 2012 (UTC - 7:00)
System Uptime: 0 days 0:58:13.887
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a039d89b79a771, 0, 911872964d0d560e, 101}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89b79a771, Reserved
Arg2: 0000000000000000, Reserved
Arg3: 911872964d0d560e, Failure type dependent information
Arg4: 0000000000000101, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002870740
STACK_TEXT:
fffff880`02f925d8 00000000`00000000 : 00000000`00000109 a3a039d8`9b79a771 00000000`00000000 91187296`4d0d560e : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: BAD_STACK
Followup: MachineOwner
---------
The last two are