Code:
- Loading Dump File [D:\Kingston\BSODDmpFiles\Woopiej\Windows_NT6_BSOD_jcgriff2\040412-13696-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`0300c000 PsLoadedModuleList = 0xfffff800`03250650
Debug session time: Wed Apr 4 11:48:12.335 2012 (UTC - 6:00)
System Uptime: 0 days 0:00:16.288
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff8000309dc35}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000309dc35, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032ba100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+ae5
fffff800`0309dc35 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: AppleMobileDev
IRP_ADDRESS: ffffffffffffff89
TRAP_FRAME: fffff880067ab070 -- (.trap 0xfffff880067ab070)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=fffffa800dc15008
rdx=ffffff000226cff8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000307f8e0 rsp=fffff880067ab208 rbp=fffffa800dc26590
r8=0000000000001000 r9=0000000000000080 r10=fffffa80082c4370
r11=fffffa800dc14008 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
nt!memcpy+0x250:
fffff800`0307f8e0 488b440af8 mov rax,qword ptr [rdx+rcx-8] ds:b1b0:fffff980`0fe81ff8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030882e9 to fffff80003088d40
STACK_TEXT:
fffff880`067aa728 fffff800`030882e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`067aa730 fffff800`03086f60 : 00000000`80000000 fffff880`00000000 00000000`00000003 fffff980`0fdb6ee0 : nt!KiBugCheckDispatch+0x69
fffff880`067aa870 fffff800`0309dc35 : fffffa80`0dbb8060 fffff800`0308bc8a 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`067aaa00 fffff800`0307b6d7 : 00000000`00000001 00000000`00000000 00000000`00000300 fffff980`00000000 : nt!IopCompleteRequest+0xae5
fffff880`067aaad0 fffff800`0307e8cd : fffffa80`0dbb8060 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1c7
fffff880`067aab50 fffff800`0308fbaf : fffff880`03165180 00000000`00000001 fffff980`00000000 fffff800`03097bd6 : nt!KiCommitThreadWait+0x3dd
fffff880`067aabe0 fffff800`03025fec : fffffa80`0dbb8000 fffffa80`00000009 00000000`00000000 fffff800`0323a200 : nt!KeWaitForSingleObject+0x19f
fffff880`067aac80 fffff800`030b9754 : 00000000`0138a8c0 fffff8a0`019ffe08 fffffa80`0003a9e0 00000000`00000001 : nt!MiWaitForCollidedFaultComplete+0x110
fffff880`067aace0 fffff800`030a6d25 : 00000000`00000000 00000000`0138a8c0 fffff980`0f434ca0 fffff800`032bdb00 : nt!MiResolveTransitionFault+0x544
fffff880`067aad70 fffff800`030a56e3 : f8a0019f`fe080400 fffff980`0fe81ff8 fffff6fc`c007f408 fffff800`032bdb00 : nt!MiResolveProtoPteFault+0x325
fffff880`067aae00 fffff800`03095e4b : fffff980`0f434f00 fffff800`0351927e fffff980`0f434ca0 fffff800`0309d69c : nt!MiDispatchFault+0x1c3
fffff880`067aaf10 fffff800`03086e6e : 00000000`00000000 fffff980`0fe81ff8 00000000`0db80100 00000000`00001000 : nt!MmAccessFault+0xe1b
fffff880`067ab070 fffff800`0307f8e0 : fffff800`03371cc1 fffffa80`0dc14008 00000000`00001000 fffffa80`0db80d60 : nt!KiPageFault+0x16e
fffff880`067ab208 fffff800`03371cc1 : fffffa80`0dc14008 00000000`00001000 fffffa80`0db80d60 00000000`00001000 : nt!memcpy+0x250
fffff880`067ab210 fffff800`03371b2a : 00000000`00040000 fffffa80`0dc14008 00000000`00001000 00000000`00000000 : nt!CcCopyBytesToUserBuffer+0x41
fffff880`067ab250 fffff880`014eaf08 : fffff880`00000000 00000000`00000005 fffffa80`00001000 fffffa80`00001001 : nt!CcCopyRead+0x1ba
fffff880`067ab310 fffff880`012e7098 : fffffa80`0dc26590 fffffa80`0db80cf8 fffffa80`0dc118d8 fffffa80`0dc26501 : Ntfs!NtfsCopyReadA+0x1a8
fffff880`067ab4f0 fffff880`012ea8ba : fffff880`067ab5c0 fffffa80`0dc14003 fffffa80`0dc14000 fffffa80`0dc26500 : fltmgr!FltpPerformFastIoCall+0x88
fffff880`067ab550 fffff880`01308630 : fffffa80`0dc26590 00000000`00000000 fffff880`067ab6b0 00000000`00001000 : fltmgr!FltpPassThroughFastIo+0xda
fffff880`067ab590 fffff800`03371629 : fffffa80`0dc26590 fffff800`00000001 fffffa80`09788f30 fffffa80`0dc26590 : fltmgr!FltpFastIoRead+0x1d0
fffff880`067ab630 fffff800`03087fd3 : 00000000`00001000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x417
fffff880`067ab720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`03086f60 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79dd2
FAILURE_BUCKET_ID: X64_0xA_VRF_nt!KiPageFault+260
BUCKET_ID: X64_0xA_VRF_nt!KiPageFault+260
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Woopiej\Windows_NT6_BSOD_jcgriff2\040412-7363-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`0305c000 PsLoadedModuleList = 0xfffff800`032a0650
Debug session time: Wed Apr 4 11:41:16.592 2012 (UTC - 6:00)
System Uptime: 0 days 0:08:08.544
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff800035755ef, 0, a}
Unable to load image \SystemRoot\system32\DRIVERS\ehdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ehdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys
Probably caused by : ehdrv.sys ( ehdrv+18304 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800035755ef, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 000000000000000a, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!VerifierMmUnlockPages+2f
fffff800`035755ef 0fb75f0a movzx ebx,word ptr [rdi+0Ah]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000000000a
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000330a100
000000000000000a
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88005cd61d0 -- (.trap 0xfffff88005cd61d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800035755ef rsp=fffff88005cd6360 rbp=fffffa80096e19e0
r8=0000000000000006 r9=0000000000000000 r10=00000000133428d3
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
nt!VerifierMmUnlockPages+0x2f:
fffff800`035755ef 0fb75f0a movzx ebx,word ptr [rdi+0Ah] ds:bc80:00000000`0000000a=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003123a08 to fffff800030d8d40
STACK_TEXT:
fffff880`05cd5948 fffff800`03123a08 : 00000000`0000001e ffffffff`c0000005 fffff800`035755ef 00000000`00000000 : nt!KeBugCheckEx
fffff880`05cd5950 fffff800`030d83c2 : fffff880`05cd6128 fffff880`05cd6501 fffff880`05cd61d0 fffffa80`096e19e0 : nt! ?? ::FNODOBFM::`string'+0x48d2d
fffff880`05cd5ff0 fffff800`030d6f3a : 00000000`00000000 00000000`0000000a 00000000`00000000 fffff880`05cd6501 : nt!KiExceptionDispatch+0xc2
fffff880`05cd61d0 fffff800`035755ef : fffff880`04390243 00720063`002e0030 00000000`0743ec28 00000000`00000014 : nt!KiPageFault+0x23a
fffff880`05cd6360 fffff880`04390304 : fffff880`05cd6501 fffffa80`096e19e0 fffffa80`096e19e0 00000000`00000000 : nt!VerifierMmUnlockPages+0x2f
fffff880`05cd63a0 fffff880`05cd6501 : fffffa80`096e19e0 fffffa80`096e19e0 00000000`00000000 00000000`00000000 : ehdrv+0x18304
fffff880`05cd63a8 fffffa80`096e19e0 : fffffa80`096e19e0 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`05cd6501
fffff880`05cd63b0 fffffa80`096e19e0 : 00000000`00000000 00000000`00000000 00000000`00000000 133428d3`00760001 : 0xfffffa80`096e19e0
fffff880`05cd63b8 00000000`00000000 : 00000000`00000000 00000000`00000000 133428d3`00760001 00000000`00000006 : 0xfffffa80`096e19e0
STACK_COMMAND: kb
FOLLOWUP_IP:
ehdrv+18304
fffff880`04390304 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: ehdrv+18304
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ehdrv
IMAGE_NAME: ehdrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e09840e
FAILURE_BUCKET_ID: X64_0x1E_c0000005_VRF_ehdrv+18304
BUCKET_ID: X64_0x1E_c0000005_VRF_ehdrv+18304
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Woopiej\Windows_NT6_BSOD_jcgriff2\040412-14648-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`0301a000 PsLoadedModuleList = 0xfffff800`0325e650
Debug session time: Wed Apr 4 11:31:47.515 2012 (UTC - 6:00)
System Uptime: 0 days 0:00:11.467
Loading Kernel Symbols
...............................................................
.............................................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C9, {6, 103, fffff9800533ae10, 0}
Unable to load image \SystemRoot\system32\DRIVERS\nvoclk64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvoclk64.sys
*** ERROR: Module load completed but symbols could not be loaded for nvoclk64.sys
Probably caused by : nvoclk64.sys ( nvoclk64+b264 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000006, IRP passed to IoCompleteRequest contains invalid status
Arg2: 0000000000000103, the status
Arg3: fffff9800533ae10, the IRP
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc9_6
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 6
IRP_ADDRESS: fffff9800533ae10
DEVICE_OBJECT: fffffa800adfe5f0
DRIVER_OBJECT: fffffa800adffe70
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800035350c2 to fffff80003096d40
STACK_TEXT:
fffff880`037623e8 fffff800`035350c2 : 00000000`000000c9 00000000`00000006 00000000`00000103 fffff980`0533ae10 : nt!KeBugCheckEx
fffff880`037623f0 fffff880`05684264 : fffff880`03762500 00000000`00000000 00000000`00000103 fffff980`0533ae10 : nt!IovCompleteRequest+0xc2
fffff880`037624c0 fffff880`03762500 : 00000000`00000000 00000000`00000103 fffff980`0533ae10 00000000`00000000 : nvoclk64+0xb264
fffff880`037624c8 00000000`00000000 : 00000000`00000103 fffff980`0533ae10 00000000`00000000 00000000`00000002 : 0xfffff880`03762500
STACK_COMMAND: kb
FOLLOWUP_IP:
nvoclk64+b264
fffff880`05684264 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nvoclk64+b264
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nvoclk64
IMAGE_NAME: nvoclk64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ab00e3d
FAILURE_BUCKET_ID: X64_0xc9_6_VRF_nvoclk64+b264
BUCKET_ID: X64_0xc9_6_VRF_nvoclk64+b264
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Woopiej\Windows_NT6_BSOD_jcgriff2\040312-9843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03060000 PsLoadedModuleList = 0xfffff800`032a4650
Debug session time: Tue Apr 3 13:02:04.820 2012 (UTC - 6:00)
System Uptime: 0 days 3:10:31.757
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff680000e0c78, 0, 0, fffff800030ac687}
Probably caused by : memory_corruption ( nt!MiDeleteAddressesInWorkingSet+11b )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff680000e0c78, memory referenced
Arg2: 0000000000000000, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800030ac687, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000330e100
fffff680000e0c78
CURRENT_IRQL: 0
FAULTING_IP:
nt!MiDeleteAddressesInWorkingSet+11b
fffff800`030ac687 488b1e mov rbx,qword ptr [rsi]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: bf3.exe
TRAP_FRAME: fffff88009bd5320 -- (.trap 0xfffff88009bd5320)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000098000000000 rbx=0000000000000000 rcx=000000000003c864
rdx=0000000000000015 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030ac687 rsp=fffff88009bd54b0 rbp=fffff700010fe388
r8=fffffa80103125d8 r9=0000000000000000 r10=0000000000009fee
r11=fffff70001080000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiDeleteAddressesInWorkingSet+0x11b:
fffff800`030ac687 488b1e mov rbx,qword ptr [rsi] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030dc2e9 to fffff800030dcd40
STACK_TEXT:
fffff880`09bd51d8 fffff800`030dc2e9 : 00000000`0000000a fffff680`000e0c78 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff880`09bd51e0 fffff800`030daf60 : 00000000`00000000 fffff680`000e0c78 00000000`c56a3000 0000000f`ffffffff : nt!KiBugCheckDispatch+0x69
fffff880`09bd5320 fffff800`030ac687 : 00000000`00000000 fffffa80`0eeb8df0 00000000`00000000 00000000`00000002 : nt!KiPageFault+0x260
fffff880`09bd54b0 fffff800`030ad942 : fffffa80`10312240 fffffa80`00000015 fffff880`00009fee fffff800`0000000e : nt!MiDeleteAddressesInWorkingSet+0x11b
fffff880`09bd5d60 fffff800`033b181a : fffff8a0`0dc3e060 fffff880`09bd60a0 00000000`00000000 fffffa80`0f5bfb60 : nt!MmCleanProcessAddressSpace+0x96
fffff880`09bd5db0 fffff800`03394cfd : 00000000`c0000005 00000000`00000001 00000000`fffdb000 fffffa80`0f9e3b60 : nt!PspExitThread+0x56a
fffff880`09bd5eb0 fffff800`030cf7da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffff880`09bd5ee0 fffff800`030cfb20 : 00000000`0008e800 fffff880`09bd5f60 fffff800`03394c68 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`09bd5f60 fffff800`030dc077 : fffffa80`0f5bfb60 00000000`fffdb000 00000000`00000020 00000000`fffdb000 : nt!KiInitiateUserApc+0x70
fffff880`09bd60a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiDeleteAddressesInWorkingSet+11b
fffff800`030ac687 488b1e mov rbx,qword ptr [rsi]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiDeleteAddressesInWorkingSet+11b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79dd2
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xA_nt!MiDeleteAddressesInWorkingSet+11b
BUCKET_ID: X64_0xA_nt!MiDeleteAddressesInWorkingSet+11b
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Woopiej\Windows_NT6_BSOD_jcgriff2\032912-11091-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03058000 PsLoadedModuleList = 0xfffff800`0329c650
Debug session time: Thu Mar 29 12:28:59.576 2012 (UTC - 6:00)
System Uptime: 0 days 1:50:53.513
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800032039bc, fffff8800733ec10, 0}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 )
Followup: Pool_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800032039bc, Address of the instruction which caused the bugcheck
Arg3: fffff8800733ec10, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExDeferredFreePool+100
fffff800`032039bc 4c8b02 mov r8,qword ptr [rdx]
CONTEXT: fffff8800733ec10 -- (.cxr 0xfffff8800733ec10)
rax=fffff8a00a4f4d30 rbx=0000000000000000 rcx=fffffa80096b7660
rdx=7168ae0000001505 rsi=fffff8a00b26e000 rdi=fffff8a002f26480
rip=fffff800032039bc rsp=fffff8800733f5f0 rbp=0000000000000001
r8=7168ae0000001505 r9=fffff8a00b29d733 r10=0000000000000000
r11=0000000000000000 r12=fffffa80096b7500 r13=0000000000000000
r14=000000000000000c r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!ExDeferredFreePool+0x100:
fffff800`032039bc 4c8b02 mov r8,qword ptr [rdx] ds:002b:7168ae00`00001505=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800032039bc
STACK_TEXT:
fffff880`0733f5f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0x100
FOLLOWUP_IP:
nt!ExDeferredFreePool+100
fffff800`032039bc 4c8b02 mov r8,qword ptr [rdx]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExDeferredFreePool+100
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .cxr 0xfffff8800733ec10 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ExDeferredFreePool+100
BUCKET_ID: X64_0x3B_nt!ExDeferredFreePool+100
Followup: Pool_corruption
---------