I got windbg to kind of work, it output this:
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\dalfs1\users\gnors\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`02e15000 PsLoadedModuleList = 0xfffff800`03059670
Debug session time: Wed Nov 14 04:33:02.234 2012 (UTC - 6:00)
System Uptime: 0 days 0:55:26.000
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {7, 23c25a, 1, 0}
*** ERROR: Module load completed but symbols could not be loaded for mcdbus.sys
*** ERROR: Module load completed but symbols could not be loaded for PxHlpa64.sys
*** ERROR: Module load completed but symbols could not be loaded for Wdf01000.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : mcdbus.sys ( mcdbus+368fe )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000007, A driver has unlocked a page more times than it locked it
Arg2: 000000000023c25a, page frame number
Arg3: 0000000000000001, current share count
Arg4: 0000000000000000, 0
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: mcdbus
FAULTING_MODULE: fffff80002e15000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 49a3cd1f
BUGCHECK_STR: 0x4E_7
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002e5be83 to fffff80002e93fc0
STACK_TEXT:
fffff880`035b6628 fffff800`02e5be83 : 00000000`0000004e 00000000`00000007 00000000`0023c25a 00000000`00000001 : nt!KeBugCheckEx
fffff880`035b6630 fffff800`02f01256 : fffffa80`07b7c030 fffff880`0155af4b 00000000`00000000 fffffa80`0a5cceb8 : nt!RtlFreeHeap+0x274b
fffff880`035b6670 fffff800`02e977e8 : fffffa80`07cc000c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!wcsncat_s+0x1cafe
fffff880`035b6700 fffff880`00df48fe : fffffa80`0a5f1ec0 fffffa80`0a5cce00 00000000`62646300 00000000`00000000 : nt!KeWaitForMultipleObjects+0x1578
fffff880`035b67f0 fffff880`00df42db : fffffa80`000007ad fffffa80`07ccdd30 fffffa80`0a5cb3e0 00000000`000007ff : mcdbus+0x368fe
fffff880`035b68a0 fffff880`00ddb86e : fffffa80`0a60f950 fffffa80`07ccdc60 00000000`00000000 fffffa80`07b83590 : mcdbus+0x362db
fffff880`035b6920 fffff880`0155b4d5 : fffffa80`0a60f950 fffffa80`07ccdc60 fffffa80`0aa70180 fffffa80`07ccdc60 : mcdbus+0x1d86e
fffff880`035b6960 fffff880`00e3ad3b : 00000000`00000000 fffff880`035b6b50 fffff880`035b6a50 00000000`00000000 : PxHlpa64+0x34d5
fffff880`035b69e0 fffff880`00e3cd65 : 00000000`00000001 fffff880`00000000 fffffa80`0aa778a0 fffffa80`0a5cb3e0 : Wdf01000+0x6d3b
fffff880`035b6a90 fffff880`03033012 : fffffa80`00000020 fffffa80`0a5cb3e0 fffffa80`07b83590 00000000`00000000 : Wdf01000+0x8d65
fffff880`035b6b20 fffff880`03029dab : fffffa80`0a5cb650 0000057f`f5a54d78 00000000`00000000 fffff880`054ab110 : cdrom+0x20012
fffff880`035b6b70 fffff880`00e3f13e : 00000000`00000000 00000000`00000000 fffffa80`0a5e2d30 fffff800`030312d8 : cdrom+0x16dab
fffff880`035b6c50 fffff800`03186583 : fffffa80`0a5e6320 00000000`00000000 fffffa80`06d1c660 fffffa80`06d1c660 : Wdf01000+0xb13e
fffff880`035b6c80 fffff800`02e9d641 : fffff800`03031200 fffff800`03186501 fffffa80`06d1c600 00000000`00000000 : nt!NtWaitForSingleObject+0x683
fffff880`035b6cb0 fffff800`0312ae5a : 00000000`00000000 fffffa80`06d1c660 00000000`00000080 fffffa80`06d09840 : nt!KeReleaseInStackQueuedSpinLock+0x2f1
fffff880`035b6d40 fffff800`02e84d26 : fffff880`009f1180 fffffa80`06d1c660 fffff880`009fbfc0 00000000`00000000 : nt!PsCreateSystemThread+0x1da
fffff880`035b6d80 00000000`00000000 : fffff880`035b7000 fffff880`035b1000 fffff880`035b6370 00000000`00000000 : nt!KeInitializeSemaphore+0x246
STACK_COMMAND: kb
FOLLOWUP_IP:
mcdbus+368fe
fffff880`00df48fe 488b442438 mov rax,qword ptr [rsp+38h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: mcdbus+368fe
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: mcdbus.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Don't know at all what symbols it's talking about but it still points to mcdbus.sys as being the probable cause, I will look into this.