Windows 7 x64 blue screen any help

Page 1 of 2 12 LastLast

  1. Posts : 11
    Windows 7 RTM
       #1

    Windows 7 x64 blue screen any help


    Can anyone help with the bluescreen crash I had last night after copy a folder from one ext drive to another ext drive then trying to delete the original folder.

    System rebooted and restarted sucesfully but .....


    .dmp analysis run on XP x86 system shown below:

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [D:\101509-20358-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    WARNING: Whitespace at end of path element
    Symbol search path is: C:\SymCache
    SRV*C:\SymCache*Symbol information
    ;C:\SymCache
    Executable search path is:
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows 7 Kernel Version 7600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0xfffff800`02c1c000 PsLoadedModuleList = 0xfffff800`02e59e50
    Debug session time: Thu Oct 15 00:59:26.402 2009 (GMT+1)
    System Uptime: 0 days 4:48:49.103
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ......................
    Loading User Symbols
    Loading unloaded module list
    .............
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    Use !analyze -v to get detailed debugging information.
    BugCheck DE, {2, fffff8a01162abe0, fffff8a01162abe1, 2aaaa8c0}
    Probably caused by : ntoskrnl.exe ( nt!CpReadLsr+2 )
    Followup: MachineOwner
    ---------
    1: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    POOL_CORRUPTION_IN_FILE_AREA (de)
    A driver corrupted pool memory used for holding pages destined for disk.
    This was discovered by the memory manager when dereferencing the file.
    Arguments:
    Arg1: 0000000000000002
    Arg2: fffff8a01162abe0
    Arg3: fffff8a01162abe1
    Arg4: 000000002aaaa8c0
    Debugging Details:
    ------------------

    CUSTOMER_CRASH_COUNT: 1
    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
    BUGCHECK_STR: 0xDE
    CURRENT_IRQL: 0
    LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c8df00
    STACK_TEXT:
    fffff880`0726bd58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CpReadLsr+0x2

    STACK_COMMAND: kb
    FOLLOWUP_IP:
    nt!CpReadLsr+2
    fffff800`02c8df00 48894c2408 mov qword ptr [rsp+8],rcx
    SYMBOL_STACK_INDEX: 0
    SYMBOL_NAME: nt!CpReadLsr+2
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: nt
    IMAGE_NAME: ntoskrnl.exe
    DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
    FAILURE_BUCKET_ID: X64_0xDE_nt!CpReadLsr+2
    BUCKET_ID: X64_0xDE_nt!CpReadLsr+2
    Followup: MachineOwner
    ---------
      My Computer


  2. Posts : 1,377
    Win7x64
       #2

    The stack is smashed. It may be possible to reconstruct it, but we'd need the minidump itself.
      My Computer


  3. Posts : 11
    Windows 7 RTM
    Thread Starter
       #3

    dmp attached


    Hopefully the file will explain all to you
      My Computer


  4. Posts : 5,705
    Win7 x64 + x86
       #4

    More info on the error: BSOD Index

    I don't have a clue about how to reconstruct the stack - but here's the results of my analysis:

    Memory dump results:
    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\FUBAR\TempDUMP\DATA\01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0xfffff800`02c1c000 PsLoadedModuleList = 0xfffff800`02e59e50
    Debug session time: Wed Oct 14 19:59:26.402 2009 (GMT-4)
    System Uptime: 0 days 4:48:49.103
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ......................
    Loading User Symbols
    Loading unloaded module list
    .............
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck DE, {2, fffff8a01162abe0, fffff8a01162abe1, 2aaaa8c0}
    
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+2d2e0 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !thread;!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck;.logclose;q
    GetPointerFromAddress: unable to read from fffff80002ec4000
    THREAD fffffa8006e5eb60  Cid 0d2c.0fa0  Teb: 000007fffffd3000 Win32Thread: fffff900c20d98f0 RUNNING on processor 1
    IRP List:
        Unable to read nt!_IRP @ fffffa80072a4b80
    Not impersonating
    GetUlongFromAddress: unable to read from fffff80002e02b74
    Owning Process            fffffa8004654060       Image:         dllhost.exe
    Attached Process          N/A            Image:         N/A
    fffff78000000000: Unable to get shared data
    Wait Start TickCount      1110832      
    Context Switch Count      174202                 LargeStack
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    UserTime                  00:00:00.000
    KernelTime                00:00:00.000
    Win32 Start Address 0x000007fefdc23570
    Stack Init fffff8800726cdb0 Current fffff8800726aa60
    Base fffff8800726d000 Limit fffff88007264000 Call 0
    Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 2
    Child-SP          RetAddr           : Args to Child                                                           : Call Site
    fffff880`0726bd58 fffff800`02c313d3 : 00000000`000000de 00000000`00000002 fffff8a0`1162abe0 fffff8a0`1162abe1 : nt!KeBugCheckEx
    fffff880`0726bd60 fffff800`02c733ce : 00000000`00000000 fffffa80`03c72500 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2d2e0
    fffff880`0726be50 fffff880`012a3447 : fffffa80`0553ee68 00000000`00000000 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
    fffff880`0726bec0 fffff880`012bcc0a : fffff880`0726c730 fffff8a0`0da43010 fffff8a0`09cf4140 fffff880`0726c1bc : Ntfs!NtfsDeleteFile+0x57b
    fffff880`0726c140 fffff880`0122aaa9 : fffff980`154e9c00 fffff880`012d6960 fffff880`0726c690 fffff880`0725b000 : Ntfs!NtfsCommonCleanup+0x15da
    fffff880`0726c550 fffff800`02c9d64a : fffff880`0726c690 fffff880`0726c668 00000000`0da43140 00000000`00000000 : Ntfs!NtfsCommonCleanupCallout+0x19
    fffff880`0726c580 fffff880`0122a662 : fffff880`0122aa90 fffff880`0726c690 fffff880`0726c900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
    fffff880`0726c660 fffff880`012cc244 : fffff880`0726c730 fffff880`0726c730 fffff880`0726c730 fffff880`0726c750 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
    fffff880`0726c6d0 fffff880`0107b23f : fffff880`0726c730 fffffa80`072a4b80 fffffa80`072a4fb0 fffffa80`046a4010 : Ntfs!NtfsFsdCleanup+0x144
    fffff880`0726c940 fffff880`010796df : fffffa80`03be3de0 00000000`00000000 fffffa80`047e6100 fffffa80`072a4b80 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
    fffff880`0726c9d0 fffff800`02fa168f : fffffa80`072a4b80 fffffa80`04654060 00000000`00000000 fffffa80`0641f8f0 : fltmgr!FltpDispatch+0xcf
    fffff880`0726ca30 fffff800`02f87304 : 00000000`00000000 fffffa80`04654060 fffffa80`070a0100 fffffa80`0641f8f0 : nt!IopCloseFile+0x11f
    fffff880`0726cac0 fffff800`02fa1181 : fffffa80`04654060 fffffa80`00000001 fffff8a0`00bd6610 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
    fffff880`0726cb40 fffff800`02fa1094 : 00000000`00000304 fffffa80`04654060 fffff8a0`00bd6610 00000000`00000304 : nt!ObpCloseHandleTableEntry+0xb1
    fffff880`0726cbd0 fffff800`02c8d153 : fffffa80`06e5eb60 fffff880`0726cca0 00000000`00433400 fffffa80`054cc07b : nt!ObpCloseHandle+0x94
    fffff880`0726cc20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    POOL_CORRUPTION_IN_FILE_AREA (de)
    A driver corrupted pool memory used for holding pages destined for disk.
    This was discovered by the memory manager when dereferencing the file.
    Arguments:
    Arg1: 0000000000000002
    Arg2: fffff8a01162abe0
    Arg3: fffff8a01162abe1
    Arg4: 000000002aaaa8c0
    
    Debugging Details:
    ------------------
    
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xDE
    
    PROCESS_NAME:  dllhost.exe
    
    CURRENT_IRQL:  2
    
    LAST_CONTROL_TRANSFER:  from fffff80002c313d3 to fffff80002c8df00
    
    STACK_TEXT:  
    fffff880`0726bd58 fffff800`02c313d3 : 00000000`000000de 00000000`00000002 fffff8a0`1162abe0 fffff8a0`1162abe1 : nt!KeBugCheckEx
    fffff880`0726bd60 fffff800`02c733ce : 00000000`00000000 fffffa80`03c72500 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2d2e0
    fffff880`0726be50 fffff880`012a3447 : fffffa80`0553ee68 00000000`00000000 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
    fffff880`0726bec0 fffff880`012bcc0a : fffff880`0726c730 fffff8a0`0da43010 fffff8a0`09cf4140 fffff880`0726c1bc : Ntfs!NtfsDeleteFile+0x57b
    fffff880`0726c140 fffff880`0122aaa9 : fffff980`154e9c00 fffff880`012d6960 fffff880`0726c690 fffff880`0725b000 : Ntfs!NtfsCommonCleanup+0x15da
    fffff880`0726c550 fffff800`02c9d64a : fffff880`0726c690 fffff880`0726c668 00000000`0da43140 00000000`00000000 : Ntfs!NtfsCommonCleanupCallout+0x19
    fffff880`0726c580 fffff880`0122a662 : fffff880`0122aa90 fffff880`0726c690 fffff880`0726c900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
    fffff880`0726c660 fffff880`012cc244 : fffff880`0726c730 fffff880`0726c730 fffff880`0726c730 fffff880`0726c750 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
    fffff880`0726c6d0 fffff880`0107b23f : fffff880`0726c730 fffffa80`072a4b80 fffffa80`072a4fb0 fffffa80`046a4010 : Ntfs!NtfsFsdCleanup+0x144
    fffff880`0726c940 fffff880`010796df : fffffa80`03be3de0 00000000`00000000 fffffa80`047e6100 fffffa80`072a4b80 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
    fffff880`0726c9d0 fffff800`02fa168f : fffffa80`072a4b80 fffffa80`04654060 00000000`00000000 fffffa80`0641f8f0 : fltmgr!FltpDispatch+0xcf
    fffff880`0726ca30 fffff800`02f87304 : 00000000`00000000 fffffa80`04654060 fffffa80`070a0100 fffffa80`0641f8f0 : nt!IopCloseFile+0x11f
    fffff880`0726cac0 fffff800`02fa1181 : fffffa80`04654060 fffffa80`00000001 fffff8a0`00bd6610 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
    fffff880`0726cb40 fffff800`02fa1094 : 00000000`00000304 fffffa80`04654060 fffff8a0`00bd6610 00000000`00000304 : nt!ObpCloseHandleTableEntry+0xb1
    fffff880`0726cbd0 fffff800`02c8d153 : fffffa80`06e5eb60 fffff880`0726cca0 00000000`00433400 fffffa80`054cc07b : nt!ObpCloseHandle+0x94
    fffff880`0726cc20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt! ?? ::FNODOBFM::`string'+2d2e0
    fffff800`02c313d3 cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+2d2e0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600
    
    FAILURE_BUCKET_ID:  X64_0xDE_nt!_??_::FNODOBFM::_string_+2d2e0
    
    BUCKET_ID:  X64_0xDE_nt!_??_::FNODOBFM::_string_+2d2e0
    
    Followup: MachineOwner
    ---------
    
    rax=000000002aaaa8c0 rbx=000000002aaaa8c0 rcx=00000000000000de
    rdx=0000000000000002 rsi=000000000002aaaa rdi=fffffa80007fffe0
    rip=fffff80002c8df00 rsp=fffff8800726bd58 rbp=0000058000000000
     r8=fffff8a01162abe0  r9=fffff8a01162abe1 r10=fffffa8005f1a8b8
    r11=fffff8800726bd30 r12=fffff8a01177c000 r13=0000000000000000
    r14=0000000000000000 r15=fffff8a01162abe0
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
    nt!KeBugCheckEx:
    fffff800`02c8df00 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`0726bd60=00000000000000de
    Child-SP          RetAddr           : Args to Child                                                           : Call Site
    fffff880`0726bd58 fffff800`02c313d3 : 00000000`000000de 00000000`00000002 fffff8a0`1162abe0 fffff8a0`1162abe1 : nt!KeBugCheckEx
    fffff880`0726bd60 fffff800`02c733ce : 00000000`00000000 fffffa80`03c72500 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2d2e0
    fffff880`0726be50 fffff880`012a3447 : fffffa80`0553ee68 00000000`00000000 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
    fffff880`0726bec0 fffff880`012bcc0a : fffff880`0726c730 fffff8a0`0da43010 fffff8a0`09cf4140 fffff880`0726c1bc : Ntfs!NtfsDeleteFile+0x57b
    fffff880`0726c140 fffff880`0122aaa9 : fffff980`154e9c00 fffff880`012d6960 fffff880`0726c690 fffff880`0725b000 : Ntfs!NtfsCommonCleanup+0x15da
    fffff880`0726c550 fffff800`02c9d64a : fffff880`0726c690 fffff880`0726c668 00000000`0da43140 00000000`00000000 : Ntfs!NtfsCommonCleanupCallout+0x19
    fffff880`0726c580 fffff880`0122a662 : fffff880`0122aa90 fffff880`0726c690 fffff880`0726c900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
    fffff880`0726c660 fffff880`012cc244 : fffff880`0726c730 fffff880`0726c730 fffff880`0726c730 fffff880`0726c750 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
    fffff880`0726c6d0 fffff880`0107b23f : fffff880`0726c730 fffffa80`072a4b80 fffffa80`072a4fb0 fffffa80`046a4010 : Ntfs!NtfsFsdCleanup+0x144
    fffff880`0726c940 fffff880`010796df : fffffa80`03be3de0 00000000`00000000 fffffa80`047e6100 fffffa80`072a4b80 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
    fffff880`0726c9d0 fffff800`02fa168f : fffffa80`072a4b80 fffffa80`04654060 00000000`00000000 fffffa80`0641f8f0 : fltmgr!FltpDispatch+0xcf
    fffff880`0726ca30 fffff800`02f87304 : 00000000`00000000 fffffa80`04654060 fffffa80`070a0100 fffffa80`0641f8f0 : nt!IopCloseFile+0x11f
    fffff880`0726cac0 fffff800`02fa1181 : fffffa80`04654060 fffffa80`00000001 fffff8a0`00bd6610 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
    fffff880`0726cb40 fffff800`02fa1094 : 00000000`00000304 fffffa80`04654060 fffff8a0`00bd6610 00000000`00000304 : nt!ObpCloseHandleTableEntry+0xb1
    fffff880`0726cbd0 fffff800`02c8d153 : fffffa80`06e5eb60 fffff880`0726cca0 00000000`00433400 fffffa80`054cc07b : nt!ObpCloseHandle+0x94
    fffff880`0726cc20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    start             end                 module name
    fffff800`00ba4000 fffff800`00bae000   kdcom    kdcom.dll    Mon Jul 13 21:31:07 2009 (4A5BDFDB)
    fffff800`02c1c000 fffff800`031f9000   nt       ntkrnlmp.exe Mon Jul 13 19:40:48 2009 (4A5BC600)
    fffff800`031f9000 fffff800`03242000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
    fffff880`00c00000 fffff880`00c5c000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
    fffff880`00c5c000 fffff880`00c6c000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`00c6c000 fffff880`00c86000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`00c86000 fffff880`00c8f000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`00c8f000 fffff880`00c9d000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
    fffff880`00ca0000 fffff880`00ce4000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:29:10 2009 (4A5BDF66)
    fffff880`00ce4000 fffff880`00cf8000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
    fffff880`00cf8000 fffff880`00d56000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`00d56000 fffff880`00dad000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
    fffff880`00dad000 fffff880`00dd7000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
    fffff880`00dd7000 fffff880`00de2000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
    fffff880`00de2000 fffff880`00dfe000   aswSP    aswSP.SYS    Tue Sep 15 06:55:42 2009 (4AAF72AE)
    fffff880`00e00000 fffff880`00e0d000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
    fffff880`00e0d000 fffff880`00e22000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`00e22000 fffff880`00e37000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`00e37000 fffff880`00e3e000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
    fffff880`00e3f000 fffff880`00eff000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
    fffff880`00eff000 fffff880`00fa3000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
    fffff880`00fa3000 fffff880`00fb2000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`00fb2000 fffff880`00fbb000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`00fbb000 fffff880`00fc5000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
    fffff880`00fc5000 fffff880`00ff8000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`01000000 fffff880`0103a000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
    fffff880`0103a000 fffff880`01074000   fvevol   fvevol.sys   Mon Jul 13 19:22:15 2009 (4A5BC1A7)
    fffff880`01078000 fffff880`010c4000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
    fffff880`010c4000 fffff880`010d8000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
    fffff880`010d8000 fffff880`01136000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
    fffff880`01136000 fffff880`011a9000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
    fffff880`011a9000 fffff880`011f5000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
    fffff880`01200000 fffff880`01216000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`01219000 fffff880`013bc000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
    fffff880`013bc000 fffff880`013d6000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
    fffff880`013d6000 fffff880`013e7000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
    fffff880`013e7000 fffff880`013f1000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
    fffff880`013f1000 fffff880`013fa000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
    fffff880`01400000 fffff880`01410000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
    fffff880`01410000 fffff880`01418000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
    fffff880`01418000 fffff880`0142a000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
    fffff880`01431000 fffff880`01523000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`01523000 fffff880`01583000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
    fffff880`01583000 fffff880`015ae000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:50:34 2009 (4A5BC84A)
    fffff880`015ae000 fffff880`015f8000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
    fffff880`01601000 fffff880`017fe000   tcpip    tcpip.sys    Mon Jul 13 19:25:34 2009 (4A5BC26E)
    fffff880`01800000 fffff880`01812000   aswTdi   aswTdi.SYS   Tue Sep 15 06:54:32 2009 (4AAF7268)
    fffff880`01812000 fffff880`0189c000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`0189c000 fffff880`018a5000   aswRdr   aswRdr.SYS   Tue Sep 15 06:54:23 2009 (4AAF725F)
    fffff880`018a5000 fffff880`018b6000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
    fffff880`018bb000 fffff880`018eb000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`018eb000 fffff880`018f9000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`018f9000 fffff880`01902000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`01902000 fffff880`01915000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    fffff880`01921000 fffff880`0194b000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`0194b000 fffff880`01954000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
    fffff880`01954000 fffff880`0195b000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
    fffff880`0195b000 fffff880`01969000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
    fffff880`01969000 fffff880`0198e000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
    fffff880`0198e000 fffff880`0199e000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
    fffff880`0199e000 fffff880`019a7000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`019a7000 fffff880`019b0000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`019b0000 fffff880`019b9000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
    fffff880`019b9000 fffff880`019c4000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`019c4000 fffff880`019d5000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`019d5000 fffff880`019f3000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
    fffff880`019f3000 fffff880`01a00000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
    fffff880`02618000 fffff880`0263b000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
    fffff880`0263b000 fffff880`02655000   aswMonFlt aswMonFlt.sys Tue Sep 15 06:55:15 2009 (4AAF7293)
    fffff880`02655000 fffff880`0265e000   aswFsBlk aswFsBlk.sys Tue Sep 15 06:55:23 2009 (4AAF729B)
    fffff880`0265e000 fffff880`0267f000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
    fffff880`0267f000 fffff880`02694000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`02694000 fffff880`026ac000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`026ac000 fffff880`02774000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
    fffff880`02774000 fffff880`02792000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
    fffff880`02792000 fffff880`027aa000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
    fffff880`027aa000 fffff880`027d6000   mrxsmb   mrxsmb.sys   Mon Jul 13 19:23:59 2009 (4A5BC20F)
    fffff880`02c00000 fffff880`02c83000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
    fffff880`02c83000 fffff880`02ca1000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
    fffff880`02ca8000 fffff880`02ced000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
    fffff880`02ced000 fffff880`02cf6000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff880`02cf6000 fffff880`02d1c000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
    fffff880`02d1c000 fffff880`02d2b000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff880`02d2b000 fffff880`02d48000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
    fffff880`02d48000 fffff880`02d63000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
    fffff880`02d63000 fffff880`02d77000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
    fffff880`02d77000 fffff880`02dc8000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
    fffff880`02dc8000 fffff880`02dd4000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
    fffff880`02dd4000 fffff880`02ddf000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
    fffff880`02ddf000 fffff880`02de9000   ElbyCDIO ElbyCDIO.sys Tue Feb 17 12:11:23 2009 (499AEFBB)
    fffff880`02de9000 fffff880`02df8000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
    fffff880`03e00000 fffff880`03e0f000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`03e0f000 fffff880`03e1e000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`03e1e000 fffff880`03e2d000   VClone   VClone.sys   Fri May 22 19:08:37 2009 (4A173075)
    fffff880`03e2d000 fffff880`03e3b000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
    fffff880`03e3b000 fffff880`03e48000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
    fffff880`03e4e000 fffff880`03e74000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
    fffff880`03e74000 fffff880`03e8a000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    fffff880`03e8a000 fffff880`03ee0000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
    fffff880`03ee0000 fffff880`03f1e000   1394ohci 1394ohci.sys Mon Jul 13 20:07:12 2009 (4A5BCC30)
    fffff880`03f1e000 fffff880`03f34000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
    fffff880`03f34000 fffff880`03f58000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`03f58000 fffff880`03f64000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
    fffff880`03f64000 fffff880`03f93000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`03f93000 fffff880`03fae000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
    fffff880`03fae000 fffff880`03fcf000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
    fffff880`03fcf000 fffff880`03fe9000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
    fffff880`03fe9000 fffff880`03ff4000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
    fffff880`03ff4000 fffff880`04000000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`04200000 fffff880`0423d000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`0423d000 fffff880`0425f000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
    fffff880`0425f000 fffff880`04264200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
    fffff880`04282000 fffff880`0429b000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
    fffff880`042b9000 fffff880`042e8000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
    fffff880`042e8000 fffff880`042e9480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
    fffff880`042ea000 fffff880`0432d000   ks       ks.sys       Mon Jul 13 20:00:31 2009 (4A5BCA9F)
    fffff880`0432d000 fffff880`0433f000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
    fffff880`0433f000 fffff880`04399000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
    fffff880`04399000 fffff880`043a4000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
    fffff880`043a4000 fffff880`043b9000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
    fffff880`043b9000 fffff880`043d9000   AtiHdmi  AtiHdmi.sys  Tue Apr 28 13:31:58 2009 (49F73D8E)
    fffff880`043d9000 fffff880`043f4000   USBSTOR  USBSTOR.SYS  Mon Jul 13 20:06:34 2009 (4A5BCC0A)
    fffff880`043f4000 fffff880`04400000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
    fffff880`04800000 fffff880`0480d000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
    fffff880`0480d000 fffff880`04819000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
    fffff880`04819000 fffff880`04829000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
    fffff880`0482d000 fffff880`04e44000   atikmdag atikmdag.sys Mon Aug 17 23:05:47 2009 (4A8A1A8B)
    fffff880`04e44000 fffff880`04f38000   dxgkrnl  dxgkrnl.sys  Mon Jul 13 19:38:56 2009 (4A5BC590)
    fffff880`04f38000 fffff880`04f7e000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
    fffff880`04f7e000 fffff880`04fa2000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
    fffff880`04fa2000 fffff880`04faf000   usbuhci  usbuhci.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`04faf000 fffff880`04fc0000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
    fffff880`04fc0000 fffff880`04ffe000   Rt64win7 Rt64win7.sys Thu Jul 30 07:58:43 2009 (4A718AF3)
    fffff880`06800000 fffff880`0680e000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
    fffff880`0680e000 fffff880`06816080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
    fffff880`0681a000 fffff880`069fc900   RTKVHD64 RTKVHD64.sys Tue Aug 18 05:29:10 2009 (4A8A7466)
    fffff880`069fd000 fffff880`069fef00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
    fffff880`06a00000 fffff880`06a12000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
    fffff880`06a12000 fffff880`06a7b000   srv2     srv2.sys     Mon Jul 13 19:25:02 2009 (4A5BC24E)
    fffff880`06aa8000 fffff880`06af5000   mrxsmb10 mrxsmb10.sys Mon Jul 13 19:24:08 2009 (4A5BC218)
    fffff880`06af5000 fffff880`06b18000   mrxsmb20 mrxsmb20.sys Mon Jul 13 19:24:05 2009 (4A5BC215)
    fffff880`06b18000 fffff880`06bbe000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
    fffff880`06bbe000 fffff880`06bc9000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
    fffff880`06bc9000 fffff880`06bf6000   srvnet   srvnet.sys   Mon Jul 13 19:24:58 2009 (4A5BC24A)
    fffff880`06e42000 fffff880`06eda000   srv      srv.sys      Mon Jul 13 19:25:11 2009 (4A5BC257)
    fffff880`06f7c000 fffff880`06f87000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
    fffff880`06f87000 fffff880`06fbd000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
    fffff960`00010000 fffff960`0031f000   win32k   win32k.sys   unavailable (00000000)
    fffff960`00540000 fffff960`0054a000   TSDDD    TSDDD.dll    unavailable (00000000)
    fffff960`00690000 fffff960`006b7000   cdd      cdd.dll      unavailable (00000000)
    
    Unloaded modules:
    fffff880`06fee000 fffff880`06ffa000   hiber_atapor
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06e00000 fffff880`06e09000   hiber_atapi.
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06e09000 fffff880`06e1c000   hiber_dumpfv
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06fbd000 fffff880`06fee000   WUDFRd.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06eda000 fffff880`06f0b000   WUDFRd.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`042ac000 fffff880`042b8000   usbprint.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`04265000 fffff880`04282000   usbccgp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`0429b000 fffff880`042ac000   usbscan.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06f0b000 fffff880`06f7c000   spsys.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018eb000 fffff880`018f9000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018f9000 fffff880`01905000   dump_ataport
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`01905000 fffff880`0190e000   dump_atapi.s
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`0190e000 fffff880`01921000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    start             end                 module name
    fffff880`03ee0000 fffff880`03f1e000   1394ohci 1394ohci.sys Mon Jul 13 20:07:12 2009 (4A5BCC30)
    fffff880`00d56000 fffff880`00dad000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
    fffff880`01812000 fffff880`0189c000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`03f1e000 fffff880`03f34000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
    fffff880`00dd7000 fffff880`00de2000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
    fffff880`02655000 fffff880`0265e000   aswFsBlk aswFsBlk.sys Tue Sep 15 06:55:23 2009 (4AAF729B)
    fffff880`0263b000 fffff880`02655000   aswMonFlt aswMonFlt.sys Tue Sep 15 06:55:15 2009 (4AAF7293)
    fffff880`0189c000 fffff880`018a5000   aswRdr   aswRdr.SYS   Tue Sep 15 06:54:23 2009 (4AAF725F)
    fffff880`00de2000 fffff880`00dfe000   aswSP    aswSP.SYS    Tue Sep 15 06:55:42 2009 (4AAF72AE)
    fffff880`01800000 fffff880`01812000   aswTdi   aswTdi.SYS   Tue Sep 15 06:54:32 2009 (4AAF7268)
    fffff880`06f7c000 fffff880`06f87000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
    fffff880`00c86000 fffff880`00c8f000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`00dad000 fffff880`00dd7000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
    fffff880`043b9000 fffff880`043d9000   AtiHdmi  AtiHdmi.sys  Tue Apr 28 13:31:58 2009 (49F73D8E)
    fffff880`0482d000 fffff880`04e44000   atikmdag atikmdag.sys Mon Aug 17 23:05:47 2009 (4A8A1A8B)
    fffff880`01954000 fffff880`0195b000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
    fffff880`018a5000 fffff880`018b6000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
    fffff880`02774000 fffff880`02792000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
    fffff960`00690000 fffff960`006b7000   cdd      cdd.dll      unavailable (00000000)
    fffff880`01921000 fffff880`0194b000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`00e3f000 fffff880`00eff000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
    fffff880`018bb000 fffff880`018eb000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`00cf8000 fffff880`00d56000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`01136000 fffff880`011a9000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
    fffff880`04819000 fffff880`04829000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
    fffff880`018eb000 fffff880`018f9000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`02c00000 fffff880`02c83000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
    fffff880`02c83000 fffff880`02ca1000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
    fffff880`02de9000 fffff880`02df8000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
    fffff880`01200000 fffff880`01216000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`0423d000 fffff880`0425f000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
    fffff880`018f9000 fffff880`01902000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`03ff4000 fffff880`04000000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`01902000 fffff880`01915000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    fffff880`043f4000 fffff880`04400000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
    fffff880`04e44000 fffff880`04f38000   dxgkrnl  dxgkrnl.sys  Mon Jul 13 19:38:56 2009 (4A5BC590)
    fffff880`04f38000 fffff880`04f7e000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
    fffff880`02ddf000 fffff880`02de9000   ElbyCDIO ElbyCDIO.sys Tue Feb 17 12:11:23 2009 (499AEFBB)
    fffff880`06f87000 fffff880`06fbd000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
    fffff880`04800000 fffff880`0480d000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
    fffff880`010c4000 fffff880`010d8000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
    fffff880`04399000 fffff880`043a4000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
    fffff880`01078000 fffff880`010c4000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
    fffff880`013e7000 fffff880`013f1000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
    fffff880`0103a000 fffff880`01074000   fvevol   fvevol.sys   Mon Jul 13 19:22:15 2009 (4A5BC1A7)
    fffff880`015ae000 fffff880`015f8000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
    fffff800`031f9000 fffff800`03242000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
    fffff880`04f7e000 fffff880`04fa2000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
    fffff880`04282000 fffff880`0429b000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
    fffff880`0680e000 fffff880`06816080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
    fffff880`06800000 fffff880`0680e000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
    fffff880`026ac000 fffff880`02774000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
    fffff880`013f1000 fffff880`013fa000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
    fffff880`03e74000 fffff880`03e8a000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    fffff880`03e00000 fffff880`03e0f000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`03e2d000 fffff880`03e3b000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
    fffff800`00ba4000 fffff800`00bae000   kdcom    kdcom.dll    Mon Jul 13 21:31:07 2009 (4A5BDFDB)
    fffff880`042ea000 fffff880`0432d000   ks       ks.sys       Mon Jul 13 20:00:31 2009 (4A5BCA9F)
    fffff880`013bc000 fffff880`013d6000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
    fffff880`01583000 fffff880`015ae000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:50:34 2009 (4A5BC84A)
    fffff880`0425f000 fffff880`04264200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
    fffff880`0267f000 fffff880`02694000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`02618000 fffff880`0263b000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
    fffff880`00ca0000 fffff880`00ce4000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:29:10 2009 (4A5BDF66)
    fffff880`00c8f000 fffff880`00c9d000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
    fffff880`03e0f000 fffff880`03e1e000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`03e3b000 fffff880`03e48000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
    fffff880`00c6c000 fffff880`00c86000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`02792000 fffff880`027aa000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
    fffff880`027aa000 fffff880`027d6000   mrxsmb   mrxsmb.sys   Mon Jul 13 19:23:59 2009 (4A5BC20F)
    fffff880`06aa8000 fffff880`06af5000   mrxsmb10 mrxsmb10.sys Mon Jul 13 19:24:08 2009 (4A5BC218)
    fffff880`06af5000 fffff880`06b18000   mrxsmb20 mrxsmb20.sys Mon Jul 13 19:24:05 2009 (4A5BC215)
    fffff880`019b9000 fffff880`019c4000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`00fbb000 fffff880`00fc5000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
    fffff880`010d8000 fffff880`01136000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
    fffff880`02dd4000 fffff880`02ddf000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
    fffff880`01418000 fffff880`0142a000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
    fffff880`01431000 fffff880`01523000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`03f58000 fffff880`03f64000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
    fffff880`03f64000 fffff880`03f93000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`043a4000 fffff880`043b9000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
    fffff880`02d1c000 fffff880`02d2b000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff880`02ca8000 fffff880`02ced000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
    fffff880`01523000 fffff880`01583000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
    fffff880`019c4000 fffff880`019d5000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`02dc8000 fffff880`02dd4000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
    fffff800`02c1c000 fffff800`031f9000   nt       ntkrnlmp.exe Mon Jul 13 19:40:48 2009 (4A5BC600)
    fffff880`01219000 fffff880`013bc000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
    fffff880`0194b000 fffff880`01954000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
    fffff880`02cf6000 fffff880`02d1c000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
    fffff880`00e0d000 fffff880`00e22000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`00fc5000 fffff880`00ff8000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`00e37000 fffff880`00e3e000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
    fffff880`00c5c000 fffff880`00c6c000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`013d6000 fffff880`013e7000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
    fffff880`06b18000 fffff880`06bbe000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
    fffff880`04200000 fffff880`0423d000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`00ce4000 fffff880`00cf8000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
    fffff880`03f34000 fffff880`03f58000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`03f93000 fffff880`03fae000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
    fffff880`03fae000 fffff880`03fcf000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
    fffff880`03fcf000 fffff880`03fe9000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
    fffff880`02d77000 fffff880`02dc8000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
    fffff880`03fe9000 fffff880`03ff4000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
    fffff880`0199e000 fffff880`019a7000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`019a7000 fffff880`019b0000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`019b0000 fffff880`019b9000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
    fffff880`01000000 fffff880`0103a000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
    fffff880`02694000 fffff880`026ac000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`04fc0000 fffff880`04ffe000   Rt64win7 Rt64win7.sys Thu Jul 30 07:58:43 2009 (4A718AF3)
    fffff880`0681a000 fffff880`069fc900   RTKVHD64 RTKVHD64.sys Tue Aug 18 05:29:10 2009 (4A8A7466)
    fffff880`042b9000 fffff880`042e8000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
    fffff880`06bbe000 fffff880`06bc9000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
    fffff880`0480d000 fffff880`04819000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
    fffff880`02d2b000 fffff880`02d48000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
    fffff880`01410000 fffff880`01418000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
    fffff880`06e42000 fffff880`06eda000   srv      srv.sys      Mon Jul 13 19:25:11 2009 (4A5BC257)
    fffff880`06a12000 fffff880`06a7b000   srv2     srv2.sys     Mon Jul 13 19:25:02 2009 (4A5BC24E)
    fffff880`06bc9000 fffff880`06bf6000   srvnet   srvnet.sys   Mon Jul 13 19:24:58 2009 (4A5BC24A)
    fffff880`042e8000 fffff880`042e9480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
    fffff880`01601000 fffff880`017fe000   tcpip    tcpip.sys    Mon Jul 13 19:25:34 2009 (4A5BC26E)
    fffff880`06a00000 fffff880`06a12000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
    fffff880`019f3000 fffff880`01a00000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
    fffff880`019d5000 fffff880`019f3000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
    fffff880`02d63000 fffff880`02d77000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
    fffff960`00540000 fffff960`0054a000   TSDDD    TSDDD.dll    unavailable (00000000)
    fffff880`03e4e000 fffff880`03e74000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
    fffff880`0432d000 fffff880`0433f000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
    fffff880`069fd000 fffff880`069fef00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
    fffff880`04faf000 fffff880`04fc0000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
    fffff880`0433f000 fffff880`04399000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
    fffff880`03e8a000 fffff880`03ee0000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
    fffff880`043d9000 fffff880`043f4000   USBSTOR  USBSTOR.SYS  Mon Jul 13 20:06:34 2009 (4A5BCC0A)
    fffff880`04fa2000 fffff880`04faf000   usbuhci  usbuhci.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`03e1e000 fffff880`03e2d000   VClone   VClone.sys   Fri May 22 19:08:37 2009 (4A173075)
    fffff880`00e00000 fffff880`00e0d000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
    fffff880`0195b000 fffff880`01969000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
    fffff880`01969000 fffff880`0198e000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
    fffff880`01400000 fffff880`01410000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
    fffff880`00e22000 fffff880`00e37000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`00c00000 fffff880`00c5c000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
    fffff880`011a9000 fffff880`011f5000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
    fffff880`02d48000 fffff880`02d63000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
    fffff880`0198e000 fffff880`0199e000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
    fffff880`00eff000 fffff880`00fa3000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
    fffff880`00fa3000 fffff880`00fb2000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`02ced000 fffff880`02cf6000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff960`00010000 fffff960`0031f000   win32k   win32k.sys   unavailable (00000000)
    fffff880`00fb2000 fffff880`00fbb000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`0265e000 fffff880`0267f000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
    
    Unloaded modules:
    fffff880`06fee000 fffff880`06ffa000   hiber_atapor
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06e00000 fffff880`06e09000   hiber_atapi.
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06e09000 fffff880`06e1c000   hiber_dumpfv
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06fbd000 fffff880`06fee000   WUDFRd.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06eda000 fffff880`06f0b000   WUDFRd.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`042ac000 fffff880`042b8000   usbprint.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`04265000 fffff880`04282000   usbccgp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`0429b000 fffff880`042ac000   usbscan.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`06f0b000 fffff880`06f7c000   spsys.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018eb000 fffff880`018f9000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`018f9000 fffff880`01905000   dump_ataport
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`01905000 fffff880`0190e000   dump_atapi.s
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    fffff880`0190e000 fffff880`01921000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    Bugcheck code 000000DE
    Arguments 00000000`00000002 fffff8a0`1162abe0 fffff8a0`1162abe1 00000000`2aaaa8c0
      My Computer


  5. Posts : 16
    Windows 7 64
       #5

    Youve got something running in there overwriting pool memory, the stack and who knows what else. Corruption is rampant.
    Last edited by shuster; 15 Oct 2009 at 16:27.
      My Computer


  6. Posts : 11
    Windows 7 RTM
    Thread Starter
       #6

    Is this an OS RTM build issue?
    Is this likely to re occur?
    Solution?
    Any other helpful info?
      My Computer


  7. Posts : 16
    Windows 7 64
       #7

    The culprit did it's damage, left the scene and you can only guess at who the culprit is. The culprit should have been nailed at the scene. System write protection was disabled at the time of the incident. Don't know if Microsoft adheres to write protection policy by default. Evidentally not. Would make things a lot easier.
    Last edited by shuster; 15 Oct 2009 at 11:00.
      My Computer


  8. Posts : 5,705
    Win7 x64 + x86
       #8

    I'd wait for H2SO4 to post back.
      My Computer


  9. Posts : 1,377
    Win7x64
       #9

    H2SO4 said:
    The stack is smashed...
    Usasma said:
    ...how to reconstruct the stack...
    The OP's debugger spew shows a single-line stack supposedly around nt!CpReadLsr+2. Crashes which demolish the stack itself sometimes produce that "one stack frame" condition - the debugger cannot unwind the stack to produce the real sequence of calls leading up to the crash.

    However, in this case that problem was apparently caused by debugger settings on the OP's machine. Your analysis (and mine) doesn't encounter a damaged stack. My "smashed stack" statement was premature.

    shuster said:
    The culprit did it's damage, left the scene and you can only guess at who the culprit is.
    Yes, you're right about the mechanics of what happened, but sometimes it's possible to get lucky in "pool corruption" situations and actually spot some clues as to who (what driver) did the corrupting. (That's why I requested the minidump.) The top 5 stack frames:

    1: kd> k5
    Child-SP RetAddr Call Site
    fffff880`0726bd58 fffff800`02c313d3 nt!KeBugCheckEx
    fffff880`0726bd60 fffff800`02c733ce nt! ?? ::FNODOBFM::`string'+0x2d2e0
    fffff880`0726be50 fffff880`012a3447 nt!CcPurgeCacheSection+0x172
    fffff880`0726bec0 fffff880`012bcc0a Ntfs!NtfsDeleteFile+0x57b
    fffff880`0726c140 fffff880`0122aaa9 Ntfs!NtfsCommonCleanup+0x15da

    OK, so a file was to be deleted, and as a result the cache manager (Cc* functions) was invoked to purge its own references to the file object. The "FNODOBFM" thing is just the debugger getting confused by a particular type of optimisation. For performance reasons, function fragments which are frequently used together are stuffed into the same page, even if they don't correspond to the same functions. That way there's less paging for a given codepath. However, because functions may no longer be contiguous in memory (they're interlaced!), the debugger can have a hard time working out what's what. A bit of manual fiddling can show a better stack representation:

    1: kd> ln fffff800`02c313d3
    (fffff800`02ccc230) nt! ?? ::FNODOBFM::`string'+0x2d2e0 | (fffff800`02ccc268) nt!vDbgPrintExWithPrefixInternal
    1: kd> ub fffff800`02c313d3
    nt! ?? ::FNODOBFM::`string'+0x2d2bf:
    fffff800`02c313b2 e829af0e00 call nt!MiBadShareCount (fffff800`02d1c2e0)
    fffff800`02c313b7 cc int 3
    fffff800`02c313b8 4c8b4f10 mov r9,qword ptr [rdi+10h]
    fffff800`02c313bc 4d8bc7 mov r8,r15
    fffff800`02c313bf ba02000000 mov edx,2
    fffff800`02c313c4 b9de000000 mov ecx,0DEh // <-- Getting ready for a STOP 0xDE :)
    fffff800`02c313c9 4889442420 mov qword ptr [rsp+20h],rax
    fffff800`02c313ce e82dcb0500 call nt!KeBugCheckEx (fffff800`02c8df00)

    Alright, so what function does that block actually belong to?

    1: kd> ub nt!CcPurgeCacheSection+0x172
    nt!CcPurgeCacheSection+0x157:
    fffff800`02c733b3 40f6c504 test bpl,4
    fffff800`02c733b7 7404 je nt!CcPurgeCacheSection+0x161 (fffff800`02c733bd)
    fffff800`02c733b9 4183cd02 or r13d,2
    fffff800`02c733bd 448bc7 mov r8d,edi
    fffff800`02c733c0 458bcd mov r9d,r13d
    fffff800`02c733c3 488bd6 mov rdx,rsi
    fffff800`02c733c6 498bce mov rcx,r14
    fffff800`02c733c9 e8f2f3ffff call nt!MmPurgeSection (fffff800`02c727c0)

    So the "real" stack looks more like this:

    nt!KeBugCheckEx
    nt!MmPurgeSection+<some_offset>
    nt!CcPurgeCacheSection+0x172
    Ntfs!NtfsDeleteFile+0x57b
    Ntfs!NtfsCommonCleanup+0x15da

    The Memory Manager's (Mm*) attemt to "PurgeSection" encounters pool corruption and calls KeBugCheckEx. Sometimes it's possible to view the corrupted memory and get clues from its contents ("MyL33tDriver wuz 'ere"), but optimised x64 code is a bit of a b###h to debug and in this instance the registers which were used to hold the address of the file/section object to be purged were overwritten in the actual KeBugCheckEx call, if not earlier :)

    shuster said:
    The culprit should have been nailed at the scene. System write protection was disabled at the time of the incident...
    "Special pool" on Windows. Yes, that may catch the corruptor at the point where it does its business, but for performance reasons it's always disabled by default.
    Last edited by H2SO4; 16 Oct 2009 at 05:38. Reason: Helps if you don't leave out key words in a sentence.
      My Computer


  10. Posts : 1,377
    Win7x64
       #10

    jbgt2 said:
    Is this an OS RTM build issue?
    Is this likely to re occur?
    Solution?
    Any other helpful info?
    Run this from an elevated CMD prompt and reboot:

    VERIFIER /FLAGS 1 /ALL

    It enables a particular mode of kernel operation which will cause the OS to be more vigilant towards the type of problem which caused the crash. The next crash minidump - if there is going to be one - may reveal more.

    To disable verifier after you're eventually done with the troubleshooting:

    VERIFIER /RESET
    <reboot>
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:29.
Find Us