It does not appear that the file I attached had the minidump files. So here it is.
Briarfox
Driver verifier in the first caused an ancient (circa 2004) driver to fail.
Code:
ASACPI.sys 0x8d1fa000 0x8d1fb420 0x00001420 0x411c2d04 8/12/2004 9:52:52 PM
here is the details
Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\020210-13618-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x82805000 PsLoadedModuleList = 0x8294d810
Debug session time: Tue Feb 2 23:42:12.260 2010 (GMT-5)
System Uptime: 0 days 0:00:13.915
Loading Kernel Symbols
...............................................................
....................................................
Loading User Symbols
1: kd> !analyze -v]
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000023b, The caller has changed the status field of an IRP it does not understand.
Arg2: 8c80f37c, The address in the driver's code where the error was detected.
Arg3: 8c69ceb8, IRP address.
Arg4: 00000000
Debugging Details:
------------------
Unable to load image \SystemRoot\system32\DRIVERS\ASACPI.sys, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for ASACPI.sys
BUGCHECK_STR: 0xc9_23b
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 23b
FAULTING_IP:
ASACPI+37c
8c80f37c 8bf8 mov edi,eax
FOLLOWUP_IP:
ASACPI+37c
8c80f37c 8bf8 mov edi,eax
IRP_ADDRESS: 8c69ceb8
DEVICE_OBJECT: 8babfc60
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 2
LOCK_ADDRESS: 8296af60 -- (!locks 8296af60)
Resource @ nt!PiEngineLock (0x8296af60) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0x8296af60
Thread Count : 0
Thread address: 0x00000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from 82b39f03 to 828e1d10
STACK_TEXT:
8731b784 82b39f03 000000c9 0000023b 8c80f37c nt!KeBugCheckEx+0x1e
8731b7a4 82b3c2cd 8c80f37c 8731b7dc 8c80f37c nt!VerifierBugCheckIfAppropriate+0x30
8731b7bc 82b3c32a 0000023b 8c80f37c 00000000 nt!ViErrorFinishReport+0xc9
8731b810 82b43667 0000023b 8c69ceb8 8c69cfb8 nt!VfErrorReport1+0x4d
8731b844 82b3bef7 8c69cfb8 8c69cfb8 8babf588 nt!ViGenericVerifyIrpStackDownward+0x103
8731b860 82b3a426 8bb28e38 8babfee0 8c69cfb8 nt!VfMajorVerifyIrpStackDownward+0x5a
8731b8c0 82b39d33 8ba555c0 8c69ceb8 8731b8f0 nt!IovpCallDriver1+0x468
8731b8d0 82b34670 8babfee0 8babfe68 8babfee0 nt!VfBeforeCallDriver+0xe7
8731b8f0 82841473 8c69cfb8 8c69ceb8 8babfee0 nt!IovCallDriver+0x206
8731b904 8c80f37c 8ba55638 8c69ceb8 82b346c3 nt!IofCallDriver+0x1b
WARNING: Stack unwind information not available. Following frames may be wrong.
8731b934 82841473 00000000 8c69cff8 8babfdb0 ASACPI+0x37c
8731b948 82b463d0 8bb47228 8c69ceb8 8babfc60 nt!IofCallDriver+0x1b
8731b960 82b346c3 8babfd18 8c69ceb8 8c69d000 nt!ViFilterDispatchGeneric+0x5e
8731b984 82841473 00000000 8731ba0c 8babfc60 nt!IovCallDriver+0x258
8731b998 82b39bcc 00000004 00000017 00000000 nt!IofCallDriver+0x1b
8731b9c4 82b434f7 89ba9110 8731b9e8 00000001 nt!VfIrpSendSynchronousIrp+0xa5
8731ba10 82b3c11f 89bf9518 8731ba9c 829b0bc1 nt!VfWmiTestStartedPdoStack+0x48
8731ba1c 829b0bc1 89ba9110 89bf9518 00000000 nt!VfMajorTestStartedPdoStack+0x48
8731ba9c 829ac9ff 00000001 00000000 8ba54328 nt!PipProcessStartPhase3+0x427
8731bc94 82990a2a 849c0b78 8ba54328 8731bcc8 nt!PipProcessDevNodeTree+0x2e6
8731bcd4 82818f99 8ba54328 82968e80 849b6020 nt!PiProcessStartSystemDevices+0x6d
8731bd00 82872f2b 00000000 00000000 849b6020 nt!PnpDeviceActionWorker+0x241
8731bd50 82a1366d 00000001 a0a36ada 00000000 nt!ExpWorkerThread+0x10d
8731bd90 828c50d9 82872e1e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: ASACPI+37c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ASACPI
IMAGE_NAME: ASACPI.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 411c2d04
FAILURE_BUCKET_ID: 0xc9_23b_VRF_ASACPI+37c
BUCKET_ID: 0xc9_23b_VRF_ASACPI+37c
Followup: MachineOwner
---------
In the second and more likely cause of them all verifier caused your ATI video driver to fail
Code:
020310-19125-01.dmp 2/3/2010 7:16:32 AM DRIVER_VERIFIER_DETECTED_VIOLATION 0x000000c4 0x000000f6 0x00000320 0x969cfb50 0x8cc3185b atikmdag.sys atikmdag.sys+2685b
here are the details
Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\020310-19125-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x82a46000 PsLoadedModuleList = 0x82b8e810
Debug session time: Wed Feb 3 10:15:22.528 2010 (GMT-5)
System Uptime: 0 days 0:00:35.182
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
....
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000f6, Referencing user handle as KernelMode.
Arg2: 00000320, Handle value being referenced.
Arg3: 969cfb50, Address of the current process.
Arg4: 8cc3185b, Address inside the driver that is performing the incorrect reference.
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*** WARNING: Unable to verify timestamp for dxgkrnl.sys
*** ERROR: Module load completed but symbols could not be loaded for dxgkrnl.sys
BUGCHECK_STR: 0xc4_f6
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: CCC.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82d7af03 to 82b22d10
STACK_TEXT:
9bb7e7d4 82d7af03 000000c4 000000f6 00000320 nt!KeBugCheckEx+0x1e
9bb7e7f4 82d7f766 00000320 969cfb50 87fde868 nt!VerifierBugCheckIfAppropriate+0x30
9bb7e888 82c6a26c 00000320 9bb7eba0 00000000 nt!VfCheckUserHandle+0x14f
9bb7e8bc 82c6a126 00000320 000f001f 00000000 nt!ObReferenceObjectByHandleWithTag+0x13b
9bb7e8e0 82d88736 00000320 000f001f 00000000 nt!ObReferenceObjectByHandle+0x21
9bb7e908 8cc3185b 00000320 000f001f 00000000 nt!VerifierObReferenceObjectByHandle+0x21
WARNING: Stack unwind information not available. Following frames may be wrong.
9bb7e938 8cc1e763 00000000 9bb7eba0 8b492fc0 atikmdag+0x2685b
9bb7e958 8cc21943 9bb7eba0 8b492fc0 9bb7eba0 atikmdag+0x13763
9bb7e974 8cc1b11e 9bb7eb90 00000020 9bb7eba0 atikmdag+0x16943
9bb7e9d8 8cc1b552 00000000 9bb7eb0c 00000038 atikmdag+0x1011e
9bb7ea04 8d08b435 8b492fc0 9bb7ea60 865cd000 atikmdag+0x10552
9bb7ea2c 8d08ae4a 9bb7ea60 16b07cd5 04c3dc30 dxgkrnl+0x2c435
9bb7ed28 82a8942a 04c3dc30 04c3dc6c 776d64f4 dxgkrnl+0x2be4a
9bb7ed28 776d64f4 04c3dc30 04c3dc6c 776d64f4 nt!KiFastCallEntry+0x12a
04c3dc6c 00000000 00000000 00000000 00000000 0x776d64f4
STACK_COMMAND: kb
FOLLOWUP_IP:
atikmdag+2685b
8cc3185b 3bc7 cmp eax,edi
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: atikmdag+2685b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49f1996c
FAILURE_BUCKET_ID: 0xc4_f6_atikmdag+2685b
BUCKET_ID: 0xc4_f6_atikmdag+2685b
Followup: MachineOwner
---------
In one of the rare 32 bit crashes it took driver verify to isolate and identify the offending drivers.
Here is what I would do
First
update the ancient driver.
Second
download a fresh copy of the video driver
Third
Run a system file check to verify and repair your system files
start>run>cmd>right click and run as admin>SFC /SCANNOW
dont forget to turn Driver Verifier off
Let us know the result and if you want to learn to read DMP's PM me.
Ken