Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\062410-16317-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Mini Kernel Dump does not have process information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c53e50
Debug session time: Thu Jun 24 12:47:02.871 2010 (GMT-4)
System Uptime: 0 days 1:28:08.963
Loading Kernel Symbols
.................................................
Loading User Symbols
Loading unloaded module list
...Missing image name, possible paged-out or corrupt data.
...........Missing image name, possible paged-out or corrupt data.
.........Missing image name, possible paged-out or corrupt data.
......Missing image name, possible paged-out or corrupt data.
..Missing image name, possible paged-out or corrupt data.
.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BugCheck 50, {fffff8a0435a84e0, 0, fffff8800fe2105b, 5}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+40ecb )
Followup: MachineOwner
---------
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8a0435a84e0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8800fe2105b, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cbe0e0
fffff8a0435a84e0
FAULTING_IP:
+5e23952f01a2d97c
fffff880`0fe2105b 48392cf0 cmp qword ptr [rax+rsi*8],rbp
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
CURRENT_IRQL: 0
TRAP_FRAME: fffff88003e17740 -- (.trap 0xfffff88003e17740)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a0435a84e0 rbx=0000000000000000 rcx=fffff8a00998c3d0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800fe2105b rsp=fffff88003e178d0 rbp=00000000001e7619
r8=fffffa80058497e0 r9=fffff88003e17901 r10=0000000000000000
r11=fffffa8007adf010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff880`0fe2105b 48392cf0 cmp qword ptr [rax+rsi*8],rbp ds:0002:fffff8a0`435a84e0=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b05801 to fffff80002a86600
STACK_TEXT:
fffff880`03e175d8 fffff800`02b05801 : 00000000`00000050 fffff8a0`435a84e0 00000000`00000000 fffff880`03e17740 : nt!KeBugCheckEx
fffff880`03e175e0 fffff800`02a846ee : 00000000`00000000 fffff8a0`0a6de1c0 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40ecb
fffff880`03e17740 fffff880`0fe2105b : fffff8a0`0b64da80 fffff880`0fe20d4b 00000000`00000095 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`03e178d0 fffff8a0`0b64da80 : fffff880`0fe20d4b 00000000`00000095 00000000`00000000 00000000`00000000 : 0xfffff880`0fe2105b
fffff880`03e178d8 fffff880`0fe20d4b : 00000000`00000095 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff8a0`0b64da80
fffff880`03e178e0 00000000`00000095 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`07ac0000 : 0xfffff880`0fe20d4b
fffff880`03e178e8 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`07ac0000 fffff880`0fe1e8af : <Unloaded_Unknown_Module_00000000`00000006>+0x8f
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+40ecb
fffff800`02b05801 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+40ecb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+40ecb
BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+40ecb
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\062410-18860-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a02000 PsLoadedModuleList = 0xfffff800`02c3fe50
Debug session time: Thu Jun 24 10:37:48.604 2010 (GMT-4)
System Uptime: 0 days 0:34:01.697
Loading Kernel Symbols
.................................................
Loading User Symbols
Loading unloaded module list
..
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BugCheck 50, {fffffa8045de5900, 0, fffff8800436dce5, 5}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!PoIdle+53a )
Followup: MachineOwner
---------
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8045de5900, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8800436dce5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002caa0e0
fffffa8045de5900
FAULTING_IP:
+5e23952f01f4d878
fffff880`0436dce5 ?? ???
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002a8013a to fffff88003de89c2
STACK_TEXT:
fffff800`04143c98 fffff800`02a8013a : 00000000`0027b57b fffffa80`072042f8 fffff800`02bfac40 00000000`00000001 : 0xfffff880`03de89c2
fffff800`04143ca0 fffff800`02a7adcc : fffff800`02bece80 fffff800`00000000 00000000`00000000 fffff800`02b92ce0 : nt!PoIdle+0x53a
fffff800`04143d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!PoIdle+53a
fffff800`02a8013a 0fba25061518000f bt dword ptr [nt!PerfGlobalGroupMask+0x8 (fffff800`02c01648)],0Fh
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!PoIdle+53a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0x50_nt!PoIdle+53a
BUCKET_ID: X64_0x50_nt!PoIdle+53a
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\062410-19999-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a02000 PsLoadedModuleList = 0xfffff800`02c3fe50
Debug session time: Thu Jun 24 10:02:17.393 2010 (GMT-4)
System Uptime: 0 days 0:15:32.485
Loading Kernel Symbols
.................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffa8045cb1620, 2, 1, fffff80002a76d2f}
Probably caused by : ntkrnlmp.exe ( nt!KiTryUnwaitThread+17f )
Followup: MachineOwner
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa8045cb1620, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a76d2f, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002caa0e0
fffffa8045cb1620
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiTryUnwaitThread+17f
fffff800`02a76d2f 488908 mov qword ptr [rax],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff880030cc9f0 -- (.trap 0xfffff880030cc9f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8045cb1620 rbx=0000000000000000 rcx=fffffa80052e2100
rdx=fffffa80052838c8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a76d2f rsp=fffff880030ccb80 rbp=fffff880030a4180
r8=0000000000000002 r9=0000000000000000 r10=00000000000001b4
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!KiTryUnwaitThread+0x17f:
fffff800`02a76d2f 488908 mov qword ptr [rax],rcx ds:fffffa80`45cb1620=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a71b69 to fffff80002a72600
STACK_TEXT:
fffff880`030cc8a8 fffff800`02a71b69 : 00000000`0000000a fffffa80`45cb1620 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`030cc8b0 fffff800`02a707e0 : 00000000`00000000 fffffa80`05283760 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`030cc9f0 fffff800`02a76d2f : 00000000`000000ff 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`030ccb80 fffff800`02a766d2 : fffffa80`06f3ba20 00000000`00000002 00000000`00000000 fffff880`030a4180 : nt!KiTryUnwaitThread+0x17f
fffff880`030ccbe0 fffff880`03fbd5e8 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`06f3ba28 : nt!KeSetEvent+0x142
fffff880`030ccc50 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`06f3ba28 00000000`00000000 : 0xfffff880`03fbd5e8
fffff880`030ccc58 00000000`00000000 : 00000000`00000000 fffffa80`06f3ba28 00000000`00000000 00000000`00000004 : 0xfffffa80`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTryUnwaitThread+17f
fffff800`02a76d2f 488908 mov qword ptr [rax],rcx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiTryUnwaitThread+17f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0xA_nt!KiTryUnwaitThread+17f
BUCKET_ID: X64_0xA_nt!KiTryUnwaitThread+17f
Followup: MachineOwner
---------
I found the driver, sptd.sys, at the time of the crash.