Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\Dump Files\081510-13509-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82c00000 PsLoadedModuleList = 0x82d48810
Debug session time: Sun Aug 15 01:44:47.744 2010 (GMT-4)
System Uptime: 2 days 0:19:55.690
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.................
Unable to load image \SystemRoot\system32\DRIVERS\atikmdag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 922a140f, 9315e7fc, 9315e3e0}
*** WARNING: Unable to verify timestamp for atikmpag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
*** WARNING: Unable to verify timestamp for dxgkrnl.sys
*** ERROR: Module load completed but symbols could not be loaded for dxgkrnl.sys
Probably caused by : atikmdag.sys ( atikmdag+26440f )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 922a140f, The address that the exception occurred at
Arg3: 9315e7fc, Exception Record Address
Arg4: 9315e3e0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
atikmdag+26440f
922a140f ff82e4010000 inc dword ptr [edx+1E4h]
EXCEPTION_RECORD: 9315e7fc -- (.exr 0xffffffff9315e7fc)
ExceptionAddress: 922a140f (atikmdag+0x0026440f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 000001e4
Attempt to write to address 000001e4
CONTEXT: 9315e3e0 -- (.cxr 0xffffffff9315e3e0)
eax=00000003 ebx=9315ea54 ecx=00000000 edx=00000000 esi=00000000 edi=00000001
eip=922a140f esp=9315e8c4 ebp=9315e8c4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
atikmdag+0x26440f:
922a140f ff82e4010000 inc dword ptr [edx+1E4h] ds:0023:000001e4=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 000001e4
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82d68718
Unable to read MiSystemVaType memory at 82d48160
000001e4
FOLLOWUP_IP:
atikmdag+26440f
922a140f ff82e4010000 inc dword ptr [edx+1E4h]
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 922c21c1 to 922a140f
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
9315e8c4 922c21c1 00000002 02ead000 0000000f atikmdag+0x26440f
9315e8e0 9204c63e 00b2ed00 00000002 02ead000 atikmdag+0x2851c1
9315e9b4 91588e48 8792af10 ffffffff 830156ee atikmdag+0xf63e
9315e9f8 918591ac 01f18940 85c70400 87a06000 atikmpag+0x4e48
9315ea20 9183707e 9315ea54 9315ea3c 918ee171 dxgkrnl+0x231ac
9315ea2c 918ee171 86ddf000 9315ea54 9315eb74 dxgkrnl+0x107e
9315ea3c 91906436 9315ea54 8792a4b8 a25efe58 dxgmms1!DXGADAPTER::DdiBuildPagingBuffer+0x11
9315eb74 91908add 00000000 a25efe58 00000000 dxgmms1!VIDMM_GLOBAL::DiscardAllocationInternal+0xa4
9315eb88 91915bcd a25efe58 28550a16 85d34290 dxgmms1!VIDMM_GLOBAL::DiscardAllocation+0x1b
9315ec58 919087ff a25efe58 00000000 8573e3f8 dxgmms1!VIDMM_MEMORY_SEGMENT::EvictResource+0x395
9315ecc4 91908e66 9315ece0 00000000 9315ecf8 dxgmms1!VIDMM_GLOBAL::ProcessDeferredCommand+0x741
9315ecf0 9190a4c8 00000000 9315ed18 9191e2cd dxgmms1!VIDMM_GLOBAL::ProcessTerminationCommand+0x40
9315ecfc 9191e2cd 85eb4e40 8573e3f8 8573e3f8 dxgmms1!VidMmiProcessTerminationCommand+0x10
9315ed18 9191f27d 8606a610 85d2b640 9315ed3c dxgmms1!VidSchiSubmitDeviceCommand+0x33
9315ed28 9191f4cc 8573e3f8 82c3c3f1 86dde4b8 dxgmms1!VidSchiSubmitQueueCommand+0xaf
9315ed3c 9191f573 86dde4b8 00000000 879fdd48 dxgmms1!VidSchiRun_PriorityTable+0x24
9315ed50 82e0e6d3 86dde4b8 bdb3843b 00000000 dxgmms1!VidSchiWorkerThread+0x7f
9315ed90 82cc00f9 9191f4f4 86dde4b8 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: atikmdag+26440f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4be0caf0
STACK_COMMAND: .cxr 0xffffffff9315e3e0 ; kb
FAILURE_BUCKET_ID: 0x7E_atikmdag+26440f
BUCKET_ID: 0x7E_atikmdag+26440f
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\Dump Files\081510-13696-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82c1e000 PsLoadedModuleList = 0x82d66810
Debug session time: Sun Aug 15 02:20:57.510 2010 (GMT-4)
System Uptime: 0 days 0:35:34.180
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1, {82e7b510, 0, ffff0000, 0}
Probably caused by : ntkrpamp.exe ( nt!NtDeviceIoControlFile+0 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->KernelApcDisable field. A negative value indicates that a driver
has disabled APC calls without re-enabling them. A positive value indicates
that the reverse is true. This check is made on exit from a system call.
Arguments:
Arg1: 82e7b510, address of system function (system call)
Arg2: 00000000, Thread->ApcStateIndex << 8 | Previous ApcStateIndex
Arg3: ffff0000, Thread->KernelApcDisable
Arg4: 00000000, Previous KernelApcDisable
Debugging Details:
------------------
FAULTING_IP:
nt!NtDeviceIoControlFile+0
82e7b510 8bff mov edi,edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: audiodg.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 774e64f4 to 82c617d3
STACK_TEXT:
8dc1bd34 774e64f4 badb0d00 01b5fc58 00000000 nt!KiServiceExit2+0x17a
WARNING: Frame IP not in any known module. Following frames may be wrong.
01b5fcb0 00000000 00000000 00000000 00000000 0x774e64f4
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!NtDeviceIoControlFile+0
82e7b510 8bff mov edi,edi
SYMBOL_NAME: nt!NtDeviceIoControlFile+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c3fac
FAILURE_BUCKET_ID: 0x1_nt!NtDeviceIoControlFile+0
BUCKET_ID: 0x1_nt!NtDeviceIoControlFile+0
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\Dump Files\081510-14289-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82c1b000 PsLoadedModuleList = 0x82d63810
Debug session time: Sun Aug 15 21:20:11.434 2010 (GMT-4)
System Uptime: 0 days 0:41:30.730
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1, {82e78510, 0, ffff0000, 0}
Probably caused by : ntkrpamp.exe ( nt!NtDeviceIoControlFile+0 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->KernelApcDisable field. A negative value indicates that a driver
has disabled APC calls without re-enabling them. A positive value indicates
that the reverse is true. This check is made on exit from a system call.
Arguments:
Arg1: 82e78510, address of system function (system call)
Arg2: 00000000, Thread->ApcStateIndex << 8 | Previous ApcStateIndex
Arg3: ffff0000, Thread->KernelApcDisable
Arg4: 00000000, Previous KernelApcDisable
Debugging Details:
------------------
FAULTING_IP:
nt!NtDeviceIoControlFile+0
82e78510 8bff mov edi,edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: audiodg.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 774b64f4 to 82c5e7d3
STACK_TEXT:
a7ca3d34 774b64f4 badb0d00 0093f9a0 00000000 nt!KiServiceExit2+0x17a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0093f9f8 00000000 00000000 00000000 00000000 0x774b64f4
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!NtDeviceIoControlFile+0
82e78510 8bff mov edi,edi
SYMBOL_NAME: nt!NtDeviceIoControlFile+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c3fac
FAILURE_BUCKET_ID: 0x1_nt!NtDeviceIoControlFile+0
BUCKET_ID: 0x1_nt!NtDeviceIoControlFile+0
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\Downloads\A-Rar\Dump Files\081510-15662-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82c00000 PsLoadedModuleList = 0x82d48810
Debug session time: Sun Aug 15 20:38:00.051 2010 (GMT-4)
System Uptime: 0 days 18:16:21.721
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 98a152b1, 9d857be0, 0}
Probably caused by : win32k.sys ( win32k!xxxDoPaint+c4 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 98a152b1, The address that the exception occurred at
Arg3: 9d857be0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!xxxDoPaint+c4
98a152b1 0fb7482a movzx ecx,word ptr [eax+2Ah]
TRAP_FRAME: 9d857be0 -- (.trap 0xffffffff9d857be0)
ErrCode = 00000000
eax=00000000 ebx=fe916608 ecx=80000800 edx=00000000 esi=fea0dec8 edi=00000000
eip=98a152b1 esp=9d857c54 ebp=9d857c60 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!xxxDoPaint+0xc4:
98a152b1 0fb7482a movzx ecx,word ptr [eax+2Ah] ds:0023:0000002a=????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 98a099e0 to 98a152b1
STACK_TEXT:
9d857c60 98a099e0 00000000 9d857ce4 05301cf9 win32k!xxxDoPaint+0xc4
9d857cb4 98a01e76 9d857ce4 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x39c
9d857d18 82c4344a 0013fb48 00000000 00000000 win32k!NtUserPeekMessage+0x3f
9d857d18 775064f4 0013fb48 00000000 00000000 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0013faf8 00000000 00000000 00000000 00000000 0x775064f4
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxDoPaint+c4
98a152b1 0fb7482a movzx ecx,word ptr [eax+2Ah]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!xxxDoPaint+c4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c425a
FAILURE_BUCKET_ID: 0x8E_win32k!xxxDoPaint+c4
BUCKET_ID: 0x8E_win32k!xxxDoPaint+c4
Followup: MachineOwner
---------
Two of the dumps indicate c0000005 which is memory corruption. Three point to Windows system core drivers as the cause - which is highly unlikely - and one points to atikmdag.sys, which is an ATI Radeon driver.