Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_082610-11310-01.zip\092610-18782-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e4a000 PsLoadedModuleList = 0xfffff800`03087e50
Debug session time: Sat Sep 25 17:10:07.560 2010 (GMT-4)
System Uptime: 0 days 0:00:12.746
Loading Kernel Symbols
...............................................................
................................................................
....
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88003346898, fffff88003346100, fffff8800125a80c}
Probably caused by : Ntfs.sys ( Ntfs!NtfsDecrementCloseCounts+2c )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88003346898
Arg3: fffff88003346100
Arg4: fffff8800125a80c
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88003346898 -- (.exr 0xfffff88003346898)
ExceptionAddress: fffff8800125a80c (Ntfs!NtfsDecrementCloseCounts+0x000000000000002c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88003346100 -- (.cxr 0xfffff88003346100)
rax=effffa80044a1180 rbx=fffffa80061e3c70 rcx=fffffa80061e3c70
rdx=fffff8a001b28140 rsi=fffff8a001b28010 rdi=fffff88003346c38
rip=fffff8800125a80c rsp=fffff88003346ad0 rbp=fffff8000305f5a0
r8=fffff8a001b283a8 r9=0000000000000000 r10=fffff8a001b28010
r11=fffff88003346b52 r12=fffffa80044a1180 r13=0000000000000000
r14=fffff8a001b283a8 r15=0000000000000001
iopl=0 nv up ei pl zr ac po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010257
Ntfs!NtfsDecrementCloseCounts+0x2c:
fffff880`0125a80c f08380dc000000ff lock add dword ptr [rax+0DCh],0FFFFFFFFh ds:002b:effffa80`044a125c=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f20e0
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsDecrementCloseCounts+2c
fffff880`0125a80c f08380dc000000ff lock add dword ptr [rax+0DCh],0FFFFFFFFh
FAULTING_IP:
Ntfs!NtfsDecrementCloseCounts+2c
fffff880`0125a80c f08380dc000000ff lock add dword ptr [rax+0DCh],0FFFFFFFFh
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff880012f3813 to fffff8800125a80c
STACK_TEXT:
fffff880`03346ad0 fffff880`012f3813 : fffffa80`061e3c70 fffff800`0305f5a0 fffff8a0`01b28010 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0x2c
fffff880`03346b10 fffff880`012cd38f : fffffa80`061e3c70 fffff8a0`01b28140 fffff8a0`01b28010 fffffa80`044a1180 : Ntfs!NtfsCommonClose+0x353
fffff880`03346be0 fffff800`02ec7961 : 00000000`00000000 fffff800`02eae300 fffff800`030c1101 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`03346cb0 fffff800`0315ec06 : 80d4522c`9cd20e0a fffffa80`0371a680 00000000`00000080 fffffa80`036dc040 : nt!ExpWorkerThread+0x111
fffff880`03346d40 fffff800`02e98c26 : fffff880`03167180 fffffa80`0371a680 fffff880`031720c0 70c0f944`83adc468 : nt!PspSystemThreadStartup+0x5a
fffff880`03346d80 00000000`00000000 : fffff880`03347000 fffff880`03341000 fffff880`033469f0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsDecrementCloseCounts+2c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
STACK_COMMAND: .cxr 0xfffff88003346100 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsDecrementCloseCounts+2c
BUCKET_ID: X64_0x24_Ntfs!NtfsDecrementCloseCounts+2c
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_082610-11310-01.zip\092410-12620-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e56000 PsLoadedModuleList = 0xfffff800`03093e50
Debug session time: Thu Sep 23 10:20:54.444 2010 (GMT-4)
System Uptime: 0 days 0:02:26.630
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41790, fffffa8000325800, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33906 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8000325800
Arg3: 000000000000ffff
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41790
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002f39f9e to fffff80002ec6740
STACK_TEXT:
fffff880`03946648 fffff800`02f39f9e : 00000000`0000001a 00000000`00041790 fffffa80`00325800 00000000`0000ffff : nt!KeBugCheckEx
fffff880`03946650 fffff800`02f080da : 00000000`00000000 00000000`010cffff fffffa80`00000000 fffffa80`06af2060 : nt! ?? ::FNODOBFM::`string'+0x33906
fffff880`03946810 fffff800`02ec5993 : ffffffff`ffffffff fffff880`03946ad0 fffff880`03946ad8 00000000`00008000 : nt!NtFreeVirtualMemory+0x5ca
fffff880`03946900 fffff800`02ec1f30 : fffff800`03156a9f fffffa80`06af2060 fffffa80`064abb60 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`03946a98 fffff800`03156a9f : fffffa80`06af2060 fffffa80`064abb60 00000000`00000000 00000000`800706ba : nt!KiServiceLinkage
fffff880`03946aa0 fffff800`031abc4e : 00000000`01050000 00000000`00000000 00000000`800706ba fffffa80`05ddc890 : nt!RtlFreeUserStack+0x27
fffff880`03946ad0 fffff800`031af72d : fffff880`800706ba fffff800`031dc500 000007ff`fffd8000 00000000`00000000 : nt!PspExitThread+0x7ae
fffff880`03946b90 fffff800`031af969 : fffffa80`064abb60 00000000`800706ba fffffa80`064abb60 00000000`00000000 : nt!PspTerminateThreadByPointer+0x4d
fffff880`03946be0 fffff800`02ec5993 : fffffa80`064abb60 fffff880`03946ca0 00000000`00000000 00000000`00000000 : nt!NtTerminateThread+0x45
fffff880`03946c20 00000000`770b028a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`010cfe18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770b028a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+33906
fffff800`02f39f9e cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+33906
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33906
BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33906
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_082610-11310-01.zip\091210-17316-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e15000 PsLoadedModuleList = 0xfffff800`03052e50
Debug session time: Sat Sep 11 21:32:53.356 2010 (GMT-4)
System Uptime: 0 days 0:00:13.542
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff96000129651, fffff8800647f030, 0}
Probably caused by : win32k.sys ( win32k!xxxRealInternalGetMessage+211 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000129651, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff8800647f030, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!xxxRealInternalGetMessage+211
fffff960`00129651 39b9d8020000 cmp dword ptr [rcx+2D8h],edi
CONTEXT: fffff8800647f030 -- (.cxr 0xfffff8800647f030)
rax=0000000000000000 rbx=fffff900c1e02820 rcx=1000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff96000129651 rsp=fffff8800647fa00 rbp=fffff8800647fca0
r8=fffff900c1e00ea0 r9=000000003084c274 r10=00000000000034e4
r11=fffff900c1e12a50 r12=0000000000000001 r13=fffff8800647fb68
r14=00000000000020c8 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010206
win32k!xxxRealInternalGetMessage+0x211:
fffff960`00129651 39b9d8020000 cmp dword ptr [rcx+2D8h],edi ds:002b:10000000`000002d8=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff96000129d21 to fffff96000129651
STACK_TEXT:
fffff880`0647fa00 fffff960`00129d21 : 00000000`00000012 fffff800`000020c8 00000000`00000012 fffffa80`00000012 : win32k!xxxRealInternalGetMessage+0x211
fffff880`0647fae0 fffff960`00122787 : fffff8a0`012f0aa0 fffff8a0`01f23510 fffff8a0`01f23510 fffff800`0319b514 : win32k!xxxInternalGetMessage+0x35
fffff880`0647fb20 fffff800`02e84993 : fffffa80`05abf060 00000000`000cf508 fffff880`0647fbc8 0000007f`ffffffff : win32k!NtUserPeekMessage+0x77
fffff880`0647fbb0 00000000`77a3bb2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000cf4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77a3bb2a
FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+211
fffff960`00129651 39b9d8020000 cmp dword ptr [rcx+2D8h],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!xxxRealInternalGetMessage+211
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c483f
STACK_COMMAND: .cxr 0xfffff8800647f030 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!xxxRealInternalGetMessage+211
BUCKET_ID: X64_0x3B_win32k!xxxRealInternalGetMessage+211
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp1_082610-11310-01.zip\091210-11528-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e02000 PsLoadedModuleList = 0xfffff800`0303fe50
Debug session time: Sat Sep 11 21:40:44.947 2010 (GMT-4)
System Uptime: 0 days 0:00:15.133
Loading Kernel Symbols
...............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80003114ba3, fffff88003551618, fffff88003550e80}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+18088 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80003114ba3, The address that the exception occurred at
Arg3: fffff88003551618, Exception Record Address
Arg4: fffff88003550e80, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt! ?? ::NNGAKEGL::`string'+18088
fffff800`03114ba3 f00fc169f4 lock xadd dword ptr [rcx-0Ch],ebp
EXCEPTION_RECORD: fffff88003551618 -- (.exr 0xfffff88003551618)
ExceptionAddress: fffff80003114ba3 (nt! ?? ::NNGAKEGL::`string'+0x0000000000018088)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88003550e80 -- (.cxr 0xfffff88003550e80)
rax=000000000000000e rbx=fffff8a000130910 rcx=1000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003114ba3 rsp=fffff88003551850 rbp=00000000ffffffff
r8=0000000000000020 r9=fffff88003551ca0 r10=fffffa80059dab30
r11=fffffa80060ad588 r12=0000000000000000 r13=fffffa800371a140
r14=fffffa80060ad560 r15=fffff88003551c60
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt! ?? ::NNGAKEGL::`string'+0x18088:
fffff800`03114ba3 f00fc169f4 lock xadd dword ptr [rcx-0Ch],ebp ds:002b:0fffffff`fffffff4=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030aa0e0
ffffffffffffffff
FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+18088
fffff800`03114ba3 f00fc169f4 lock xadd dword ptr [rcx-0Ch],ebp
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff80003174068 to fffff80003114ba3
STACK_TEXT:
fffff880`03551850 fffff800`03174068 : 00000000`00000000 00000000`fffeffff fffff800`02feae68 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x18088
fffff880`03551890 fffff800`03172e52 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000001 : nt!AlpcpDestroyBlob+0x28
fffff880`035518c0 fffff800`03174006 : fffffa80`0371a140 00000000`00000000 00000000`00000000 fffffa80`0371a140 : nt!AlpcpReceiveMessage+0x65f
fffff880`03551960 fffff800`02e71993 : fffffa80`03721040 fffff880`03551b00 fffff880`03551c38 00000000`00000000 : nt!NtAlpcSendWaitReceivePort+0x1e6
fffff880`03551a10 fffff800`02e6df30 : fffff800`02e36d38 00000000`00000000 fffff880`03551c70 00000000`6f706d55 : nt!KiSystemServiceCopyEnd+0x13
fffff880`03551c18 fffff800`02e36d38 : 00000000`00000000 fffff880`03551c70 00000000`6f706d55 00000000`000007ff : nt!KiServiceLinkage
fffff880`03551c20 fffff800`03116c06 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopUmpoMessageThread+0x110
fffff880`03551d40 fffff800`02e50c26 : fffff880`009b1180 fffffa80`03721040 fffffa80`03705b60 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03551d80 00000000`00000000 : fffff880`03552000 fffff880`0354c000 fffff880`03551750 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+18088
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff88003550e80 ; kb
FAILURE_BUCKET_ID: X64_0x7E_nt!_??_::NNGAKEGL::_string_+18088
BUCKET_ID: X64_0x7E_nt!_??_::NNGAKEGL::_string_+18088
Followup: MachineOwner
---------
I find a driver on your system that is almost guaranteed to cause BSODs"