New
#1
Multiple BSOD's. I'm Lost.
Hi and thanks for the help that I know I'm going to get here. I've been reading these forums a lot lately. I've been getting several veried BSOD crashes. I have tried and tried to get my minidump files into zip form, but I am having no luck. I'll try to cut and past my dmp files here. Any help would be appreciated. I have 7 dmp files all together. I apologize ahead of time for how long this is...
Code:Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\012911-20108-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02e55000 PsLoadedModuleList = 0xfffff800`03092e50 Debug session time: Sat Jan 29 08:37:30.964 2011 (UTC - 7:00) System Uptime: 6 days 19:00:31.599 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ..................... Loading User Symbols Loading unloaded module list .................................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {10006002b, 2, 0, fffff80002ed0e13} Probably caused by : ntkrnlmp.exe ( nt!KiProcessExpiredTimerList+103 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 000000010006002b, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002ed0e13, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fd0e0 000000010006002b CURRENT_IRQL: 2 FAULTING_IP: nt!KiProcessExpiredTimerList+103 fffff800`02ed0e13 0fb6432b movzx eax,byte ptr [rbx+2Bh] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System TRAP_FRAME: fffff8000439a450 -- (.trap 0xfffff8000439a450) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000005 rbx=0000000000000000 rcx=fffffa8004f48068 rdx=fffff80003044420 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002ed0e13 rsp=fffff8000439a5e0 rbp=fffffa8005997210 r8=fffffa8003af6100 r9=000000000000000a r10=fffff80002e55000 r11=fffff8000439a5b0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po cy nt!KiProcessExpiredTimerList+0x103: fffff800`02ed0e13 0fb6432b movzx eax,byte ptr [rbx+2Bh] ds:00000000`0000002b=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ec4ca9 to fffff80002ec5740 STACK_TEXT: fffff800`0439a308 fffff800`02ec4ca9 : 00000000`0000000a 00000001`0006002b 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff800`0439a310 fffff800`02ec3920 : fffff880`40110088 00000001`00060000 fffffa80`056c94b0 fffff880`05ee953d : nt!KiBugCheckDispatch+0x69 fffff800`0439a450 fffff800`02ed0e13 : fffffa80`0504ea60 fffffa80`03af6168 fffffa80`03af6168 fffffa80`063c6c00 : nt!KiPageFault+0x260 fffff800`0439a5e0 fffff800`02ed14be : 00000556`52e3f7e0 fffff800`0439ac58 00000000`023dfe11 fffff800`030424a8 : nt!KiProcessExpiredTimerList+0x103 fffff800`0439ac30 fffff800`02ed0cb7 : 000001ac`da30f6c7 000001ac`023dfe11 000001ac`da30f6f8 00000000`00000011 : nt!KiTimerExpiration+0x1be fffff800`0439acd0 fffff800`02ecdeea : fffff800`0303fe80 fffff800`0304dc40 00000000`00000000 fffff880`0409edb0 : nt!KiRetireDpcList+0x277 fffff800`0439ad80 00000000`00000000 : fffff800`0439b000 fffff800`04395000 fffff800`0439ad40 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiProcessExpiredTimerList+103 fffff800`02ed0e13 0fb6432b movzx eax,byte ptr [rbx+2Bh] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!KiProcessExpiredTimerList+103 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9 FAILURE_BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+103 BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+103 Followup: MachineOwner --------- ________________________ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\020711-18657-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02e4b000 PsLoadedModuleList = 0xfffff800`03088e50 Debug session time: Mon Feb 7 06:42:04.128 2011 (UTC - 7:00) System Uptime: 0 days 0:08:04.845 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 4E, {99, b3164, 2, 4a04d} Probably caused by : memory_corruption ( nt!MiBadShareCount+4c ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PFN_LIST_CORRUPT (4e) Typically caused by drivers passing bad memory descriptor lists (ie: calling MmUnlockPages twice with the same list, etc). If a kernel debugger is available get the stack trace. Arguments: Arg1: 0000000000000099, A PTE or PFN is corrupt Arg2: 00000000000b3164, page frame number Arg3: 0000000000000002, current page state Arg4: 000000000004a04d, 0 Debugging Details: ------------------ BUGCHECK_STR: 0x4E_99 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: steamerrorrepo CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002f4b38c to fffff80002ebb740 STACK_TEXT: fffff880`06c4f638 fffff800`02f4b38c : 00000000`0000004e 00000000`00000099 00000000`000b3164 00000000`00000002 : nt!KeBugCheckEx fffff880`06c4f640 fffff800`02f2d6a9 : 00000014`00000000 fffff680`001fd000 efb00000`b2961025 00000000`00000002 : nt!MiBadShareCount+0x4c fffff880`06c4f680 fffff800`02eec381 : 00000000`3fa2d000 fffff680`001fd168 fffffa80`04095060 ef100000`b3164025 : nt! ?? ::FNODOBFM::`string'+0x31ed3 fffff880`06c4f830 fffff800`02eeedf9 : 00000000`00000000 00000000`3fa31fff fffffa80`00000000 fffffa80`00000000 : nt!MiDeleteVirtualAddresses+0x408 fffff880`06c4f9f0 fffff800`031d41d0 : fffffa80`08324220 0007ffff`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9 fffff880`06c4fb10 fffff800`031d45db : 00000980`00000000 00000000`3fa00000 fffffa80`00000001 fffffa80`07581a30 : nt!MiUnmapViewOfSection+0x1b0 fffff880`06c4fbd0 fffff800`02eba993 : 00000000`00000000 00000000`00000001 fffffa80`04095060 00000000`00000004 : nt!NtUnmapViewOfSection+0x5f fffff880`06c4fc20 00000000`7791fffa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0036e808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7791fffa STACK_COMMAND: kb FOLLOWUP_IP: nt!MiBadShareCount+4c fffff800`02f4b38c cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!MiBadShareCount+4c FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c Followup: MachineOwner __________________________ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\020711-24055-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02e0f000 PsLoadedModuleList = 0xfffff800`0304ce50 Debug session time: Sun Feb 6 23:11:26.926 2011 (UTC - 7:00) System Uptime: 3 days 3:13:07.938 Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. ................................................................ ..................... Loading User Symbols Loading unloaded module list ................................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffffa9003964630, 0, fffff80002fb3070, 5} Could not read faulting driver name Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1e4 ) Followup: Pool_corruption --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffffa9003964630, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff80002fb3070, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b70e0 fffffa9003964630 FAULTING_IP: nt!ExDeferredFreePool+1e4 fffff800`02fb3070 488b01 mov rax,qword ptr [rcx] MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: lsass.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff88006e27810 -- (.trap 0xfffff88006e27810) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa9003964630 rdx=fffff8a008813e10 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002fb3070 rsp=fffff88006e279a0 rbp=0000000000000000 r8=fffff8a00ea63a00 r9=fffff8a008814930 r10=fffff8a008814940 r11=0000000000000001 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc nt!ExDeferredFreePool+0x1e4: fffff800`02fb3070 488b01 mov rax,qword ptr [rcx] ds:fffffa90`03964630=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002efe8c1 to fffff80002e7f740 STACK_TEXT: fffff880`06e276a8 fffff800`02efe8c1 : 00000000`00000050 fffffa90`03964630 00000000`00000000 fffff880`06e27810 : nt!KeBugCheckEx fffff880`06e276b0 fffff800`02e7d82e : 00000000`00000000 00000000`00000004 00000000`00000700 fffffa80`0396d960 : nt! ?? ::FNODOBFM::`string'+0x40e8b fffff880`06e27810 fffff800`02fb3070 : 00000000`00000005 fffff800`0315130c fffff880`06e27ca0 fffff8a0`08842a50 : nt!KiPageFault+0x16e fffff880`06e279a0 fffff800`02fb44c1 : 00000000`00000001 fffff8a0`088429f0 fffffa80`06b00b60 fffff8a0`08842a00 : nt!ExDeferredFreePool+0x1e4 fffff880`06e27a30 fffff800`02e848bc : fffff8a0`08842a20 00000000`00000000 fffffa80`656b6f54 fffffa80`0396d960 : nt!ExFreePoolWithTag+0x411 fffff880`06e27ae0 fffff800`03195514 : fffffa80`05ea7730 00000000`00000000 fffffa80`06b00b60 00000000`00000000 : nt!ObfDereferenceObject+0xdc fffff880`06e27b40 fffff800`03195414 : 00000000`00000c30 fffffa80`05ea7730 fffff8a0`0180f650 00000000`00000c30 : nt!ObpCloseHandleTableEntry+0xc4 fffff880`06e27bd0 fffff800`02e7e993 : fffffa80`06b00b60 fffff880`06e27ca0 00000000`00000000 00000000`00000000 : nt!ObpCloseHandle+0x94 fffff880`06e27c20 00000000`776bfe4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00ffea98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776bfe4a STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+1e4 fffff800`02fb3070 488b01 mov rax,qword ptr [rcx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ExDeferredFreePool+1e4 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x50_nt!ExDeferredFreePool+1e4 BUCKET_ID: X64_0x50_nt!ExDeferredFreePool+1e4 Followup: Pool_corruption _______________________________ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\020911-20670-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16695.amd64fre.win7_gdr.101026-1503 Machine Name: Kernel base = 0xfffff800`02e51000 PsLoadedModuleList = 0xfffff800`0308ee50 Debug session time: Wed Feb 9 21:03:56.466 2011 (UTC - 7:00) System Uptime: 0 days 0:12:05.182 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ........................................... Loading User Symbols Missing image name, possible paged-out or corrupt data. Loading unloaded module list .Missing image name, possible paged-out or corrupt data. ..Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. ...Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. ...Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. Missing image name, possible paged-out or corrupt data. ...Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. ...Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. .Missing image name, possible paged-out or corrupt data. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {0, 0, 0, 0} Probably caused by : ntkrnlmp.exe ( nt!PoIdle+53a ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: 0000000000000000, The exception code that was not handled Arg2: 0000000000000000, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: 0000000000000000, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully. FAULTING_IP: Unknown_Module_00000000`00000000>+0 00000000`00000000 ?? ??? EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000000 ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0 BUGCHECK_STR: 0x1E_0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002ecf24a to fffff88003dde7f2 STACK_TEXT: fffff800`00b9cc98 fffff800`02ecf24a : 00000000`002fe564 fffffa80`055e19d8 fffff800`03049c40 00000000`00000001 : 0xfffff880`03dde7f2 fffff800`00b9cca0 fffff800`02ec9ebc : fffff800`0303be80 fffff800`00000000 00000000`00000000 fffff880`03e6fdb0 : nt!PoIdle+0x53a fffff800`00b9cd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c STACK_COMMAND: kb FOLLOWUP_IP: nt!PoIdle+53a fffff800`02ecf24a 0fba25f61318000f bt dword ptr [<Unloaded_Unknown_Module_00000000`00000000>+0x1813f6 (00000000`001813f6)],0Fh SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!PoIdle+53a FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4cc791bd FAILURE_BUCKET_ID: X64_0x1E_0_nt!PoIdle+53a BUCKET_ID: X64_0x1E_0_nt!PoIdle+53a Followup: MachineOwner --------- ________________________ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\021011-16270-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16695.amd64fre.win7_gdr.101026-1503 Machine Name: Kernel base = 0xfffff800`02e63000 PsLoadedModuleList = 0xfffff800`030a0e50 Debug session time: Thu Feb 10 19:40:36.129 2011 (UTC - 7:00) System Uptime: 0 days 0:03:05.846 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ........................ Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffffffffffffff5, 0, fffff800031ad43d, 0} Could not read faulting driver name Probably caused by : ntkrnlmp.exe ( nt!CmpKcbCacheLookup+1dd ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffffffffffffff5, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff800031ad43d, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310b0e0 fffffffffffffff5 FAULTING_IP: nt!CmpKcbCacheLookup+1dd fffff800`031ad43d 418b45f4 mov eax,dword ptr [r13-0Ch] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: essvr.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff88006347fb0 -- (.trap 0xfffff88006347fb0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000000000000e rbx=0000000000000000 rcx=0000000000000aaa rdx=000000000ef62637 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800031ad43d rsp=fffff88006348140 rbp=fffff8a00056d010 r8=0000000000000004 r9=0000000000000000 r10=0000000000000010 r11=fffff880063482f0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc nt!CmpKcbCacheLookup+0x1dd: fffff800`031ad43d 418b45f4 mov eax,dword ptr [r13-0Ch] ds:d501:ffffffff`fffffff4=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002f53f14 to fffff80002ed3740 STACK_TEXT: fffff880`06347e48 fffff800`02f53f14 : 00000000`00000050 ffffffff`fffffff5 00000000`00000000 fffff880`06347fb0 : nt!KeBugCheckEx fffff880`06347e50 fffff800`02ed182e : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`02f1cfdc : nt! ?? ::FNODOBFM::`string'+0x42837 fffff880`06347fb0 fffff800`031ad43d : fffff8a0`0000c010 00000000`28386cf4 fffff880`063486c4 fffff800`031a9566 : nt!KiPageFault+0x16e fffff880`06348140 fffff800`031ac9f8 : fffff880`063482f0 fffff880`00000003 fffff880`063486c8 fffff880`063486e0 : nt!CmpKcbCacheLookup+0x1dd fffff880`06348230 fffff800`031aac51 : fffff8a0`00020220 fffff880`063486e0 fffff880`06348718 fffff880`06348700 : nt!CmpBuildHashStackAndLookupCache+0x328 fffff880`06348610 fffff800`031cab84 : fffff800`031aa9b0 00000000`00000000 fffffa80`058ca010 fffff8a0`00ec3101 : nt!CmpParseKey+0x2a1 fffff880`063488e0 fffff800`031cfb4d : fffffa80`058ca010 fffff880`06348a40 00000000`00000040 fffffa80`039fca50 : nt!ObpLookupObjectName+0x585 fffff880`063489e0 fffff800`031aeabc : 00000000`00000000 00000000`00000000 fffff880`06348c01 00000000`00000000 : nt!ObOpenObjectByName+0x1cd fffff880`06348a90 fffff800`031b0bff : 00000000`0085e778 00000000`000f003f 00000000`0085e798 00000000`00000000 : nt!CmOpenKey+0x28a fffff880`06348be0 fffff800`02ed2993 : fffffa80`06a91660 fffff880`06348ca0 00000000`7efad000 00000000`00000004 : nt!NtOpenKeyEx+0xf fffff880`06348c20 00000000`7737060a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0085e738 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7737060a STACK_COMMAND: kb FOLLOWUP_IP: nt!CmpKcbCacheLookup+1dd fffff800`031ad43d 418b45f4 mov eax,dword ptr [r13-0Ch] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!CmpKcbCacheLookup+1dd FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4cc791bd FAILURE_BUCKET_ID: X64_0x50_nt!CmpKcbCacheLookup+1dd BUCKET_ID: X64_0x50_nt!CmpKcbCacheLookup+1dd Followup: MachineOwne ________________________________ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\101410-14726-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02e07000 PsLoadedModuleList = 0xfffff800`03044e50 Debug session time: Thu Oct 14 15:32:53.284 2010 (UTC - 7:00) System Uptime: 0 days 0:01:34.001 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ................... Loading User Symbols Loading unloaded module list ............. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, 80050031, 6f8, fffff88013f28b5a} Unable to load image \SystemRoot\system32\DRIVERS\nvlddmkm.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for nvlddmkm.sys *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys Probably caused by : nvlddmkm.sys ( nvlddmkm+efb5a ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: 0000000080050031 Arg3: 00000000000006f8 Arg4: fffff88013f28b5a Debugging Details: ------------------ BUGCHECK_STR: 0x7f_8 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 5 LAST_CONTROL_TRANSFER: from fffff80002e76ca9 to fffff80002e77740 STACK_TEXT: fffff880`009edce8 fffff800`02e76ca9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx fffff880`009edcf0 fffff800`02e75172 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`009ede30 fffff880`13f28b5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 fffff880`04dc7fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nvlddmkm+0xefb5a STACK_COMMAND: kb FOLLOWUP_IP: nvlddmkm+efb5a fffff880`13f28b5a e89df8ffff call nvlddmkm+0xef3fc (fffff880`13f283fc) SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nvlddmkm+efb5a FOLLOWUP_NAME: MachineOwner MODULE_NAME: nvlddmkm IMAGE_NAME: nvlddmkm.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c37918e FAILURE_BUCKET_ID: X64_0x7f_8_nvlddmkm+efb5a BUCKET_ID: X64_0x7f_8_nvlddmkm+efb5a Followup: MachineOwner --------- _____________________________ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\122910-18423-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: symsrv*symsrv.dll*e:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02e09000 PsLoadedModuleList = 0xfffff800`03046e50 Debug session time: Wed Dec 29 12:13:58.134 2010 (UTC - 7:00) System Uptime: 4 days 6:18:08.937 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ...................... Loading User Symbols Loading unloaded module list .................................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff8e002d639bc, 1, fffff80002fae2c2, 5} Could not read faulting driver name Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+212 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff8e002d639bc, memory referenced. Arg2: 0000000000000001, value 0 = read operation, 1 = write operation. Arg3: fffff80002fae2c2, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b10e0 fffff8e002d639bc FAULTING_IP: nt!ExFreePoolWithTag+212 fffff800`02fae2c2 ff411c inc dword ptr [rcx+1Ch] MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: wermgr.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff880070e22c0 -- (.trap 0xfffff880070e22c0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000005fffffffa0 rbx=0000000000000000 rcx=fffff8e002d639a0 rdx=fffff88002d63180 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002fae2c2 rsp=fffff880070e2450 rbp=0000000000000000 r8=0000000000010680 r9=0000000000000000 r10=fffff80002e09000 r11=0000000000000690 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz ac po nc nt!ExFreePoolWithTag+0x212: fffff800`02fae2c2 ff411c inc dword ptr [rcx+1Ch] ds:fffff8e0`02d639bc=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ef88c1 to fffff80002e79740 STACK_TEXT: fffff880`070e2158 fffff800`02ef88c1 : 00000000`00000050 fffff8e0`02d639bc 00000000`00000001 fffff880`070e22c0 : nt!KeBugCheckEx fffff880`070e2160 fffff800`02e7782e : 00000000`00000001 fffffa80`03d0eaf0 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40e8b fffff880`070e22c0 fffff800`02fae2c2 : fffffa80`03b64400 00000000`00000801 fffff8a0`00000000 fffff800`6c526d4d : nt!KiPageFault+0x16e fffff880`070e2450 fffff800`030d93fb : fffffa80`058a3df0 fffffa80`03d0eb48 fffffa80`6c526d4d 00000000`000007ff : nt!ExFreePoolWithTag+0x212 fffff880`070e2500 fffff800`030d9a6c : 00000000`00000240 fffffa80`05785b80 00000000`0000001c 00000000`00000004 : nt! ?? ::NNGAKEGL::`string'+0x3896e fffff880`070e25c0 fffff800`032d5c5c : 00000000`00000010 00000000`0000002c fffffa80`05785b50 00000000`0000002c : nt!MmPrefetchPages+0x6c fffff880`070e2620 fffff800`032d5e97 : fffff880`070e2740 00000000`00000001 00000000`00000000 00000000`00000000 : nt!PfSnPrefetchSections+0x43c fffff880`070e2710 fffff800`032d62bf : 00000357`9845dfe2 fffffa80`03b64450 fffff8a0`020c6000 00000000`00000000 : nt!PfSnPrefetchScenario+0x187 fffff880`070e2980 fffff800`030ce6df : 00000000`00000000 00000000`0f2ac88c fffffa80`03fb9810 00000000`00000000 : nt!PfSnBeginAppLaunch+0x35f fffff880`070e2a50 fffff800`031472fc : fffffa80`065ca990 fffffa80`03fb9810 00000000`16050800 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x50100 fffff880`070e2a80 fffff800`02e57d55 : fffff880`02d63180 00000000`00000000 fffff800`03147200 fffffa80`065ca990 : nt!PspUserThreadStartup+0xfc fffff880`070e2ae0 fffff800`02e57cd7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThread+0x16 fffff880`070e2c20 00000000`772a3000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThreadReturn 00000000`0020ff88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772a3000 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExFreePoolWithTag+212 fffff800`02fae2c2 ff411c inc dword ptr [rcx+1Ch] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ExFreePoolWithTag+212 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9 FAILURE_BUCKET_ID: X64_0x50_nt!ExFreePoolWithTag+212 BUCKET_ID: X64_0x50_nt!ExFreePoolWithTag+212 Followup: MachineOwner
Last edited by Brink; 10 Feb 2011 at 23:07. Reason: code box