Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\102510-25724-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x83846000 PsLoadedModuleList = 0x8398e810
Debug session time: Mon Oct 25 01:18:18.117 2010 (UTC - 4:00)
System Uptime: 0 days 0:01:32.131
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001904fb
Arg2: 9f2dfa80
Arg3: 9f2df660
Arg4: 87cc0f0a
Debugging Details:
------------------
EXCEPTION_RECORD: 9f2dfa80 -- (.exr 0xffffffff9f2dfa80)
ExceptionAddress: 87cc0f0a (Ntfs!NtfsLockHashBucket+0x00000014)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: 9f2df660 -- (.cxr 0xffffffff9f2df660)
eax=00000000 ebx=0000018c ecx=00000000 edx=85f3ab48 esi=8e7eb884 edi=9f2dfc7c
eip=87cc0f0a esp=9f2dfb48 ebp=9f2dfb4c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
Ntfs!NtfsLockHashBucket+0x14:
87cc0f0a 0300 add eax,dword ptr [eax] ds:0023:00000000=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
READ_ADDRESS: GetPointerFromAddress: unable to read from 839ae718
Unable to read MiSystemVaType memory at 8398e160
00000000
FOLLOWUP_IP:
Ntfs!NtfsLockHashBucket+14
87cc0f0a 0300 add eax,dword ptr [eax]
FAULTING_IP:
Ntfs!NtfsLockHashBucket+14
87cc0f0a 0300 add eax,dword ptr [eax]
BUGCHECK_STR: 0x24
MISALIGNED_IP:
Ntfs!NtfsLockHashBucket+14
87cc0f0a 0300 add eax,dword ptr [eax]
LAST_CONTROL_TRANSFER: from 87ca7ac3 to 87cc0f0a
STACK_TEXT:
9f2dfb4c 87ca7ac3 85f3ab48 0000018c 9f2dfb6c Ntfs!NtfsLockHashBucket+0x14
9f2dfba4 87ca865b 870d4308 85f3ab48 89a24470 Ntfs!NtfsFindPrefixHashEntry+0x12b
9f2dfc00 87caac5c 870d4308 87160e00 89a24470 Ntfs!NtfsFindStartingNode+0x7b6
9f2dfcdc 87c31210 870d4308 87160e00 8e7eb884 Ntfs!NtfsCommonCreate+0x65f
9f2dfd1c 838b610e 8e7eb81c 00000000 ffffffff Ntfs!NtfsCommonCreateCallout+0x20
9f2dfd1c 838b6205 8e7eb81c 00000000 ffffffff nt!KiSwapKernelStackAndExit+0x15a
8e7eb780 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsLockHashBucket+14
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffffffff9f2df660 ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED_Ntfs.sys
BUCKET_ID: IP_MISALIGNED_Ntfs.sys
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\101610-26551-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x83809000 PsLoadedModuleList = 0x83951810
Debug session time: Sat Oct 16 07:57:11.169 2010 (UTC - 4:00)
System Uptime: 0 days 0:01:33.167
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000, caller is trying to allocate zero bytes
Arg2: 00000000, current IRQL
Arg3: 00000000, pool type
Arg4: 00000000, number of bytes
Debugging Details:
------------------
Unable to load image \SystemRoot\System32\Drivers\avgtdix.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for avgtdix.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdix.sys
BUGCHECK_STR: 0xc4_0
CURRENT_IRQL: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: avgnsx.exe
LAST_CONTROL_TRANSFER: from 83b3df03 to 838e5d10
STACK_TEXT:
a78efa1c 83b3df03 000000c4 00000000 00000000 nt!KeBugCheckEx+0x1e
a78efa3c 83b4da31 00000000 00000000 00000001 nt!VerifierBugCheckIfAppropriate+0x30
a78efa54 83b39b7b 00000080 00000000 a78efa98 nt!ExAllocatePoolSanityChecks+0xb2
a78efa88 83b3974f 00000080 00000000 f24b5357 nt!VeAllocatePoolWithTagPriority+0x68
a78efaa4 8d6ed5ca 00000000 00000000 f24b5357 nt!VerifierExAllocatePoolWithTag+0x1e
a78efae0 8d6462c8 ab0f8f68 870baf68 00000020 afd!WskTdiEHReceive+0xb3
WARNING: Stack unwind information not available. Following frames may be wrong.
a78efb2c 8d64645f affd0f48 a07eaf74 a07eaf30 avgtdix+0x52c8
a78efb48 8d646ba7 affd0fa0 00000001 80000000 avgtdix+0x545f
a78efb80 8d6422a4 afea8f68 95b3d9a0 afea8f68 avgtdix+0x5ba7
a78efbcc 8d64457f 8c458578 afea8f68 a78efc00 avgtdix+0x12a4
a78efbdc 83b386c3 8c458578 afea8f68 97c431c0 avgtdix+0x357f
a78efc00 83845473 00000000 afea8f68 8c458578 nt!IovCallDriver+0x258
a78efc14 83a46eee 97c431c0 afea8f68 afea8fd8 nt!IofCallDriver+0x1b
a78efc34 83a63cd1 8c458578 97c431c0 00000000 nt!IopSynchronousServiceTail+0x1f8
a78efcd0 83a664ac 8c458578 afea8f68 00000000 nt!IopXxxControlFile+0x6aa
a78efd04 8384c42a 000002f0 000003bc 00000000 nt!NtDeviceIoControlFile+0x2a
a78efd04 775064f4 000002f0 000003bc 00000000 nt!KiFastCallEntry+0x12a
0147fd1c 00000000 00000000 00000000 00000000 0x775064f4
STACK_COMMAND: kb
FOLLOWUP_IP:
avgtdix+52c8
8d6462c8 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: avgtdix+52c8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: avgtdix
IMAGE_NAME: avgtdix.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c0819c9
FAILURE_BUCKET_ID: 0xc4_0_VRF_avgtdix+52c8
BUCKET_ID: 0xc4_0_VRF_avgtdix+52c8
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\110310-26067-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x82c43000 PsLoadedModuleList = 0x82d8b810
Debug session time: Tue Nov 2 01:00:48.990 2010 (UTC - 4:00)
System Uptime: 0 days 0:01:23.677
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 82e79e0d, 8203395c, 0}
Probably caused by : ntkrpamp.exe ( nt!CmpParseKey+8b8 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82e79e0d, The address that the exception occurred at
Arg3: 8203395c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!CmpParseKey+8b8
82e79e0d ff10 call dword ptr [eax]
TRAP_FRAME: 8203395c -- (.trap 0xffffffff8203395c)
ErrCode = 00000000
eax=00000005 ebx=8a5fb5a8 ecx=935aa0f4 edx=6141d0f9 esi=87e1b008 edi=00000000
eip=82e79e0d esp=820339d0 ebp=82033b48 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!CmpParseKey+0x8b8:
82e79e0d ff10 call dword ptr [eax] ds:0023:00000005=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82e641d7 to 82e79e0d
STACK_TEXT:
82033b48 82e641d7 87e0a9d8 84503508 8527f008 nt!CmpParseKey+0x8b8
82033bc4 82e8a24d 00000000 82033c18 00000040 nt!ObpLookupObjectName+0x4fa
82033c20 82e819a4 0058ecb0 84503508 00000001 nt!ObOpenObjectByName+0x159
82033d00 82e7c6f7 01aade78 00020019 0058ecb0 nt!CmOpenKey+0x1f4
82033d1c 82c8642a 01aade78 00020019 0058ecb0 nt!NtOpenKeyEx+0x18
82033d1c 773064f4 01aade78 00020019 0058ecb0 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0058ecf0 00000000 00000000 00000000 00000000 0x773064f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CmpParseKey+8b8
82e79e0d ff10 call dword ptr [eax]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpParseKey+8b8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc007
FAILURE_BUCKET_ID: 0x8E_nt!CmpParseKey+8b8
BUCKET_ID: 0x8E_nt!CmpParseKey+8b8
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\100510-25521-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x82a0d000 PsLoadedModuleList = 0x82b55810
Debug session time: Mon Oct 4 19:21:17.644 2010 (UTC - 4:00)
System Uptime: 0 days 0:09:59.642
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ded2e905, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 82a3fce9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82b75718
Unable to read MiSystemVaType memory at 82b55160
ded2e905
FAULTING_IP:
nt!RtlFxToFnFrame+d0
82a3fce9 108345f00a4a adc byte ptr [ebx+4A0AF045h],al
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 1
TRAP_FRAME: 94c7f73c -- (.trap 0xffffffff94c7f73c)
ErrCode = 00000002
eax=94c7fdc0 ebx=94c7f8c0 ecx=94c7f7e8 edx=00000007 esi=94c7fdea edi=94c7f80e
eip=82a3fce9 esp=94c7f7b0 ebp=94c7f7c4 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283
nt!RtlFxToFnFrame+0xd0:
82a3fce9 108345f00a4a adc byte ptr [ebx+4A0AF045h],al ds:0023:ded2e905=??
Resetting default scope
MISALIGNED_IP:
nt!RtlFxToFnFrame+d0
82a3fce9 108345f00a4a adc byte ptr [ebx+4A0AF045h],al
LAST_CONTROL_TRANSFER: from 82a535f8 to 82a928e3
STACK_TEXT:
94c7f724 82a535f8 00000001 ded2e905 00000000 nt!MmAccessFault+0x106
94c7f724 82a3fce9 00000001 ded2e905 00000000 nt!KiTrap0E+0xdc
94c7f7c4 00000000 00a77792 94c7f864 82a3fbb7 nt!RtlFxToFnFrame+0xd0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!RtlFxToFnFrame+d0
82a3fce9 108345f00a4a adc byte ptr [ebx+4A0AF045h],al
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!RtlFxToFnFrame+d0
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\123110-17612-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x83853000 PsLoadedModuleList = 0x8399b810
Debug session time: Fri Dec 31 08:28:56.187 2010 (UTC - 4:00)
System Uptime: 0 days 0:00:45.201
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 801e3000, 0, 0}
Probably caused by : ntkrpamp.exe ( nt!KiTrap0E+4c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 801e3000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
TRAP_FRAME: 9da63004 -- (.trap 0xffffffff9da63004)
ESP EDITED! New esp=00000000
ErrCode = 00000008
eax=9d980023 ebx=00000002 ecx=00000000 edx=00000060 esi=9da63070 edi=00000030
eip=00010046 esp=9da63078 ebp=838995a8 iopl=0 nv up di pl nz na po nc
cs=0000 ss=0010 ds=0023 es=0008 fs=0009 gs=0030 efl=00000000
00010046 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 00010046 to 838995a8
STACK_TEXT:
9da63004 00010046 00000000 00000000 00000000 nt!KiTrap0E+0x4c
WARNING: Frame IP not in any known module. Following frames may be wrong.
838995a8 00000000 5d8bffff 687d8b60 c70c5589 0x10046
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+4c
838995a8 f64103df test byte ptr [ecx+3],0DFh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c3fac
FAILURE_BUCKET_ID: 0x7f_8_nt!KiTrap0E+4c
BUCKET_ID: 0x7f_8_nt!KiTrap0E+4c
Followup: MachineOwner
---------