Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\RubyZephos\Windows_NT6_BSOD_jcgriff2\121711-26972-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c68000 PsLoadedModuleList = 0xfffff800`02ea5e70
Debug session time: Sat Dec 17 19:08:42.056 2011 (UTC - 7:00)
System Uptime: 0 days 11:42:53.476
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002cb3adf}
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002cb3adf
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002cd7b29 to fffff80002cd85c0
STACK_TEXT:
fffff880`009ecc68 fffff800`02cd7b29 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009ecc70 fffff800`02cd5ff2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009ecdb0 fffff800`02cb3adf : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`06e3b000 fffff800`02ca0da8 : fffff880`06e3b0e0 fffffa80`0297c068 00000000`00000000 00000000`00000000 : nt!RtlSidHashInitialize+0x2f
fffff880`06e3b030 fffff800`02ca0eeb : fffffa80`0297c068 00000000`00000001 00000000`00000000 00000000`00000000 : nt!SepTokenFromAccessInformation+0xbc
fffff880`06e3b060 fffff880`01784c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x9f
fffff880`06e3b750 fffff880`0178294f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`06e3b7c0 fffff880`017849b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`06e3b810 fffff880`01784845 : fffffa80`04085370 fffffa80`04ade510 fffff880`06e3ba38 fffff880`06e3c170 : NETIO!FilterMatch+0x95
fffff880`06e3b860 fffff880`01785ccb : 00000000`00000000 00000000`00000000 fffff880`06e3c170 fffff880`06e3ba20 : NETIO!IndexListClassify+0x69
fffff880`06e3b8e0 fffff880`0183e797 : fffff880`06e3bdb8 fffff880`06e3bdb8 fffff880`06e3caf0 fffffa80`02521750 : NETIO!KfdClassify+0xa4e
fffff880`06e3bc50 fffff880`01837a0e : fffff880`01947690 00000000`00000000 fffffa80`04425690 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`06e3bc90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`01784c5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbe946f
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\RubyZephos\Windows_NT6_BSOD_jcgriff2\121911-29998-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c62000 PsLoadedModuleList = 0xfffff800`02e9fe70
Debug session time: Mon Dec 19 17:24:15.792 2011 (UTC - 7:00)
System Uptime: 1 days 22:15:01.197
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002cadadf}
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002cadadf
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002cd1b29 to fffff80002cd25c0
STACK_TEXT:
fffff880`009ecc68 fffff800`02cd1b29 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009ecc70 fffff800`02ccfff2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009ecdb0 fffff800`02cadadf : 00000000`00030000 00000000`27c3e011 00000000`00030000 00000000`27c3f011 : nt!KiDoubleFaultAbort+0xb2
fffff880`02951000 fffff800`02c9ada8 : fffff880`029510e0 fffffa80`0297b068 00000000`00030000 00000000`27c42011 : nt!RtlSidHashInitialize+0x2f
fffff880`02951030 fffff800`02c9aeeb : fffffa80`0297b068 00000000`00000001 00000000`00030000 00000000`27c45011 : nt!SepTokenFromAccessInformation+0xbc
fffff880`02951060 fffff880`0198dc5a : 00000000`00030000 00000000`27cb3011 00000000`00030000 00000000`27cb4011 : nt!SeAccessCheckFromState+0x9f
fffff880`02951750 fffff880`0198b94f : 00000000`00030000 00000000`27cba011 00000000`00030000 00000000`27cbb011 : NETIO!CompareSecurityContexts+0x6a
fffff880`029517c0 fffff880`0198d9b5 : 00000000`00030000 00000000`27cbf011 00000000`00030000 00000000`27cc0011 : NETIO!MatchValues+0xef
fffff880`02951810 fffff880`0198d845 : fffffa80`04b63c20 fffffa80`047ea120 fffff880`02951a38 fffff880`02952170 : NETIO!FilterMatch+0x95
fffff880`02951860 fffff880`0198eccb : 00000000`00000000 00000000`00000000 fffff880`02952170 fffff880`02951a20 : NETIO!IndexListClassify+0x69
fffff880`029518e0 fffff880`01a3d797 : fffff880`02951db8 fffff880`02951db8 fffff880`02952af0 fffffa80`0496c9a0 : NETIO!KfdClassify+0xa4e
fffff880`02951c50 fffff880`01a36a0e : fffff880`01b46690 00000000`00000000 fffffa80`052f4a90 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`02951c90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`0198dc5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbe946f
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\RubyZephos\Windows_NT6_BSOD_jcgriff2\122011-37861-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c62000 PsLoadedModuleList = 0xfffff800`02e9fe70
Debug session time: Tue Dec 20 07:32:02.998 2011 (UTC - 7:00)
System Uptime: 0 days 13:44:37.403
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002cdc994}
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002cdc994
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002cd1b29 to fffff80002cd25c0
STACK_TEXT:
fffff880`009ecc68 fffff800`02cd1b29 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009ecc70 fffff800`02ccfff2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009ecdb0 fffff800`02cdc994 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`03115fa0 fffff800`02cd7c47 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SepMandatoryIntegrityCheck+0x14
fffff880`03116020 fffff800`02c9af4e : fffffa80`054b6940 00000000`00000001 00000000`00000000 fffffa80`02999068 : nt!SeAccessCheckWithHint+0x317
fffff880`03116100 fffff880`01606c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x102
fffff880`031167f0 fffff880`0160494f : 00000000`c0000022 00000000`00000000 00000000`feafc97b 00000000`feaf797b : NETIO!CompareSecurityContexts+0x6a
fffff880`03116860 fffff880`016069b5 : 80000000`5c232963 00000000`00000000 80000000`67d45963 80000000`686dc963 : NETIO!MatchValues+0xef
fffff880`031168b0 fffff880`01606845 : fffffa80`04ce3110 fffffa80`055c4b50 fffff880`03116ad8 fffff880`03117210 : NETIO!FilterMatch+0x95
fffff880`03116900 fffff880`01607ccb : 00000000`00000000 00000000`00000000 fffff880`03117210 fffff880`03116ac0 : NETIO!IndexListClassify+0x69
fffff880`03116980 fffff880`0183d797 : fffff880`03116e58 fffff880`03116e58 fffff880`03117b90 fffffa80`06952030 : NETIO!KfdClassify+0xa4e
fffff880`03116cf0 fffff880`01836a0e : fffff880`01946690 00000000`00000000 fffffa80`04767620 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`03116d30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`01606c5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbe946f
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\RubyZephos\Windows_NT6_BSOD_jcgriff2\010712-37580-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c1c000 PsLoadedModuleList = 0xfffff800`02e59e70
Debug session time: Sat Jan 7 15:04:32.918 2012 (UTC - 7:00)
System Uptime: 7 days 8:39:58.198
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002c67adf}
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002c67adf
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002c8bb29 to fffff80002c8c5c0
STACK_TEXT:
fffff880`009ecc68 fffff800`02c8bb29 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009ecc70 fffff800`02c89ff2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009ecdb0 fffff800`02c67adf : 0d61f1c8`00000001 00000fe8`00000000 00000060`0c8a0000 024331a8`0d60f8d0 : nt!KiDoubleFaultAbort+0xb2
fffff880`078a4000 fffff800`02c54da8 : fffff880`078a40e0 fffffa80`0299a068 00000002`00000020 0000001f`00000000 : nt!RtlSidHashInitialize+0x2f
fffff880`078a4030 fffff800`02c54eeb : fffffa80`0299a068 00000000`00000001 00000000`0c8a63d0 00000000`00000000 : nt!SepTokenFromAccessInformation+0xbc
fffff880`078a4060 fffff880`0171cc5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x9f
fffff880`078a4750 fffff880`0171a94f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`078a47c0 fffff880`0171c9b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`078a4810 fffff880`0171c845 : fffffa80`04d97470 fffffa80`04c1f920 fffff880`078a4a38 fffff880`078a5170 : NETIO!FilterMatch+0x95
fffff880`078a4860 fffff880`0171dccb : 00000000`00000000 00000000`00000000 fffff880`078a5170 fffff880`078a4a20 : NETIO!IndexListClassify+0x69
fffff880`078a48e0 fffff880`0183d797 : fffff880`078a4db8 fffff880`078a4db8 fffff880`078a5af0 fffffa80`0259b030 : NETIO!KfdClassify+0xa4e
fffff880`078a4c50 fffff880`01836a0e : fffff880`01946690 00000000`00000000 fffffa80`02b18170 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`078a4c90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`0171cc5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbe946f
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\RubyZephos\Windows_NT6_BSOD_jcgriff2\010712-24211-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c4c000 PsLoadedModuleList = 0xfffff800`02e89e70
Debug session time: Sat Jan 7 18:08:25.177 2012 (UTC - 7:00)
System Uptime: 0 days 3:03:31.598
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002c97adf}
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002c97adf
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002cbbb29 to fffff80002cbc5c0
STACK_TEXT:
fffff880`009ecc68 fffff800`02cbbb29 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009ecc70 fffff800`02cb9ff2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009ecdb0 fffff800`02c97adf : 840fffff`fe788589 fe44b58b`00000bb1 fffffe4c`bd8bffff c985ffff`fe488d8b : nt!KiDoubleFaultAbort+0xb2
fffff880`08742000 fffff800`02c84da8 : fffff880`087420e0 fffffa80`02999068 0f63f883`000007ef 5a646a00`00040a84 : nt!RtlSidHashInitialize+0x2f
fffff880`08742030 fffff800`02c84eeb : fffffa80`02999068 00000000`00000001 00fffffe`6abd8000 840fffff`fe74bd8b : nt!SepTokenFromAccessInformation+0xbc
fffff880`08742060 fffff880`01752c5a : e9000000`6ffffffe fe64b5ff`00000119 fffffe74`8dffffff 5959ffff`f4d2e850 : nt!SeAccessCheckFromState+0x9f
fffff880`08742750 fffff880`0175094f : fccce9ff`fffe44b5 fffffcc6`e947ffff 8dffffff`fe64b5ff f45ee850`fffffe74 : NETIO!CompareSecurityContexts+0x6a
fffff880`087427c0 fffff880`017529b5 : fffe4485`8b00ffff e9002083`660974ff e90000c6`000002e0 fe6b85c6`000002d8 : NETIO!MatchValues+0xef
fffff880`08742810 fffff880`01752845 : fffffa80`04bf99d0 fffffa80`053350d0 fffff880`08742a38 fffff880`08743170 : NETIO!FilterMatch+0x95
fffff880`08742860 fffff880`01753ccb : 00000000`00000000 00000000`00000000 fffff880`08743170 fffff880`08742a20 : NETIO!IndexListClassify+0x69
fffff880`087428e0 fffff880`0183f797 : fffff880`08742db8 fffff880`08742db8 fffff880`08743af0 fffffa80`01d7c2a0 : NETIO!KfdClassify+0xa4e
fffff880`08742c50 fffff880`01838a0e : fffff880`01948690 00000000`00000000 fffffa80`048bba70 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`08742c90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`01752c5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbe946f
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )