Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Selections\Windows_NT6_BSOD_jcgriff2\011912-47829-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03a1f000 PsLoadedModuleList = 0xfffff800`03c64670
Debug session time: Thu Jan 19 06:11:04.463 2012 (UTC - 7:00)
System Uptime: 1 days 1:46:47.446
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {18, 2, 1, fffff8800ff2f71a}
Unable to load image \SystemRoot\system32\DRIVERS\Rt64win7.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Rt64win7.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : Rt64win7.sys ( Rt64win7+1671a )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000018, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800ff2f71a, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cce100
0000000000000018
CURRENT_IRQL: 2
FAULTING_IP:
Rt64win7+1671a
fffff880`0ff2f71a 894618 mov dword ptr [rsi+18h],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff8800d933710 -- (.trap 0xfffff8800d933710)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000094 rbx=0000000000000000 rcx=0000000000000001
rdx=000000000000000b rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800ff2f71a rsp=fffff8800d9338a0 rbp=fffffa800bba6290
r8=0000000000000094 r9=0000000000003fff r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
Rt64win7+0x1671a:
fffff880`0ff2f71a 894618 mov dword ptr [rsi+18h],eax ds:41a0:00000000`00000018=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003a9b1e9 to fffff80003a9bc40
STACK_TEXT:
fffff880`0d9335c8 fffff800`03a9b1e9 : 00000000`0000000a 00000000`00000018 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0d9335d0 fffff800`03a99e60 : fffffa80`0ca3f000 00000000`00000001 fffffa80`0bb1c740 fffffa80`0ca3f000 : nt!KiBugCheckDispatch+0x69
fffff880`0d933710 fffff880`0ff2f71a : fffffa80`0ca3f000 00000000`00000000 fffffa80`0ca3f618 00000000`00000001 : nt!KiPageFault+0x260
fffff880`0d9338a0 fffffa80`0ca3f000 : 00000000`00000000 fffffa80`0ca3f618 00000000`00000001 00000000`00000001 : Rt64win7+0x1671a
fffff880`0d9338a8 00000000`00000000 : fffffa80`0ca3f618 00000000`00000001 00000000`00000001 00000000`00000000 : 0xfffffa80`0ca3f000
STACK_COMMAND: kb
FOLLOWUP_IP:
Rt64win7+1671a
fffff880`0ff2f71a 894618 mov dword ptr [rsi+18h],eax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: Rt64win7+1671a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rt64win7
IMAGE_NAME: Rt64win7.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4df1baab
FAILURE_BUCKET_ID: X64_0xD1_Rt64win7+1671a
BUCKET_ID: X64_0xD1_Rt64win7+1671a
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Selections\Windows_NT6_BSOD_jcgriff2\012012-42619-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03a0a000 PsLoadedModuleList = 0xfffff800`03c4f670
Debug session time: Fri Jan 20 01:59:34.846 2012 (UTC - 7:00)
System Uptime: 0 days 1:57:54.829
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {8, 2, 1, fffff80003a92a26}
Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+c6 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003a92a26, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cb9100
0000000000000008
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiInsertTimerTable+c6
fffff800`03a92a26 4c894008 mov qword ptr [rax+8],r8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: uTorrent.exe
TRAP_FRAME: fffff8800dd52890 -- (.trap 0xfffff8800dd52890)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000107be84e02
rdx=fffffa800c8e4080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003a92a26 rsp=fffff8800dd52a20 rbp=fffffa800c8e4080
r8=fffffa800fb256a0 r9=00000000000000c8 r10=fffff880009b2180
r11=fffff880009b2100 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!KiInsertTimerTable+0xc6:
fffff800`03a92a26 4c894008 mov qword ptr [rax+8],r8 ds:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003a861e9 to fffff80003a86c40
STACK_TEXT:
fffff880`0dd52748 fffff800`03a861e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0dd52750 fffff800`03a84e60 : 00000000`00020000 fffff800`03a96720 fffff880`0dd52920 fffffa80`0fb25680 : nt!KiBugCheckDispatch+0x69
fffff880`0dd52890 fffff800`03a92a26 : 00000014`00000000 00000000`041e001f 00000008`00000002 fffff880`03164180 : nt!KiPageFault+0x260
fffff880`0dd52a20 fffff800`03a8c092 : fffffa80`0fb255c0 fffffa80`0fb255c0 fffffa80`00000000 fffffa80`00000004 : nt!KiInsertTimerTable+0xc6
fffff880`0dd52a80 fffff800`03a8e74f : 00000000`0000014c fffff800`03a741e5 fffffa80`000000c8 fffff880`0dd52ca0 : nt!KiCommitThreadWait+0x332
fffff880`0dd52b10 fffff800`03d7d44e : fffff880`0dd52c00 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x19f
fffff880`0dd52bb0 fffff800`03a85ed3 : fffffa80`0fb255c0 00000000`0000014c fffff880`0dd52bf8 fffffa80`0eed8810 : nt!NtWaitForSingleObject+0xde
fffff880`0dd52c20 00000000`75712e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`028cf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75712e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiInsertTimerTable+c6
fffff800`03a92a26 4c894008 mov qword ptr [rax+8],r8
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiInsertTimerTable+c6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KiInsertTimerTable+c6
BUCKET_ID: X64_0xA_nt!KiInsertTimerTable+c6
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Selections\Windows_NT6_BSOD_jcgriff2\012112-63445-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03a4f000 PsLoadedModuleList = 0xfffff800`03c94670
Debug session time: Fri Jan 20 06:37:43.439 2012 (UTC - 7:00)
System Uptime: 0 days 4:24:28.422
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {8, 2, 1, fffff80003bfa617}
Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+537 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80003bfa617, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExAllocatePoolWithTag+537
fffff800`03bfa617 48895808 mov qword ptr [rax+8],rbx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: avgwdsvc.exe
TRAP_FRAME: fffff8800c3d9390 -- (.trap 0xfffff8800c3d9390)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800c8cc790
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003bfa617 rsp=fffff8800c3d9520 rbp=0000000000001000
r8=0000000000000000 r9=fffff80003c565c0 r10=fffff80003c56348
r11=fffff8800c3d9650 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x537:
fffff800`03bfa617 48895808 mov qword ptr [rax+8],rbx ds:0001:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003acb1e9 to fffff80003acbc40
STACK_TEXT:
fffff880`0c3d9248 fffff800`03acb1e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0c3d9250 fffff800`03ac9e60 : 00000000`00120100 fffff800`03ddcb2b 00000000`0010019b fffff800`03c565c0 : nt!KiBugCheckDispatch+0x69
fffff880`0c3d9390 fffff800`03bfa617 : 00000000`00000000 fffff8a0`1071dca0 fffff8a0`1071dca0 fffff880`0c3d96f0 : nt!KiPageFault+0x260
fffff880`0c3d9520 fffff800`03dc5a5f : 00000000`00000000 fffffa80`1058a10c 00000000`00000000 fffffa80`00000000 : nt!ExAllocatePoolWithTag+0x537
fffff880`0c3d9610 fffff800`03dd3630 : fffffa80`00000000 fffffa80`0a9f4401 fffffa80`00000060 fffff880`0c3d96b8 : nt!ObpAllocateObject+0x12f
fffff880`0c3d9680 fffff800`03dc9e8a : 00000000`00000005 fffffa80`10d791c8 fffffa80`0b21fd90 fffffa80`0f7bc890 : nt!IopAllocRealFileObject+0xf0
fffff880`0c3d9730 fffff800`03dc6838 : fffffa80`0b21fd90 fffff800`00000000 fffffa80`10d79010 00000000`00000001 : nt!IopParseDevice+0x49a
fffff880`0c3d98c0 fffff800`03dc7a56 : 00000000`00000000 fffffa80`10d79010 fffff880`0c3d9c20 fffffa80`0a9eff30 : nt!ObpLookupObjectName+0x588
fffff880`0c3d99b0 fffff800`03dc935c : fffffa80`0ee6e7b0 00000000`00000000 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByName+0x306
fffff880`0c3d9a80 fffff800`03db4be4 : 00000000`01ade7b8 fffffa80`c0100000 00000000`01adf010 00000000`01ade758 : nt!IopCreateFile+0x2bc
fffff880`0c3d9b20 fffff800`03acaed3 : 00000000`00000000 fffffa80`0ab5ae00 00000000`746c6644 fffff880`0c3d9c38 : nt!NtOpenFile+0x58
fffff880`0c3d9bb0 00000000`77c8164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01ade718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c8164a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExAllocatePoolWithTag+537
fffff800`03bfa617 48895808 mov qword ptr [rax+8],rbx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExAllocatePoolWithTag+537
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExAllocatePoolWithTag+537
BUCKET_ID: X64_0xC5_2_nt!ExAllocatePoolWithTag+537
Followup: MachineOwner
---------