Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\012112-8533-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a58000 PsLoadedModuleList = 0xfffff800`02c9d670
Debug session time: Sat Jan 21 10:14:58.188 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:14.609
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff88000d858bf, 0, d6e96461}
Probably caused by : CI.dll ( CI!SHATransform+e1f )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88000d858bf, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000d6e96461, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
CI!SHATransform+e1f
fffff880`00d858bf 8b7c2430 mov edi,dword ptr [rsp+30h]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000000d6e96461
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d07100
00000000d6e96461
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff880034332e0 -- (.trap 0xfffff880034332e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000d6e96461 rbx=0000000000000000 rcx=00000000d72a76c4
rdx=00000000fb8841f8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000d858bf rsp=fffff88003433470 rbp=000000006c79c1e0
r8=0000000006560951 r9=000000000c32f522 r10=0000000026b953b6
r11=00000000c4cbf639 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
CI!SHATransform+0xe1f:
fffff880`00d858bf 8b7c2430 mov edi,dword ptr [rsp+30h] ss:fffff880`034334a0=15b19807
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b20588 to fffff80002ad4c40
STACK_TEXT:
fffff880`03432a58 fffff800`02b20588 : 00000000`0000001e ffffffff`c0000005 fffff880`00d858bf 00000000`00000000 : nt!KeBugCheckEx
fffff880`03432a60 fffff800`02ad42c2 : fffff880`03433238 00000000`5bb739f7 fffff880`034332e0 00000000`88dcc716 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`03433100 fffff800`02ad2e3a : 00000000`00000000 00000000`d6e96461 fffffa80`05319500 00000000`5bb739f7 : nt!KiExceptionDispatch+0xc2
fffff880`034332e0 fffff880`00d858bf : 6c79c1e0`44d28dcc 334ba770`da8027d4 5bb739f7`aaccf4e8 b03cccc7`88dcc716 : nt!KiPageFault+0x23a
fffff880`03433470 fffff880`00d85d0c : fffff880`034335d8 00800000`014cfb82 00000008`e4fca6d6 fffff800`4b405047 : CI!SHATransform+0xe1f
fffff880`03433500 fffff880`00d42830 : fffff880`03433800 00000000`00001000 00000000`00001000 00000000`00000000 : CI!A_SHAUpdate+0xcc
fffff880`03433540 fffff880`00d426ff : 00000000`00001000 fffff8a0`061e02e0 00000000`00148800 fffff8a0`061e02f0 : CI!HashpHashBytes+0x40
fffff880`03433570 fffff880`00d394c9 : 00000000`00000000 00000000`00000000 fffffa80`040f8180 fffffa80`05867450 : CI!HashKComputeMemoryHash+0x53
fffff880`034336b0 fffff800`02d6ca55 : fffffa80`04849170 fffffa80`04849170 fffff8a0`030d7000 fffffa80`0162d920 : CI!CiValidateImageData+0x295
fffff880`03433890 fffff800`02d6cb15 : fffffa80`00000000 fffffa80`00000b11 fffff880`00000000 fffffa80`0000fe00 : nt!SeValidateImageData+0x21
fffff880`034338c0 fffff800`02b0490b : fffffa80`0162d920 fffffa80`0425b810 00000000`00000000 ffffffff`ffffffff : nt!MiValidateImagePfn+0xb5
fffff880`03433910 fffff800`02afc6cf : fffffa80`0425b750 fffff880`03433a40 fffffa80`055fbec8 fffff960`000c66bf : nt!MiWaitForInPageComplete+0xa0f
fffff880`034339f0 fffff800`02ae302a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x28b
fffff880`03433a80 fffff800`02ad2d6e : 00000000`00000008 000007fe`fe571067 00000000`029b0901 00000000`029f8c10 : nt!MmAccessFault+0x146a
fffff880`03433be0 000007fe`fe571067 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0013ef10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fe571067
STACK_COMMAND: kb
FOLLOWUP_IP:
CI!SHATransform+e1f
fffff880`00d858bf 8b7c2430 mov edi,dword ptr [rsp+30h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: CI!SHATransform+e1f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: CI
IMAGE_NAME: CI.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7c944
FAILURE_BUCKET_ID: X64_0x1E_c0000005_CI!SHATransform+e1f
BUCKET_ID: X64_0x1E_c0000005_CI!SHATransform+e1f
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\012012-8533-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c5b670
Debug session time: Fri Jan 20 11:46:56.793 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:17.214
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002d613c6, fffff88009ed8a70, 0}
Probably caused by : hardware ( nt!CmpCreateKeyControlBlock+407 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002d613c6, Address of the instruction which caused the bugcheck
Arg3: fffff88009ed8a70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!CmpCreateKeyControlBlock+407
fffff800`02d613c6 3101 xor dword ptr [rcx],eax
CONTEXT: fffff88009ed8a70 -- (.cxr 0xfffff88009ed8a70)
rax=0000000000200000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8a00392c688 rsi=fffff8a00392c5d0 rdi=000000006a5588f1
rip=fffff80002d613c6 rsp=fffff88009ed9450 rbp=fffff8a002645024
r8=0000000000000005 r9=0000000000000002 r10=0000000000000000
r11=fffff8a00359d5c0 r12=fffff8a00392c5d4 r13=fffff8a00260d010
r14=0000000000000128 r15=fffff8a002604801
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!CmpCreateKeyControlBlock+0x407:
fffff800`02d613c6 3101 xor dword ptr [rcx],eax ds:002b:00000000`00000000=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
MISALIGNED_IP:
nt!CmpCreateKeyControlBlock+407
fffff800`02d613c6 3101 xor dword ptr [rcx],eax
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002d613c6
STACK_TEXT:
fffff880`09ed9450 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpCreateKeyControlBlock+0x407
FOLLOWUP_IP:
nt!CmpCreateKeyControlBlock+407
fffff800`02d613c6 3101 xor dword ptr [rcx],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpCreateKeyControlBlock+407
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xfffff88009ed8a70 ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011712-8548-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a60000 PsLoadedModuleList = 0xfffff800`02ca5670
Debug session time: Mon Jan 16 17:49:21.540 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:18.961
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff89f90da3db5, 1, fffff880011625ff, 5}
Could not read faulting driver name
Probably caused by : luafv.sys ( luafv!LuafvGenerateFileName+82 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff89f90da3db5, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff880011625ff, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d0f100
fffff89f90da3db5
FAULTING_IP:
fltmgr!FltpGetFileNameInformation+36f
fffff880`011625ff 488d55c8 lea rdx,[rbp-38h]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 1
TRAP_FRAME: fffff8800a3228e0 -- (.trap 0xfffff8800a3228e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8005b0ac80 rbx=0000000000000000 rcx=00000000000004bf
rdx=fffffa8004210010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880011625ff rsp=fffff8800a322a70 rbp=fffff8a003907560
r8=fffffa800426d1e0 r9=fffff8a0039075e0 r10=fffff88001179840
r11=fffffa80048a5640 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
fltmgr!FltpGetFileNameInformation+0x36f:
fffff880`011625ff 488d55c8 lea rdx,[rbp-38h]
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a873bf to fffff80002adcc40
STACK_TEXT:
fffff880`0a322778 fffff800`02a873bf : 00000000`00000050 fffff89f`90da3db5 00000000`00000001 fffff880`0a3228e0 : nt!KeBugCheckEx
fffff880`0a322780 fffff800`02adad6e : 00000000`00000001 fffff89f`90da3db5 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791
fffff880`0a3228e0 fffff880`011625ff : 00000000`00000000 fffffa80`05b0ac80 fffffa80`04002000 fffff8a0`0391d9f8 : nt!KiPageFault+0x16e
fffff880`0a322a70 fffff880`0117f5ef : fffffa80`05b04000 fffffa80`05b0ac80 00000000`00000000 00000000`00000000 : fltmgr!FltpGetFileNameInformation+0x36f
fffff880`0a322af0 fffff880`08811bca : fffffa80`042462c0 fffffa80`048a5770 00000000`00000000 fffff800`02c0b1de : fltmgr!FltGetFileNameInformationUnsafe+0x7f
fffff880`0a322b60 fffff880`01181035 : fffffa80`048a5770 fffff800`02b08830 fffff880`0a322c88 00000000`00000000 : luafv!LuafvGenerateFileName+0x82
fffff880`0a322b90 fffff880`01180ee7 : fffffa80`03a24000 00000000`00000000 fffffa80`048a5770 00000000`00000000 : fltmgr!FltpCallOpenedFileNameHandler+0x75
fffff880`0a322bd0 fffff880`01180e1e : fffffa80`048a5770 fffffa80`052dd010 00000000`00000000 fffff880`01162daa : fltmgr!FltpGetNormalizedFileNameWorker+0x27
fffff880`0a322c10 fffff880`011624fb : fffffa80`04210010 fffffa80`05b0ac80 fffffa80`04002000 fffff880`0a324000 : fltmgr!FltpCreateFileNameInformation+0xee
fffff880`0a322c70 fffff880`0117f5ef : 00000000`00008000 fffffa80`05b0ac80 fffffa80`052dd010 fffff880`0a322ea8 : fltmgr!FltpGetFileNameInformation+0x26b
fffff880`0a322cf0 fffff880`018a2fda : fffffa80`048a5770 00000000`00000000 00000000`00000844 fffffa80`03968de0 : fltmgr!FltGetFileNameInformationUnsafe+0x7f
fffff880`0a322d60 fffff880`018a2f23 : 00000000`00000000 fffff880`0a323c60 00000000`00000844 fffff880`0a323c60 : tcpip!WfpAleCaptureImageFileName+0x3a
fffff880`0a322db0 fffff880`018c495e : fffff8a0`003110d0 00000000`00000000 fffffa80`05b6a630 00000000`00000000 : tcpip!WfpCreateProcessNotifyRoutine+0x63
fffff880`0a322e90 fffff800`02dc9f0e : fffff8a0`00004490 fffff880`0a323c60 fffff8a0`002da4f0 00000000`00000002 : tcpip!CreateProcessNotifyRoutineEx+0xe
fffff880`0a322ec0 fffff800`02d86737 : fffffa80`05ca5b60 fffffa80`05b6a630 fffff880`0a323170 fffff880`0a3230ac : nt!PspInsertThread+0x66e
fffff880`0a323040 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateUserProcess+0x732
STACK_COMMAND: kb
FOLLOWUP_IP:
luafv!LuafvGenerateFileName+82
fffff880`08811bca 8bd8 mov ebx,eax
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: luafv!LuafvGenerateFileName+82
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: luafv
IMAGE_NAME: luafv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc295
FAILURE_BUCKET_ID: X64_0x50_luafv!LuafvGenerateFileName+82
BUCKET_ID: X64_0x50_luafv!LuafvGenerateFileName+82
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-3712-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c4b670
Debug session time: Mon Jan 16 03:12:41.010 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:20.431
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff88060bcacf2, 8, fffff88060bcacf2, 5}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+44791 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88060bcacf2, memory referenced.
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation.
Arg3: fffff88060bcacf2, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb5100
fffff88060bcacf2
FAULTING_IP:
+3231313266306334
fffff880`60bcacf2 ?? ???
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800a3f6600 -- (.trap 0xfffff8800a3f6600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a000c27840 rbx=0000000000000000 rcx=00000000000018a1
rdx=fffff88002f00000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88060bcacf2 rsp=fffff8800a3f6790 rbp=fffff8a007e32f80
r8=000000000000c508 r9=0000000000000050 r10=fffff80002a06000
r11=00000000000004ed r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff880`60bcacf2 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a2d3bf to fffff80002a82c40
STACK_TEXT:
fffff880`0a3f6498 fffff800`02a2d3bf : 00000000`00000050 fffff880`60bcacf2 00000000`00000008 fffff880`0a3f6600 : nt!KeBugCheckEx
fffff880`0a3f64a0 fffff800`02a80d6e : 00000000`00000008 fffff880`60bcacf2 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791
fffff880`0a3f6600 fffff880`60bcacf2 : fffff880`0a3f6850 00000000`00000000 00000000`41746e4d 00000000`000007ff : nt!KiPageFault+0x16e
fffff880`0a3f6790 fffff880`0a3f6850 : 00000000`00000000 00000000`41746e4d 00000000`000007ff fffff8a0`07e32f80 : 0xfffff880`60bcacf2
fffff880`0a3f6798 00000000`00000000 : 00000000`41746e4d 00000000`000007ff fffff8a0`07e32f80 00000000`00000032 : 0xfffff880`0a3f6850
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+44791
fffff800`02a2d3bf cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+44791
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+44791
BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+44791
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-8626-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a1c000 PsLoadedModuleList = 0xfffff800`02c61670
Debug session time: Mon Jan 16 03:11:58.609 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:27.029
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff8807c9a5121, 2, 8, fffff8807c9a5121}
Unable to load image \SystemRoot\system32\DRIVERS\netr28ux.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for netr28ux.sys
*** ERROR: Module load completed but symbols could not be loaded for netr28ux.sys
Probably caused by : netr28ux.sys ( netr28ux+418b0 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8807c9a5121, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff8807c9a5121, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ccb100
fffff8807c9a5121
CURRENT_IRQL: 2
FAULTING_IP:
+3231313266306334
fffff880`7c9a5121 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88002f1b460 -- (.trap 0xfffff88002f1b460)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8807c9a5121 rbx=0000000000000000 rcx=fffff88002665000
rdx=fffffa8005610014 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8807c9a5121 rsp=fffff88002f1b5f0 rbp=0000000000000000
r8=fffff88002f1b668 r9=fffff88002f1b66c r10=fffff80002a1c000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
fffff880`7c9a5121 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a981e9 to fffff80002a98c40
FAILED_INSTRUCTION_ADDRESS:
+3231313266306334
fffff880`7c9a5121 ?? ???
STACK_TEXT:
fffff880`02f1b318 fffff800`02a981e9 : 00000000`0000000a fffff880`7c9a5121 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff880`02f1b320 fffff800`02a96e60 : fffffa80`055cfe10 fffff880`06405f99 fffffa80`04730480 fffffa80`055cd9f0 : nt!KiBugCheckDispatch+0x69
fffff880`02f1b460 fffff880`7c9a5121 : fffffa80`055cd9f0 fffff880`026a68b0 00000000`000000e5 fffffa80`06768610 : nt!KiPageFault+0x260
fffff880`02f1b5f0 fffffa80`055cd9f0 : fffff880`026a68b0 00000000`000000e5 fffffa80`06768610 fffffa80`0561002c : 0xfffff880`7c9a5121
fffff880`02f1b5f8 fffff880`026a68b0 : 00000000`000000e5 fffffa80`06768610 fffffa80`0561002c fffffa80`055cd9f0 : 0xfffffa80`055cd9f0
fffff880`02f1b600 00000000`000000e5 : fffffa80`06768610 fffffa80`0561002c fffffa80`055cd9f0 00000000`00000008 : netr28ux+0x418b0
fffff880`02f1b608 fffffa80`06768610 : fffffa80`0561002c fffffa80`055cd9f0 00000000`00000008 00000000`00000004 : 0xe5
fffff880`02f1b610 fffffa80`0561002c : fffffa80`055cd9f0 00000000`00000008 00000000`00000004 fffffa80`051551b0 : 0xfffffa80`06768610
fffff880`02f1b618 fffffa80`055cd9f0 : 00000000`00000008 00000000`00000004 fffffa80`051551b0 fffff880`026a5ed3 : 0xfffffa80`0561002c
fffff880`02f1b620 00000000`00000008 : 00000000`00000004 fffffa80`051551b0 fffff880`026a5ed3 fffffa80`051d1000 : 0xfffffa80`055cd9f0
fffff880`02f1b628 00000000`00000004 : fffffa80`051551b0 fffff880`026a5ed3 fffffa80`051d1000 fffffa80`05610014 : 0x8
fffff880`02f1b630 fffffa80`051551b0 : fffff880`026a5ed3 fffffa80`051d1000 fffffa80`05610014 fffff880`02f1b668 : 0x4
fffff880`02f1b638 fffff880`026a5ed3 : fffffa80`051d1000 fffffa80`05610014 fffff880`02f1b668 fffff880`02f1b66c : 0xfffffa80`051551b0
fffff880`02f1b640 fffffa80`051d1000 : fffffa80`05610014 fffff880`02f1b668 fffff880`02f1b66c fffffa80`05610014 : netr28ux+0x40ed3
fffff880`02f1b648 fffffa80`05610014 : fffff880`02f1b668 fffff880`02f1b66c fffffa80`05610014 fffff880`0266dc52 : 0xfffffa80`051d1000
fffff880`02f1b650 fffff880`02f1b668 : fffff880`02f1b66c fffffa80`05610014 fffff880`0266dc52 fffffa80`0541ba20 : 0xfffffa80`05610014
fffff880`02f1b658 fffff880`02f1b66c : fffffa80`05610014 fffff880`0266dc52 fffffa80`0541ba20 fffffa80`051db0b0 : 0xfffff880`02f1b668
fffff880`02f1b660 fffffa80`05610014 : fffff880`0266dc52 fffffa80`0541ba20 fffffa80`051db0b0 0000000c`00000c00 : 0xfffff880`02f1b66c
fffff880`02f1b668 fffff880`0266dc52 : fffffa80`0541ba20 fffffa80`051db0b0 0000000c`00000c00 00000000`00000000 : 0xfffffa80`05610014
fffff880`02f1b670 fffffa80`0541ba20 : fffffa80`051db0b0 0000000c`00000c00 00000000`00000000 00000000`000000e5 : netr28ux+0x8c52
fffff880`02f1b678 fffffa80`051db0b0 : 0000000c`00000c00 00000000`00000000 00000000`000000e5 fffff880`026708e8 : 0xfffffa80`0541ba20
fffff880`02f1b680 0000000c`00000c00 : 00000000`00000000 00000000`000000e5 fffff880`026708e8 fffffa80`051d1000 : 0xfffffa80`051db0b0
fffff880`02f1b688 00000000`00000000 : 00000000`000000e5 fffff880`026708e8 fffffa80`051d1000 fffffa80`05890000 : 0xc`00000c00
STACK_COMMAND: kb
FOLLOWUP_IP:
netr28ux+418b0
fffff880`026a68b0 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: netr28ux+418b0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: netr28ux
IMAGE_NAME: netr28ux.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49a6032d
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_netr28ux+418b0
BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_netr28ux+418b0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-3853-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a4b000 PsLoadedModuleList = 0xfffff800`02c90670
Debug session time: Sun Jan 15 20:07:20.387 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:31.807
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 1, fffff880014633c0}
Probably caused by : NETIO.SYS ( NETIO!NsiEnumerateObjectsAllParametersEx+24f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880014633c0, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfa100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
ndis!ndisIfQueryObject+340
fffff880`014633c0 49890424 mov qword ptr [r12],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: msnmsgr.exe
TRAP_FRAME: fffff8800b34cec0 -- (.trap 0xfffff8800b34cec0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000008
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880014633c0 rsp=fffff8800b34d050 rbp=0000000000010285
r8=fffff8800145e000 r9=0000000000000000 r10=fffff8800145e000
r11=fffff880014c2758 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
ndis!ndisIfQueryObject+0x340:
fffff880`014633c0 49890424 mov qword ptr [r12],rax ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ac71e9 to fffff80002ac7c40
STACK_TEXT:
fffff880`0b34cd78 fffff800`02ac71e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0b34cd80 fffff800`02ac5e60 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0b34cec0 fffff880`014633c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0b34d050 fffff880`01465593 : 00000000`00000204 00000000`0000027c 00000000`00000000 fffff800`02ad9e84 : ndis!ndisIfQueryObject+0x340
fffff880`0b34d1e0 fffff880`01465d19 : fffffa80`047531a0 fffffa80`047531a0 fffffa80`04753200 fffffa80`05b0aaf8 : ndis!ndisNsiGetInterfaceRodEnumObject+0x243
fffff880`0b34d4a0 fffff880`01554aab : 00000000`00000000 fffffa80`00000008 00000000`00000290 fffffa80`00000238 : ndis!ndisNsiEnumerateAllInterfaceInformation+0x2ea
fffff880`0b34d590 fffff880`061c6e29 : fffffa80`05b09000 fffff8a0`00000070 fffffa80`065b5d00 fffff880`0b34d8d0 : NETIO!NsiEnumerateObjectsAllParametersEx+0x24f
fffff880`0b34d770 fffff880`061c88e8 : fffffa80`065b5d00 fffffa80`065b5c30 00000000`00000000 fffffa80`065b5c68 : nsiproxy!NsippEnumerateObjectsAllParameters+0x305
fffff880`0b34d960 fffff880`061c89db : fffffa80`0461ec50 00000000`00000000 00000000`00000001 00000000`00000003 : nsiproxy!NsippDispatchDeviceControl+0x70
fffff880`0b34d9a0 fffff800`02de2a97 : fffffa80`04278070 fffffa80`04278070 fffffa80`065b5d48 fffffa80`065b5c30 : nsiproxy!NsippDispatch+0x4b
fffff880`0b34d9d0 fffff800`02de32f6 : 00000000`099fe578 00000000`00000eac 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0b34db00 fffff800`02ac6ed3 : fffffa80`05afab60 00000000`099fe518 fffff880`0b34db88 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
fffff880`0b34db70 00000000`75042e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`099fee28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75042e09
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!NsiEnumerateObjectsAllParametersEx+24f
fffff880`01554aab 8bd8 mov ebx,eax
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: NETIO!NsiEnumerateObjectsAllParametersEx+24f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381
FAILURE_BUCKET_ID: X64_0xD1_NETIO!NsiEnumerateObjectsAllParametersEx+24f
BUCKET_ID: X64_0xD1_NETIO!NsiEnumerateObjectsAllParametersEx+24f
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-8548-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a12000 PsLoadedModuleList = 0xfffff800`02c57670
Debug session time: Sun Jan 15 20:05:56.646 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:28.926
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {100248c8d60, 2, 0, fffff8800768503a}
Unable to load image \SystemRoot\system32\DRIVERS\atikmdag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by : atikmdag.sys ( atikmdag+3e403a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000100248c8d60, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800768503a, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc1100
00000100248c8d60
CURRENT_IRQL: 2
FAULTING_IP:
atikmdag+3e403a
fffff880`0768503a 48ff6018 jmp qword ptr [rax+18h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88006f3c240 -- (.trap 0xfffff88006f3c240)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000100248c8d48 rbx=0000000000000000 rcx=fffff80002a914da
rdx=fffffa8005150270 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800768503a rsp=fffff88006f3c3d0 rbp=fffffa800597a980
r8=fffffa800597a980 r9=0000000000000242 r10=0000024200000c40
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
atikmdag+0x3e403a:
fffff880`0768503a 48ff6018 jmp qword ptr [rax+18h] ds:00000100`248c8d60=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a8e1e9 to fffff80002a8ec40
STACK_TEXT:
fffff880`06f3c0f8 fffff800`02a8e1e9 : 00000000`0000000a 00000100`248c8d60 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`06f3c100 fffff800`02a8ce60 : fffffa80`0597a980 fffff880`06f3c7f0 fffffa80`03c8ee40 fffffa80`05150000 : nt!KiBugCheckDispatch+0x69
fffff880`06f3c240 fffff880`0768503a : fffff880`07688d09 fffff880`0768a1fa fffffa80`05150000 fffffa80`05150000 : nt!KiPageFault+0x260
fffff880`06f3c3d0 fffff880`07688d09 : fffff880`0768a1fa fffffa80`05150000 fffffa80`05150000 fffffa80`0597a980 : atikmdag+0x3e403a
fffff880`06f3c3d8 fffff880`0768a1fa : fffffa80`05150000 fffffa80`05150000 fffffa80`0597a980 fffffa80`051501a0 : atikmdag+0x3e7d09
fffff880`06f3c3e0 fffffa80`05150000 : fffffa80`05150000 fffffa80`0597a980 fffffa80`051501a0 fffff880`06f3c500 : atikmdag+0x3e91fa
fffff880`06f3c3e8 fffffa80`05150000 : fffffa80`0597a980 fffffa80`051501a0 fffff880`06f3c500 fffffa80`0597a980 : 0xfffffa80`05150000
fffff880`06f3c3f0 fffffa80`0597a980 : fffffa80`051501a0 fffff880`06f3c500 fffffa80`0597a980 fffff880`047e8000 : 0xfffffa80`05150000
fffff880`06f3c3f8 fffffa80`051501a0 : fffff880`06f3c500 fffffa80`0597a980 fffff880`047e8000 fffff880`076a6460 : 0xfffffa80`0597a980
fffff880`06f3c400 fffff880`06f3c500 : fffffa80`0597a980 fffff880`047e8000 fffff880`076a6460 00000000`00000000 : 0xfffffa80`051501a0
fffff880`06f3c408 fffffa80`0597a980 : fffff880`047e8000 fffff880`076a6460 00000000`00000000 00000000`00000000 : 0xfffff880`06f3c500
fffff880`06f3c410 fffff880`047e8000 : fffff880`076a6460 00000000`00000000 00000000`00000000 fffffa80`05150000 : 0xfffffa80`0597a980
fffff880`06f3c418 fffff880`076a6460 : 00000000`00000000 00000000`00000000 fffffa80`05150000 fffffa80`05150020 : 0xfffff880`047e8000
fffff880`06f3c420 00000000`00000000 : 00000000`00000000 fffffa80`05150000 fffffa80`05150020 fffff880`06f3c7f0 : atikmdag+0x405460
STACK_COMMAND: kb
FOLLOWUP_IP:
atikmdag+3e403a
fffff880`0768503a 48ff6018 jmp qword ptr [rax+18h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: atikmdag+3e403a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmdag
IMAGE_NAME: atikmdag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ebb3c7e
FAILURE_BUCKET_ID: X64_0xD1_atikmdag+3e403a
BUCKET_ID: X64_0xD1_atikmdag+3e403a
Followup: MachineOwner
---------