Code:
-
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\Kingston\BSODDmpFiles\akskimaster\021812-34211-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03268000 PsLoadedModuleList = 0xfffff800`034ad670
Debug session time: Sat Feb 18 17:04:44.241 2012 (GMT-7)
System Uptime: 0 days 0:01:10.770
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8000360dda0, fffff88007f4c0d0, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+2430 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8000360dda0, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff88007f4c0d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt! ?? ::NNGAKEGL::`string'+2430
fffff800`0360dda0 8b4910 mov ecx,dword ptr [rcx+10h]
CONTEXT: fffff88007f4c0d0 -- (.cxr 0xfffff88007f4c0d0)
rax=0000000000000000 rbx=0000000000000000 rcx=00000000ffffffff
rdx=fffffa80059f7bb0 rsi=fffff8a00301f240 rdi=fffffa80059f7a10
rip=fffff8000360dda0 rsp=fffff88007f4cab8 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000000 r10=0000000000000000
r11=fffff880009ea180 r12=0000000000000002 r13=0000000000000000
r14=0000000000000026 r15=fffff88007f4cb60
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt! ?? ::NNGAKEGL::`string'+0x2430:
fffff800`0360dda0 8b4910 mov ecx,dword ptr [rcx+10h] ds:002b:00000001`0000000f=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800035888e9 to fffff8000360dda0
STACK_TEXT:
fffff880`07f4cab8 fffff800`035888e9 : 00000000`00000000 00000000`00000000 fffff8a0`0301f200 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x2430
fffff880`07f4cac0 fffff800`03588558 : 00000000`00000000 00000000`000000a0 00000000`0188e308 00000000`00000000 : nt!EtwpRegisterUMGuid+0xb1
fffff880`07f4cb40 fffff800`032e3ed3 : fffffa80`0bb9c060 00000000`0188e2e8 00000000`000000a0 00000980`00000000 : nt!NtTraceControl+0x198
fffff880`07f4cbb0 00000000`77b52b5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0188e2c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b52b5a
FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+2430
fffff800`0360dda0 8b4910 mov ecx,dword ptr [rcx+10h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+2430
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff88007f4c0d0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!_??_::NNGAKEGL::_string_+2430
BUCKET_ID: X64_0x3B_nt!_??_::NNGAKEGL::_string_+2430
Followup: MachineOwner
---------
-
Loading Dump File [F:\Kingston\BSODDmpFiles\akskimaster\021812-40669-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03260000 PsLoadedModuleList = 0xfffff800`034a5670
Debug session time: Sat Feb 18 17:03:05.172 2012 (GMT-7)
System Uptime: 0 days 3:37:06.701
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa80059f7ab0, fffffa80059f7b30, 4080041}
GetPointerFromAddress: unable to read from fffff8000350f100
Probably caused by : ntkrnlmp.exe ( nt!ObpCloseHandleTableEntry+c4 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa80059f7ab0, The pool entry we were looking for within the page.
Arg3: fffffa80059f7b30, The next pool entry.
Arg4: 0000000004080041, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffffa80059f7ab0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: mcshield.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8000340acae to fffff800032dcc40
STACK_TEXT:
fffff880`0762c838 fffff800`0340acae : 00000000`00000019 00000000`00000020 fffffa80`059f7ab0 fffffa80`059f7b30 : nt!KeBugCheckEx
fffff880`0762c840 fffff800`032e6afc : fffffa80`059f7ae0 fffff8a0`01680c50 fffffa80`6e657645 fffff8a0`028ba6f0 : nt!ExDeferredFreePool+0x12da
fffff880`0762c8f0 fffff800`035d3f44 : fffff8a0`01680c50 00000000`00000000 fffffa80`0b461630 00000000`00000000 : nt!ObfDereferenceObject+0xdc
fffff880`0762c950 fffff800`03594344 : 00000000`00000700 fffff8a0`01680c50 fffff8a0`0259cc00 00000000`00000700 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`0762c9e0 fffff800`03594244 : 00000000`00000404 00000000`00000000 fffffa80`0b400b30 fffff800`03581471 : nt!ObpCloseHandleProcedure+0x30
fffff880`0762ca20 fffff800`035948c2 : fffff8a0`016a6a01 00000000`00000001 fffffa80`0b400b30 00000000`00000001 : nt!ExSweepHandleTable+0x74
fffff880`0762ca60 fffff800`035b2ad2 : fffff8a0`016a6a70 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObKillProcess+0x62
fffff880`0762caa0 fffff800`0359448c : 00000000`00000000 00000000`00000001 000007ff`fffde000 00000000`00000000 : nt!PspExitThread+0x522
fffff880`0762cba0 fffff800`032dbed3 : fffffa80`0b400b30 00000000`00000000 fffffa80`0b461630 00000000`004c0000 : nt!NtTerminateProcess+0x138
fffff880`0762cc20 00000000`77be15da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0030fc08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77be15da
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObpCloseHandleTableEntry+c4
fffff800`035d3f44 33c0 xor eax,eax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ObpCloseHandleTableEntry+c4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x19_20_nt!ObpCloseHandleTableEntry+c4
BUCKET_ID: X64_0x19_20_nt!ObpCloseHandleTableEntry+c4
Followup: MachineOwner
---------
-
Loading Dump File [F:\Kingston\BSODDmpFiles\akskimaster\021512-49483-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0325e000 PsLoadedModuleList = 0xfffff800`034a3670
Debug session time: Wed Feb 15 19:39:10.226 2012 (GMT-7)
System Uptime: 0 days 0:02:33.381
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa80059f7630, fffffa80059f7b30, 4500014}
GetPointerFromAddress: unable to read from fffff8000350d100
Probably caused by : ntkrnlmp.exe ( nt!ObfDereferenceObjectWithTag+93 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa80059f7630, The pool entry we were looking for within the page.
Arg3: fffffa80059f7b30, The next pool entry.
Arg4: 0000000004500014, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffffa80059f7630
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003408cae to fffff800032dac40
STACK_TEXT:
fffff880`031d2b88 fffff800`03408cae : 00000000`00000019 00000000`00000020 fffffa80`059f7630 fffffa80`059f7b30 : nt!KeBugCheckEx
fffff880`031d2b90 fffff800`032c70a3 : 00000000`00000001 00000000`00000000 fffffa80`65726854 00000000`00000001 : nt!ExDeferredFreePool+0x12da
fffff880`031d2c40 fffff800`032ba9e9 : 00000000`00000000 fffffa80`05a42680 fffffa80`059f7a20 fffff6fc`400402a0 : nt!ObfDereferenceObjectWithTag+0x93
fffff880`031d2c80 fffff800`032e5001 : fffff800`032ba950 fffff800`0347b310 fffffa80`05a42680 00000000`00000000 : nt!PspReaper+0x99
fffff880`031d2cb0 fffff800`03575fee : 00000000`00000000 fffffa80`05a42680 00000000`00000080 fffffa80`05a2e040 : nt!ExpWorkerThread+0x111
fffff880`031d2d40 fffff800`032cc5e6 : fffff880`02fd5180 fffffa80`05a42680 fffff880`02fdffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`031d2d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObfDereferenceObjectWithTag+93
fffff800`032c70a3 488b742448 mov rsi,qword ptr [rsp+48h]
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!ObfDereferenceObjectWithTag+93
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x19_20_nt!ObfDereferenceObjectWithTag+93
BUCKET_ID: X64_0x19_20_nt!ObfDereferenceObjectWithTag+93
Followup: MachineOwner
---------
-
Loading Dump File [F:\Kingston\BSODDmpFiles\akskimaster\020312-32651-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03249000 PsLoadedModuleList = 0xfffff800`0348e670
Debug session time: Fri Feb 3 15:40:23.814 2012 (GMT-7)
System Uptime: 0 days 0:02:07.344
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff800032f8c91, fffff880031cb608, fffff880031cae60}
Probably caused by : memory_corruption ( nt!MiGetNextNode+25 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800032f8c91, The address that the exception occurred at
Arg3: fffff880031cb608, Exception Record Address
Arg4: fffff880031cae60, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiGetNextNode+25
fffff800`032f8c91 488b4808 mov rcx,qword ptr [rax+8]
EXCEPTION_RECORD: fffff880031cb608 -- (.exr 0xfffff880031cb608)
ExceptionAddress: fffff800032f8c91 (nt!MiGetNextNode+0x0000000000000025)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000100000007
Attempt to read from address 0000000100000007
CONTEXT: fffff880031cae60 -- (.cxr 0xfffff880031cae60)
rax=00000000ffffffff rbx=fffffa8005a42b60 rcx=fffffa80059f7c20
rdx=fffffa80088a0079 rsi=fffffa8008b4ed48 rdi=fffffa80059f7c20
rip=fffff800032f8c91 rsp=fffff880031cb848 rbp=fffffa80088a2010
r8=000000000000000a r9=00000000000007ff r10=0000000000000801
r11=0000000000000000 r12=fffff8a003e3c000 r13=0000000000000000
r14=fffff8a003e3c280 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!MiGetNextNode+0x25:
fffff800`032f8c91 488b4808 mov rcx,qword ptr [rax+8] ds:002b:00000001`00000007=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000100000007
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034f8100
0000000100000007
FOLLOWUP_IP:
nt!MiGetNextNode+25
fffff800`032f8c91 488b4808 mov rcx,qword ptr [rax+8]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff8000365d000 to fffff800032f8c91
STACK_TEXT:
fffff880`031cb848 fffff800`0365d000 : fffffa80`08b4ed48 fffffa80`05a42b60 fffff880`00000006 fffff8a0`0035b780 : nt!MiGetNextNode+0x25
fffff880`031cb850 fffff800`036a17c1 : fffffa80`08b4eb30 00000000`00001404 fffffa80`0beaa000 00000000`00000002 : nt!MmEnumerateAndReferenceImages+0x160
fffff880`031cb8d0 fffff800`036a1a34 : fffffa80`08b4eb30 fffff800`00000020 fffff800`036a1800 fffff880`031cb9f0 : nt!EtwpEnumerateImages+0x51
fffff880`031cb920 fffff800`03658906 : fffffa80`0aeceb30 fffffa80`08b4eb30 fffff800`036a1860 fffff880`031cb9f0 : nt!EtwpProcessEnumCallback+0x1d4
fffff880`031cb9a0 fffff800`036a1b81 : fffff880`031cbad8 fffffa80`059eac01 fffffa80`059eaa00 fffffa80`059eaa00 : nt!PsEnumProcesses+0x26
fffff880`031cb9d0 fffff800`036a1bd7 : 00000000`00000000 00000000`00000002 fffff800`03465120 fffffa80`059eaa40 : nt!EtwpProcessThreadImageRundown+0x51
fffff880`031cba20 fffff800`0370d86c : 00000000`00401802 fffffa80`059eace8 fffffa80`059eaa40 fffff800`033f4fbd : nt!EtwpKernelTraceRundown+0x47
fffff880`031cba50 fffff800`0370d96f : fffffa80`059eaa40 00000000`00000002 fffff8a0`03084a70 00000000`00000000 : nt!EtwpUpdateLoggerGroupMasks+0x22c
fffff880`031cbb50 fffff800`0351c889 : 00000000`00000000 fffff8a0`03084a70 00000000`00000000 fffff800`032d9ab6 : nt!EtwpStopLoggerInstance+0x4f
fffff880`031cbb90 fffff800`0351c600 : 00000000`00000000 00000000`00000002 fffffa80`059eaa40 ffffffff`88ca6c00 : nt!EtwpStopTrace+0x129
fffff880`031cbc00 fffff800`03734d35 : ffffffff`ffffffff 00000000`00000001 ffffffff`000000b4 00000000`00000001 : nt! ?? ::NNGAKEGL::`string'+0x5937c
fffff880`031cbc70 fffff800`032d0001 : fffff800`03466200 fffff800`03734b70 fffff800`034662b8 fffffa80`05a42b60 : nt!PerfDiagpProxyWorker+0x1c5
fffff880`031cbcb0 fffff800`03560fee : 00000000`00000000 fffffa80`05a42b60 00000000`00000080 fffffa80`05a2e040 : nt!ExpWorkerThread+0x111
fffff880`031cbd40 fffff800`032b75e6 : fffff880`02fd5180 fffffa80`05a42b60 fffff880`02fdffc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`031cbd80 00000000`00000000 : fffff880`031cc000 fffff880`031c6000 fffff880`031cb260 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiGetNextNode+25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff880031cae60 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x7E_nt!MiGetNextNode+25
BUCKET_ID: X64_0x7E_nt!MiGetNextNode+25
Followup: MachineOwner
---------
-
Loading Dump File [F:\Kingston\BSODDmpFiles\akskimaster\013112-14180-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03267000 PsLoadedModuleList = 0xfffff800`034ac670
Debug session time: Tue Jan 31 20:13:54.053 2012 (GMT-7)
System Uptime: 0 days 0:00:37.208
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffffa800b5a10, 2, 1, fffff8000330d862}
Probably caused by : memory_corruption ( nt!MiReferenceControlArea+202 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffa800b5a10, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000330d862, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003516100
fffffffa800b5a10
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiReferenceControlArea+202
fffff800`0330d862 48894108 mov qword ptr [rcx+8],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: mfevtps.exe
TRAP_FRAME: fffff880078ab730 -- (.trap 0xfffff880078ab730)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800b419838 rbx=0000000000000000 rcx=fffffffa800b5a08
rdx=0000000080000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000330d862 rsp=fffff880078ab8c0 rbp=fffff88002f64180
r8=0000000000000000 r9=fffff88002f64180 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!MiReferenceControlArea+0x202:
fffff800`0330d862 48894108 mov qword ptr [rcx+8],rax ds:fffffffa`800b5a10=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032e31e9 to fffff800032e3c40
STACK_TEXT:
fffff880`078ab5e8 fffff800`032e31e9 : 00000000`0000000a fffffffa`800b5a10 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`078ab5f0 fffff800`032e1e60 : fffffa80`0b1a7010 fffff880`01303b70 00000000`00000000 fffffa80`0b17f180 : nt!KiBugCheckDispatch+0x69
fffff880`078ab730 fffff800`0330d862 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`078ab8c0 fffff800`035e0985 : 00000000`00000000 00000000`00000002 00000000`00000080 00000000`08000000 : nt!MiReferenceControlArea+0x202
fffff880`078ab930 fffff800`035bf596 : fffff880`078abb80 fffff880`078abca0 00000000`00000000 fffff880`078abb78 : nt!MmCreateSection+0x265
fffff880`078abb30 fffff800`032e2ed3 : fffffa80`0b377950 00000000`007cf2c8 fffff880`078abbc8 00000000`00000000 : nt!NtCreateSection+0x171
fffff880`078abbb0 00000000`76e617ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`007cf2a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e617ba
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiReferenceControlArea+202
fffff800`0330d862 48894108 mov qword ptr [rcx+8],rax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiReferenceControlArea+202
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xA_nt!MiReferenceControlArea+202
BUCKET_ID: X64_0xA_nt!MiReferenceControlArea+202
Followup: MachineOwner
---------
-
Loading Dump File [F:\Kingston\BSODDmpFiles\akskimaster\013112-36410-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03219000 PsLoadedModuleList = 0xfffff800`0345e670
Debug session time: Tue Jan 31 19:47:52.492 2012 (GMT-7)
System Uptime: 0 days 0:01:39.021
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {0, 2, 0, fffff800033c36fb}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+ca7 )
Followup: Pool_corruption
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800033c36fb, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+ca7
fffff800`033c36fb 488b00 mov rax,qword ptr [rax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WmiPrvSE.exe
TRAP_FRAME: fffff880077cc780 -- (.trap 0xfffff880077cc780)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff80003420690
rdx=0000000000000003 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800033c36fb rsp=fffff880077cc910 rbp=0000000000000000
r8=fffffa80059f6b90 r9=fffffa800a414440 r10=0000000000000001
r11=fffffa80059f6b90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
nt!ExDeferredFreePool+0xca7:
fffff800`033c36fb 488b00 mov rax,qword ptr [rax] ds:0400:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032951e9 to fffff80003295c40
STACK_TEXT:
fffff880`077cc638 fffff800`032951e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`077cc640 fffff800`03293e60 : 00000000`77868000 00000000`002bf000 00000000`00000202 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`077cc780 fffff800`033c36fb : fffffa80`0b557010 00000000`00000000 fffffa80`0b557000 fffff800`032c96fc : nt!KiPageFault+0x260
fffff880`077cc910 fffff800`033c51a1 : 00000000`00000080 fffffa80`0b5562f0 00000000`00000000 00000000`7ffeffff : nt!ExDeferredFreePool+0xca7
fffff880`077cc9a0 fffff800`03267744 : fffffa80`0b556300 00000000`00000000 00000000`20646156 00000000`00000000 : nt!ExFreePoolWithTag+0x411
fffff880`077cca50 fffff800`0356bb1a : fffff8a0`02996060 00000000`00000001 00000000`00000000 fffffa80`0a6f48b0 : nt!MmCleanProcessAddressSpace+0x244
fffff880`077ccaa0 fffff800`0354d48c : 00000000`00000000 00000000`00000001 000007ff`fffde000 00000000`00000000 : nt!PspExitThread+0x56a
fffff880`077ccba0 fffff800`03294ed3 : fffffa80`0b555b30 fffff880`00000000 fffffa80`0a6f48b0 000007fe`ff56b228 : nt!NtTerminateProcess+0x138
fffff880`077ccc20 00000000`778715da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001cf898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x778715da
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+ca7
fffff800`033c36fb 488b00 mov rax,qword ptr [rax]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExDeferredFreePool+ca7
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+ca7
BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+ca7
Followup: Pool_corruption
---------