New
#21
Code:
- Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [D:\Kingston\BSODDmpFiles\scarborough\Windows_NT6_BSOD_jcgriff2\031812-49904-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330 Machine Name: Kernel base = 0xfffff800`03a4d000 PsLoadedModuleList = 0xfffff800`03c91650 Debug session time: Sun Mar 18 17:14:24.845 2012 (UTC - 6:00) System Uptime: 0 days 0:10:41.938 Loading Kernel Symbols ............................................................... ................................................................ ..................................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {fffff8800151a944, 0, 8, fffff8800151a944} Probably caused by : Ntfs.sys ( Ntfs! ?? ::NNGAKEGL::`string'+600 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff8800151a944, memory referenced Arg2: 0000000000000000, IRQL Arg3: 0000000000000008, value 0 = read operation, 1 = write operation Arg4: fffff8800151a944, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cfb100 fffff8800151a944 CURRENT_IRQL: 0 FAULTING_IP: Ntfs! ?? ::NNGAKEGL::`string'+600 fffff880`0151a944 55 push rbp CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: WDFME.exe TRAP_FRAME: fffff88008e73d20 -- (.trap 0xfffff88008e73d20) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff8800151a944 rbx=0000000000000000 rcx=fffff88008e73ef0 rdx=fffff88008e755a0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800151a944 rsp=fffff88008e73eb8 rbp=fffff88008e73ff0 r8=fffff88008e74670 r9=fffff88008e73ff0 r10=fffff88008e75650 r11=fffff88008e73f28 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc Ntfs! ?? ::NNGAKEGL::`string'+0x600: fffff880`0151a944 55 push rbp Resetting default scope LAST_CONTROL_TRANSFER: from fffff80003ac92e9 to fffff80003ac9d40 FAILED_INSTRUCTION_ADDRESS: Ntfs! ?? ::NNGAKEGL::`string'+600 fffff880`0151a944 55 push rbp STACK_TEXT: fffff880`08e73bd8 fffff800`03ac92e9 : 00000000`0000000a fffff880`0151a944 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx fffff880`08e73be0 fffff800`03ac7f60 : 00000000`00000008 fffff880`0151a944 00fcfcfc`00fcfc00 fffff880`0147dc30 : nt!KiBugCheckDispatch+0x69 fffff880`08e73d20 fffff880`0151a944 : fffff800`03af4fec 00fcfcfc`00fcfcfc 00fcfcfc`00fcfcfc 00fcfcfc`00fcfcfc : nt!KiPageFault+0x260 fffff880`08e73eb8 fffff800`03af4fec : 00fcfcfc`00fcfcfc 00fcfcfc`00fcfcfc 00fcfcfc`00fcfcfc 00fcfcfc`00fcfcfc : Ntfs! ?? ::NNGAKEGL::`string'+0x600 fffff880`08e73ec0 fffff800`03af4a6d : fffff880`0147dc24 fffff880`08e755a0 00000000`00000000 fffff880`0142d000 : nt!_C_specific_handler+0x8c fffff880`08e73f30 fffff800`03af3845 : fffff880`0147dc24 fffff880`08e73fa8 fffff880`08e74e18 fffff880`0142d000 : nt!RtlpExecuteHandlerForException+0xd fffff880`08e73f60 fffff800`03b047c1 : fffff880`08e74e18 fffff880`08e74670 fffff880`00000000 fffff6fc`c002db20 : nt!RtlDispatchException+0x415 fffff880`08e74640 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x135 STACK_COMMAND: kb FOLLOWUP_IP: Ntfs! ?? ::NNGAKEGL::`string'+600 fffff880`0151a944 55 push rbp SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: Ntfs! ?? ::NNGAKEGL::`string'+600 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_Ntfs!_??_::NNGAKEGL::_string_+600 BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_Ntfs!_??_::NNGAKEGL::_string_+600 Followup: MachineOwner ---------
- Loading Dump File [D:\Kingston\BSODDmpFiles\scarborough\Windows_NT6_BSOD_jcgriff2\031812-24897-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330 Machine Name: Kernel base = 0xfffff800`03a15000 PsLoadedModuleList = 0xfffff800`03c59650 Debug session time: Sun Mar 18 01:31:15.728 2012 (UTC - 6:00) System Uptime: 0 days 1:09:22.821 Loading Kernel Symbols ............................................................... ................................................................ ........................................ Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {fffffa82074b35b8, 2, 1, fffff88004607c84} Probably caused by : dxgmms1.sys ( dxgmms1!VidSchiSendToExecutionQueue+790 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffffa82074b35b8, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff88004607c84, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cc3100 fffffa82074b35b8 CURRENT_IRQL: 2 FAULTING_IP: dxgmms1!VidSchiSendToExecutionQueue+790 fffff880`04607c84 f0480fb1b4dda0050000 lock cmpxchg qword ptr [rbp+rbx*8+5A0h],rsi CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff88004ee7750 -- (.trap 0xfffff88004ee7750) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800749da30 rdx=fffffa80074f1c10 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88004607c84 rsp=fffff88004ee78e0 rbp=fffffa80074b3000 r8=fffffa80074b3000 r9=0000000000000000 r10=fffff8800460c244 r11=fffff88004ee78b0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc dxgmms1!VidSchiSendToExecutionQueue+0x790: fffff880`04607c84 f0480fb1b4dda0050000 lock cmpxchg qword ptr [rbp+rbx*8+5A0h],rsi ss:0018:fffffa80`074b35a0=0000000000000000 Resetting default scope LAST_CONTROL_TRANSFER: from fffff80003a912e9 to fffff80003a91d40 STACK_TEXT: fffff880`04ee7608 fffff800`03a912e9 : 00000000`0000000a fffffa82`074b35b8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`04ee7610 fffff800`03a8ff60 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`40000003 : nt!KiBugCheckDispatch+0x69 fffff880`04ee7750 fffff880`04607c84 : 00000000`00000003 fffffa80`074b3000 00000000`00000003 fffffa80`074b3d90 : nt!KiPageFault+0x260 fffff880`04ee78e0 fffff880`04639e65 : fffffa80`074b3001 fffffa80`00000001 00000000`00000000 fffffa80`074b3000 : dxgmms1!VidSchiSendToExecutionQueue+0x790 fffff880`04ee79e0 fffff880`04638d3c : 00000000`00000006 00000000`0005535b fffffa80`074fd960 fffffa80`0749d2a0 : dxgmms1!VidSchiSendToExecutionQueueWithWait+0x179 fffff880`04ee7ae0 fffff880`04638398 : fffff800`0529c000 fffff880`04637d00 fffffa80`00000000 fffffa80`000000ac : dxgmms1!VidSchiSubmitRenderCommand+0x920 fffff880`04ee7cd0 fffff880`04637e96 : 00000000`00000000 fffffa80`074fdd50 00000000`00000080 fffffa80`0749d2a0 : dxgmms1!VidSchiSubmitQueueCommand+0x50 fffff880`04ee7d00 fffff800`03d2bf7a : 00000000`01d28baf fffffa80`0749e060 fffffa80`024ad5f0 fffffa80`0749e060 : dxgmms1!VidSchiWorkerThread+0xd6 fffff880`04ee7d40 fffff800`03a829c6 : fffff800`03c06e80 fffffa80`0749e060 fffff800`03c14cc0 fffff880`01452384 : nt!PspSystemThreadStartup+0x5a fffff880`04ee7d80 00000000`00000000 : fffff880`04ee8000 fffff880`04ee2000 fffff880`04ee7680 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: dxgmms1!VidSchiSendToExecutionQueue+790 fffff880`04607c84 f0480fb1b4dda0050000 lock cmpxchg qword ptr [rbp+rbx*8+5A0h],rsi SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: dxgmms1!VidSchiSendToExecutionQueue+790 FOLLOWUP_NAME: MachineOwner MODULE_NAME: dxgmms1 IMAGE_NAME: dxgmms1.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce799c1 FAILURE_BUCKET_ID: X64_0xD1_dxgmms1!VidSchiSendToExecutionQueue+790 BUCKET_ID: X64_0xD1_dxgmms1!VidSchiSendToExecutionQueue+790 Followup: MachineOwner ---------
- Loading Dump File [D:\Kingston\BSODDmpFiles\scarborough\Windows_NT6_BSOD_jcgriff2\031812-18657-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330 Machine Name: Kernel base = 0xfffff800`03a5c000 PsLoadedModuleList = 0xfffff800`03ca0650 Debug session time: Sun Mar 18 00:19:14.177 2012 (UTC - 6:00) System Uptime: 0 days 0:00:59.270 Loading Kernel Symbols ............................................................... ................................................................ .............................. Loading User Symbols Loading unloaded module list ... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck F7, {f8804149219e, f8800149219e, ffff077ffeb6de61, 0} Probably caused by : Ntfs.sys ( Ntfs!_report_gsfailure+26 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_OVERRAN_STACK_BUFFER (f7) A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and bugcheck call is the one that overran its local variable(s). Arguments: Arg1: 0000f8804149219e, Actual security check cookie from the stack Arg2: 0000f8800149219e, Expected security check cookie Arg3: ffff077ffeb6de61, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME SECURITY_COOKIE: Expected 0000f8800149219e found 0000f8804149219e BUGCHECK_STR: 0xF7_ONE_BIT CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff88001458df2 to fffff80003ad8d40 STACK_TEXT: fffff880`0726e2e8 fffff880`01458df2 : 00000000`000000f7 0000f880`4149219e 0000f880`0149219e ffff077f`feb6de61 : nt!KeBugCheckEx fffff880`0726e2f0 fffff880`0144ac38 : fffffa80`0538c700 00000000`00000000 fffff8a0`0376bc00 fffff880`0726e700 : Ntfs!_report_gsfailure+0x26 fffff880`0726e330 fffff880`01442fc6 : fffff880`0726e6d0 fffffa80`07b49710 fffff8a0`0376bc70 00000000`00000000 : Ntfs!NtfsNonCachedIo+0xa76 fffff880`0726e500 fffff880`01444a68 : fffff880`0726e6d0 fffffa80`07b49710 fffff880`0726e801 fffffa80`07998801 : Ntfs!NtfsCommonRead+0x7a6 fffff880`0726e6a0 fffff880`012f3bcf : fffffa80`07b49ab0 fffffa80`07b49710 fffffa80`07998830 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8 fffff880`0726e8b0 fffff880`012f26df : fffffa80`0529ea30 fffffa80`07b2c301 fffffa80`0529ea00 fffffa80`07b49710 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`0726e940 fffff800`03b00125 : fffffa80`07b49730 fffffa80`07a25070 fffffa80`059645d0 000007fe`f8661000 : fltmgr!FltpDispatch+0xcf fffff880`0726e9a0 fffff800`03affbf9 : 00000000`00000001 00000000`00000001 fffffa80`05964510 fffffa80`00000020 : nt!IoPageRead+0x255 fffff880`0726ea30 fffff800`03ae649a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255 fffff880`0726eac0 fffff800`03ad6e6e : 00000000`00000001 000007fe`f8661000 00000000`77cc2501 000007fe`ff780000 : nt!MmAccessFault+0x146a fffff880`0726ec20 00000000`77be818d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e 00000000`0139efc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77be818d STACK_COMMAND: kb FOLLOWUP_IP: Ntfs!_report_gsfailure+26 fffff880`01458df2 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: Ntfs!_report_gsfailure+26 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b FAILURE_BUCKET_ID: X64_0xF7_ONE_BIT_MISSING_GSFRAME_Ntfs!_report_gsfailure+26 BUCKET_ID: X64_0xF7_ONE_BIT_MISSING_GSFRAME_Ntfs!_report_gsfailure+26 Followup: MachineOwner ---------
- Still pointing to your hard disk having errors...
- Points to your DirectX/graphics card...
- Points to hard disk errors...
Have you run the drive fitness tests?