After much debugging, crashing, and troubleshooting, I believe I may have found the problem. I'll be uninstalling this nonessential driver and conducting additional tests.
Program that's causing crashes:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800039b9768, fffff88008cdcc20, 0}
Probably caused by : ntkrnlmp.exe ( nt!ObpCaptureHandleInformation+68 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800039b9768, Address of the instruction which caused the bugcheck
Arg3: fffff88008cdcc20, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ObpCaptureHandleInformation+68
fffff800`039b9768 8a4128 mov al,byte ptr [rcx+28h]
CONTEXT: fffff88008cdcc20 -- (.cxr 0xfffff88008cdcc20)
rax=00000000000000f9 rbx=0000000000000a00 rcx=0000000000000000
rdx=fffff8800e890298 rsi=fffff8a014cde800 rdi=000000000017fffc
rip=fffff800039b9768 rsp=fffff88008cdd5f8 rbp=0000000000000000
r8=fffff8a014cde800 r9=fffffa8013e94e50 r10=0000000000090260
r11=fffff88008cdd688 r12=fffff8a005f7eae0 r13=00000000033ce1e8
r14=fffff8800e800050 r15=fffff88008cdd6b8
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!ObpCaptureHandleInformation+0x68:
fffff800`039b9768 8a4128 mov al,byte ptr [rcx+28h] ds:002b:00000000`00000028=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: Steam.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003a44b0d to fffff800039b9768
STACK_TEXT:
fffff880`08cdd5f8 fffff800`03a44b0d : 00000000`00000a00 fffffa80`14b95c48 00000000`00000001 00000000`00000181 : nt!ObpCaptureHandleInformation+0x68
fffff880`08cdd600 fffff800`03a451e7 : fffff880`08cdd730 fffff880`0e890298 00000000`0017fffc 00000000`00000001 : nt!ExSnapShotHandleTables+0x10d
fffff880`08cdd680 fffff800`03ad0ac5 : fffff880`08cdd730 00000000`00090260 00000000`0017fffc 00000000`0017fffc : nt!ObGetHandleInformation+0x37
fffff880`08cdd6b0 fffff800`03ae5e2b : 00000000`00000000 00000000`000006d0 fffff880`0e800050 fffffa80`14b95010 : nt!ExpGetHandleInformation+0x55
fffff880`08cdd6f0 fffff800`0395ba05 : 00000000`10450050 00000000`00180010 00000000`000ffffc 00000000`00018002 : nt!ExpQuerySystemInformation+0x17eb
fffff880`08cddaa0 fffff800`036b29d3 : 00000000`00000001 00000000`10450038 00000000`fff25001 00000000`00000000 : nt!NtQuerySystemInformation+0x4d
fffff880`08cddae0 00000000`772f9bea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`033ce198 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772f9bea
FOLLOWUP_IP:
nt!ObpCaptureHandleInformation+68
fffff800`039b9768 8a4128 mov al,byte ptr [rcx+28h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObpCaptureHandleInformation+68
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5be77b8b
STACK_COMMAND: .cxr 0xfffff88008cdcc20 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ObpCaptureHandleInformation+68
BUCKET_ID: X64_0x3B_nt!ObpCaptureHandleInformation+68
Followup: MachineOwner
Object within the same program causing crashes:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 18, {0, fffffa8013732060, 2, fffe0008fffe000d}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+224f1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: fffffa8013732060, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: fffe0008fffe000d, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: GameOverlayUI.
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800036e2871 to fffff800036ad9a0
STACK_TEXT:
fffff880`0c884538 fffff800`036e2871 : 00000000`00000018 00000000`00000000 fffffa80`13732060 00000000`00000002 : nt!KeBugCheckEx
fffff880`0c884540 fffff800`0390ceef : fffff880`0c884b60 fffffa80`0da48060 fffffa80`0da48488 00000000`004af668 : nt! ?? ::FNODOBFM::`string'+0x224f1
fffff880`0c8845a0 fffff800`03aee8b4 : 00000000`00494380 00000000`00008400 fffff880`0c884730 00000000`00000000 : nt!ExpGetProcessInformation+0x4ef
fffff880`0c8846f0 fffff800`03964a05 : 00000000`00494380 fffff960`000861cf 00000000`00000005 ffffffff`ff676980 : nt!ExpQuerySystemInformation+0x1274
fffff880`0c884aa0 fffff800`036bb9d3 : fffffa80`0dcc7770 00000000`00000208 fffff880`0c884ab8 fffffa80`0da8e060 : nt!NtQuerySystemInformation+0x4d
fffff880`0c884ae0 00000000`774a9bea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`06cde6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774a9bea
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+224f1
fffff800`036e2871 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+224f1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5be77b8b
FAILURE_BUCKET_ID: X64_0x18_CORRUPT_REF_COUNT_nt!_??_::FNODOBFM::_string_+224f1
BUCKET_ID: X64_0x18_CORRUPT_REF_COUNT_nt!_??_::FNODOBFM::_string_+224f1
Followup: MachineOwner
---------
RAW Paste Data
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\112718-13650-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429
Machine Name:
Kernel base = 0xfffff800`0361a000 PsLoadedModuleList = 0xfffff800`03853c90
Debug session time: Tue Nov 27 16:40:23.122 2018 (UTC - 5:00)
System Uptime: 0 days 1:08:31.324
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 18, {0, fffffa8013732060, 2, fffe0008fffe000d}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+224f1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: fffffa8013732060, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: fffe0008fffe000d, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: GameOverlayUI.
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800036e2871 to fffff800036ad9a0
STACK_TEXT:
fffff880`0c884538 fffff800`036e2871 : 00000000`00000018 00000000`00000000 fffffa80`13732060 00000000`00000002 : nt!KeBugCheckEx
fffff880`0c884540 fffff800`0390ceef : fffff880`0c884b60 fffffa80`0da48060 fffffa80`0da48488 00000000`004af668 : nt! ?? ::FNODOBFM::`string'+0x224f1
fffff880`0c8845a0 fffff800`03aee8b4 : 00000000`00494380 00000000`00008400 fffff880`0c884730 00000000`00000000 : nt!ExpGetProcessInformation+0x4ef
fffff880`0c8846f0 fffff800`03964a05 : 00000000`00494380 fffff960`000861cf 00000000`00000005 ffffffff`ff676980 : nt!ExpQuerySystemInformation+0x1274
fffff880`0c884aa0 fffff800`036bb9d3 : fffffa80`0dcc7770 00000000`00000208 fffff880`0c884ab8 fffffa80`0da8e060 : nt!NtQuerySystemInformation+0x4d
fffff880`0c884ae0 00000000`774a9bea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`06cde6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774a9bea
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+224f1
fffff800`036e2871 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+224f1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5be77b8b
FAILURE_BUCKET_ID: X64_0x18_CORRUPT_REF_COUNT_nt!_??_::FNODOBFM::_string_+224f1
BUCKET_ID: X64_0x18_CORRUPT_REF_COUNT_nt!_??_::FNODOBFM::_string_+224f1
Followup: MachineOwner
---------
Driver causing issues:
Code:
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 000000000000021f, A driver has not filled out a dispatch routine for a required IRP major function.
Arg2: fffff88001a0b174, The address in the driver's code where the error was detected.
Arg3: fffff98005bcae10, IRP address.
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc9_21f
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 21f
FAULTING_IP:
ScpVBus+b174
fffff880`01a0b174 ?? ???
FOLLOWUP_IP:
ScpVBus+b174
fffff880`01a0b174 ?? ???
IRP_ADDRESS: fffff98005bcae10
DEVICE_OBJECT: fffffa8011b59040
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LOCK_ADDRESS: fffff80003886240 -- (!locks fffff80003886240)
Resource @ nt!PiEngineLock (0xfffff80003886240) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0xfffff80003886240
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from fffff80003b0f4fc to fffff800036a99a0
STACK_TEXT:
fffff880`037e91e8 fffff800`03b0f4fc : 00000000`000000c9 00000000`0000021f fffff880`01a0b174 fffff980`05bcae10 : nt!KeBugCheckEx
fffff880`037e91f0 fffff800`03b195ba : fffff800`03b0db00 fffff880`01a0b174 fffff980`05bcae10 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`037e9230 fffff800`03b1a5c3 : 00000000`0000021f fffffa80`11b58630 fffff980`05bcae10 00000000`ffffffff : nt!ViErrorFinishReport+0xda
fffff880`037e9280 fffff800`03b1aee9 : fffff980`05bcafb8 fffffa80`1273b660 00000000`00000000 fffffa80`11b58630 : nt!VfErrorReport1+0x63
fffff880`037e9320 fffff800`03b0f240 : fffff980`05bcaf70 fffff880`037e93b8 00000000`00000000 fffffa80`118a0102 : nt!VfWmiVerifyIrpStackDownward+0x59
fffff880`037e9350 fffff800`03b27c90 : fffffa80`11b58630 fffffa80`1273b660 fffff980`05bcae10 fffffa80`118a01c8 : nt!VfMajorVerifyIrpStackDownward+0x80
fffff880`037e93b0 fffff800`03b27ec6 : fffffa80`00000000 fffffa80`00000001 fffffa80`00000000 fffff800`03b2ad82 : nt!IovpCallDriver1+0x4a0
fffff880`037e9460 fffff800`03b2bcf2 : fffff980`05bcae10 00000000`00000002 fffff980`05bcae10 fffff800`03b274be : nt!VfBeforeCallDriver+0x186
fffff880`037e94c0 fffff800`03b2ad82 : fffff980`05bcaf70 00000000`00000002 fffffa80`11b59190 fffffa80`1203b800 : nt!IovCallDriver+0x502
fffff880`037e9520 fffff800`03b2bd56 : fffff980`05bcae10 00000000`00000002 fffffa80`11b59040 00000000`00000000 : nt!ViFilterDispatchGeneric+0x62
fffff880`037e9550 fffff800`03b2ae98 : fffff980`05bcae10 fffffa80`11b59040 00000000`00000000 fffffa80`0e4ea7d0 : nt!IovCallDriver+0x566
fffff880`037e95b0 fffff800`03b2af82 : fffffa80`0cb39e30 00000000`00000001 fffffa80`0cb39e30 00000000`00000017 : nt!VfIrpSendSynchronousIrp+0xe8
fffff880`037e9620 fffff800`03b180ef : fffffa80`0cb39b60 00000000`000007ff fffff800`0361fdb8 fffff800`039e70e9 : nt!VfWmiTestStartedPdoStack+0x72
fffff880`037e96c0 fffff800`03714202 : fffffa80`0cb39b60 00000000`00000000 ffffffff`ffffffff 00000000`00000016 : nt!VfMajorTestStartedPdoStack+0x5f
fffff880`037e96f0 fffff800`03a3786c : fffffa80`0cb39b60 00000000`00000001 00000000`00000000 00000000`00000002 : nt!PpvUtilTestStartedPdoStack+0x12
fffff880`037e9720 fffff800`03a39464 : fffffa80`0cb39b60 fffffa80`0cb39b60 fffffa80`0cae2b80 00000000`00000001 : nt!PipProcessStartPhase3+0x55c
fffff880`037e9810 fffff800`03a3994c : fffff800`03883b00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PipProcessDevNodeTree+0x264
fffff880`037e9a80 fffff800`0377ca42 : 00000001`00000003 00000000`00000000 00000000`32706e50 00000000`00000084 : nt!PiProcessStartSystemDevices+0x7c
fffff880`037e9ad0 fffff800`03644b39 : fffff800`0377c740 fffff800`038ef601 fffffa80`0cac7b00 00000000`00000000 : nt!PnpDeviceActionWorker+0x302
fffff880`037e9b70 fffff800`03957d10 : 00000000`00000000 fffff880`03542180 00000000`00000080 00000000`00000001 : nt!ExpWorkerThread+0x111
fffff880`037e9c00 fffff800`036af9a6 : fffff880`03542180 fffffa80`0cac7b50 fffff880`03551140 00000000`00000000 : nt!PspSystemThreadStartup+0x194
fffff880`037e9c40 00000000`00000000 : fffff880`037ea000 fffff880`037e4000 fffff880`037e9300 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: .bugcheck ; kb
SYMBOL_NAME: ScpVBus+b174
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ScpVBus
IMAGE_NAME: ScpVBus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5186cfae
FAILURE_BUCKET_ID: X64_0xc9_21f_ScpVBus+b174
BUCKET_ID: X64_0xc9_21f_ScpVBus+b174
Followup: MachineOwner
---------