*** WARNING: Unable to verify timestamp for athurx.sys
*** ERROR: Module load completed but symbols could not be loaded for athurx.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88001e0e666, fffff8800c152808, fffff8800c152060}
Probably caused by : athurx.sys ( athurx+8666 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88001e0e666, The address that the exception occurred at
Arg3: fffff8800c152808, Exception Record Address
Arg4: fffff8800c152060, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
athurx+8666
fffff880`01e0e666 488b8070260000 mov rax,qword ptr [rax+2670h]
EXCEPTION_RECORD: fffff8800c152808 -- (.exr 0xfffff8800c152808)
ExceptionAddress: fffff88001e0e666 (athurx+0x0000000000008666)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000002670
Attempt to read from address 0000000000002670
CONTEXT: fffff8800c152060 -- (.cxr 0xfffff8800c152060;r)
rax=0000000000000000 rbx=fffffa800ebdb050 rcx=fffffa800ee7f030
rdx=0000000000000004 rsi=fffffa801074b6c0 rdi=fffffa800f825950
rip=fffff88001e0e666 rsp=fffff8800c152a40 rbp=fffff8000306f280
r8=0000000000000000 r9=0000000000000f44 r10=fffff80002e54000
r11=0000000000000000 r12=fffffa800f825950 r13=0000000000000001
r14=fffff8800c152ba8 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
athurx+0x8666:
fffff880`01e0e666 488b8070260000 mov rax,qword ptr [rax+2670h] ds:002b:00000000`00002670=????????????????
Last set context:
rax=0000000000000000 rbx=fffffa800ebdb050 rcx=fffffa800ee7f030
rdx=0000000000000004 rsi=fffffa801074b6c0 rdi=fffffa800f825950
rip=fffff88001e0e666 rsp=fffff8800c152a40 rbp=fffff8000306f280
r8=0000000000000000 r9=0000000000000f44 r10=fffff80002e54000
r11=0000000000000000 r12=fffffa800f825950 r13=0000000000000001
r14=fffff8800c152ba8 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
athurx+0x8666:
fffff880`01e0e666 488b8070260000 mov rax,qword ptr [rax+2670h] ds:002b:00000000`00002670=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000002670
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003101100
GetUlongFromAddress: unable to read from fffff800031011c0
0000000000002670 Nonpaged pool
FOLLOWUP_IP:
athurx+8666
fffff880`01e0e666 488b8070260000 mov rax,qword ptr [rax+2670h]
BUGCHECK_STR: 0x7E
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffffa800ebdb050 to fffff88001e0e666
STACK_TEXT:
fffff880`0c152a40 fffffa80`0ebdb050 : fffff880`01e0e605 fffff880`01f454a0 fffff880`01f45450 00000000`0000150d : athurx+0x8666
fffff880`0c152a48 fffff880`01e0e605 : fffff880`01f454a0 fffff880`01f45450 00000000`0000150d 00000000`00000004 : 0xfffffa80`0ebdb050
fffff880`0c152a50 fffff880`01f454a0 : fffff880`01f45450 00000000`0000150d 00000000`00000004 00000000`00000000 : athurx+0x8605
fffff880`0c152a58 fffff880`01f45450 : 00000000`0000150d 00000000`00000004 00000000`00000000 fffff880`c0000001 : athurx+0x13f4a0
fffff880`0c152a60 00000000`0000150d : 00000000`00000004 00000000`00000000 fffff880`c0000001 00000000`00000000 : athurx+0x13f450
fffff880`0c152a68 00000000`00000004 : 00000000`00000000 fffff880`c0000001 00000000`00000000 0000057f`00000000 : 0x150d
fffff880`0c152a70 00000000`00000000 : fffff880`c0000001 00000000`00000000 0000057f`00000000 fffffa80`0ee7f6b8 : 0x4
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: athurx+8666
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: athurx
IMAGE_NAME: athurx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b851053
STACK_COMMAND: .cxr 0xfffff8800c152060 ; kb
FAILURE_BUCKET_ID: X64_0x7E_athurx+8666
BUCKET_ID: X64_0x7E_athurx+8666
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x7e_athurx+8666
FAILURE_ID_HASH: {ec7bf206-ca20-d606-d44e-eb3f2f1e36e2}
Followup: MachineOwner
---------
2: kd> lmvm athurx
start end module name
fffff880`01e06000 fffff880`01fcf000 athurx T (no symbols)
Loaded symbol image file: athurx.sys
Image path: \SystemRoot\system32\DRIVERS\athurx.sys
Image name: athurx.sys
Timestamp: Wed Feb 24 17:11:07 2010 (4B851053)
CheckSum: 001CD557
ImageSize: 001C9000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4