*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {0, 0, 0, 0}
Probably caused by : [URL="http://www.carrona.org/drivers/driver.php?id=tcpipreg.sys"]tcpipreg.sys [/URL]( tcpipreg!InterfaceAddressRegKeyChangeHandler+109 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000000, caller is trying to allocate zero bytes
Arg2: 0000000000000000, current IRQL
Arg3: 0000000000000000, pool type
Arg4: 0000000000000000, number of bytes
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_0
CURRENT_IRQL: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from fffff800033604ec to fffff80002ed2c00
STACK_TEXT:
fffff880`033c45c8 fffff800`033604ec : 00000000`000000c4 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff880`033c45d0 fffff800`03360f2b : fffffa80`04db0400 fffff800`02efd84c ffffffff`ffffffff fffff800`02fdad0b : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`033c4610 fffff800`03371ba8 : 00000000`6547654c 00000000`00000080 00000000`00000010 fffff800`000000ff : nt!ExAllocatePoolSanityChecks+0xcb
fffff880`033c4650 fffff800`03371e17 : 00000000`00000000 00000000`00000000 fffff980`6547654c fffff980`1bc14fec : nt!VeAllocatePoolWithTagPriority+0x88
fffff880`033c46c0 fffff880`07e355a1 : 00000000`00000000 00000000`00000000 fffff980`1bc14fd0 fffff800`0336d13c : nt!VerifierExAllocatePoolWithTagPriority+0x17
fffff880`033c4700 fffff880`07e347bb : fffff880`07e3bbd0 fffff980`1bc14fd0 fffff980`1cf0ef90 fffff980`1bc14fd0 : tcpipreg!InterfaceAddressRegKeyChangeHandler+0x109
fffff880`033c4830 fffff880`07e33a59 : fffff880`00000001 00000000`00000103 fffff980`1cf0ef70 00000000`00000001 : tcpipreg!TcpipRegQueryAndUpdateKeyValue+0x363
fffff880`033c48c0 fffff880`01655754 : fffff880`07e39a00 00000000`00000004 00000000`00000000 00000000`00010202 : tcpipreg!TcpipRegStartRegistryKeyNotification+0xbd
fffff880`033c4910 fffff880`07e34293 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`07e3f073 : NETIO!RtlInvokeStartRoutines+0x34
fffff880`033c4950 fffff800`032bd747 : 00000000`00000006 fffffa80`0a90a680 fffffa80`0b5da000 00000000`00000001 : tcpipreg!DriverEntry+0x257
fffff880`033c49a0 fffff800`032bdb45 : 00000000`00000010 00000000`00000000 00000000`00000010 00000000`00010206 : nt!IopLoadDriver+0xa07
fffff880`033c4c70 fffff800`02edc251 : fffff800`00000000 ffffffff`80000cd4 fffff800`032bdaf0 fffffa80`069fe660 : nt!IopLoadUnloadDriver+0x55
fffff880`033c4cb0 fffff800`03170ede : 00000000`00000000 fffffa80`069fe660 00000000`00000080 fffffa80`069c9840 : nt!ExpWorkerThread+0x111
fffff880`033c4d40 fffff800`02ec3906 : fffff880`03164180 fffffa80`069fe660 fffff880`0316efc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033c4d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpipreg!InterfaceAddressRegKeyChangeHandler+109
fffff880`07e355a1 4c8be0 mov r12,rax
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: tcpipreg!InterfaceAddressRegKeyChangeHandler+109
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpipreg
IMAGE_NAME: tcpipreg.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7a844
FAILURE_BUCKET_ID: X64_0xc4_0_VRF_tcpipreg!InterfaceAddressRegKeyChangeHandler+109
BUCKET_ID: X64_0xc4_0_VRF_tcpipreg!InterfaceAddressRegKeyChangeHandler+109
Followup: MachineOwner
---------
2: kd> !verifier
Verify Level 9bb ... enabled options are:
Special pool
Special irql
All pool allocations checked on unload
Io subsystem checking enabled
Deadlock detection enabled
DMA checking enabled
Security checks enabled
Miscellaneous checks enabled
Summary of All Verifier Statistics
RaiseIrqls 0x0
AcquireSpinLocks 0x11fa62f
Synch Executions 0x9a7
Trims 0x638e7
Pool Allocations Attempted 0xea8f7
Pool Allocations Succeeded 0xea8f7
Pool Allocations Succeeded SpecialPool 0xea8f7
Pool Allocations With NO TAG 0x54
Pool Allocations Failed 0x0
Resource Allocations Failed Deliberately 0x0
Current paged pool allocations 0x3baf for 0104FEF4 bytes
Peak paged pool allocations 0x3bb1 for 011CCBD8 bytes
Current nonpaged pool allocations 0x5999 for 029C61D4 bytes
Peak nonpaged pool allocations 0x59a8 for 0497036C bytes
GetPointerFromAddress: unable to read from fffff8000310a100