*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {4, 2, 0, 8bd6db02}
Unable to load image \SystemRoot\system32\DRIVERS\athr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for athr.sys
*** ERROR: Module load completed but symbols could not be loaded for athr.sys
Probably caused by : athr.sys ( athr+212e1 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8bd6db02, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 837b5718
Unable to read MiSystemVaType memory at 83795160
00000004
CURRENT_IRQL: 2
FAULTING_IP:
ndis!NdisFreeTimerObject+18
8bd6db02 8b4b04 mov ecx,dword ptr [ebx+4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: b45ebba8 -- (.trap 0xffffffffb45ebba8)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=8bd79970 edx=86950020 esi=870c5028 edi=8bd79970
eip=8bd6db02 esp=b45ebc1c ebp=b45ebc28 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
ndis!NdisFreeTimerObject+0x18:
8bd6db02 8b4b04 mov ecx,dword ptr [ebx+4] ds:0023:00000004=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8bd6db02 to 8369382b
STACK_TEXT:
b45ebba8 8bd6db02 badb0d00 86950020 b45ebbc4 nt!KiTrap0E+0x2cf
b45ebc28 97e3f2e1 00000000 b45ebc40 97e3f2bf ndis!NdisFreeTimerObject+0x18
WARNING: Stack unwind information not available. Following frames may be wrong.
b45ebc34 97e3f2bf 86950210 b45ebc4c 97e44f0c athr+0x212e1
b45ebc40 97e44f0c 86950020 b45ebc64 97e44ebf athr+0x212bf
b45ebc4c 97e44ebf 86950020 c000009a 86950020 athr+0x26f0c
b45ebc64 97e3682e 87695408 b45ebc78 00000001 athr+0x26ebf
b45ebc84 97e2f313 87695408 00000001 b45ebc9c athr+0x1882e
b45ebcc4 97e2f1e8 87695408 8dd2b38c 87695408 athr+0x11313
b45ebcdc 8bd3830a 87695408 873b5a70 b45ebd00 athr+0x111e8
b45ebcec 8386d7fd 870c5028 873b5a70 88749698 ndis!ndisDispatchIoWorkItem+0xf
b45ebd00 836baf3b 86fe51e0 00000000 88749698 nt!IopProcessWorkItem+0x23
b45ebd50 8385b6bb 80000000 936f114f 00000000 nt!ExpWorkerThread+0x10d
b45ebd90 8370d0f9 836bae2e 80000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
athr+212e1
97e3f2e1 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: athr+212e1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: athr
IMAGE_NAME: athr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a80c5f1
FAILURE_BUCKET_ID: 0xD1_athr+212e1
BUCKET_ID: 0xD1_athr+212e1
Followup: MachineOwner
---------
0: kd> lmvm athr
start end module name
97e1e000 97f42000 athr T (no symbols)
Loaded symbol image file: athr.sys
Image path: \SystemRoot\system32\DRIVERS\athr.sys
Image name: athr.sys
[U]Timestamp: Tue Aug 11 07:14:25 2009 (4A80C5F1)[/U]
CheckSum: 0012F46C
ImageSize: 00124000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4