Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\Mini071910-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.100216-1510
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Jul 19 19:34:25.500 2010 (GMT-4)
System Uptime: 0 days 0:01:58.046
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
........................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {d9207af9, ff, 0, 805691ef}
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** WARNING: Unable to verify timestamp for savrt.sys
*** ERROR: Module load completed but symbols could not be loaded for savrt.sys
Probably caused by : SYMEVENT.SYS ( SYMEVENT+78e1 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: d9207af9, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805691ef, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: d9207af9
CURRENT_IRQL: ff
FAULTING_IP:
nt!CcCopyRead+1e9
805691ef f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
LAST_CONTROL_TRANSFER: from b9ded35c to 805691ef
STACK_TEXT:
b50602e8 b9ded35c 89549910 b506039c 00000100 nt!CcCopyRead+0x1e9
b50603c4 b9ded00a 894f5cd8 8958e008 00000001 Ntfs!NtfsCommonRead+0xcc2
b5060464 804ef19f 8a11c770 8958e008 8958e008 Ntfs!NtfsFsdRead+0x22d
b5060474 b9ea409e 89e25b90 8a3d4370 8958e204 nt!IopfCallDriver+0x31
b50604a0 804ef19f 8a11d260 8958e008 8a2f2dc8 fltMgr!FltpDispatch+0x152
b50604b0 b9e8e459 b50604dc 804ef19f 8a3269e8 nt!IopfCallDriver+0x31
b50604b8 804ef19f 8a3269e8 8958e008 8958e228 sr!SrPassThrough+0x31
b50604c8 b5f378e1 89f99aa0 89ebf860 89f96910 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b50604dc 804ef19f 89ede728 8958e008 8958e008 SYMEVENT+0x78e1
b50604ec b9ea409e 8958e008 8a3d4370 89549910 nt!IopfCallDriver+0x31
b5060518 804ef19f 89f99aa0 8958e008 806e6410 fltMgr!FltpDispatch+0x152
b5060528 8057f982 8958e204 8958e008 89549910 nt!IopfCallDriver+0x31
b506053c 8057c9e7 89f99aa0 8958e008 89549910 nt!IopSynchronousServiceTail+0x70
b50605d4 8054163c 80000c10 00000000 00000000 nt!NtReadFile+0x55d
b50605d4 80500b99 80000c10 00000000 00000000 nt!KiFastCallEntry+0xfc
b5060670 b5f98083 80000c10 00000000 00000000 nt!ZwReadFile+0x11
b5060700 b5f69cff e11ca758 e4e7cc3c 00000100 savrt+0x46083
b5060704 e11ca758 e4e7cc3c 00000100 e3198b01 savrt+0x17cff
b5060708 e4e7cc3c 00000100 e3198b01 00000002 0xe11ca758
b506070c 00000000 e3198b01 00000002 e4e7c712 0xe4e7cc3c
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+78e1
b5f378e1 ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: SYMEVENT+78e1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4551513d
FAILURE_BUCKET_ID: 0xA_SYMEVENT+78e1
BUCKET_ID: 0xA_SYMEVENT+78e1
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: d9207af9, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805691ef, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: d9207af9
CURRENT_IRQL: ff
FAULTING_IP:
nt!CcCopyRead+1e9
805691ef f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
LAST_CONTROL_TRANSFER: from b9ded35c to 805691ef
STACK_TEXT:
b50602e8 b9ded35c 89549910 b506039c 00000100 nt!CcCopyRead+0x1e9
b50603c4 b9ded00a 894f5cd8 8958e008 00000001 Ntfs!NtfsCommonRead+0xcc2
b5060464 804ef19f 8a11c770 8958e008 8958e008 Ntfs!NtfsFsdRead+0x22d
b5060474 b9ea409e 89e25b90 8a3d4370 8958e204 nt!IopfCallDriver+0x31
b50604a0 804ef19f 8a11d260 8958e008 8a2f2dc8 fltMgr!FltpDispatch+0x152
b50604b0 b9e8e459 b50604dc 804ef19f 8a3269e8 nt!IopfCallDriver+0x31
b50604b8 804ef19f 8a3269e8 8958e008 8958e228 sr!SrPassThrough+0x31
b50604c8 b5f378e1 89f99aa0 89ebf860 89f96910 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b50604dc 804ef19f 89ede728 8958e008 8958e008 SYMEVENT+0x78e1
b50604ec b9ea409e 8958e008 8a3d4370 89549910 nt!IopfCallDriver+0x31
b5060518 804ef19f 89f99aa0 8958e008 806e6410 fltMgr!FltpDispatch+0x152
b5060528 8057f982 8958e204 8958e008 89549910 nt!IopfCallDriver+0x31
b506053c 8057c9e7 89f99aa0 8958e008 89549910 nt!IopSynchronousServiceTail+0x70
b50605d4 8054163c 80000c10 00000000 00000000 nt!NtReadFile+0x55d
b50605d4 80500b99 80000c10 00000000 00000000 nt!KiFastCallEntry+0xfc
b5060670 b5f98083 80000c10 00000000 00000000 nt!ZwReadFile+0x11
b5060700 b5f69cff e11ca758 e4e7cc3c 00000100 savrt+0x46083
b5060704 e11ca758 e4e7cc3c 00000100 e3198b01 savrt+0x17cff
b5060708 e4e7cc3c 00000100 e3198b01 00000002 0xe11ca758
b506070c 00000000 e3198b01 00000002 e4e7c712 0xe4e7cc3c
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+78e1
b5f378e1 ?? ???
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: SYMEVENT+78e1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
IMAGE_NAME: SYMEVENT.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4551513d
FAILURE_BUCKET_ID: 0xA_SYMEVENT+78e1
BUCKET_ID: 0xA_SYMEVENT+78e1
Followup: MachineOwner
---------