Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040411-24070-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c4c000 PsLoadedModuleList = 0xfffff800`02e91e90
Debug session time: Mon Apr 4 16:18:59.890 2011 (UTC - 4:00)
System Uptime: 3 days 22:06:49.370
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.......................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002c6f29e}
Probably caused by : tcpip.sys ( tcpip!WfpAuditEventGeneral+1da )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002c6f29e
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002ccbbe9 to fffff80002ccc640
STACK_TEXT:
fffff880`02f69ce8 fffff800`02ccbbe9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02f69cf0 fffff800`02cca0b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f69e30 fffff800`02c6f29e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`02f8cfe0 fffff880`0168223a : 00000000`00000007 00000000`00000011 fffff880`02f8e230 2207111f`07101d05 : nt!SeReportSecurityEventWithSubCategory+0x9e
fffff880`02f8d470 fffff880`016829a1 : 00000000`0000002c 00000000`00000000 01020001`00003900 04000103`00003912 : tcpip!WfpAuditEventGeneral+0x1da
fffff880`02f8d8f0 fffff880`01682c8c : 00000000`00000000 00000000`00000000 00010100`00000000 01020001`01000102 : tcpip!IndicateDropAudit+0x341
fffff880`02f8db40 fffff880`01682e79 : 01020001`01000101 04000103`00010300 fffffa80`024f65b0 fffffa80`024f65b0 : tcpip!ShimIndicateDiscard+0xac
fffff880`02f8ddb0 fffff880`016ce8af : fffff880`02f8e598 fffffa80`01b5be20 fffff880`02f8e230 fffff880`02f8df68 : tcpip!WfpShimIndicateDiscardGeneral+0x99
fffff880`02f8de20 fffff880`016966f8 : fffffa80`01837010 fffff880`02f8eca8 fffff880`017947a0 fffff880`02f8ed80 : tcpip!WfpAleClassify+0xdf
fffff880`02f8de70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeReceive+0x818
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip!WfpAuditEventGeneral+1da
fffff880`0168223a 33c0 xor eax,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: tcpip!WfpAuditEventGeneral+1da
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79420
FAILURE_BUCKET_ID: X64_0x7f_8_tcpip!WfpAuditEventGeneral+1da
BUCKET_ID: X64_0x7f_8_tcpip!WfpAuditEventGeneral+1da
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040411-24523-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c58000 PsLoadedModuleList = 0xfffff800`02e9de90
Debug session time: Mon Apr 4 16:49:45.688 2011 (UTC - 4:00)
System Uptime: 0 days 0:29:43.199
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002c7b29e}
Probably caused by : tcpip.sys ( tcpip!WfpAuditEventGeneral+1da )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002c7b29e
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: mpc-hc64.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002cd7be9 to fffff80002cd8640
STACK_TEXT:
fffff880`031d9ce8 fffff800`02cd7be9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`031d9cf0 fffff800`02cd60b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`031d9e30 fffff800`02c7b29e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`009aaf20 fffff880`0187a23a : 00000000`00000007 00000000`00000011 fffff880`009ac170 00000000`00000000 : nt!SeReportSecurityEventWithSubCategory+0x9e
fffff880`009ab3b0 fffff880`0187a9a1 : 00000000`0000002c 00000000`00000000 00000000`00003900 00000000`00003912 : tcpip!WfpAuditEventGeneral+0x1da
fffff880`009ab830 fffff880`0187ac8c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IndicateDropAudit+0x341
fffff880`009aba80 fffff880`0187ae79 : 00000000`00000000 00000000`00000000 fffffa80`024f80e0 fffffa80`024f80e0 : tcpip!ShimIndicateDiscard+0xac
fffff880`009abcf0 fffff880`018c68af : fffff880`009ac4d8 fffffa80`021fb670 fffff880`009ac170 fffff880`009abea8 : tcpip!WfpShimIndicateDiscardGeneral+0x99
fffff880`009abd60 fffff880`0188e6f8 : fffffa80`01c3e160 fffff880`009acbe8 fffff880`0198c7a0 fffff880`009accc0 : tcpip!WfpAleClassify+0xdf
fffff880`009abdb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeReceive+0x818
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip!WfpAuditEventGeneral+1da
fffff880`0187a23a 33c0 xor eax,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: tcpip!WfpAuditEventGeneral+1da
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79420
FAILURE_BUCKET_ID: X64_0x7f_8_tcpip!WfpAuditEventGeneral+1da
BUCKET_ID: X64_0x7f_8_tcpip!WfpAuditEventGeneral+1da
Followup: MachineOwner
---------