Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\XPMUser\My Documents\123010-39483-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Documents and Settings\XPMUser\My Documents\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e1f000 PsLoadedModuleList = 0xfffff800`0305ce50
Debug session time: Thu Dec 30 11:23:42.017 2010 (UTC - 5:00)
System Uptime: 0 days 0:07:36.219
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002e93cd8, 0, ffffffffffffffff}
Probably caused by : ntkrnlmp.exe ( nt!KiTryUnwaitThread+28 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002e93cd8, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!KiTryUnwaitThread+28
fffff800`02e93cd8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030c70e0
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: installShell64
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88008966238 -- (.exr 0xfffff88008966238)
ExceptionAddress: fffff80002e93cd8 (nt!KiTryUnwaitThread+0x0000000000000028)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff880089662e0 -- (.trap 0xfffff880089662e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88008966728 rbx=0000000000000000 rcx=fffff88002f63180
rdx=fffff8000318ecce rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e93cd8 rsp=fffff88008966470 rbp=0000000000000000
r8=0000000000000100 r9=0000000000000000 r10=0000000000000002
r11=fffffa8002c05f40 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiTryUnwaitThread+0x28:
fffff800`02e93cd8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0 ds:c2a0:00000000`00000040=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ec9a39 to fffff80002e8f740
STACK_TEXT:
fffff880`08965a68 fffff800`02ec9a39 : 00000000`0000001e ffffffff`c0000005 fffff800`02e93cd8 00000000`00000000 : nt!KeBugCheckEx
fffff880`08965a70 fffff800`02e8ed82 : fffff880`08966238 415e415f`4120c483 fffff880`089662e0 00000000`00000000 : nt!KiDispatchException+0x1b9
fffff880`08966100 fffff800`02e8d68a : fffffa80`034c1702 00000000`00000000 fffffa80`031a03f0 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`089662e0 fffff800`02e93cd8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a
fffff880`08966470 fffff800`02f0af74 : fffffa80`054aba60 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiTryUnwaitThread+0x28
fffff880`089664d0 fffff800`02e6c0c7 : ffd05b0a`e8ce8b48 00000000`00000000 00000000`00000000 fffffa80`00000000 : nt! ?? ::FNODOBFM::`string'+0x3ca30
fffff880`089665a0 fffff800`02eea098 : fffffa80`02d00220 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`08966620 fffff800`03190864 : fffffa80`00000000 fffff8a0`00000001 00000000`01000000 fffff8a0`02b12900 : nt! ?? ::FNODOBFM::`string'+0xf57e
fffff880`089666a0 fffff880`08966728 : fffff880`08966728 00000000`00000000 00000000`00000000 fffff880`010d0000 : nt!AlpcpCompleteDispatchMessage+0x9a4
fffff880`08966730 fffff880`08966728 : 00000000`00000000 00000000`00000000 fffff880`010d0000 00000000`00010000 : 0xfffff880`08966728
fffff880`08966738 00000000`00000000 : 00000000`00000000 fffff880`010d0000 00000000`00010000 fffff880`08966948 : 0xfffff880`08966728
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTryUnwaitThread+28
fffff800`02e93cd8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!KiTryUnwaitThread+28
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!KiTryUnwaitThread+28
BUCKET_ID: X64_0x1E_c0000005_nt!KiTryUnwaitThread+28
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\XPMUser\My Documents\123010-24195-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Documents and Settings\XPMUser\My Documents\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e65000 PsLoadedModuleList = 0xfffff800`030a2e50
Debug session time: Thu Dec 30 11:36:52.368 2010 (UTC - 5:00)
System Uptime: 0 days 0:00:43.945
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 18, {0, fffffa8003370000, 2, ffffffffffffffff}
Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
Probably caused by : mfehidk.sys ( mfehidk+4827d )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: fffffa8003370000, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: AtBroker.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002e6cfdc to fffff80002ed5740
STACK_TEXT:
fffff880`065423a8 fffff800`02e6cfdc : 00000000`00000018 00000000`00000000 fffffa80`03370000 00000000`00000002 : nt!KeBugCheckEx
fffff880`065423b0 fffff880`010b927d : 00000000`00001fc4 fffffa80`00000000 fffffa80`04959010 00000000`00001fc4 : nt! ?? ::FNODOBFM::`string'+0x46411
fffff880`06542410 00000000`00001fc4 : fffffa80`00000000 fffffa80`04959010 00000000`00001fc4 00000000`00000000 : mfehidk+0x4827d
fffff880`06542418 fffffa80`00000000 : fffffa80`04959010 00000000`00001fc4 00000000`00000000 00000000`00000000 : 0x1fc4
fffff880`06542420 fffffa80`04959010 : 00000000`00001fc4 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`00000000
fffff880`06542428 00000000`00001fc4 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`03370000 : 0xfffffa80`04959010
fffff880`06542430 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`03370000 fffffa80`04959010 : 0x1fc4
STACK_COMMAND: kb
FOLLOWUP_IP:
mfehidk+4827d
fffff880`010b927d ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: mfehidk+4827d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mfehidk
IMAGE_NAME: mfehidk.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4cacd445
FAILURE_BUCKET_ID: X64_0x18_OVER_DEREFERENCE_mfehidk+4827d
BUCKET_ID: X64_0x18_OVER_DEREFERENCE_mfehidk+4827d
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\XPMUser\My Documents\123010-28485-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Documents and Settings\XPMUser\My Documents\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e11000 PsLoadedModuleList = 0xfffff800`0304ee50
Debug session time: Thu Dec 30 11:29:16.508 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:46.085
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff80002ea12b3}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ea12b3, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b90e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+ae3
fffff800`02ea12b3 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: cvtres.exe
IRP_ADDRESS: ffffffffffffff89
TRAP_FRAME: fffff880080e6db0 -- (.trap 0xfffff880080e6db0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880080e7428 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ea12b3 rsp=fffff880080e6f40 rbp=0000000000000000
r8=fffffa800621e010 r9=fffff880080e7040 r10=0000000000000002
r11=fffffa800627be70 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!IopCompleteRequest+0xae3:
fffff800`02ea12b3 488b09 mov rcx,qword ptr [rcx] ds:6fb8:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e80ca9 to fffff80002e81740
STACK_TEXT:
fffff880`080e6c68 fffff800`02e80ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`080e6c70 fffff800`02e7f920 : fffffa80`05bc34e0 fffffa80`05dfe590 00000000`00000000 fffffa80`03c12760 : nt!KiBugCheckDispatch+0x69
fffff880`080e6db0 fffff800`02ea12b3 : fffff8a0`046da140 fffff880`012526fb fffff880`080e7160 fffffa80`0619c010 : nt!KiPageFault+0x260
fffff880`080e6f40 fffff800`02e5e0c7 : 00000000`00000001 fffff8a0`003292e0 00000000`00000100 fffff8a0`00000000 : nt!IopCompleteRequest+0xae3
fffff880`080e7010 fffff800`02e34bb5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`080e7090 fffff800`02ead0f3 : ffffffff`ffffffff 00000000`00000002 fffff880`080e7100 00000000`00000001 : nt!KiCheckForKernelApcDelivery+0x25
fffff880`080e70c0 fffff800`02fb2ceb : 00000000`00002000 00000000`00002000 00000000`00000001 fffff800`02e76dff : nt!MiAllocatePagedPoolPages+0xc73
fffff880`080e71e0 fffff800`02e94050 : 00000000`00002000 fffffa80`02372000 00000000`00000001 fffff800`02fb234f : nt!MiAllocatePoolPages+0x8e2
fffff880`080e7330 00000000`00000200 : 00000001`00000080 fffff880`080e7428 fffff880`080e7428 fffffa80`02372000 : nt!ExpAllocateBigPool+0xb0
fffff880`080e7420 00000001`00000080 : fffff880`080e7428 fffff880`080e7428 fffffa80`02372000 fffffa80`0239e380 : 0x200
fffff880`080e7428 fffff880`080e7428 : fffff880`080e7428 fffffa80`02372000 fffffa80`0239e380 fffff800`02e67b45 : 0x1`00000080
fffff880`080e7430 fffff880`080e7428 : fffffa80`02372000 fffffa80`0239e380 fffff800`02e67b45 00000000`0021b142 : 0xfffff880`080e7428
fffff880`080e7438 fffffa80`02372000 : fffffa80`0239e380 fffff800`02e67b45 00000000`0021b142 fffffa80`03086000 : 0xfffff880`080e7428
fffff880`080e7440 fffffa80`0239e380 : fffff800`02e67b45 00000000`0021b142 fffffa80`03086000 00000000`00000000 : 0xfffffa80`02372000
fffff880`080e7448 fffff800`02e67b45 : 00000000`0021b142 fffffa80`03086000 00000000`00000000 fffff880`080e7520 : 0xfffffa80`0239e380
fffff880`080e7450 fffff880`080e7780 : fffffa80`03af2500 00000000`00002000 00000000`00000000 fffff800`03167e96 : nt!EtwpReserveTraceBuffer+0xe1
fffff880`080e74f0 fffffa80`03af2500 : 00000000`00002000 00000000`00000000 fffff800`03167e96 fffff880`00401802 : 0xfffff880`080e7780
fffff880`080e74f8 00000000`00002000 : 00000000`00000000 fffff800`03167e96 fffff880`00401802 fffffa80`03af25c0 : 0xfffffa80`03af2500
fffff880`080e7500 00000000`00000000 : fffff800`03167e96 fffff880`00401802 fffffa80`03af25c0 fffff8a0`20206f49 : 0x2000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02e7f920 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0xA_nt!KiPageFault+260
BUCKET_ID: X64_0xA_nt!KiPageFault+260
Followup: MachineOwner
---------