Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\Temp\Rar$DI01.767\112810-25615-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e60000 PsLoadedModuleList = 0xfffff800`0309de50
Debug session time: Sun Nov 28 00:26:39.204 2010 (UTC - 5:00)
System Uptime: 0 days 5:03:09.592
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002e98d28}
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002e98d28
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002ecfca9 to fffff80002ed0740
STACK_TEXT:
fffff880`02f69ce8 fffff800`02ecfca9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02f69cf0 fffff800`02ece172 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f69e30 fffff800`02e98d28 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`0a3a8ff0 fffff800`02e98f07 : fffffa80`04cb27c8 00000000`00000001 00000000`00000000 00000000`00000000 : nt!SepTokenFromAccessInformation+0x20
fffff880`0a3a9020 fffff880`01406c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x9f
fffff880`0a3a9710 fffff880`0140494f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`0a3a9780 fffff880`014069b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`0a3a97d0 fffff880`01406845 : fffffa80`045da170 fffffa80`0758b3d0 fffff880`0a3a99f8 fffff880`0a3aa130 : NETIO!FilterMatch+0x95
fffff880`0a3a9820 fffff880`01407ccb : 00000000`00000000 00000000`00000000 fffff880`0a3aa130 fffff880`0a3a99e0 : NETIO!IndexListClassify+0x69
fffff880`0a3a98a0 fffff880`01640417 : fffff880`0a3a9d78 fffff880`0a3a9d78 fffff880`0a3aaab0 fffffa80`07ca2580 : NETIO!KfdClassify+0xa4e
fffff880`0a3a9c10 fffff880`0163983e : fffff880`01748690 00000000`00000000 fffffa80`06e9a010 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`0a3a9c50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`01406c5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbe946f
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
2: kd> lmvm vsdatant
start end module name
fffff880`02cd5000 fffff880`02d68000 vsdatant (deferred)
Image path: \SystemRoot\system32\DRIVERS\vsdatant.sys
Image name: vsdatant.sys
Timestamp: Mon May 03 13:44:42 2010 (4BDF0B8A)
CheckSum: 0007DC77
ImageSize: 00093000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4