Microsoft (R) Windows Debugger Version 6.12.0002.633 X86Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Debuggers\dmp_files\101812-18127-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`0360b000 PsLoadedModuleList = 0xfffff800`0384f670
Debug session time: Thu Oct 18 18:59:14.733 2012 (UTC + 11:00)
System Uptime: 0 days 0:28:40.607
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 8, 0}
Unable to load image \??\C:\Windows\system32\Drivers\NEOFLTR_710_19243.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NEOFLTR_710_19243.SYS
*** ERROR: Module load completed but symbols could not be loaded for NEOFLTR_710_19243.SYS
[COLOR=#ff0000]Probably caused by : NEOFLTR_710_19243.SYS ( NEOFLTR_710_19243+c63d )[/COLOR]
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
[COLOR=#ff0000]
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.[/COLOR]
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800038b9100
0000000000000000
CURRENT_IRQL: 2
[COLOR=#ff0000]FAULTING_IP:
+69d92faf03c6db1c
00000000`00000000 ?? ???[/COLOR]
[COLOR=#ff0000]PROCESS_NAME: System[/COLOR]
CUSTOMER_CRASH_COUNT: 1
[COLOR=#ff0000]DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT[/COLOR]
BUGCHECK_STR: 0xD1
TRAP_FRAME: fffff8800b44e2a0 -- (.trap 0xfffff8800b44e2a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800ae63d40 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000016 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff8800b44e438 rbp=0000000000000032
r8=fffff8800b44e620 r9=0000000000000018 r10=0000000000000002
r11=fffff8800b44e628 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003689569 to fffff80003689fc0
FAILED_INSTRUCTION_ADDRESS:
+69d92faf03c6db1c
00000000`00000000 ?? ???
STACK_TEXT:
fffff880`0b44e438 fffff880`03e7763d : 00000000`00001975 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
[COLOR=#ff0000]fffff880`0b44e440 00000000`00001975 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0b3cc110 : NEOFLTR_710_19243+0xc63d[/COLOR]
fffff880`0b44e448 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0b3cc110 00000000`00001000 : 0x1975
STACK_COMMAND: .trap 0xfffff8800b44e2a0 ; kb
FOLLOWUP_IP:
NEOFLTR_710_19243+c63d
fffff880`03e7763d ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: NEOFLTR_710_19243+c63d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NEOFLTR_710_19243
IMAGE_NAME: NEOFLTR_710_19243.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4e686da8
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_NEOFLTR_710_19243+c63d
BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_NEOFLTR_710_19243+c63d
Followup: MachineOwner
---------
6: kd> lmvm NEOFLTR_710_19243
start end module name
fffff880`03e6b000 fffff880`03e86000 NEOFLTR_710_19243 T (no symbols)
Loaded symbol image file: NEOFLTR_710_19243.SYS
[COLOR=#ff0000] Image path: \??\C:\Windows\system32\Drivers\NEOFLTR_710_19243.SYS[/COLOR]
[COLOR=#ff0000] Image name: NEOFLTR_710_19243.SYS[/COLOR]
Timestamp: Thu Sep 08 17:24:24 2011 (4E686DA8)
CheckSum: 0001A6EA
ImageSize: 0001B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4