UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
[COLOR=Red]Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT[/COLOR]
Arg2: 0000000080050033
Arg3: 00000000000006f8
Arg4: fffff80003038e58
3: kd> !thread
GetPointerFromAddress: unable to read from fffff800032a8000
THREAD fffff880039ddfc0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
Not impersonating
GetUlongFromAddress: unable to read from fffff800031e6b74
Owning Process fffff800031f9140 Image: <Unknown>
Attached Process fffffa8003aec9e0 Image: System
fffff78000000000: Unable to get shared data
Wait Start TickCount 368806
Context Switch Count 517694
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address nt!KiIdleLoop (0xfffff80003078da0)
Stack Init fffff880039fbdb0 Current fffff880039fbd40
[COLOR=Blue]Base fffff880039fc000 Limit fffff880039f6000 Call 0[/COLOR] [COLOR=Red]<-----stack limits[/COLOR]
Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP RetAddr : Args to Child : Call Site
[COLOR=DarkOrchid]fffff880`039d9ce8[/COLOR] fffff800`0306fb69 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
[COLOR=DarkOrchid]fffff880`039d9cf0[/COLOR] fffff800`0306e032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
[COLOR=DarkOrchid]fffff880`039d9e30[/COLOR] fffff800`03038e58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 (TrapFrame @ fffff880`039d9e30)
[COLOR=Blue][COLOR=Red]fffff880`039f5ce0[/COLOR] [/COLOR]00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x58
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff80003254c40
Arg4: 0000000000000000
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'bthpan' and 'spsys.sys' overlap
BUGCHECK_STR: 0xc4_91