*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff800030cfdd5}
Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for vfilter.sys
Probably caused by : vfilter.sys ( vfilter+29a6 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800030cfdd5, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032fb100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeSetEvent+1e3
fffff800`030cfdd5 488b00 mov rax,qword ptr [rax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff88009d72c40 -- (.trap 0xfffff88009d72c40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8007b09f98
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030cfdd5 rsp=fffff88009d72dd0 rbp=0000000000000002
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt!KeSetEvent+0x1e3:
fffff800`030cfdd5 488b00 mov rax,qword ptr [rax] ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030cb2a9 to fffff800030cbd00
STACK_TEXT:
fffff880`09d72af8 fffff800`030cb2a9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09d72b00 fffff800`030c9f20 : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`07b09f90 : nt!KiBugCheckDispatch+0x69
fffff880`09d72c40 fffff800`030cfdd5 : fffff880`09d72e40 fffff880`04202b0e 00000000`00000051 fffff880`09d72ec0 : nt!KiPageFault+0x260
fffff880`09d72dd0 fffff880`042029a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`07b09f80 : nt!KeSetEvent+0x1e3
fffff880`09d72e40 fffffa80`00000000 : 00000000`00000000 00000000`00000000 fffffa80`07b09f80 00000000`00000000 : vfilter+0x29a6
fffff880`09d72e48 00000000`00000000 : 00000000`00000000 fffffa80`07b09f80 00000000`00000000 fffff880`0420242b : 0xfffffa80`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
vfilter+29a6
fffff880`042029a6 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: vfilter+29a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vfilter
IMAGE_NAME: vfilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b048bff
FAILURE_BUCKET_ID: X64_0xA_vfilter+29a6
BUCKET_ID: X64_0xA_vfilter+29a6
Followup: MachineOwner