Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\a\Minidump\D M P\DMP\030511-25724-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c4f000 PsLoadedModuleList = 0xfffff800`02e94e90
Debug session time: Sat Mar 5 01:21:18.632 2011 (UTC - 5:00)
System Uptime: 0 days 0:24:43.146
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 2, fffffa800885e4d0, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4874 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffffa800885e4d0
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88003c1bd88 -- (.exr 0xfffff88003c1bd88)
ExceptionAddress: fffff80002cd22e2 (nt!SwapContext_PatchXRstor)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88003c1be30 -- (.trap 0xfffff88003c1be30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=fffff88003c1ce08
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd22e2 rsp=fffff88003c1bfc0 rbp=fffff88003c1cdb8
r8=fffffa80088560e8 r9=0000000000000000 r10=fffffffffffffffe
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!SwapContext_PatchXRstor:
fffff800`02cd22e2 0fae09 fxrstor [rcx] ds:1f80:fffff880`03c1ce08=00
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d2653a to fffff80002ccf640
STACK_TEXT:
fffff880`03c1ae88 fffff800`02d2653a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffffa80`0885e4d0 : nt!KeBugCheckEx
fffff880`03c1ae90 fffff800`02cf9963 : 00000000`00000000 00000000`00000000 00000000`00000003 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4874
fffff880`03c1aed0 fffff800`02d0adc1 : fffff880`03c1bd88 fffff880`03c1bae0 fffff880`03c1be30 fffff800`02e4fcc0 : nt!RtlDispatchException+0x33
fffff880`03c1b5b0 fffff800`02ccecc2 : fffff880`03c1bd88 fffff800`02e41e80 fffff880`03c1be30 fffffa80`0885e4d0 : nt!KiDispatchException+0x135
fffff880`03c1bc50 fffff800`02ccd5ca : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`03c1bea0 : nt!KiExceptionDispatch+0xc2
fffff880`03c1be30 fffff800`02cd22e2 : 00000000`00000000 fffff800`00000000 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a
fffff880`03c1bfc0 fffff800`02cd1eda : fffff880`02f64180 fffff800`02cdb9b8 fffffa80`09212801 fffff880`03c1c9d8 : nt!SwapContext_PatchXRstor
fffff880`03c1c000 fffff800`02cd4992 : fffffa80`0885e4d0 fffffa80`0885e4d0 fffff880`00000000 fffff800`00000008 : nt!KiSwapContext+0x7a
fffff880`03c1c140 fffff800`02cd3eaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2
fffff880`03c1c1d0 fffff800`02fc5ccf : fffff880`0000002a fffff880`03c1c520 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x272
fffff880`03c1c490 fffff800`02fc603e : fffffa80`0822d301 fffff800`02cd22a4 fffff8a0`00000001 fffff800`00000001 : nt!ObpWaitForMultipleObjects+0x294
fffff880`03c1c960 fffff800`02cce8d3 : fffffa80`0885e4d0 00000000`00c9f708 fffff880`03c1cbc8 fffff880`03c1cc00 : nt!NtWaitForMultipleObjects+0xe5
fffff880`03c1cbb0 00000000`76fb18ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00c9f6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76fb18ca
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4874
fffff800`02d2653a cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4874
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a
FAILURE_BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4874
BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4874
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\a\Minidump\D M P\DMP\030511-27175-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02c0f000 PsLoadedModuleList = 0xfffff800`02e54e90
Debug session time: Sat Mar 5 00:55:50.700 2011 (UTC - 5:00)
System Uptime: 0 days 0:58:17.214
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa80062cc4c0, fffffa80062cc740, d28b100}
Unable to load image atikmpag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmpag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
Probably caused by : atikmpag.sys ( atikmpag+5eaf )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa80062cc4c0, The pool entry we were looking for within the page.
Arg3: fffffa80062cc740, The next pool entry.
Arg4: 000000000d28b100, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec00e8
fffffa80062cc4c0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: BlackOpsMP.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002db9cae to fffff80002c8f640
STACK_TEXT:
fffff880`09033408 fffff800`02db9cae : 00000000`00000019 00000000`00000020 fffffa80`062cc4c0 fffffa80`062cc740 : nt!KeBugCheckEx
fffff880`09033410 fffff880`03e05eaf : fffff8a0`0903f330 fffff880`0400a0d1 00000000`7ffff8a0 fffffa80`080b4000 : nt!ExDeferredFreePool+0x12da
fffff880`090334c0 fffff8a0`0903f330 : fffff880`0400a0d1 00000000`7ffff8a0 fffffa80`080b4000 fffff8a0`00000001 : atikmpag+0x5eaf
fffff880`090334c8 fffff880`0400a0d1 : 00000000`7ffff8a0 fffffa80`080b4000 fffff8a0`00000001 fffff8a0`0903f330 : 0xfffff8a0`0903f330
fffff880`090334d0 fffff880`0403d204 : fffffa80`080b4000 00000000`00000000 fffff880`09033570 00000000`00000000 : dxgkrnl!DXGADAPTER::AcquireDdiSync+0xc9
fffff880`09033510 fffff880`040412c1 : fffff8a0`0903f330 00000000`00000000 00000000`00000000 fffff8a0`0136f000 : dxgkrnl!DXGADAPTER::DdiDestroyAllocation+0x50
fffff880`09033540 fffff880`04053784 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff8a0`00000799 : dxgkrnl!DXGDEVICE::DestroyAllocations+0x83d
fffff880`09033630 fffff880`04038815 : 00000000`fffffeda fffff8a0`092de3c0 fffff8a0`0136f000 fffffa80`080b4000 : dxgkrnl!DXGDEVICE::~DXGDEVICE+0x19c
fffff880`090336a0 fffff880`04076e4a : 00000000`00000001 fffffa80`080b4000 fffff8a0`092de3c0 fffff8a0`092de440 : dxgkrnl!DXGADAPTER::DestroyDevice+0x1c9
fffff880`090336d0 fffff880`040767e0 : fffff900`c374d300 00000000`00000000 00000000`00000001 fffff900`c374d300 : dxgkrnl!DXGPROCESS::Destroy+0xba
fffff880`09033780 fffff960`00144e7c : 00000000`00000870 fffff900`c374d300 00000000`00000000 fffff900`c374d300 : dxgkrnl!DxgkProcessCallout+0x268
fffff880`09033810 fffff960`0014457f : 00000000`00000000 fffff880`09033c20 fffffa80`06373660 00000000`00000000 : win32k!GdiProcessCallout+0x244
fffff880`09033890 fffff800`02f65001 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`06373600 : win32k!W32pProcessCallout+0x6b
fffff880`090338c0 fffff800`02f4a37d : 00000000`cfffffff fffff960`00154201 00000000`78457300 fffffa80`093027f0 : nt!PspExitThread+0x4d1
fffff880`090339c0 fffff800`02c82dfa : fffff900`c06c3010 fffff960`00149fa0 fffff900`c06c3010 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffff880`090339f0 fffff800`02c83140 : 00000000`00000246 fffff880`09033a70 fffff800`02f4a2f0 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`09033a70 fffff800`02c8e977 : fffff880`09033ca0 fffff800`02c9935a 00000000`0000002a 00000000`73ba2450 : nt!KiInitiateUserApc+0x70
fffff880`09033bb0 00000000`73ba2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`349af0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ba2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
atikmpag+5eaf
fffff880`03e05eaf ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: atikmpag+5eaf
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: atikmpag
IMAGE_NAME: atikmpag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d409c8d
FAILURE_BUCKET_ID: X64_0x19_20_atikmpag+5eaf
BUCKET_ID: X64_0x19_20_atikmpag+5eaf
Followup: MachineOwner
---------