DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000034, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800426d241, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003b01100
GetUlongFromAddress: unable to read from fffff80003b011c8
0000000000000034 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
aswNetHub+20241
fffff880`0426d241 0f10702c movups xmm6,xmmword ptr [rax+2Ch]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: afwServ.exe
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
TRAP_FRAME: fffff88003ae75f0 -- (.trap 0xfffff88003ae75f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88003ae7860
rdx=fffffa80088e713e rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800426d241 rsp=fffff88003ae7780 rbp=fffff88003ae7880
r8=fffffa8009690c0e r9=0000000000000000 r10=fffff880009e6f40
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
aswNetHub+0x20241:
fffff880`0426d241 0f10702c movups xmm6,xmmword ptr [rax+2Ch] ds:00000000`0000002c=????????????????????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003905f69 to fffff800038f7ba0
STACK_TEXT:
fffff880`03ae74a8 fffff800`03905f69 : 00000000`0000000a 00000000`00000034 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`03ae74b0 fffff800`03903d88 : 00000000`00000000 00000000`00000034 fffffa80`0595ec00 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`03ae75f0 fffff880`0426d241 : fffff880`03ae7850 00000000`00000000 fffffa80`03d79260 00000000`00000000 : nt!KiPageFault+0x448
fffff880`03ae7780 fffff880`03ae7850 : 00000000`00000000 fffffa80`03d79260 00000000`00000000 fffff880`03ae78b8 : aswNetHub+0x20241
fffff880`03ae7788 00000000`00000000 : fffffa80`03d79260 00000000`00000000 fffff880`03ae78b8 00000000`00000000 : 0xfffff880`03ae7850
STACK_COMMAND: kb
FOLLOWUP_IP:
aswNetHub+20241
fffff880`0426d241 0f10702c movups xmm6,xmmword ptr [rax+2Ch]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: aswNetHub+20241
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswNetHub
IMAGE_NAME: aswNetHub.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5ea87a26
FAILURE_BUCKET_ID: X64_0xD1_aswNetHub+20241
BUCKET_ID: X64_0xD1_aswNetHub+20241
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xd1_aswnethub+20241
FAILURE_ID_HASH: {ccee8161-da6b-a203-4d8b-3af22334ce54}
Followup: MachineOwner
---------
1: kd> lmvm aswNetHub
start end module name
fffff880`0424d000 fffff880`042c9000 aswNetHub T (no symbols)
Loaded symbol image file: aswNetHub.sys
Image path: \SystemRoot\system32\drivers\aswNetHub.sys
Image name: aswNetHub.sys
Timestamp: Tue Apr 28 19:47:02 2020 (5EA87A26)
CheckSum: 0007B35C
ImageSize: 0007C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000008886, The subtype of the bugcheck.
Arg2: fffffa80008d53a0
Arg3: fffffa80008d53d0
Arg4: 0000000000000205
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_8886
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: engsup.exe5939
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from fffff8000395e1cc to fffff800038e1ba0
STACK_TEXT:
fffff880`055bb918 fffff800`0395e1cc : 00000000`0000001a 00000000`00008886 fffffa80`008d53a0 fffffa80`008d53d0 : nt!KeBugCheckEx
fffff880`055bb920 fffff800`039ade48 : 00000000`0002f1be fffffa80`008d53a0 00000000`00000002 00000000`0005fec9 : nt!MiUnlinkPageFromLockedList+0x19c
fffff880`055bb9a0 fffff800`039bd2d0 : ffffffff`ffffff00 00000000`0128900c 00002000`2f1be8c0 ffffffff`ffffffff : nt!MiDispatchFault+0x3f8
fffff880`055bba90 fffff800`038edc96 : 00000000`00000000 00000000`0128900c fffff880`055bbc01 00000000`00000000 : nt!MmAccessFault+0x4090
fffff880`055bbbe0 000007fe`ea0006c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x356
00000000`0012b0e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`ea0006c0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiUnlinkPageFromLockedList+19c
fffff800`0395e1cc cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiUnlinkPageFromLockedList+19c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6e1cbd
IMAGE_VERSION: 6.1.7601.24384
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1a_8886_nt!MiUnlinkPageFromLockedList+19c
BUCKET_ID: X64_0x1a_8886_nt!MiUnlinkPageFromLockedList+19c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1a_8886_nt!miunlinkpagefromlockedlist+19c
FAILURE_ID_HASH: {fc253285-88ba-0bda-058c-156e3cc2cb8c}
Followup: MachineOwner
---------
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041287, An illegal page fault occurred while holding working set synchronization.
Parameter 2 contains the referenced virtual address.
Arg2: 0000000000000030
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41287
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: audiodg.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
TRAP_FRAME: fffff8800865b710 -- (.trap 0xfffff8800865b710)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=66000000119f6124
rdx=fffff80003865000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800039a3864 rsp=fffff8800865b8a0 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000006 r10=0000000000000001
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MiResolvePageFileFault+0xe54:
fffff800`039a3864 8b4830 mov ecx,dword ptr [rax+30h] ds:00000000`00000030=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800039d293e to fffff800038f8ba0
STACK_TEXT:
fffff880`0865b5b8 fffff800`039d293e : 00000000`0000001a 00000000`00041287 00000000`00000030 00000000`00000000 : nt!KeBugCheckEx
fffff880`0865b5c0 fffff800`03904c96 : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x26fe
fffff880`0865b710 fffff800`039a3864 : 00002000`36b2a920 66000000`119f6124 66000000`119f6124 00000000`00000000 : nt!KiPageFault+0x356
fffff880`0865b8a0 fffff800`039c5303 : 00000000`741df408 00000000`66000000 fffffa80`06dec848 00000000`00000011 : nt!MiResolvePageFileFault+0xe54
fffff880`0865b9a0 fffff800`039d42d0 : ffffffff`ffffffff 00000000`741df408 00000000`00000000 ffffffff`ffffffff : nt!MiDispatchFault+0x8b3
fffff880`0865ba90 fffff800`03904c96 : 00000000`00000008 00000000`741df408 00000000`00000001 00000000`001a9f80 : nt!MmAccessFault+0x4090
fffff880`0865bbe0 00000000`741df408 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x356
00000000`02e6fc18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x741df408
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+356
fffff800`03904c96 85c0 test eax,eax
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+356
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6e1cbd
IMAGE_VERSION: 6.1.7601.24384
FAILURE_BUCKET_ID: X64_0x1a_41287_nt!KiPageFault+356
BUCKET_ID: X64_0x1a_41287_nt!KiPageFault+356
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1a_41287_nt!kipagefault+356
FAILURE_ID_HASH: {57c1a06a-3107-678e-b2be-207e9cbf3f0f}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960001b2edf, Address of the instruction which caused the bugcheck
Arg3: fffff880064bd090, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx adresindeki y nerge, 0x%08lx bellek adresine ba
FAULTING_IP:
win32k+c2edf
fffff960`001b2edf 8b5348 mov edx,dword ptr [rbx+48h]
CONTEXT: fffff880064bd090 -- (.cxr 0xfffff880064bd090;r)
rax=00000000e0000287 rbx=c8fffff900c1aea4 rcx=00000000e000047b
rdx=0000000000000000 rsi=0000000000000a18 rdi=c8fffff900c1aebc
rip=fffff960001b2edf rsp=fffff880064bda60 rbp=00000000000001f4
r8=fffffa800662bb88 r9=0000000000000000 r10=fffffffffffffffd
r11=0000000000000000 r12=0000000000000000 r13=fffff960003d04e0
r14=0000000000000002 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
win32k+0xc2edf:
fffff960`001b2edf 8b5348 mov edx,dword ptr [rbx+48h] ds:002b:c8fffff9`00c1aeec=????????
Last set context:
rax=00000000e0000287 rbx=c8fffff900c1aea4 rcx=00000000e000047b
rdx=0000000000000000 rsi=0000000000000a18 rdi=c8fffff900c1aebc
rip=fffff960001b2edf rsp=fffff880064bda60 rbp=00000000000001f4
r8=fffffa800662bb88 r9=0000000000000000 r10=fffffffffffffffd
r11=0000000000000000 r12=0000000000000000 r13=fffff960003d04e0
r14=0000000000000002 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
win32k+0xc2edf:
fffff960`001b2edf 8b5348 mov edx,dword ptr [rbx+48h] ds:002b:c8fffff9`00c1aeec=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff960001b2edf
STACK_TEXT:
fffff880`064bda60 00000000`00000000 : 00000000`00000001 00000000`00000004 fffff800`038356f7 00000000`00000001 : win32k+0xc2edf
FOLLOWUP_IP:
win32k+c2edf
fffff960`001b2edf 8b5348 mov edx,dword ptr [rbx+48h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k+c2edf
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xfffff880064bd090 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k+c2edf
BUCKET_ID: X64_0x3B_win32k+c2edf
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_win32k+c2edf
FAILURE_ID_HASH: {466e357e-453e-90d6-2e23-894974b64806}
Followup: MachineOwner
---------
1: kd> lmvm win32k
start end module name
fffff960`000f0000 fffff960`00400000 win32k T (no symbols)
Loaded symbol image file: win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: unavailable (00000000)
CheckSum: 00000000
ImageSize: 00310000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800038b63ce, Address of the instruction which caused the bugcheck
Arg3: fffff88001fce010, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx adresindeki y nerge, 0x%08lx bellek adresine ba
FAULTING_IP:
nt!PoDestroyReasonContext+6
fffff800`038b63ce 833900 cmp dword ptr [rcx],0
CONTEXT: fffff88001fce010 -- (.cxr 0xfffff88001fce010;r)
rax=0000000006b80b00 rbx=fffffa8004273570 rcx=0000000000000000
rdx=fffff8000385f8d0 rsi=fffffa8004273598 rdi=0000000000000003
rip=fffff800038b63ce rsp=fffff88001fce9e0 rbp=0000000000000000
r8=0000000000000000 r9=4000000000000004 r10=fffffa80059e7250
r11=fffff88001fceaf8 r12=0000000000000001 r13=00000000ffffffff
r14=0000000000000000 r15=fffff8a001bbc750
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!PoDestroyReasonContext+0x6:
fffff800`038b63ce 833900 cmp dword ptr [rcx],0 ds:002b:00000000`00000000=????????
Last set context:
rax=0000000006b80b00 rbx=fffffa8004273570 rcx=0000000000000000
rdx=fffff8000385f8d0 rsi=fffffa8004273598 rdi=0000000000000003
rip=fffff800038b63ce rsp=fffff88001fce9e0 rbp=0000000000000000
r8=0000000000000000 r9=4000000000000004 r10=fffffa80059e7250
r11=fffff88001fceaf8 r12=0000000000000001 r13=00000000ffffffff
r14=0000000000000000 r15=fffff8a001bbc750
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!PoDestroyReasonContext+0x6:
fffff800`038b63ce 833900 cmp dword ptr [rcx],0 ds:002b:00000000`00000000=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: lsass.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from fffff80003b72741 to fffff800038b63ce
STACK_TEXT:
fffff880`01fce9e0 fffff800`03b72741 : fffffa80`04273570 fffffa80`06b725e0 00000000`00000000 00000000`00000000 : nt!PoDestroyReasonContext+0x6
fffff880`01fcea10 fffff800`03c43d02 : 00000000`00000000 fffffa80`04273540 fffffa80`04273540 0012019f`00000001 : nt!PopPowerRequestCleanUp+0xe5
fffff880`01fcea50 fffff800`03b496de : fffffa80`05952b40 fffffa80`06bc5060 00000000`00000000 00000000`000000ff : nt!PopClosePowerRequestObject+0x12
fffff880`01fcea80 fffff800`03b4930f : fffffa80`04273540 fffffa80`00000001 fffff8a0`01bbc750 00000000`00000000 : nt!ObpDecrementHandleCount+0x8e
fffff880`01fceb00 fffff800`03b49614 : 00000000`00000730 fffffa80`06b80b00 fffff8a0`01bbc750 00000000`00000730 : nt!ObpCloseHandleTableEntry+0xaf
fffff880`01fceb90 fffff800`038f5bd3 : fffffa80`06bc5060 fffff880`01fcec60 00000000`00000005 00000000`00000001 : nt!ObpCloseHandle+0x94
fffff880`01fcebe0 00000000`7757997a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00d4f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7757997a
FOLLOWUP_IP:
nt!PoDestroyReasonContext+6
fffff800`038b63ce 833900 cmp dword ptr [rcx],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!PoDestroyReasonContext+6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6e1cbd
IMAGE_VERSION: 6.1.7601.24384
STACK_COMMAND: .cxr 0xfffff88001fce010 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!PoDestroyReasonContext+6
BUCKET_ID: X64_0x3B_nt!PoDestroyReasonContext+6
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_nt!podestroyreasoncontext+6
FAILURE_ID_HASH: {0d46d685-0841-47fb-329e-900a455f4cd3}
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
fffff800`03854000 fffff800`03e30000 nt (pdb symbols) C:\Program Files\Windows Kits\8.1\Debuggers\x86\sym\ntkrnlmp.pdb\ECE191A20CFF4465AE46DF96C22638451\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\Program Files\Windows Kits\8.1\Debuggers\x86\sym\ntoskrnl.exe\5C6E1CBD5dc000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Thu Feb 21 03:36:29 2019 (5C6E1CBD)
CheckSum: 0054FFBE
ImageSize: 005DC000
File version: 6.1.7601.24384
Product version: 6.1.7601.24384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.24384
FileVersion: 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000096, The exception code that was not handled
Arg2: fffff8000390117e, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
EXCEPTION_CODE: (NTSTATUS) 0xc0000096 - { ZEL DURUM} Ayr
FAULTING_IP:
nt!KiExceptionDispatch+1fe
fffff800`0390117e 0f30 wrmsr
BUGCHECK_STR: 0x1E_c0000096
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
EXCEPTION_RECORD: fffff880075717c8 -- (.exr 0xfffff880075717c8)
ExceptionAddress: fffff8000390117e (nt!KiExceptionDispatch+0x00000000000001fe)
ExceptionCode: c0000096
ExceptionFlags: 00000000
NumberParameters: 0
TRAP_FRAME: fffff88007571870 -- (.trap 0xfffff88007571870)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000049
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000390117e rsp=fffff88007571a00 rbp=fffff88007571c60
r8=0000000001a4b4e0 r9=0000000000000000 r10=0000000000000001
r11=0000000001afd440 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl zr na po nc
nt!KiExceptionDispatch+0x1fe:
fffff800`0390117e 0f30 wrmsr
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800039d9ae8 to fffff800038f2ba0
STACK_TEXT:
fffff880`07570ff8 fffff800`039d9ae8 : 00000000`0000001e ffffffff`c0000096 fffff800`0390117e 00000000`00000000 : nt!KeBugCheckEx
fffff880`07571000 fffff800`03901042 : fffff880`075717c8 00000000`01afd440 fffff880`07571870 00000000`01a4b440 : nt!KiDispatchException+0x1c8
fffff880`07571690 fffff800`038fe932 : 000004e8`fffffb30 000004d0`fffffb30 00000000`00000019 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`07571870 fffff800`0390117e : fffff880`07571b38 00000000`01afd440 fffff880`07571be0 00000000`01a4b440 : nt!KiGeneralProtectionFault+0x2f2
fffff880`07571a00 fffff800`038fed62 : 00000000`00000001 00000000`000024d7 00000000`00000001 00000000`01afd440 : nt!KiExceptionDispatch+0x1fe
fffff880`07571be0 00000000`778db5f0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x422
00000000`012cd1b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x778db5f0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiExceptionDispatch+1fe
fffff800`0390117e 0f30 wrmsr
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!KiExceptionDispatch+1fe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6e1cbd
IMAGE_VERSION: 6.1.7601.24384
FAILURE_BUCKET_ID: X64_0x1E_c0000096_nt!KiExceptionDispatch+1fe
BUCKET_ID: X64_0x1E_c0000096_nt!KiExceptionDispatch+1fe
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1e_c0000096_nt!kiexceptiondispatch+1fe
FAILURE_ID_HASH: {7b61ed46-f3a7-bb69-1e53-35685468ca54}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8000389fd58, Address of the instruction which caused the bugcheck
Arg3: fffff88002a6c0e0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx adresindeki y nerge, 0x%08lx bellek adresine ba
FAULTING_IP:
nt!KiTryUnwaitThread+28
fffff800`0389fd58 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
CONTEXT: fffff88002a6c0e0 -- (.cxr 0xfffff88002a6c0e0;r)
rax=d8fffffa80075dda rbx=d0fffffa800762b0 rcx=fffff88002fda180
rdx=fffffa800452fbb1 rsi=0000000000000000 rdi=fffff88002fda100
rip=fffff8000389fd58 rsp=fffff88002a6cab0 rbp=0000000000000000
r8=0000000000000100 r9=0000000000000000 r10=fffffa800452fbb1
r11=00000000001f0003 r12=0000000000000000 r13=00000000000003e8
r14=0000000000000003 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiTryUnwaitThread+0x28:
fffff800`0389fd58 f0480fba6b4000 lock bts qword ptr [rbx+40h],0 ds:002b:d0fffffa`800762f0=????????????????
Last set context:
rax=d8fffffa80075dda rbx=d0fffffa800762b0 rcx=fffff88002fda180
rdx=fffffa800452fbb1 rsi=0000000000000000 rdi=fffff88002fda100
rip=fffff8000389fd58 rsp=fffff88002a6cab0 rbp=0000000000000000
r8=0000000000000100 r9=0000000000000000 r10=fffffa800452fbb1
r11=00000000001f0003 r12=0000000000000000 r13=00000000000003e8
r14=0000000000000003 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiTryUnwaitThread+0x28:
fffff800`0389fd58 f0480fba6b4000 lock bts qword ptr [rbx+40h],0 ds:002b:d0fffffa`800762f0=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: AvastSvc.exe
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from fffff8000388e256 to fffff8000389fd58
STACK_TEXT:
fffff880`02a6cab0 fffff800`0388e256 : fffffa80`075ddad0 00000000`00000000 00000000`00000000 fffff880`02fda180 : nt!KiTryUnwaitThread+0x28
fffff880`02a6cb10 fffff800`03b3e088 : 00000000`00000000 fffff800`00000001 fffffa80`03cf8a00 00000000`00000001 : nt!KeSetEvent+0x446
fffff880`02a6cb80 fffff800`038fabd3 : fffffa80`075e3060 fffff880`00000000 fffffa80`00000000 fffffa80`075ddad0 : nt!NtSetEvent+0x90
fffff880`02a6cbe0 00000000`7721996a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0d99f868 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7721996a
FOLLOWUP_IP:
nt!KiTryUnwaitThread+28
fffff800`0389fd58 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTryUnwaitThread+28
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6e1cbd
IMAGE_VERSION: 6.1.7601.24384
STACK_COMMAND: .cxr 0xfffff88002a6c0e0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!KiTryUnwaitThread+28
BUCKET_ID: X64_0x3B_nt!KiTryUnwaitThread+28
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_nt!kitryunwaitthread+28
FAILURE_ID_HASH: {faebdffd-4c5f-6b4a-dc43-45113752ab80}
Followup: MachineOwner
---------
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000003600, The subtype of the bugcheck.
Arg2: fffff6fb7dbed078
Arg3: 008000012d40a867
Arg4: 008000012d40a866
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_3600
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: cmd.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from fffff800038f2022 to fffff800038f8ba0
STACK_TEXT:
fffff880`07b09a48 fffff800`038f2022 : 00000000`0000001a 00000000`00003600 fffff6fb`7dbed078 00800001`2d40a867 : nt!KeBugCheckEx
fffff880`07b09a50 fffff800`039d4dc6 : ffffffff`ffffffff fffff880`07b09b00 00000000`00000000 fffffa80`076dc5d0 : nt!MiCheckProcessShadow+0x14a
fffff880`07b09a90 fffff800`03904c96 : 00000000`00000008 000007fe`fcd262a4 00000000`00000001 00000000`00000070 : nt!MmAccessFault+0x4b86
fffff880`07b09be0 000007fe`fcd262a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x356
00000000`002bd970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`fcd262a4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiCheckProcessShadow+14a
fffff800`038f2022 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiCheckProcessShadow+14a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6e1cbd
IMAGE_VERSION: 6.1.7601.24384
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1a_3600_nt!MiCheckProcessShadow+14a
BUCKET_ID: X64_0x1a_3600_nt!MiCheckProcessShadow+14a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1a_3600_nt!micheckprocessshadow+14a
FAILURE_ID_HASH: {94909575-9b46-e427-52c8-906b29182f4c}
Followup: MachineOwner
---------