Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
- A device driver attempting to corrupt the system has been caught. This is
- because the driver was specified in the registry as being suspect (by the
- administrator) and the kernel has enabled substantial checking of this driver.
- If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
- be among the most commonly seen crashes.
- Arguments:
- Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
- the operating system. The only supported way to extend a kernel
- mode stack is by using KeExpandKernelStackAndCallout.
- Arg2: 0000000000000000
- Arg3: fffffa8011c542c0
- Arg4: 0000000000000000
- Debugging Details:
- ------------------
- ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- ADDITIONAL_DEBUG_TEXT:
- You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
- MODULE_NAME: nt
- FAULTING_MODULE: fffff80002a03000 nt
- DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
- BUGCHECK_STR: 0xc4_91
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff80002ad737a to fffff80002a7fc40
- STACK_TEXT:
- fffffa80`0dc7adc8 fffff800`02ad737a : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`11c542c0 : nt+0x7cc40
- fffffa80`0dc7add0 00000000`000000c4 : 00000000`00000091 00000000`00000000 fffffa80`11c542c0 00000000`00000000 : nt+0xd437a
- fffffa80`0dc7add8 00000000`00000091 : 00000000`00000000 fffffa80`11c542c0 00000000`00000000 fffffa80`0fa1b1d8 : 0xc4
- fffffa80`0dc7ade0 00000000`00000000 : fffffa80`11c542c0 00000000`00000000 fffffa80`0fa1b1d8 20707249`02200006 : 0x91
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- nt+7cc40
- fffff800`02a7fc40 48894c2408 mov qword ptr [rsp+8],rcx
- SYMBOL_STACK_INDEX: 0
- SYMBOL_NAME: nt+7cc40
- FOLLOWUP_NAME: MachineOwner
- IMAGE_NAME: ntoskrnp.exe
- BUCKET_ID: WRONG_SYMBOLS
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement