Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.
- Show DivPrimary Analysis
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 7601.19160.amd64fre.win7sp1_gdr.160211-0600
- Machine Name:
- Kernel base = 0xfffff800`02c19000 PsLoadedModuleList = 0xfffff800`02e60730
- Debug session time: Fri Apr 8 15:23:33.241 2016 (UTC - 4:00)
- System Uptime: 0 days 1:22:48.959
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: 0000000000000000, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
- Arg4: fffff8800209456b, address which referenced memory
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eca100
- GetUlongFromAddress: unable to read from fffff80002eca1c0
- 0000000000000000 Nonpaged pool
- CURRENT_IRQL: 2
- FAULTING_IP:
- tcpip! ?? ::FNODOBFM::`string'+57b4
- fffff880`0209456b 488b01 mov rax,qword ptr [rcx]
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
- BUGCHECK_STR: 0xD1
- PROCESS_NAME: mbamservice.ex
- TRAP_FRAME: fffff8800a558310 -- (.trap 0xfffff8800a558310)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffffa8016274b20 rbx=0000000000000000 rcx=0000000000000000
- rdx=fffffa8016274b21 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8800209456b rsp=fffff8800a5584a0 rbp=0000000000000000
- r8=fffffa8016274b20 r9=00000000000000d0 r10=fffff880037e6e80
- r11=fffffa8011b4bc60 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe nc
- tcpip! ?? ::FNODOBFM::`string'+0x57b4:
- fffff880`0209456b 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80002c8c629 to fffff80002c8d080
- STACK_TEXT:
- fffff880`0a5581c8 fffff800`02c8c629 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- fffff880`0a5581d0 fffff800`02c8b2a0 : fffffa80`1382d010 00000000`00000040 fffff880`0a558b60 fffffa80`11b4ba70 : nt!KiBugCheckDispatch+0x69
- fffff880`0a558310 fffff880`0209456b : fffffa80`11b4ba70 00000000`00000000 fffff880`206c644d fffff880`01e352a2 : nt!KiPageFault+0x260
- fffff880`0a5584a0 fffff880`01f9f316 : fffffa80`11b4ba70 00000000`c000000d 00000000`00000000 fffffa80`11b4ba70 : tcpip! ?? ::FNODOBFM::`string'+0x57b4
- fffff880`0a5584f0 fffff880`01e3225e : fffffa80`11b4ba70 fffffa80`0e3878d0 fffffa80`0e3878d0 fffffa80`16012700 : NETIO!NetioDereferenceNetBufferList+0x86
- fffff880`0a558520 fffff880`09b18fd3 : fffffa80`16012720 fffffa80`16012720 00000000`00000003 fffffa80`11b4bba0 : fwpkclnt!FwpsDereferenceNetBufferList0+0xaa
- fffff880`0a558570 fffffa80`16012720 : fffffa80`16012720 00000000`00000003 fffffa80`11b4bba0 00000000`00000008 : mwac+0x8fd3
- fffff880`0a558578 fffffa80`16012720 : 00000000`00000003 fffffa80`11b4bba0 00000000`00000008 fffff880`09b161e2 : 0xfffffa80`16012720
- fffff880`0a558580 00000000`00000003 : fffffa80`11b4bba0 00000000`00000008 fffff880`09b161e2 00000000`00000008 : 0xfffffa80`16012720
- fffff880`0a558588 fffffa80`11b4bba0 : 00000000`00000008 fffff880`09b161e2 00000000`00000008 00000000`00000008 : 0x3
- fffff880`0a558590 00000000`00000008 : fffff880`09b161e2 00000000`00000008 00000000`00000008 00000000`c000000d : 0xfffffa80`11b4bba0
- fffff880`0a558598 fffff880`09b161e2 : 00000000`00000008 00000000`00000008 00000000`c000000d fffffa80`16012720 : 0x8
- fffff880`0a5585a0 00000000`00000008 : 00000000`00000008 00000000`c000000d fffffa80`16012720 fffffa80`16012734 : mwac+0x61e2
- fffff880`0a5585a8 00000000`00000008 : 00000000`c000000d fffffa80`16012720 fffffa80`16012734 fffffa80`00000011 : 0x8
- fffff880`0a5585b0 00000000`c000000d : fffffa80`16012720 fffffa80`16012734 fffffa80`00000011 00000000`00000000 : 0x8
- fffff880`0a5585b8 fffffa80`16012720 : fffffa80`16012734 fffffa80`00000011 00000000`00000000 00000000`00000000 : 0xc000000d
- fffff880`0a5585c0 fffffa80`16012734 : fffffa80`00000011 00000000`00000000 00000000`00000000 fffffa80`00000000 : 0xfffffa80`16012720
- fffff880`0a5585c8 fffffa80`00000011 : 00000000`00000000 00000000`00000000 fffffa80`00000000 fffffa80`00000000 : 0xfffffa80`16012734
- fffff880`0a5585d0 00000000`00000000 : 00000000`00000000 fffffa80`00000000 fffffa80`00000000 00000000`00000000 : 0xfffffa80`00000011
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- NETIO!NetioDereferenceNetBufferList+86
- fffff880`01f9f316 4885ff test rdi,rdi
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+86
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NETIO
- IMAGE_NAME: NETIO.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 5294760d
- FAILURE_BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
- BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
- Followup: MachineOwner
- ---------
- This free analysis is provided by OSR Open Systems Resources, Inc.
- Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
- Show DivCrash Code Links
- Show DivInformation About Address 0x0
- Show DivLoaded Module List
- Show DivRaw Stack Contents
- Show DivDump Header Information
- Show DivStrings
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement