Windbg New Features - Windows 10 (v10.0.10075.9)

[jcgriff2]

I found a few surprises in Windbg 10.0.10075.9

There are many additional clickable fields; !analyze -v contains system and BIOS information now.

Unfortunately, copy/paste does not pick up the hyperlink fields, but I have described a few below.

!analyze -v (full):

Read More:

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 0000000000001200, (reserved)
Arg3: 00000000cd6cc1d9, Memory contents of the pool block
Arg4: ffffc00185e21350, Address of the block of pool being deallocated
Debugging Details:
------------------
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
ffffc00185e21340 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800d2f42c78
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
ffffc00185e21340 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800d2f42c78
SYSTEM_SKU:  ASUS-NotebookSKU
SYSTEM_VERSION:  1.0       
BIOS_DATE:  09/11/2013
BASEBOARD_PRODUCT:  N46JV
BASEBOARD_VERSION:  1.0       
BUGCHECK_P1: 7
BUGCHECK_P2: 1200
BUGCHECK_P3: cd6cc1d9
BUGCHECK_P4: ffffc00185e21350
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
 ffffc00185e21350 Paged pool
BUGCHECK_STR:  0xc2_7
CPU_COUNT: 8
CPU_MHZ: 95a
CPU_VENDOR:  GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  System
CURRENT_IRQL:  0
ANALYSIS_VERSION: 10.0.10075.9 amd64fre
LAST_CONTROL_TRANSFER:  from fffff800d2f2df56 to fffff800d2dd99a0
STACK_TEXT:  
ffffd000`d70b7578 fffff800`d2f2df56 : 00000000`000000c2 00000000`00000007 00000000`00001200 00000000`cd6cc1d9 : nt!KeBugCheckEx
ffffd000`d70b7580 fffff800`f68ded43 : 00000000`00004000 ffffe001`17130e6c ffffe001`171307f0 00000000`0000006c : nt!ExFreePool+0x26a
ffffd000`d70b7670 fffff800`f68de612 : 00000000`00000000 00000000`00004000 fffff800`f68d6010 fffff800`f68bbb36 : FLTMGR!FltReleaseFileNameInformation+0xc3
ffffd000`d70b76b0 fffff800`f68b44c0 : ffffe001`171307f0 ffffe001`1b07d500 ffffe001`19478000 ffffe001`1b07d500 : FLTMGR!FltpRemoveAllNamesCachedForFileObject+0x1c2
ffffd000`d70b7730 fffff800`f68b55ac : ffffd000`d70b7940 ffffe001`1b07d500 00000000`00000000 ffffd000`d70b7802 : FLTMGR!FltpPerformPreCallbacks+0x720
ffffd000`d70b7840 fffff800`f68b35ce : ffffe001`18445450 00000000`00000000 ffffe001`1adf7b20 ffffe001`00000000 : FLTMGR!FltpPassThroughInternal+0x8c
ffffd000`d70b7870 fffff800`f68b30aa : ffffe001`1712db10 ffffe001`1adf7780 ffffe001`1adf7780 ffffe001`170f5c60 : FLTMGR!FltpPassThrough+0x2be
ffffd000`d70b7920 fffff800`d302db58 : ffffe001`1b07d500 ffffe001`17128030 ffffe001`1adf7780 00000000`00000001 : FLTMGR!FltpDispatch+0x9a
ffffd000`d70b7980 fffff800`d3054160 : 00000000`00000000 ffffe001`1b07d500 ffffe001`170f5c60 ffffe001`1b07d4d0 : nt!IopDeleteFile+0x128
ffffd000`d70b7a00 fffff800`d2cf353f : 00000000`00000000 00000000`00000001 ffffe001`1b07d500 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x64
ffffd000`d70b7a60 fffff800`d30a77e6 : 00000000`000800a1 ffffe001`1850f520 ffffe001`000800a1 00000000`00000000 : nt!ObfDereferenceObject+0x8f
ffffd000`d70b7aa0 fffff800`d2da2c48 : fffff800`d2fe4000 ffffd000`d70b7b50 ffffe001`1850f528 00000000`00000000 : nt!MiSegmentDelete+0x11e
ffffd000`d70b7ae0 fffff800`d2dc10bd : 00000000`00000000 fffff800`d2f627a0 ffffe001`170f2800 00000000`00000012 : nt!MiProcessDereferenceList+0x100
ffffd000`d70b7b70 fffff800`d2d61280 : ffffe001`1722a880 00000000`00000080 ffffe001`1722a880 00000000`00000000 : nt!MiDereferenceSegmentThread+0xd9
ffffd000`d70b7c00 fffff800`d2ddffc6 : ffffd000`db2f5180 ffffe001`1722a880 ffffd000`db3013c0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`d70b7c60 00000000`00000000 : ffffd000`d70b8000 ffffd000`d70b2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb
FOLLOWUP_IP: 
FLTMGR!FltReleaseFileNameInformation+c3
fffff800`f68ded43 e973ffffff      jmp     FLTMGR!FltReleaseFileNameInformation+0x3b (fffff800`f68decbb)
SYMBOL_STACK_INDEX:  2
SYMBOL_NAME:  FLTMGR!FltReleaseFileNameInformation+c3
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: FLTMGR
IMAGE_NAME:  FLTMGR.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  53fbf00c
IMAGE_VERSION:  6.3.9600.17326
BUCKET_ID_FUNC_OFFSET:  c3
FAILURE_BUCKET_ID:  0xc2_7_FLTMGR!FltReleaseFileNameInformation
BUCKET_ID:  0xc2_7_FLTMGR!FltReleaseFileNameInformation
PRIMARY_PROBLEM_CLASS:  0xc2_7_FLTMGR!FltReleaseFileNameInformation
ANALYSIS_SOURCE:  KM
FAILURE_ID_HASH_STRING:  km:0xc2_7_fltmgr!fltreleasefilenameinformation
FAILURE_ID_HASH:  {5fcf4dda-efa6-3a91-6627-bb047c2cff48}
Followup:     MachineOwner
---------

!analyze -v system, BIOS info

SYSTEM_SKU:  ASUS-NotebookSKU
SYSTEM_VERSION:  1.0       
BIOS_DATE:  09/11/2013
BASEBOARD_PRODUCT:  N46JV
BASEBOARD_VERSION:  1.0

kv command now contains the .frame command for each line (the first 2 digits appear blue in Windbg 10) - not much help in a minidump though.

The first line - 00- command = .frame 0n0;dv /t /v

2: kd> kv
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
[B][COLOR=#0000ff]00[/COLOR][/B] ffffd000`d70b7578 fffff800`d2f2df56 : 00000000`000000c2 00000000`00000007 00000000`00001200 00000000`cd6cc1d9 : nt!KeBugCheckEx
[B][COLOR=#0000ff]01[/COLOR][/B][COLOR=#000000] ffffd000[/COLOR]`d70b7580 fffff800`f68ded43 : 00000000`00004000 ffffe001`17130e6c ffffe001`171307f0 00000000`0000006c : nt!ExFreePool+0x26a
[B][COLOR=#0000ff]02 [/COLOR][/B][COLOR=#000000]ffffd0[/COLOR]00`d70b7670 fffff800`f68de612 : 00000000`00000000 00000000`00004000 fffff800`f68d6010 fffff800`f68bbb36 : FLTMGR!FltReleaseFileNameInformation+0xc3
[B][COLOR=#0000ff]03[/COLOR][/B] ffffd000`d70b76b0 fffff800`f68b44c0 : ffffe001`171307f0 ffffe001`1b07d500 ffffe001`19478000 ffffe001`1b07d500 : FLTMGR!FltpRemoveAllNamesCachedForFileObject+0x1c2
[B][COLOR=#0000ff]04[/COLOR][/B][COLOR=#000000] ffffd000[/COLOR]`d70b7730 fffff800`f68b55ac : ffffd000`d70b7940 ffffe001`1b07d500 00000000`00000000 ffffd000`d70b7802 : FLTMGR!FltpPerformPreCallbacks+0x720
[COLOR=#0000ff][B]05[/B][/COLOR] ffffd000`d70b7840 fffff800`f68b35ce : ffffe001`18445450 00000000`00000000 ffffe001`1adf7b20 ffffe001`00000000 : FLTMGR!FltpPassThroughInternal+0x8c
[COLOR=#0000ff][B]06[/B][/COLOR] ffffd000`d70b7870 fffff800`f68b30aa : ffffe001`1712db10 ffffe001`1adf7780 ffffe001`1adf7780 ffffe001`170f5c60 : FLTMGR!FltpPassThrough+0x2be
[COLOR=#0000ff][B]07[/B][/COLOR] ffffd000`d70b7920 fffff800`d302db58 : ffffe001`1b07d500 ffffe001`17128030 ffffe001`1adf7780 00000000`00000001 : FLTMGR!FltpDispatch+0x9a
[COLOR=#0000ff][B]08[/B][/COLOR] ffffd000`d70b7980 fffff800`d3054160 : 00000000`00000000 ffffe001`1b07d500 ffffe001`170f5c60 ffffe001`1b07d4d0 : nt!IopDeleteFile+0x128
[COLOR=#0000ff][B]09[/B][/COLOR] ffffd000`d70b7a00 fffff800`d2cf353f : 00000000`00000000 00000000`00000001 ffffe001`1b07d500 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x64
[COLOR=#0000ff][B]0a[/B][/COLOR] ffffd000`d70b7a60 fffff800`d30a77e6 : 00000000`000800a1 ffffe001`1850f520 ffffe001`000800a1 00000000`00000000 : nt!ObfDereferenceObject+0x8f
[COLOR=#0000ff][B]0b[/B][/COLOR] ffffd000`d70b7aa0 fffff800`d2da2c48 : fffff800`d2fe4000 ffffd000`d70b7b50 ffffe001`1850f528 00000000`00000000 : nt!MiSegmentDelete+0x11e
[COLOR=#0000ff][B]0c[/B][/COLOR] ffffd000`d70b7ae0 fffff800`d2dc10bd : 00000000`00000000 fffff800`d2f627a0 ffffe001`170f2800 00000000`00000012 : nt!MiProcessDereferenceList+0x100
[COLOR=#0000ff][B]0d[/B][/COLOR] ffffd000`d70b7b70 fffff800`d2d61280 : ffffe001`1722a880 00000000`00000080 ffffe001`1722a880 00000000`00000000 : nt!MiDereferenceSegmentThread+0xd9
[COLOR=#0000ff][B]0e[/B][/COLOR] ffffd000`d70b7c00 fffff800`d2ddffc6 : ffffd000`db2f5180 ffffe001`1722a880 ffffd000`db3013c0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
[COLOR=#0000ff][B]0f [/B][/COLOR]ffffd000`d70b7c60 00000000`00000000 : ffffd000`d70b8000 ffffd000`d70b2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

Clicking on 00 resulted:

2: kd>[B] .frame 0n0;dv /t /v[/B]
00 ffffd000`d70b7578 fffff800`d2f2df56 nt!KeBugCheckEx
Unable to enumerate locals, HRESULT 0x80004005
Private symbols (symbols.pri) are required for locals.
Type ".hh dbgerr005" for details.

In the loaded driver listing, both the module name heading itself is blue and hyper (command = lmDtnsm + same for each individual driver name (command = lmDvmFLTMGR (FLTMGR is of course a driver name)

The result of the latter (individual driver name) -- with additional hyper fields:

[B]2: kd> [COLOR=#ff0000]lmDvmFLTMGR[/COLOR][/B]
[COLOR=#0000ff][B]Browse full module list[/B][/COLOR]
start             end                 module name
fffff800`f68b2000 fffff800`f690e000   [COLOR=#0000ff][B]FLTMGR[/B][/COLOR]     (pdb symbols)          c:\symbols\fltMgr.pdb\ACF4EF6122C14FD5A8323B3F55B630722\fltMgr.pdb
    Loaded symbol image file: FLTMGR.SYS
    Mapped memory image file: c:\symbols\FLTMGR.SYS\53FBF00C5c000\FLTMGR.SYS
    Image path: \SystemRoot\system32\DRIVERS\FLTMGR.SYS
    Image name: FLTMGR.SYS
    [COLOR=#0000ff][B]Browse all global symbols[/B][/COLOR]  [B][COLOR=#0000ff]functions[/COLOR][/B]  [B][COLOR=#0000ff]data[/COLOR][/B]
    Timestamp:        Mon Aug 25 22:25:16 2014 (53FBF00C)
    CheckSum:         0005F90F
    ImageSize:        0005C000
    File version:     6.3.9600.17326
    Product version:  6.3.9600.17326
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     fltMgr.sys
    OriginalFilename: fltMgr.sys
    ProductVersion:   6.3.9600.17326
    FileVersion:      6.3.9600.17326 (winblue_r3.140825-1335)
    FileDescription:  Microsoft Filesystem Filter Manager
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

*** Load W10 Windbg and try it out! - http://go.microsoft.com/fwlink/p/?LinkId=536682

From: https://msdn.microsoft.com/en-us/windows/hardware/dn913721(v=vs8.5).aspx?f=255&MSPPError=-2147217396



The entire dump output - !analyze -v;kv;lmnt

Read More:

Microsoft (R) Windows Debugger Version 10.0.10075.9 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\PalmDesert\SysnativeBSODApps\040315-37953-01.txt.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17668.amd64fre.winblue_r8.150127-1500
Machine Name:
Kernel base = 0xfffff800`d2c89000 PsLoadedModuleList = 0xfffff800`d2f62250
Debug session time: Fri Apr  3 07:44:50.802 2015 (UTC - 4:00)
System Uptime: 0 days 9:54:33.474
Loading Kernel Symbols
...............................................................
................................................................
................................................................
Loading User Symbols
Loading unloaded module list
..................
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 1200, cd6cc1d9, ffffc00185e21350}
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
ffffc00185e21340 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800d2f42c78
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
ffffc00185e21340 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800d2f42c78
Probably caused by : FLTMGR.SYS ( FLTMGR!FltReleaseFileNameInformation+c3 )
Followup:     MachineOwner
---------

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 0000000000001200, (reserved)
Arg3: 00000000cd6cc1d9, Memory contents of the pool block
Arg4: ffffc00185e21350, Address of the block of pool being deallocated
Debugging Details:
------------------
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
ffffc00185e21340 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800d2f42c78
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
ffffc00185e21340 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...
GetUlongFromAddress: unable to read from fffff800d2f42c78
SYSTEM_SKU:  ASUS-NotebookSKU
SYSTEM_VERSION:  1.0       
BIOS_DATE:  09/11/2013
BASEBOARD_PRODUCT:  N46JV
BASEBOARD_VERSION:  1.0       
BUGCHECK_P1: 7
BUGCHECK_P2: 1200
BUGCHECK_P3: cd6cc1d9
BUGCHECK_P4: ffffc00185e21350
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff800d2fec138
GetUlongPtrFromAddress: unable to read from fffff800d2fec298
GetUlongPtrFromAddress: unable to read from fffff800d2fec520
 ffffc00185e21350 Paged pool
BUGCHECK_STR:  0xc2_7
CPU_COUNT: 8
CPU_MHZ: 95a
CPU_VENDOR:  GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  System
CURRENT_IRQL:  0
ANALYSIS_VERSION: 10.0.10075.9 amd64fre
LAST_CONTROL_TRANSFER:  from fffff800d2f2df56 to fffff800d2dd99a0
STACK_TEXT:  
ffffd000`d70b7578 fffff800`d2f2df56 : 00000000`000000c2 00000000`00000007 00000000`00001200 00000000`cd6cc1d9 : nt!KeBugCheckEx
ffffd000`d70b7580 fffff800`f68ded43 : 00000000`00004000 ffffe001`17130e6c ffffe001`171307f0 00000000`0000006c : nt!ExFreePool+0x26a
ffffd000`d70b7670 fffff800`f68de612 : 00000000`00000000 00000000`00004000 fffff800`f68d6010 fffff800`f68bbb36 : FLTMGR!FltReleaseFileNameInformation+0xc3
ffffd000`d70b76b0 fffff800`f68b44c0 : ffffe001`171307f0 ffffe001`1b07d500 ffffe001`19478000 ffffe001`1b07d500 : FLTMGR!FltpRemoveAllNamesCachedForFileObject+0x1c2
ffffd000`d70b7730 fffff800`f68b55ac : ffffd000`d70b7940 ffffe001`1b07d500 00000000`00000000 ffffd000`d70b7802 : FLTMGR!FltpPerformPreCallbacks+0x720
ffffd000`d70b7840 fffff800`f68b35ce : ffffe001`18445450 00000000`00000000 ffffe001`1adf7b20 ffffe001`00000000 : FLTMGR!FltpPassThroughInternal+0x8c
ffffd000`d70b7870 fffff800`f68b30aa : ffffe001`1712db10 ffffe001`1adf7780 ffffe001`1adf7780 ffffe001`170f5c60 : FLTMGR!FltpPassThrough+0x2be
ffffd000`d70b7920 fffff800`d302db58 : ffffe001`1b07d500 ffffe001`17128030 ffffe001`1adf7780 00000000`00000001 : FLTMGR!FltpDispatch+0x9a
ffffd000`d70b7980 fffff800`d3054160 : 00000000`00000000 ffffe001`1b07d500 ffffe001`170f5c60 ffffe001`1b07d4d0 : nt!IopDeleteFile+0x128
ffffd000`d70b7a00 fffff800`d2cf353f : 00000000`00000000 00000000`00000001 ffffe001`1b07d500 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x64
ffffd000`d70b7a60 fffff800`d30a77e6 : 00000000`000800a1 ffffe001`1850f520 ffffe001`000800a1 00000000`00000000 : nt!ObfDereferenceObject+0x8f
ffffd000`d70b7aa0 fffff800`d2da2c48 : fffff800`d2fe4000 ffffd000`d70b7b50 ffffe001`1850f528 00000000`00000000 : nt!MiSegmentDelete+0x11e
ffffd000`d70b7ae0 fffff800`d2dc10bd : 00000000`00000000 fffff800`d2f627a0 ffffe001`170f2800 00000000`00000012 : nt!MiProcessDereferenceList+0x100
ffffd000`d70b7b70 fffff800`d2d61280 : ffffe001`1722a880 00000000`00000080 ffffe001`1722a880 00000000`00000000 : nt!MiDereferenceSegmentThread+0xd9
ffffd000`d70b7c00 fffff800`d2ddffc6 : ffffd000`db2f5180 ffffe001`1722a880 ffffd000`db3013c0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`d70b7c60 00000000`00000000 : ffffd000`d70b8000 ffffd000`d70b2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb
FOLLOWUP_IP: 
FLTMGR!FltReleaseFileNameInformation+c3
fffff800`f68ded43 e973ffffff      jmp     FLTMGR!FltReleaseFileNameInformation+0x3b (fffff800`f68decbb)
SYMBOL_STACK_INDEX:  2
SYMBOL_NAME:  FLTMGR!FltReleaseFileNameInformation+c3
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: FLTMGR
IMAGE_NAME:  FLTMGR.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  53fbf00c
IMAGE_VERSION:  6.3.9600.17326
BUCKET_ID_FUNC_OFFSET:  c3
FAILURE_BUCKET_ID:  0xc2_7_FLTMGR!FltReleaseFileNameInformation
BUCKET_ID:  0xc2_7_FLTMGR!FltReleaseFileNameInformation
PRIMARY_PROBLEM_CLASS:  0xc2_7_FLTMGR!FltReleaseFileNameInformation
ANALYSIS_SOURCE:  KM
FAILURE_ID_HASH_STRING:  km:0xc2_7_fltmgr!fltreleasefilenameinformation
FAILURE_ID_HASH:  {5fcf4dda-efa6-3a91-6627-bb047c2cff48}
Followup:     MachineOwner
---------
2: kd> k
 # Child-SP          RetAddr           Call Site
00 ffffd000`d70b7578 fffff800`d2f2df56 nt!KeBugCheckEx
01 ffffd000`d70b7580 fffff800`f68ded43 nt!ExFreePool+0x26a
02 ffffd000`d70b7670 fffff800`f68de612 FLTMGR!FltReleaseFileNameInformation+0xc3
03 ffffd000`d70b76b0 fffff800`f68b44c0 FLTMGR!FltpRemoveAllNamesCachedForFileObject+0x1c2
04 ffffd000`d70b7730 fffff800`f68b55ac FLTMGR!FltpPerformPreCallbacks+0x720
05 ffffd000`d70b7840 fffff800`f68b35ce FLTMGR!FltpPassThroughInternal+0x8c
06 ffffd000`d70b7870 fffff800`f68b30aa FLTMGR!FltpPassThrough+0x2be
07 ffffd000`d70b7920 fffff800`d302db58 FLTMGR!FltpDispatch+0x9a
08 ffffd000`d70b7980 fffff800`d3054160 nt!IopDeleteFile+0x128
09 ffffd000`d70b7a00 fffff800`d2cf353f nt!ObpRemoveObjectRoutine+0x64
0a ffffd000`d70b7a60 fffff800`d30a77e6 nt!ObfDereferenceObject+0x8f
0b ffffd000`d70b7aa0 fffff800`d2da2c48 nt!MiSegmentDelete+0x11e
0c ffffd000`d70b7ae0 fffff800`d2dc10bd nt!MiProcessDereferenceList+0x100
0d ffffd000`d70b7b70 fffff800`d2d61280 nt!MiDereferenceSegmentThread+0xd9
0e ffffd000`d70b7c00 fffff800`d2ddffc6 nt!PspSystemThreadStartup+0x58
0f ffffd000`d70b7c60 00000000`00000000 nt!KiStartSystemThread+0x16
2: kd> .frame 0n0;dv /t /v
00 ffffd000`d70b7578 fffff800`d2f2df56 nt!KeBugCheckEx
Unable to enumerate locals, HRESULT 0x80004005
Private symbols (symbols.pri) are required for locals.
Type ".hh dbgerr005" for details.
2: kd> kv
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 ffffd000`d70b7578 fffff800`d2f2df56 : 00000000`000000c2 00000000`00000007 00000000`00001200 00000000`cd6cc1d9 : nt!KeBugCheckEx
01 ffffd000`d70b7580 fffff800`f68ded43 : 00000000`00004000 ffffe001`17130e6c ffffe001`171307f0 00000000`0000006c : nt!ExFreePool+0x26a
02 ffffd000`d70b7670 fffff800`f68de612 : 00000000`00000000 00000000`00004000 fffff800`f68d6010 fffff800`f68bbb36 : FLTMGR!FltReleaseFileNameInformation+0xc3
03 ffffd000`d70b76b0 fffff800`f68b44c0 : ffffe001`171307f0 ffffe001`1b07d500 ffffe001`19478000 ffffe001`1b07d500 : FLTMGR!FltpRemoveAllNamesCachedForFileObject+0x1c2
04 ffffd000`d70b7730 fffff800`f68b55ac : ffffd000`d70b7940 ffffe001`1b07d500 00000000`00000000 ffffd000`d70b7802 : FLTMGR!FltpPerformPreCallbacks+0x720
05 ffffd000`d70b7840 fffff800`f68b35ce : ffffe001`18445450 00000000`00000000 ffffe001`1adf7b20 ffffe001`00000000 : FLTMGR!FltpPassThroughInternal+0x8c
06 ffffd000`d70b7870 fffff800`f68b30aa : ffffe001`1712db10 ffffe001`1adf7780 ffffe001`1adf7780 ffffe001`170f5c60 : FLTMGR!FltpPassThrough+0x2be
07 ffffd000`d70b7920 fffff800`d302db58 : ffffe001`1b07d500 ffffe001`17128030 ffffe001`1adf7780 00000000`00000001 : FLTMGR!FltpDispatch+0x9a
08 ffffd000`d70b7980 fffff800`d3054160 : 00000000`00000000 ffffe001`1b07d500 ffffe001`170f5c60 ffffe001`1b07d4d0 : nt!IopDeleteFile+0x128
09 ffffd000`d70b7a00 fffff800`d2cf353f : 00000000`00000000 00000000`00000001 ffffe001`1b07d500 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x64
0a ffffd000`d70b7a60 fffff800`d30a77e6 : 00000000`000800a1 ffffe001`1850f520 ffffe001`000800a1 00000000`00000000 : nt!ObfDereferenceObject+0x8f
0b ffffd000`d70b7aa0 fffff800`d2da2c48 : fffff800`d2fe4000 ffffd000`d70b7b50 ffffe001`1850f528 00000000`00000000 : nt!MiSegmentDelete+0x11e
0c ffffd000`d70b7ae0 fffff800`d2dc10bd : 00000000`00000000 fffff800`d2f627a0 ffffe001`170f2800 00000000`00000012 : nt!MiProcessDereferenceList+0x100
0d ffffd000`d70b7b70 fffff800`d2d61280 : ffffe001`1722a880 00000000`00000080 ffffe001`1722a880 00000000`00000000 : nt!MiDereferenceSegmentThread+0xd9
0e ffffd000`d70b7c00 fffff800`d2ddffc6 : ffffd000`db2f5180 ffffe001`1722a880 ffffd000`db3013c0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
0f ffffd000`d70b7c60 00000000`00000000 : ffffd000`d70b8000 ffffd000`d70b2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
2: kd> lmnt
start             end                 module name
fffff800`d1dd9000 fffff800`d1de2000   kd       kd.dll       Thu Aug 22 07:40:43 2013 (5215F8BB)
fffff800`d2c19000 fffff800`d2c89000   hal      hal.dll      Sun Jun 01 18:49:12 2014 (538BADE8)
fffff800`d2c89000 fffff800`d341d000   nt       ntkrnlmp.exe Tue Jan 27 19:52:02 2015 (54C832B2)
fffff800`f6200000 fffff800`f625e000   storport storport.sys Wed Sep 24 22:47:07 2014 (5423822B)
fffff800`f626c000 fffff800`f62e9000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Fri Jul 04 08:59:36 2014 (53B6A538)
fffff800`f62e9000 fffff800`f62f7000   werkernel werkernel.sys Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`f62f7000 fffff800`f6358000   CLFS     CLFS.SYS     Wed Mar 19 04:12:20 2014 (53295164)
fffff800`f6358000 fffff800`f637a000   tm       tm.sys       Thu Aug 22 07:39:33 2013 (5215F875)
fffff800`f637a000 fffff800`f638f000   PSHED    PSHED.dll    Sat Sep 14 09:57:19 2013 (52346B3F)
fffff800`f638f000 fffff800`f6399000   BOOTVID  BOOTVID.dll  Thu Aug 22 07:40:26 2013 (5215F8AA)
fffff800`f6399000 fffff800`f63f8000   volmgrx  volmgrx.sys  Thu Aug 22 07:40:23 2013 (5215F8A7)
fffff800`f6400000 fffff800`f648c000   cng      cng.sys      Tue Jan 13 21:29:05 2015 (54B5D471)
fffff800`f648c000 fffff800`f6499000   vdrvroot vdrvroot.sys Thu Aug 22 07:38:49 2013 (5215F849)
fffff800`f6499000 fffff800`f64c4000   Wof      Wof.sys      Thu Mar 13 04:27:29 2014 (53216BF1)
fffff800`f64c5000 fffff800`f654d000   CI       CI.dll       Fri Dec 05 22:23:28 2014 (548276B0)
fffff800`f654d000 fffff800`f65aa000   msrpc    msrpc.sys    Thu Aug 22 07:39:22 2013 (5215F86A)
fffff800`f65aa000 fffff800`f65c6000   disk     disk.sys     Thu Aug 22 07:39:47 2013 (5215F883)
fffff800`f6600000 fffff800`f6688000   ACPI     ACPI.sys     Mon Oct 06 23:29:50 2014 (54335E2E)
fffff800`f6690000 fffff800`f675f000   Wdf01000 Wdf01000.sys Thu Aug 22 07:38:56 2013 (5215F850)
fffff800`f675f000 fffff800`f6770000   WDFLDR   WDFLDR.SYS   Thu Aug 22 07:39:03 2013 (5215F857)
fffff800`f6770000 fffff800`f6788000   acpiex   acpiex.sys   Thu Aug 22 07:37:47 2013 (5215F80B)
fffff800`f6788000 fffff800`f6793000   WppRecorder WppRecorder.sys Thu Aug 22 07:39:40 2013 (5215F87C)
fffff800`f6793000 fffff800`f679d000   WMILIB   WMILIB.SYS   Thu Aug 22 07:40:23 2013 (5215F8A7)
fffff800`f67a5000 fffff800`f67af000   msisadrv msisadrv.sys Thu Aug 22 07:39:03 2013 (5215F857)
fffff800`f67af000 fffff800`f67f7000   pci      pci.sys      Thu Jul 24 07:45:24 2014 (53D0F1D4)
fffff800`f681a000 fffff800`f6830000   fileinfo fileinfo.sys Sat Feb 22 07:13:10 2014 (53089456)
fffff800`f683a000 fffff800`f68b2000   trufos   trufos.sys   Sat Oct 11 05:01:08 2014 (5438F1D4)
fffff800`f68b2000 fffff800`f690e000   FLTMGR   FLTMGR.SYS   Mon Aug 25 22:25:16 2014 (53FBF00C)
fffff800`f690e000 fffff800`f692a000   pdc      pdc.sys      Wed Oct 15 00:34:24 2014 (543DF950)
fffff800`f692a000 fffff800`f6942000   partmgr  partmgr.sys  Wed Oct 08 03:34:42 2014 (5434E912)
fffff800`f6942000 fffff800`f69ab000   spaceport spaceport.sys Tue Oct 28 22:47:03 2014 (54505527)
fffff800`f69ab000 fffff800`f69c0000   volmgr   volmgr.sys   Thu Aug 22 07:39:53 2013 (5215F889)
fffff800`f69c0000 fffff800`f69db000   mountmgr mountmgr.sys Mon Oct 06 21:18:16 2014 (54333F58)
fffff800`f69db000 fffff800`f69f8000   storahci storahci.sys Thu Aug 22 07:40:39 2013 (5215F8B7)
fffff800`f6a00000 fffff800`f6a0f000   intelpep intelpep.sys Wed Oct 15 02:29:44 2014 (543E1458)
fffff800`f6a15000 fffff800`f6b5b000   avc3     avc3.sys     Wed Jan 14 04:58:21 2015 (54B63DBD)
fffff800`f6b5b000 fffff800`f6b90000   gzflt    gzflt.sys    Tue Feb 24 09:52:39 2015 (54EC9037)
fffff800`f6b90000 fffff800`f6bd6000   rdyboost rdyboost.sys Sat Feb 22 07:13:40 2014 (53089474)
fffff800`f6bd6000 fffff800`f6bf6000   mup      mup.sys      Sat Jan 10 03:22:29 2015 (54B0E145)
fffff800`f6c07000 fffff800`f6e01000   Ntfs     Ntfs.sys     Fri Oct 10 20:35:55 2014 (54387B6B)
fffff800`f6e01000 fffff800`f6e1d000   ksecdd   ksecdd.sys   Tue Oct 28 22:47:36 2014 (54505548)
fffff800`f6e1d000 fffff800`f6e2d000   pcw      pcw.sys      Thu Aug 22 04:46:34 2013 (5215CFEA)
fffff800`f6e2d000 fffff800`f6e38000   Fs_Rec   Fs_Rec.sys   Thu Aug 22 04:46:33 2013 (5215CFE9)
fffff800`f6e38000 fffff800`f6f4f000   ndis     ndis.sys     Mon Feb 02 19:03:15 2015 (54D01043)
fffff800`f6f4f000 fffff800`f6fc7000   NETIO    NETIO.SYS    Sun Nov 09 21:58:13 2014 (546029C5)
fffff800`f6fc7000 fffff800`f6ff8000   ksecpkg  ksecpkg.sys  Sun Jan 11 22:01:17 2015 (54B338FD)
fffff800`f7000000 fffff800`f7095000   fvevol   fvevol.sys   Mon Apr 07 18:25:31 2014 (534325DB)
fffff800`f7095000 fffff800`f70e4000   volsnap  volsnap.sys  Wed Jun 18 18:41:28 2014 (53A21598)
fffff800`f70e4000 fffff800`f70ef000   nvpciflt nvpciflt.sys Fri Mar 13 11:32:00 2015 (550302F0)
fffff800`f70f7000 fffff800`f7363000   tcpip    tcpip.sys    Sun Nov 09 21:59:03 2014 (546029F7)
fffff800`f7363000 fffff800`f73cf000   fwpkclnt fwpkclnt.sys Sun Nov 09 21:57:40 2014 (546029A4)
fffff800`f73cf000 fffff800`f73f4000   wfplwfs  wfplwfs.sys  Sun Nov 09 21:57:28 2014 (54602998)
fffff800`f7400000 fffff800`f746e000   rdbss    rdbss.sys    Sat Jan 10 03:20:59 2015 (54B0E0EB)
fffff800`f74cf000 fffff800`f7525000   CLASSPNP CLASSPNP.SYS Wed Oct 08 01:22:07 2014 (5434C9FF)
fffff800`f7525000 fffff800`f753a000   crashdmp crashdmp.sys Thu Aug 22 07:40:03 2013 (5215F893)
fffff800`f7579000 fffff800`f75a7000   cdrom    cdrom.sys    Thu Aug 22 04:46:35 2013 (5215CFEB)
fffff800`f75a7000 fffff800`f75b0000   Null     Null.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`f75b0000 fffff800`f75b8000   Beep     Beep.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`f75b8000 fffff800`f75c6000   BasicRender BasicRender.sys Sat Feb 22 07:14:02 2014 (5308948A)
fffff800`f7800000 fffff800`f7892000   afd      afd.sys      Thu May 29 23:03:01 2014 (5387F4E5)
fffff800`f7892000 fffff800`f78bc000   pacer    pacer.sys    Tue Oct 28 22:45:30 2014 (545054CA)
fffff800`f78bc000 fffff800`f78d4000   vwififlt vwififlt.sys Wed Apr 30 02:43:46 2014 (53609BA2)
fffff800`f78dd000 fffff800`f7a5d000   dxgkrnl  dxgkrnl.sys  Tue Oct 28 22:46:45 2014 (54505515)
fffff800`f7a5d000 fffff800`f7a6f000   watchdog watchdog.sys Sat Feb 22 07:14:39 2014 (530894AF)
fffff800`f7a6f000 fffff800`f7ad2000   dxgmms1  dxgmms1.sys  Tue Oct 28 22:46:30 2014 (54505506)
fffff800`f7ad2000 fffff800`f7ae4000   BasicDisplay BasicDisplay.sys Thu Aug 22 07:39:31 2013 (5215F873)
fffff800`f7ae4000 fffff800`f7af8000   Npfs     Npfs.SYS     Thu Aug 22 07:40:25 2013 (5215F8A9)
fffff800`f7af8000 fffff800`f7b04000   Msfs     Msfs.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`f7b04000 fffff800`f7b32000   bdfndisf6 bdfndisf6.sys Mon Dec 15 09:59:47 2014 (548EF763)
fffff800`f7b32000 fffff800`f7b5a000   bdfwfpf  bdfwfpf.sys  Wed Oct 17 08:12:10 2012 (507EA09A)
fffff800`f7b5a000 fffff800`f7b7a000   tdx      tdx.sys      Thu Aug 22 07:36:34 2013 (5215F7C2)
fffff800`f7b7a000 fffff800`f7b88000   TDI      TDI.SYS      Thu Aug 22 07:39:01 2013 (5215F855)
fffff800`f7b88000 fffff800`f7bd4000   netbt    netbt.sys    Thu Aug 22 07:37:01 2013 (5215F7DD)
fffff800`f7bd4000 fffff800`f7be5000   netbios  netbios.sys  Tue Oct 28 22:47:23 2014 (5450553B)
fffff800`f7c00000 fffff800`f7c2b000   btath_avdt btath_avdt.sys Wed Sep 18 04:42:14 2013 (52396766)
fffff800`f7c6b000 fffff800`f7cf9000   csc      csc.sys      Tue Oct 28 22:46:49 2014 (54505519)
fffff800`f7cf9000 fffff800`f7d12000   wanarp   wanarp.sys   Fri Nov 07 22:58:28 2014 (545D94E4)
fffff800`f7d12000 fffff800`f7d20000   nsiproxy nsiproxy.sys Tue Oct 28 22:46:03 2014 (545054EB)
fffff800`f7d20000 fffff800`f7d2c000   npsvctrig npsvctrig.sys Thu Aug 22 07:38:22 2013 (5215F82E)
fffff800`f7d2c000 fffff800`f7d38000   mssmbios mssmbios.sys Thu Aug 22 07:39:41 2013 (5215F87D)
fffff800`f7d38000 fffff800`f7d5f000   dfsc     dfsc.sys     Sat Jan 10 03:20:53 2015 (54B0E0E5)
fffff800`f7d70000 fffff800`f7d86000   bdvedisk bdvedisk.sys Thu Sep 27 09:37:29 2012 (50645699)
fffff800`f7d86000 fffff800`f7d8f000   atkwmiacpi64 atkwmiacpi64.sys Tue Sep 06 21:44:52 2011 (4E66CC94)
fffff800`f7d8f000 fffff800`f7da6000   ahcache  ahcache.sys  Thu Dec 11 19:51:20 2014 (548A3C08)
fffff800`f7da6000 fffff800`f7db3000   tap0901  tap0901.sys  Wed Jan 02 06:55:34 2013 (50E42036)
fffff800`f7db3000 fffff800`f7dc2000   CompositeBus CompositeBus.sys Thu Aug 22 07:38:48 2013 (5215F848)
fffff800`f7dc2000 fffff800`f7dcd000   kdnic    kdnic.sys    Thu Aug 22 07:38:26 2013 (5215F832)
fffff800`f7dcd000 fffff800`f7dde000   umbus    umbus.sys    Thu Aug 22 07:38:59 2013 (5215F853)
fffff800`f7e00000 fffff800`f7e6a000   usbhub   usbhub.sys   Thu Jul 24 07:45:29 2014 (53D0F1D9)
fffff800`f7e6a000 fffff800`f7e76000   USBD     USBD.SYS     Sat May 31 02:31:17 2014 (53897735)
fffff800`f7e76000 fffff800`f7ea4000   rfcomm   rfcomm.sys   Thu Jan 29 22:00:56 2015 (54CAF3E8)
fffff800`f7ea4000 fffff800`f7eb3000   modem    modem.sys    Thu Aug 22 07:40:15 2013 (5215F89F)
fffff800`f7ec8000 fffff800`f88d3000   nvlddmkm nvlddmkm.sys Fri Mar 13 11:39:56 2015 (550304CC)
fffff800`f88d3000 fffff800`f88ef000   drmk     drmk.sys     Tue Oct 28 22:47:38 2014 (5450554A)
fffff800`f88ef000 fffff800`f893d000   ks       ks.sys       Fri Jul 04 08:58:59 2014 (53B6A513)
fffff800`f893d000 fffff800`f8949000   iwdbus   iwdbus.sys   Wed Jul 24 21:06:12 2013 (51F07A04)
fffff800`f8949000 fffff800`f8956000   btath_bus btath_bus.sys Mon Jan 21 04:18:42 2013 (50FD07F2)
fffff800`f8956000 fffff800`f899b000   avchv    avchv.sys    Fri Jan 23 08:52:58 2015 (54C2523A)
fffff800`f899b000 fffff800`f89a6000   rdpbus   rdpbus.sys   Thu Aug 22 07:38:52 2013 (5215F84C)
fffff800`f89a6000 fffff800`f89f2000   btath_rcp btath_rcp.sys Fri Jun 21 05:11:54 2013 (51C418DA)
fffff800`f8a00000 fffff800`f8a67000   RtsPer   RtsPer.sys   Thu Mar 28 03:12:22 2013 (5153ED56)
fffff800`f8a67000 fffff800`f8aa0000   fastfat  fastfat.SYS  Thu Aug 22 07:40:18 2013 (5215F8A2)
fffff800`f8aa0000 fffff800`f8aab000   NdisVirtualBus NdisVirtualBus.sys Thu Aug 22 07:36:25 2013 (5215F7B9)
fffff800`f8ab5000 fffff800`f8ecd000   igdkmd64 igdkmd64.sys Mon Sep 16 20:08:54 2013 (52379D96)
fffff800`f8ecd000 fffff800`f8ee6000   HDAudBus HDAudBus.sys Thu Jul 24 07:45:39 2014 (53D0F1E3)
fffff800`f8ee6000 fffff800`f8ee8880   AiCharger AiCharger.sys Thu Sep 22 22:04:40 2011 (4E7BE938)
fffff800`f8ee9000 fffff800`f8f3e000   USBXHCI  USBXHCI.SYS  Tue Oct 07 01:00:56 2014 (54337388)
fffff800`f8f3e000 fffff800`f8f70000   ucx01000 ucx01000.sys Tue Oct 07 01:00:55 2014 (54337387)
fffff800`f8f70000 fffff800`f8f88000   usbehci  usbehci.sys  Sat May 31 02:29:54 2014 (538976E2)
fffff800`f8f88000 fffff800`f8ff7000   USBPORT  USBPORT.SYS  Sat May 31 02:30:25 2014 (53897701)
fffff800`f9000000 fffff800`f900d000   nvvad64v nvvad64v.sys Thu Sep 04 13:10:48 2014 (54089D18)
fffff800`f900d000 fffff800`f9054000   portcls  portcls.sys  Tue Oct 28 22:46:35 2014 (5450550B)
fffff800`f9054000 fffff800`f9059300   ksthunk  ksthunk.sys  Thu Aug 22 07:39:31 2013 (5215F873)
fffff800`f905a000 fffff800`f9415000   athwbx   athwbx.sys   Thu Aug 15 23:13:28 2013 (520D98D8)
fffff800`f9415000 fffff800`f9422000   vwifibus vwifibus.sys Thu Aug 22 07:39:00 2013 (5215F854)
fffff800`f9422000 fffff800`f94f0000   Rt630x64 Rt630x64.sys Mon Sep 09 02:47:07 2013 (522D6EEB)
fffff800`f94f0000 fffff800`f950f000   i8042prt i8042prt.sys Tue Nov 04 01:54:54 2014 (5458783E)
fffff800`f950f000 fffff800`f9567000   AsusTP   AsusTP.sys   Tue Jul 16 04:43:53 2013 (51E507C9)
fffff800`f9567000 fffff800`f9577000   mouclass mouclass.sys Tue Nov 04 01:54:47 2014 (54587837)
fffff800`f9577000 fffff800`f9589000   kbdclass kbdclass.sys Tue Nov 04 01:54:54 2014 (5458783E)
fffff800`f9589000 fffff800`f958fc00   GEARAspiWDM GEARAspiWDM.sys Thu May 03 15:56:17 2012 (4FA2E2E1)
fffff800`f9590000 fffff800`f9596380   CmBatt   CmBatt.sys   Thu Aug 22 07:39:43 2013 (5215F87F)
fffff800`f9597000 fffff800`f95a3000   BATTC    BATTC.SYS    Thu Aug 22 07:40:04 2013 (5215F894)
fffff800`f95a3000 fffff800`f95ad000   wmiacpi  wmiacpi.sys  Thu Aug 22 07:40:04 2013 (5215F894)
fffff800`f95ad000 fffff800`f95cb000   intelppm intelppm.sys Thu Aug 22 04:46:35 2013 (5215CFEB)
fffff800`f95cb000 fffff800`f95d3000   AsHIDSwitch64 AsHIDSwitch64.sys Mon Oct 07 21:45:17 2013 (525363AD)
fffff800`f95d3000 fffff800`f95f2000   HIDCLASS HIDCLASS.SYS Thu Mar 06 04:24:40 2014 (53183ED8)
fffff800`f95f2000 fffff800`f95f9f00   HIDPARSE HIDPARSE.SYS Thu Aug 22 07:40:26 2013 (5215F8AA)
fffff800`f95fa000 fffff800`f95fb600   swenum   swenum.sys   Tue Oct 28 22:47:41 2014 (5450554D)
fffff800`f9600000 fffff800`f964c000   mrxsmb10 mrxsmb10.sys Sat Jan 10 03:19:36 2015 (54B0E098)
fffff800`f964c000 fffff800`f966d000   bthpan   bthpan.sys   Thu Jul 24 07:41:43 2014 (53D0F0F7)
fffff800`f9672000 fffff800`f9693000   WudfPf   WudfPf.sys   Tue Oct 28 22:46:27 2014 (54505503)
fffff800`f969e000 fffff800`f9716000   UsbHub3  UsbHub3.sys  Wed Oct 08 03:32:50 2014 (5434E8A2)
fffff800`f9716000 fffff800`f97bf000   avckf    avckf.sys    Wed Jan 14 05:00:18 2015 (54B63E32)
fffff800`f97bf000 fffff800`f97fc000   BthLEEnum BthLEEnum.sys Wed Dec 04 13:41:54 2013 (529F7772)
fffff800`f9800000 fffff800`f9818000   rspndr   rspndr.sys   Thu Aug 22 07:36:34 2013 (5215F7C2)
fffff800`f9818000 fffff800`f9820000   ASMMAP64 ASMMAP64.sys Thu Jul 02 05:13:26 2009 (4A4C7A36)
fffff800`f9820000 fffff800`f9858000   mrxsmb20 mrxsmb20.sys Sat Jan 10 03:20:54 2015 (54B0E0E6)
fffff800`f9858000 fffff800`f986c000   bthmodem bthmodem.sys Thu Jul 24 07:43:06 2014 (53D0F14A)
fffff800`f9872000 fffff800`f9c96900   RTKVHD64 RTKVHD64.sys Wed Dec 10 02:53:17 2014 (5487FBED)
fffff800`f9c97000 fffff800`f9cbe000   usbccgp  usbccgp.sys  Thu Jul 24 07:44:51 2014 (53D0F1B3)
fffff800`f9cbe000 fffff800`f9d65000   btfilter btfilter.sys Thu Jan 02 00:24:20 2014 (52C4F804)
fffff800`f9d65000 fffff800`f9d7e000   BTHUSB   BTHUSB.sys   Tue Oct 28 22:46:16 2014 (545054F8)
fffff800`f9d7e000 fffff800`f9df2000   nwifi    nwifi.sys    Tue Oct 28 22:45:41 2014 (545054D5)
fffff800`f9e00000 fffff800`f9e1d000   dump_storahci dump_storahci.sys Thu Aug 22 07:40:39 2013 (5215F8B7)
fffff800`f9e1d000 fffff800`f9e33000   dump_dumpfve dump_dumpfve.sys Sat Feb 22 07:14:48 2014 (530894B8)
fffff800`f9e33000 fffff800`f9e41000   monitor  monitor.sys  Thu Aug 22 07:36:37 2013 (5215F7C5)
fffff800`f9e41000 fffff800`f9e65000   luafv    luafv.sys    Sat Feb 22 07:14:25 2014 (530894A1)
fffff800`f9e65000 fffff800`f9e79000   lltdio   lltdio.sys   Thu Aug 22 07:36:18 2013 (5215F7B2)
fffff800`f9e79000 fffff800`f9e8d000   ndisuio  ndisuio.sys  Thu Aug 22 07:37:34 2013 (5215F7FE)
fffff800`f9e92000 fffff800`f9fbd000   bthport  bthport.sys  Tue Oct 28 22:45:37 2014 (545054D1)
fffff800`f9fbd000 fffff800`f9ff0f00   usbvideo usbvideo.sys Sat Jun 21 03:33:39 2014 (53A53553)
fffff800`f9ff1000 fffff800`f9ffd000   dump_diskdump dump_diskdump.sys Thu Aug 22 07:40:18 2013 (5215F8A2)
fffff800`fa200000 fffff800`fa216000   mslldp   mslldp.sys   Tue Oct 28 22:45:39 2014 (545054D3)
fffff800`fa216000 fffff800`fa228000   BthEnum  BthEnum.sys  Tue Oct 28 22:46:11 2014 (545054F3)
fffff800`fa231000 fffff800`fa32b000   HTTP     HTTP.sys     Mon Jan 27 14:48:02 2014 (52E6B7F2)
fffff800`fa32b000 fffff800`fa33a000   vwifimp  vwifimp.sys  Wed Apr 30 02:41:59 2014 (53609B37)
fffff800`fa33a000 fffff800`fa35a000   bowser   bowser.sys   Thu Aug 22 07:38:38 2013 (5215F83E)
fffff800`fa35a000 fffff800`fa371000   mpsdrv   mpsdrv.sys   Tue Oct 28 22:45:31 2014 (545054CB)
fffff800`fa371000 fffff800`fa3de000   mrxsmb   mrxsmb.sys   Sat Jan 10 03:19:58 2015 (54B0E0AE)
fffff800`fa3de000 fffff800`fa3fb000   Ndu      Ndu.sys      Tue Oct 28 22:45:16 2014 (545054BC)
fffff800`fa4a0000 fffff800`fa508000   btath_a2dp btath_a2dp.sys Wed Sep 18 04:45:01 2013 (5239680D)
fffff800`fa508000 fffff800`fa554000   btath_hcrp btath_hcrp.sys Tue Dec 18 04:54:54 2012 (50D03D6E)
fffff800`fa554000 fffff800`fa570000   btath_flt btath_flt.sys Thu Aug 22 23:46:29 2013 (5216DB15)
fffff800`fa570000 fffff800`fa588000   btath_lwflt btath_lwflt.sys Fri Nov 02 01:35:44 2012 (50935BB0)
fffff800`fb000000 fffff800`fb0ad000   srv2     srv2.sys     Wed Oct 08 03:33:30 2014 (5434E8CA)
fffff800`fb0b1000 fffff800`fb15a000   peauth   peauth.sys   Sat Feb 22 07:09:37 2014 (53089381)
fffff800`fb15a000 fffff800`fb161000   plctrl   plctrl.sys   Wed Jul 10 23:23:44 2013 (51DE2540)
fffff800`fb161000 fffff800`fb16c000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff800`fb16c000 fffff800`fb1af000   srvnet   srvnet.sys   Fri Jun 27 02:22:21 2014 (53AD0D9D)
fffff800`fb1af000 fffff800`fb1c1000   tcpipreg tcpipreg.sys Thu Mar 06 04:19:59 2014 (53183DBF)
fffff800`fb1c1000 fffff800`fb1fe000   ndiswan  ndiswan.sys  Thu Aug 22 07:35:55 2013 (5215F79B)
fffff800`fb200000 fffff800`fb21f000   AgileVpn AgileVpn.sys Sun Nov 09 21:57:02 2014 (5460297E)
fffff800`fb21f000 fffff800`fb23f000   rasl2tp  rasl2tp.sys  Fri Nov 07 22:58:30 2014 (545D94E6)
fffff800`fb23f000 fffff800`fb260000   raspptp  raspptp.sys  Thu Aug 22 07:35:51 2013 (5215F797)
fffff800`fb260000 fffff800`fb27b000   raspppoe raspppoe.sys Thu Aug 22 07:36:37 2013 (5215F7C5)
fffff800`fb27b000 fffff800`fb287000   ndistapi ndistapi.sys Fri Nov 07 23:00:40 2014 (545D9568)
fffff800`fb287000 fffff800`fb291000   umpass   umpass.sys   Thu Aug 22 07:38:58 2013 (5215F852)
fffff800`fb293000 fffff800`fb321000   srv      srv.sys      Thu Jul 24 07:43:27 2014 (53D0F15F)
fffff800`fb321000 fffff800`fb331000   condrv   condrv.sys   Thu Aug 22 07:40:17 2013 (5215F8A1)
fffff800`fb331000 fffff800`fb33c000   rdpvideominiport rdpvideominiport.sys Tue Oct 28 22:47:25 2014 (5450553D)
fffff800`fb33c000 fffff800`fb346000   NvStreamKms NvStreamKms.sys Thu Oct 02 21:39:09 2014 (542DFE3D)
fffff800`fb346000 fffff800`fb373000   tunnel   tunnel.sys   Thu Aug 22 07:35:45 2013 (5215F791)
fffff800`fb373000 fffff800`fb3a7000   rdpdr    rdpdr.sys    Thu Aug 22 07:36:46 2013 (5215F7CE)
fffff800`fb3b1000 fffff800`fb3ce000   rassstp  rassstp.sys  Tue Oct 28 22:45:50 2014 (545054DE)
fffff800`fb3ce000 fffff800`fb3e5000   NDProxy  NDProxy.SYS  Fri Nov 07 23:00:00 2014 (545D9540)
fffff800`fb3e5000 fffff800`fb3f3000   hidusb   hidusb.sys   Thu Mar 06 04:24:14 2014 (53183EBE)
fffff800`fb3f3000 fffff800`fb400000   mouhid   mouhid.sys   Tue Nov 04 01:54:47 2014 (54587837)
fffff960`000c5000 fffff960`004db000   win32k   win32k.sys   unavailable (00000000)
fffff960`007e3000 fffff960`007ec000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff960`0091d000 fffff960`00957000   cdd      cdd.dll      unavailable (00000000)
fffff960`00aa4000 fffff960`00b03000   ATMFD    ATMFD.DLL    unavailable (00000000)
Unloaded modules:
fffff800`fb3a7000 fffff800`fb3b1000   umpass.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
fffff800`fb287000 fffff800`fb291000   umpass.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
fffff800`f964c000 fffff800`f9672000   USBSTOR.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00026000
fffff800`fa216000 fffff800`fa221000   WpdUpFltr.sy
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffff800`f97bf000 fffff800`f97fc000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0003D000
fffff800`f97bf000 fffff800`f97fc000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0003D000
fffff800`f6800000 fffff800`f681a000   EhStorClass.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001A000
fffff800`fb287000 fffff800`fb293000   hiber_storpo
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff800`fa200000 fffff800`fa21d000   hiber_storah
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`fb3e5000 fffff800`fb3fb000   hiber_dumpfv
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00016000
fffff800`fb3a7000 fffff800`fb3b1000   cpuz138_x64.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
fffff800`f962b000 fffff800`f969e000   IntcDAud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00073000
fffff800`f753a000 fffff800`f7546000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff800`f7546000 fffff800`f7563000   dump_storahc
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`f7563000 fffff800`f7579000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00016000
fffff800`f7d5f000 fffff800`f7d70000   dam.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
fffff800`f679d000 fffff800`f67a5000   bdelam.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00008000
fffff800`f73f4000 fffff800`f7400000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
2: kd> lmDvmFLTMGR
Browse full module list
start             end                 module name
fffff800`f68b2000 fffff800`f690e000   FLTMGR     (pdb symbols)          c:\symbols\fltMgr.pdb\ACF4EF6122C14FD5A8323B3F55B630722\fltMgr.pdb
    Loaded symbol image file: FLTMGR.SYS
    Mapped memory image file: c:\symbols\FLTMGR.SYS\53FBF00C5c000\FLTMGR.SYS
    Image path: \SystemRoot\system32\DRIVERS\FLTMGR.SYS
    Image name: FLTMGR.SYS
    Browse all global symbols  functions  data
    Timestamp:        Mon Aug 25 22:25:16 2014 (53FBF00C)
    CheckSum:         0005F90F
    ImageSize:        0005C000
    File version:     6.3.9600.17326
    Product version:  6.3.9600.17326
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     fltMgr.sys
    OriginalFilename: fltMgr.sys
    ProductVersion:   6.3.9600.17326
    FileVersion:      6.3.9600.17326 (winblue_r3.140825-1335)
    FileDescription:  Microsoft Filesystem Filter Manager
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

 

[x BlueRobot]

Have they added any new extensions?

 

[jcgriff2]

That I don't know.