Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Mike\AppData\Local\Temp\[color=red]Temp1_081612-18673-01.zip[/color]\081612-18673-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols2*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`0324d000 PsLoadedModuleList = 0xfffff800`03491670
Debug session time: Thu Aug 16 02:19:45.505 2012 (UTC - 6:00)
System Uptime: 0 days 0:44:23.941
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {a, 2, 1, fffff800032d81a8}
Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
[color=red]*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys[/color]
Probably caused by : mfehidk.sys ( mfehidk+54028 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000000a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800032d81a8, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800034fb100
000000000000000a
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeExpandKernelStackAndCalloutEx+43c
fffff800`032d81a8 4889442478 mov qword ptr [rsp+78h],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88009335c70 -- (.trap 0xfffff88009335c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=800000005e1d2963 rbx=0000000000000000 rcx=fffff6fc40045098
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800032d81a8 rsp=fffff88009335e00 rbp=fffff88009336200
r8=fffff6fc400450c8 r9=0000000000000000 r10=fffff8000344cc80
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KeExpandKernelStackAndCalloutEx+0x43c:
fffff800`032d81a8 4889442478 mov qword ptr [rsp+78h],rax ss:0018:fffff880`09335e78=8000000058617963
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032cb769 to fffff800032cc1c0
STACK_TEXT:
fffff880`09335b28 fffff800`032cb769 : 00000000`0000000a 00000000`0000000a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`09335b30 fffff800`032ca3e0 : 00000000`00000000 fffffa80`0320d8d0 f8a00e33`8c100400 fffffa80`08451610 : nt!KiBugCheckDispatch+0x69
fffff880`09335c70 fffff800`032d81a8 : fffff800`034feb00 00000000`00000002 fffffa80`08451610 00000000`00000001 : nt!KiPageFault+0x260
fffff880`09335e00 fffff880`01243d42 : fffff880`01243cb0 fffff880`09335fa0 fffff6fc`400450c8 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0x43c
fffff880`09335ee0 fffff880`012e2a04 : fffff880`09335fb0 fffff880`09335fb0 fffff880`09335fb0 00000000`00000004 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`09335f50 fffff880`0104fbcf : fffff880`09335fb0 fffffa80`05708c10 fffffa80`05708fb0 fffffa80`074e8710 : Ntfs!NtfsFsdCleanup+0x144
fffff880`093361c0 fffff880`0104e6df : fffffa80`05105a40 00000000`00000000 fffffa80`04f69c00 fffffa80`05708c10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`09336250 fffff800`035cf69f : fffffa80`05708c10 fffffa80`04196450 00000000`00000000 fffffa80`0756ed20 : fltmgr!FltpDispatch+0xcf
fffff880`093362b0 fffff800`035bedc4 : 00000000`00000001 fffffa80`07de8060 00000000`000003d8 00000000`00000000 : nt!IopCloseFile+0x11f
fffff880`09336340 fffff800`035beb81 : fffffa80`07de8060 fffffa80`00000001 fffff8a0`000017e0 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`093363c0 fffff800`035bf144 : 00000000`00000964 fffffa80`07de8060 fffff8a0`000017e0 00000000`00000964 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`09336450 fffff800`032cb453 : fffffa80`08451610 fffff880`09336520 fffffa80`06737930 fffff880`0105f2c2 : nt!ObpCloseHandle+0x94
fffff880`093364a0 fffff800`032c7a10 : fffff880`01136028 fffff880`09336678 00000000`00000000 fffffa80`05121a10 : nt!KiSystemServiceCopyEnd+0x13
fffff880`09336638 fffff880`01136028 : fffff880`09336678 00000000`00000000 fffffa80`05121a10 00000000`00000000 : nt!KiServiceLinkage
fffff880`09336640 fffff880`09336678 : 00000000`00000000 fffffa80`05121a10 00000000`00000000 00000000`c000000d : mfehidk+0x54028
fffff880`09336648 00000000`00000000 : fffffa80`05121a10 00000000`00000000 00000000`c000000d fffff880`03bcd655 : 0xfffff880`09336678
STACK_COMMAND: kb
FOLLOWUP_IP:
mfehidk+54028
fffff880`01136028 ?? ???
SYMBOL_STACK_INDEX: e
SYMBOL_NAME: mfehidk+54028
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mfehidk
IMAGE_NAME: mfehidk.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e5805bc
FAILURE_BUCKET_ID: X64_0xA_mfehidk+54028
BUCKET_ID: X64_0xA_mfehidk+54028
Followup: MachineOwner
---------
0: kd> [color=red]!lmi win32k.sys[/color]
Loaded Module Info: [win32k.sys]
Cannot read Image header @ fffff96000020000
[color=red]Load Report: no symbols loaded[/color]
