******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {62, fffffa80126002f8, fffffa8012606010, 72}
*** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys
Probably caused by : IDSvia64.sys
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa80126002f8, name of the driver having the issue.
Arg3: fffffa8012606010, verifier internal structure with driver information.
Arg4: 0000000000000072, total # of (paged+nonpaged) allocations that weren't freed.
Type !verifier 3 drivername.sys for info on the allocations
that were leaked that caused the bugcheck.
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_62
IMAGE_NAME: IDSvia64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 503d8308
MODULE_NAME: IDSvia64
FAULTING_MODULE: fffff880052a1000 IDSvia64
VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8012606010
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff802152601ac to fffff80214c94340
STACK_TEXT:
fffff880`102a0818 fffff802`152601ac : 00000000`000000c4 00000000`00000062 fffffa80`126002f8 fffffa80`12606010 : nt!KeBugCheckEx
fffff880`102a0820 fffff802`15266816 : 0000007f`fffffff8 fffff880`052a1000 fffff880`0fd79200 00000000`ffffffff : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`102a0860 fffff802`14e134cf : 00000000`00000000 fffff880`052a1000 fffff880`00000001 fffffa80`12606fa0 : nt!VfPoolCheckForLeaks+0x4a
fffff880`102a08a0 fffff802`15252cb6 : fffffa80`12600230 00000000`00000001 fffffa80`12600230 00000000`ffffffff : nt! ?? ::FNODOBFM::`string'+0x47aca
fffff880`102a0920 fffff802`150a15c2 : 00000000`00000000 fffff802`1501893c fffffa80`1e8ca040 fffff802`14f8fc62 : nt!VfDriverUnloadImage+0x26
fffff880`102a0950 fffff802`150a17f4 : ffffffd3`5d980d9e fffffa80`12600230 fffff802`1501893c 00000000`00000000 : nt!MiUnloadSystemImage+0x182
fffff880`102a09b0 fffff802`150a1d5e : fffffa80`12600410 00000000`00000000 fffffa80`12600440 fffff802`14c9dac0 : nt!MmUnloadSystemImage+0x20
fffff880`102a09e0 fffff802`1505e241 : fffffa80`12600410 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopDeleteDriver+0x4e
fffff880`102a0a20 fffff802`14c8aec9 : 00000000`00000000 00000000`00000000 fffff802`1501893c fffffa80`12600440 : nt!ObpRemoveObjectRoutine+0x61
fffff880`102a0a80 fffff802`14f9c5c7 : fffffa80`12606b60 00000000`00000001 fffffa80`0cba5460 00000000`00000000 : nt!ObfDereferenceObject+0x89
fffff880`102a0ac0 fffff802`1505e241 : fffffa80`130e53a0 fffff880`01e93f00 00000000`00000002 00000168`4e8d0c45 : nt!IopDeleteDevice+0x48
fffff880`102a0af0 fffff802`1501896f : 00000000`00000000 fffffa80`12606b30 fffff802`1501893c 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x61
fffff880`102a0b50 fffff802`14ccc511 : fffffa80`1e8ca040 fffff802`14eb1180 fffffa80`130e4900 fffff802`14e9d000 : nt!ObpProcessRemoveObjectQueue+0x33
fffff880`102a0b80 fffff802`14c3b551 : 00000000`00000000 00000000`00000080 fffff802`14ccc3d0 fffffa80`1e8ca040 : nt!ExpWorkerThread+0x142
fffff880`102a0c10 fffff802`14c79dd6 : fffff880`00f59180 fffffa80`1e8ca040 fffff880`00f64f40 fffffa80`0cb56940 : nt!PspSystemThreadStartup+0x59
fffff880`102a0c60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xc4_62_VRF_LEAKED_POOL_IMAGE_IDSvia64.sys
BUCKET_ID: 0xc4_62_VRF_LEAKED_POOL_IMAGE_IDSvia64.sys
Followup: MachineOwner
---------