*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff8000047e88a, 0, ffffffffffffffff}
*** WARNING: Unable to verify timestamp for PCIIDEX.SYS
*** ERROR: Module load completed but symbols could not be loaded for PCIIDEX.SYS
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : PCIIDEX.SYS ( PCIIDEX+388a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8000047e88a, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, 0, ffffd0002b86f6f8, ffffd0002b86ef00}
Probably caused by : cdrom.sys ( cdrom!RequestSend+b2 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: ffffd0002b86f6f8, Exception Record Address
Arg4: ffffd0002b86ef00, Context Record Address
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff8000026158b, 0, ffffffffffffffff}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8000026158b, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8029f861aaf, ffffd0002a407e60, 0}
Probably caused by : ntkrnlmp.exe ( nt!KeAbPreAcquire+6f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8029f861aaf, Address of the instruction which caused the bugcheck
Arg3: ffffd0002a407e60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80000207b3d, The address that the exception occurred at
Arg3: ffffd00020832738, Exception Record Address
Arg4: ffffd00020831f40, Context Record Address
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {8, 2, 0, fffff8010d312ffe}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1ce )
Followup: Pool_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8010d312ffe, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+1ce
fffff801`0d312ffe 49394208 cmp qword ptr [r10+8],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: svchost.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
TRAP_FRAME: ffffd00029600540 -- (.trap 0xffffd00029600540)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0000121a010 rbx=0000000000000000 rcx=ffffe0000121a000
rdx=ffffe00002902010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8010d312ffe rsp=ffffd000296006d0 rbp=0000000000000016
r8=ffffe0000121a730 r9=0000000000000000 r10=0000000000000000
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!ExDeferredFreePool+0x1ce:
fffff801`0d312ffe 49394208 cmp qword ptr [r10+8],rax ds:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8010d1db7e9 to fffff8010d1cfca0
STACK_TEXT:
ffffd000`296003f8 fffff801`0d1db7e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd000`29600400 fffff801`0d1da03a : 00000000`00000000 00000000`00000000 fffffff6`00000000 ffffd000`29600540 : nt!KiBugCheckDispatch+0x69
ffffd000`29600540 fffff801`0d312ffe : fffff801`0d359f80 fffff801`0d359f88 00000000`00140000 00000000`00000001 : nt!KiPageFault+0x23a
ffffd000`296006d0 fffff801`0d313a03 : ffffe000`036aa800 ffffe000`034055f0 00000000`00000000 00000000`00000002 : nt!ExDeferredFreePool+0x1ce
ffffd000`29600750 fffff800`0081c154 : ffffe000`02b9b1e0 ffffd000`296008c9 00000000`00011021 ffffe000`48706657 : nt!ExFreePoolWithTag+0x733
ffffd000`29600820 fffff800`0081af46 : ffffe000`00e142d8 ffffe000`000f0032 00000000`0000000a fffff801`0d00ff00 : NETIO!KfdCommitTransaction+0x494
ffffd000`29600930 fffff800`00c1df18 : 00000000`00000000 ffffe000`00b78640 00000000`0000ff00 ffffe000`03129908 : NETIO!IoctlKfdCommitTransaction+0x6e
ffffd000`29600960 fffff801`0d42d3e5 : ffffe000`031298d0 ffffd000`29600cc0 00000000`00000001 ffffd000`00000001 : tcpip!KfdDispatchDevCtl+0xd8
ffffd000`296009b0 fffff801`0d42dd7a : e00002b9`fffffffe ffffe000`ffffffff 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x845
ffffd000`29600b60 fffff801`0d1db4b3 : 00000000`00000000 00000000`00000008 fffff6fb`7dbed008 fffff6fb`7da01088 : nt!NtDeviceIoControlFile+0x56
ffffd000`29600bd0 00007ff9`cbec65ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000084`0098f518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`cbec65ea
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+1ce
fffff801`0d312ffe 49394208 cmp qword ptr [r10+8],rax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExDeferredFreePool+1ce
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 6.3.9600.16452
MODULE_NAME: Pool_Corruption
BUCKET_ID_FUNC_OFFSET: 1ce
FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool
BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc5_2_nt!exdeferredfreepool
FAILURE_ID_HASH: {0e971f5b-bd0d-a80e-a2c0-cd331176cf49}