[COLOR=#3e3e3e][COLOR=#000000]Use !analyze -v to get detailed debugging information.[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]BugCheck 3B, {c0000005, fffff800021e6fd8, ffffd000271c6490, 0}[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by : atikmdag.sys ( atikmdag+720fd8 )[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]Followup: MachineOwner
---------[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800021e6fd8, Address of the instruction which caused the bugcheck
Arg3: ffffd000271c6490, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]Debugging Details:
------------------[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - De instructie op 0x%08lx verwijst naar geheugen op 0x%08lx. Een lees- of schrijfbewerking op het geheugen is mislukt: %s.[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]FAULTING_IP:
atikmdag+720fd8
fffff800`021e6fd8 488b01 mov rax,qword ptr [rcx][/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]CONTEXT: ffffd000271c6490 -- (.cxr 0xffffd000271c6490;r)
rax=0000000000000001 rbx=ffffc0000d754020 rcx=0000000000000000
rdx=0000000000000003 rsi=ffffd000271c6f58 rdi=ffffc0000dcef950
rip=fffff800021e6fd8 rsp=ffffd000271c6ec0 rbp=ffffd000271c6fc0
r8=000000000000003c r9=ffffcf8004330f3c r10=ffffd000271c7028
r11=0000000000000001 r12=0000000000000001 r13=ffffcf800a0dafc0
r14=0000000000000000 r15=ffffc00000749020
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
atikmdag+0x720fd8:
fffff800`021e6fd8 488b01 mov rax,qword ptr [rcx] ds:002b:00000000`00000000=????????????????
Last set context:
rax=0000000000000001 rbx=ffffc0000d754020 rcx=0000000000000000
rdx=0000000000000003 rsi=ffffd000271c6f58 rdi=ffffc0000dcef950
rip=fffff800021e6fd8 rsp=ffffd000271c6ec0 rbp=ffffd000271c6fc0
r8=000000000000003c r9=ffffcf8004330f3c r10=ffffd000271c7028
r11=0000000000000001 r12=0000000000000001 r13=ffffcf800a0dafc0
r14=0000000000000000 r15=ffffc00000749020
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
atikmdag+0x720fd8:
fffff800`021e6fd8 488b01 mov rax,qword ptr [rcx] ds:002b:00000000`00000000=????????????????
Resetting default scope[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]CUSTOMER_CRASH_COUNT: 1[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]BUGCHECK_STR: 0x3B[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]PROCESS_NAME: explorer.exe[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]CURRENT_IRQL: 0[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]LAST_CONTROL_TRANSFER: from ffffc0000d754020 to fffff800021e6fd8[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]STACK_TEXT:
ffffd000`271c6ec0 ffffc000`0d754020 : ffffd000`271c6fc0 00000000`00000000 ffffc000`0dcef950 ffffd000`271c7780 : atikmdag+0x720fd8
ffffd000`271c6ec8 ffffd000`271c6fc0 : 00000000`00000000 ffffc000`0dcef950 ffffd000`271c7780 ffffd000`271c6f58 : 0xffffc000`0d754020
ffffd000`271c6ed0 00000000`00000000 : ffffc000`0dcef950 ffffd000`271c7780 ffffd000`271c6f58 ffffc000`00000000 : 0xffffd000`271c6fc0[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]
FOLLOWUP_IP:
atikmdag+720fd8
fffff800`021e6fd8 488b01 mov rax,qword ptr [rcx][/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]SYMBOL_STACK_INDEX: 0[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]SYMBOL_NAME: atikmdag+720fd8[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]FOLLOWUP_NAME: MachineOwner[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]MODULE_NAME: atikmdag[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]IMAGE_NAME: atikmdag.sys[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]DEBUG_FLR_IMAGE_TIMESTAMP: 52125cd5[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]STACK_COMMAND: .cxr 0xffffd000271c6490 ; kb[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]FAILURE_BUCKET_ID: 0x3B_VRF_atikmdag+720fd8[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]BUCKET_ID: 0x3B_VRF_atikmdag+720fd8[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]ANALYSIS_SOURCE: KM[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]FAILURE_ID_HASH_STRING: km:0x3b_vrf_atikmdag+720fd8[/COLOR][/COLOR]
[COLOR=#3e3e3e][COLOR=#000000]FAILURE_ID_HASH: {907f8bc9-fae4-bf1e-e3b9-f5b00822e763}[/COLOR][/COLOR]
[COLOR=#222222]
[/COLOR]
[COLOR=#3e3e3e]
[COLOR=#000000]Followup: MachineOwner
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {94009, fffff800002f7a10, ffffe00002505e60, ffffe00002505e98}
Probably caused by : ntkrnlmp.exe ( nt!IopProcessWorkItem+76 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000094009, ID of the 'WlanTimedConnectRequest' rule that was violated.
Arg2: fffff800002f7a10, A pointer to the string describing the violated rule condition.
Arg3: ffffe00002505e60, Address of internal rule state (second argument to !ruleinfo).
Arg4: ffffe00002505e98, Address of supplemental states (third argument to !ruleinfo).
Debugging Details:
------------------
DV_VIOLATED_CONDITION: Timeout on NDIS_STATUS_DOT11_CONNECTION_START after OID_DOT11_CONNECT_REQUEST.
DV_MSDN_LINK: [URL="http://go.microsoft.com/fwlink/?LinkId=278810"]WlanTimedConnectRequest rule (ndis) (Windows Drivers)[/URL]
DV_RULE_INFO: 0x94009
BUGCHECK_STR: 0xc4_WlanTimedConnectRequest_XDV
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from fffff800002eb487 to fffff80339f54ca0
STACK_TEXT:
ffffd000`209e98f8 fffff800`002eb487 : 00000000`000000c4 00000000`00094009 fffff800`002f7a10 ffffe000`02505e60 : nt!KeBugCheckEx
ffffd000`209e9900 fffff800`002ee79c : ffffe000`013ae840 ffffe000`000f7000 ffffe000`02cdad20 ffffd000`209e9b50 : VerifierExt!SLIC_StatefulAbort+0x22b
ffffd000`209e99f0 fffff800`002ede0f : 00000000`00000000 ffffe000`000f7060 fffff800`002eddcc ffffe000`013b6980 : VerifierExt!Ndis_OnTimerExpire+0xa8
ffffd000`209e9a40 fffff803`39ea7a0e : ffffcf80`004defb0 00000000`00000000 00000000`00000000 ffffe000`0260ce50 : VerifierExt!XdvPassiveTimerRoutine+0x43
ffffd000`209e9a70 fffff803`39ea81b9 : fffff803`3a234200 fffff803`39ea7998 ffffd000`209e9b50 ffffcf80`000cafb0 : nt!IopProcessWorkItem+0x76
ffffd000`209e9ad0 fffff803`39e942e4 : ffffe000`001a4040 ffffe000`013b6880 ffffe000`013b6880 ffffe000`000d2440 : nt!ExpWorkerThread+0x2b5
ffffd000`209e9b80 fffff803`39f5b2c6 : ffffd000`20be2180 ffffe000`013b6880 ffffe000`001a4040 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`209e9be0 00000000`00000000 : ffffd000`209ea000 ffffd000`209e3000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IopProcessWorkItem+76
fffff803`39ea7a0e f70570c62a0000000008 test dword ptr [nt!PerfGlobalGroupMask+0x8 (fffff803`3a154088)],8000000h
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!IopProcessWorkItem+76
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 52718d9c
IMAGE_VERSION: 6.3.9600.16452
BUCKET_ID_FUNC_OFFSET: 76
FAILURE_BUCKET_ID: 0xc4_WlanTimedConnectRequest_XDV_VRF_nt!IopProcessWorkItem
BUCKET_ID: 0xc4_WlanTimedConnectRequest_XDV_VRF_nt!IopProcessWorkItem
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc4_wlantimedconnectrequest_xdv_vrf_nt!iopprocessworkitem
FAILURE_ID_HASH: {242d917d-5f3a-24d7-7135-8eb692bd3090}
Followup: MachineOwner
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, fffff8037c468650, fffff8037c4685a8, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff8037c468650, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8037c4685a8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: fffff8037c468650 -- (.trap 0xfffff8037c468650)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe000004954b0 rbx=0000000000000000 rcx=0000000000000003
rdx=fffff8037c468660 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8037ab9f95a rsp=fffff8037c4687e0 rbp=0000000000000000
r8=fffff8037c468670 r9=000000000000002f r10=fffff8037b19d520
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt! ?? ::FNODOBFM::`string'+0x2b7ba:
fffff803`7ab9f95a cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff8037c4685a8 -- (.exr 0xfffff8037c4685a8)
ExceptionAddress: fffff8037ab9f95a (nt! ?? ::FNODOBFM::`string'+0x000000000002b7ba)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
DPC_STACK_BASE: FFFFF8037C470FB0
LAST_CONTROL_TRANSFER: from fffff8037ab6f7e9 to fffff8037ab63ca0
STACK_TEXT:
fffff803`7c468328 fffff803`7ab6f7e9 : 00000000`00000139 00000000`00000003 fffff803`7c468650 fffff803`7c4685a8 : nt!KeBugCheckEx
fffff803`7c468330 fffff803`7ab6fb10 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff3563`11dcdfab : nt!KiBugCheckDispatch+0x69
fffff803`7c468470 fffff803`7ab6ed34 : fffff803`7c468668 fffff800`0293c732 fffffff6`00000004 00000001`ffffffff : nt!KiFastFailDispatch+0xd0
fffff803`7c468650 fffff803`7ab9f95a : 00000000`00000000 fffff803`7ad04180 ffffe000`00e7e1f0 00000000`234052a8 : nt!KiRaiseSecurityCheckFailure+0xf4
fffff803`7c4687e0 fffff803`7aac3fe3 : ffffe000`0231dd20 00000000`00000001 fffff803`7c4688b9 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x2b7ba
fffff803`7c468840 fffff803`7aac4478 : 00000000`00000001 ffffe000`02437328 fffff803`7ad04180 fffff803`7ad08480 : nt!KiProcessExpiredTimerList+0x257
fffff803`7c468920 fffff803`7ab20478 : fffff803`7ad04180 00000000`00223570 00000000`028c1380 00000000`028c1398 : nt!KiExpireTimerTable+0x218
fffff803`7c4689c0 fffff803`7aa70abc : ffffe000`00000000 00001f80`00000001 00000a30`4e02d999 00000000`00000002 : nt!KiTimerExpiration+0x148
fffff803`7c468a70 fffff803`7ab677ea : fffff803`7ad04180 fffff803`7ad04180 00000000`001a3fc0 fffff803`7ad5ca80 : nt!KiRetireDpcList+0x19c
fffff803`7c468be0 00000000`00000000 : fffff803`7c469000 fffff803`7c462000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff803`7ab6fb10 c644242000 mov byte ptr [rsp+20h],0
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiFastFailDispatch+d0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 52718d9c
IMAGE_VERSION: 6.3.9600.16452
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
Followup: MachineOwner [/COLOR][/COLOR]