******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff96000230b4e, fffff88008975df0, 0} Probably caused by : win32k.sys ( win32k!PopThreadGuardedObject+16 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff96000230b4e, Address of the instruction which caused the bugcheck Arg3: fffff88008975df0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden. FAULTING_IP: win32k!PopThreadGuardedObject+16 fffff960`00230b4e 4c8918 mov qword ptr [rax],r11 CONTEXT: fffff88008975df0 -- (.cxr 0xfffff88008975df0) rax=fff900c5fec8a0ff rbx=fffff900c5ff6440 rcx=fffff900c5ff6440 rdx=fffff900c5faf010 rsi=0000000000000001 rdi=fffff880089768c8 rip=fffff96000230b4e rsp=fffff880089767c0 rbp=0000000000000000 r8=0000000000000000 r9=fffff900c5ff6410 r10=0000040000000500 r11=fff900c5fec8a040 r12=000000000104006b r13=0000000000000000 r14=0000000000000000 r15=000000000869f1e8 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 win32k!PopThreadGuardedObject+0x16: fffff960`00230b4e 4c8918 mov qword ptr [rax],r11 ds:002b:fff900c5`fec8a0ff=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: VDeck.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff9600002d835 to fffff96000230b4e STACK_TEXT: fffff880`089767c0 fffff960`0002d835 : 00000000`00000001 fffff960`000c88bb 00000000`00000000 00000000`00000000 : win32k!PopThreadGuardedObject+0x16 fffff880`089767f0 fffff960`0002d726 : fffff880`80000001 fffff880`089768c8 00000000`00000001 00000000`0104006b : win32k!RGNOBJ::bSwap+0xed fffff880`08976840 fffff960`0002d5d4 : 00000000`00000000 00000000`0104006b 00000000`0104006b 00000000`80000002 : win32k!RGNOBJAPI::bSwap+0x4e fffff880`08976880 fffff960`00057aaa : fffff900`c2d166e0 fffff900`c0800b90 fffff900`c07de650 fffff900`c05824b0 : win32k!GreCombineRgn+0x390 fffff880`08976980 fffff960`000fcbfe : fffff900`c05824b0 fffff880`08976ca0 fffff880`00000000 fffff800`02bbf2dd : win32k!GetMonitorDC+0x1ca fffff880`089769e0 fffff960`00211079 : 00000000`00000000 00000000`00000000 fffff880`08976ae8 fffff880`08976ae8 : win32k!UserGetMonitorDC+0x8e fffff880`08976a10 fffff960`00084e08 : fffff900`c07c1650 fffff900`c1fa9b50 00000000`00000000 fffff900`c07c1650 : win32k!hdcOpenDCW+0xf1 fffff880`08976b10 fffff800`02a89993 : 00000000`00000018 fffffa80`05692b60 00000000`0869f188 00000000`00000000 : win32k!NtGdiOpenDCW+0x1a0 fffff880`08976bb0 000007fe`feed818a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0869f168 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`feed818a FOLLOWUP_IP: win32k!PopThreadGuardedObject+16 fffff960`00230b4e 4c8918 mov qword ptr [rax],r11 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!PopThreadGuardedObject+16 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c7dc13c STACK_COMMAND: .cxr 0xfffff88008975df0 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!PopThreadGuardedObject+16 BUCKET_ID: X64_0x3B_win32k!PopThreadGuardedObject+16 Followup: MachineOwner ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff80002dcb94f, fffff8800315ba48, fffff8800315b2b0} Probably caused by : ntkrnlmp.exe ( nt!CmpDelayDerefKCBWorker+73 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80002dcb94f, The address that the exception occurred at Arg3: fffff8800315ba48, Exception Record Address Arg4: fffff8800315b2b0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden. FAULTING_IP: nt!CmpDelayDerefKCBWorker+73 fffff800`02dcb94f 4c896808 mov qword ptr [rax+8],r13 EXCEPTION_RECORD: fffff8800315ba48 -- (.exr 0xfffff8800315ba48) ExceptionAddress: fffff80002dcb94f (nt!CmpDelayDerefKCBWorker+0x0000000000000073) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff8800315b2b0 -- (.cxr 0xfffff8800315b2b0) rax=ffff78a0000656a8 rbx=fffffa80039db040 rcx=fffff8a001ba1b48 rdx=0000000000000261 rsi=fffff8a000023010 rdi=fffff8a001ba1a70 rip=fffff80002dcb94f rsp=fffff8800315bc80 rbp=0000000000000001 r8=fffff8a000059308 r9=000000001b7c48cb r10=fffff8a00007d5d0 r11=fffffa80039db040 r12=fffff80002cddee0 r13=fffff80002cddf40 r14=0000000000000000 r15=0000000000000001 iopl=0 nv up ei pl nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202 nt!CmpDelayDerefKCBWorker+0x73: fffff800`02dcb94f 4c896808 mov qword ptr [rax+8],r13 ds:002b:ffff78a0`000656b0=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d100e0 ffffffffffffffff FOLLOWUP_IP: nt!CmpDelayDerefKCBWorker+73 fffff800`02dcb94f 4c896808 mov qword ptr [rax+8],r13 BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from fffff80002ae5961 to fffff80002dcb94f STACK_TEXT: fffff880`0315bc80 fffff800`02ae5961 : fffff800`02dcb8dc fffff800`02c7d5f8 fffffa80`039db040 00000000`00000000 : nt!CmpDelayDerefKCBWorker+0x73 fffff880`0315bcb0 fffff800`02d7cc06 : 00540053`00410054 fffffa80`039db040 00000000`00000080 fffffa80`0396c9e0 : nt!ExpWorkerThread+0x111 fffff880`0315bd40 fffff800`02ab6c26 : fffff880`02f63180 fffffa80`039db040 fffff880`02f6df80 00200020`00200020 : nt!PspSystemThreadStartup+0x5a fffff880`0315bd80 00000000`00000000 : fffff880`0315c000 fffff880`03156000 fffff880`0315b9f0 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!CmpDelayDerefKCBWorker+73 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9 STACK_COMMAND: .cxr 0xfffff8800315b2b0 ; kb FAILURE_BUCKET_ID: X64_0x7E_nt!CmpDelayDerefKCBWorker+73 BUCKET_ID: X64_0x7E_nt!CmpDelayDerefKCBWorker+73 Followup: MachineOwner --------- ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c000001d, fffff960000c638c, fffff880088a5170, 0} Probably caused by : win32k.sys ( win32k!xxxRedrawWindow+40 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c000001d, Exception code that caused the bugcheck Arg2: fffff960000c638c, Address of the instruction which caused the bugcheck Arg3: fffff880088a5170, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {AUSNAHME} Ung ltige Anweisung Es wurde versucht, eine ung ltige Anweisung auszuf hren. FAULTING_IP: win32k!xxxRedrawWindow+40 fffff960`000c638c 0f845f010000 je win32k!xxxRedrawWindow+0x1a5 (fffff960`000c64f1) CONTEXT: fffff880088a5170 -- (.cxr 0xfffff880088a5170) rax=0000000000000000 rbx=fffff900c09194b0 rcx=fffff900c09194b0 rdx=fffff900c080e240 rsi=0000000000000081 rdi=0000000000000000 rip=fffff960000c638c rsp=fffff880088a5b40 rbp=fffff880088a5ca0 r8=0000000000000000 r9=0000000000000081 r10=fffff9600014d7e8 r11=0000000000000000 r12=0000000000030138 r13=0000000000000000 r14=0000000000000001 r15=0000000000331210 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 win32k!xxxRedrawWindow+0x40: fffff960`000c638c 0f845f010000 je win32k!xxxRedrawWindow+0x1a5 (fffff960`000c64f1) [br=1] Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: wlrmdr.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff9600014d8d1 to fffff960000c638c STACK_TEXT: fffff880`088a5b40 fffff960`0014d8d1 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff960`001277a9 : win32k!xxxRedrawWindow+0x40 fffff880`088a5ba0 fffff800`02a7e993 : fffffa80`05917b60 00000000`00000000 00000000`00000000 fffff960`00159338 : win32k!NtUserRedrawWindow+0xe9 fffff880`088a5c20 00000000`772a72ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`001be9b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772a72ca FOLLOWUP_IP: win32k!xxxRedrawWindow+40 fffff960`000c638c 0f845f010000 je win32k!xxxRedrawWindow+0x1a5 (fffff960`000c64f1) SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!xxxRedrawWindow+40 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c7dc13c STACK_COMMAND: .cxr 0xfffff880088a5170 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!xxxRedrawWindow+40 BUCKET_ID: X64_0x3B_win32k!xxxRedrawWindow+40 Followup: MachineOwner --------- ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {3, fffff88001f6ce60, ffff788001f6ce60, fffff88001f6ce60} Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a56 ) Followup: Pool_corruption --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000003, the pool freelist is corrupt. Arg2: fffff88001f6ce60, the pool entry being checked. Arg3: ffff788001f6ce60, the read back flink freelist value (should be the same as 2). Arg4: fffff88001f6ce60, the read back blink freelist value (should be the same as 2). Debugging Details: ------------------ BUGCHECK_STR: 0x19_3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: winlogon.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002bfbd6f to fffff80002ac8740 STACK_TEXT: fffff880`025bbd18 fffff800`02bfbd6f : 00000000`00000019 00000000`00000003 fffff880`01f6ce60 ffff7880`01f6ce60 : nt!KeBugCheckEx fffff880`025bbd20 fffff800`02ae9536 : 00000000`00000000 00000000`00000029 fffff900`c01eb5f0 00000000`00000000 : nt!ExDeferredFreePool+0xa56 fffff880`025bbe10 fffff960`0011342b : ffffffff`8000035c 00000000`00000002 fffff880`025bbff0 fffff880`0ed30200 : nt!ExAllocatePoolWithQuotaTag+0x56 fffff880`025bbe60 fffff960`0007effd : fffff880`025bbff0 00000000`0000025e 00000000`00000000 fffff960`00060000 : win32k!FastGetProfileStringW+0x7b fffff880`025bbee0 fffff960`0007eed2 : 00000000`00000000 00000000`0000025e 00000000`00000002 fffff880`0ed3271c : win32k!FastGetProfileIntW+0x4d fffff880`025bbfc0 fffff960`000b30e5 : 00000000`00000000 00000000`00000000 fffffa80`00000000 00000000`00000000 : win32k!FastGetProfileIntFromID+0x6e fffff880`025bc0e0 fffff960`000cdc77 : 00000000`00000000 ffffffff`8000035c fffffa80`05429ae0 00000000`00000000 : win32k!xxxInitWindowStation+0x3d fffff880`025bc140 fffff960`000ce9eb : 00000000`00000000 fffff880`025bc540 fffffa80`0540fc10 fffffa80`052e4c30 : win32k!xxxCreateWindowStation+0x1cf fffff880`025bc500 fffff800`02ac7993 : fffff880`025bcca0 fffff800`02de2e42 00000000`00000098 00000000`000feea0 : win32k!NtUserCreateWindowStation+0x4af fffff880`025bcbb0 00000000`76c6141a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`000fee38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76c6141a STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+a56 fffff800`02bfbd6f cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!ExDeferredFreePool+a56 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a56 BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a56 Followup: Pool_corruption ---------