0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: dedddcdf, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f7678c91, address which referenced memory
Debugging Details:
------------------
OVERLAPPED_MODULE:
READ_ADDRESS: dedddcdf
CURRENT_IRQL: 2
FAULTING_IP:
ndistapi!NdisTapiRegisterProvider+27
f7678c91 837e0401 cmp dword ptr [esi+0x4],0x1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from f6eaf71e to f7678c91
TRAP_FRAME: f78ceab0 -- (.trap fffffffff78ceab0)
ErrCode = 00000000
eax=8618f968 ebx=f78cec20 ecx=8618f9b4 edx=00000000 esi=dedddcdb edi=f78cec34
eip=f7678c91 esp=f78ceb24 ebp=f78ceb4c iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
ndistapi!NdisTapiRegisterProvider+0x27:
f7678c91 837e0401 cmp dword ptr [esi+0x4],0x1 ds:0023:dedddcdf=????????
Resetting default scope
STACK_TEXT:
f78ceb4c f6eaf71e 00000005 f78cec20 00000000 ndistapi!NdisTapiRegisterProvider+0x27
f78cec3c f7237ea7 f78cecd4 f78cec64 862ebe8c ndiswan!ProtoBindAdapter+0x25e
f78cecd8 f7238b18 85558160 85558130 804f0b90 NDIS!ndisInitializeBinding+0x187
f78ced60 f723bfa3 865a88a0 80582d80 f78cedac NDIS!ndisCheckAdapterBindings+0x138
f78ced74 f723381a 85eb7e18 85558100 804eebdb NDIS!ndisQueuedCheckAdapterBindings+0x83
f78ced80 804eebdb 85eb7e18 00000000 865a88a0 NDIS!ndisWorkItemHandler+0xa
f78cedac 8059b35e 85eb7e18 00000000 00000000 nt!ExpWorkerThread+0xe9
f78ceddc 805008e6 804eeb10 00000000 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
ndistapi!NdisTapiRegisterProvider+27
f7678c91 837e0401 cmp dword ptr [esi+0x4],0x1
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: ndistapi!NdisTapiRegisterProvider+27
MODULE_NAME: ndistapi
IMAGE_NAME: ndistapi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3e800120
STACK_COMMAND: .trap fffffffff78ceab0 ; kb
FAILURE_BUCKET_ID: 0xD1_ndistapi!NdisTapiRegisterProvider+27
BUCKET_ID: 0xD1_ndistapi!NdisTapiRegisterProvider+27
Followup: MachineOwner
_________________________________________________________________
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f4c6a5a2, The address that the exception occurred at
Arg3: f78e2638, Exception Record Address
Arg4: f78e2288, Context Record Address
Debugging Details:
------------------
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
trscsi+35a2
f4c6a5a2 8a430c mov al,[ebx+0xc]
EXCEPTION_PARAMETER1: f78e2638
CONTEXT: f78e2288 -- (.cxr fffffffff78e2288)
eax=2f726964 ebx=11f50964 ecx=00000054 edx=00000000 esi=806db4e8 edi=e282a018
eip=f4c6a5a2 esp=f78e2700 ebp=f78e2720 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
trscsi+0x35a2:
f4c6a5a2 8a430c mov al,[ebx+0xc] ds:0023:11f50970=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x7E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from f4c6a51d to f4c6a5a2
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f78e2720 f4c6a51d 86bec810 87070af8 00000002 trscsi+0x35a2
f78e285c 8062d521 86bec810 85c5b000 00000000 trscsi+0x351d
f78e2918 80637709 80004e54 85c5b000 86bec810 nt!IopLoadDriver+0x5e1
f78e295c 805b5fdc e1c976e0 00000001 80004e54 nt!PipCallDriverAddDeviceQueryRoutine+0x239
f78e29a8 805b5d5b f78e2a34 e1c976c4 f78e2a08 nt!RtlpCallQueryRegistryRoutine+0x3af
f78e2a0c 80638af7 00000000 00000084 00000001 nt!RtlQueryRegistryValues+0x2a4
f78e2adc 8063a557 00000000 00000001 f78e2d60 nt!PipCallDriverAddDevice+0x237
f78e2d28 8063aa8e 86f61e48 00000001 00000000 nt!PipProcessDevNodeTree+0x147
f78e2d58 8053fd8a 00000003 87067b20 80582dbc nt!PiRestartDevice+0x7e
f78e2d80 804eebdb 00000000 00000000 87067b20 nt!PipDeviceActionWorker+0x17a
f78e2dac 8059b35e 00000000 00000000 00000000 nt!ExpWorkerThread+0xe9
f78e2ddc 805008e6 804eeb10 00000001 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
trscsi+35a2
f4c6a5a2 8a430c mov al,[ebx+0xc]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: trscsi+35a2
MODULE_NAME: trscsi
IMAGE_NAME: trscsi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3e651a45
STACK_COMMAND: .cxr fffffffff78e2288 ; kb
FAILURE_BUCKET_ID: 0x7E_trscsi+35a2
BUCKET_ID: 0x7E_trscsi+35a2
Followup: MachineOwner