Code:
BugCheck 1000007E, {ffffffffc0000005, fffff800901947d1, ffffd001494c74a8, ffffd001494c6cb0}
This bugcheck indicates a system thread generated an exception which wasn't handled.
The exception was an access violation where memory being referenced couldn't physically be addressed by the CPU.
Code:
2: kd> .exr 0xffffd001494c74a8
ExceptionAddress: fffff800901947d1 (nt!RtlEqualUnicodeString+0x0000000000000009)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000018
Attempt to read from address 0000000000000018
An attempt to read to an invalid address caused the access violation.
Code:
2: kd> .cxr 0xffffd001494c6cb0;r
rax=0000000000000001 rbx=fffffffffffffff8 rcx=ffffd001494c7770
rdx=0000000000000018 rsi=ffffd001494c7770 rdi=0000000000000000
rip=fffff800901947d1 rsp=ffffd001494c76e8 rbp=0000000000000002
r8=fffff8001a235e01 r9=fffff8001a235900 r10=0000000000000022
r11=ffffd001494c76c0 r12=0000000000000000 r13=fffff80019605268
r14=fffff8001a235900 r15=fffff8001a235e20
iopl=0 nv up ei pl nz ac pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010213
nt!RtlEqualUnicodeString+0x9:
fffff800`901947d1 0fb702 movzx eax,word ptr [rdx] ds:002b:00000000`00000018=????
So a pointer stored in rdx was dereferenced and moved to eax which is an invalid address.
It was converted from bytes to a word value in doing so, this is done by using the movzx instruction which is move with zero extend.
It seems network related, have you updated your network drivers?
If you have then I suggets running Driver Verifier.
What is Driver Verifier?
Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.
Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
- If you have the system set to generate Small Memory Dumps, they will be located in
%systemroot%\Minidump.
- If you have the system set to generate Kernel-Memory Dumps, it will be located in
%systemroot% and labeled MEMORY.DMP.
EDIT: Again Patrick beat me to it. Go to bed or have your breakfast or something. :grin1: