Code:
2: kd> .bugcheck
Bugcheck code 00000001
Arguments 00000000`7715132a 00000000`00000000 00000000`0000ffff fffff880`0a8e1b60
0x1 bug check, no info at all really with these. Taking a look at the 3rd parameter, we can see the value of the
CombinedApcDisable friend. It's split into two 16-bit values, both being
SpecialAPCDisable and
KernelAPCDisable.
Both values to no surprise are negative, which tells us that Special/Kernel APCs were disabled and never re-enabled. Since both APC types were disabled, the thread entered a a Guarded region as opposed to a Critical region (
https://msdn.microsoft.com/en-us/li...925(v=vs.85).aspx?f=255&MSPPError=-2147217396).
Drivers enter Guarded/Critical regions when holding locks to prevent APCs suspending or terminating the thread, which would cause a hang or deadlock and inevitably result in a bug check since we're dealing with kernel-mode drivers & threads.
Overall, your best bet is to enable verifier to see what driver is causing this. Without it, we'd just be taking random stabs in the dark.
Driver Verifier:
What is Driver Verifier?
Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.
Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 -
Restore Point - Create in Windows 8
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is
NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.