Windows 8.1 X64 crash

Zardoc · Aug 13, 2014

Hi,

After the latest and greatest win update, I get a crash on cold boot. The BSOD Posting Instructions don't work with my windows 8.1 . Will they be updated?

I supect AV scan went wrong on boot.

Thanks for your help.

Code:

Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Lance\Mini dumps Windows\081314-20812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             I:\Système Exploitation MS\Windows 8.1 Update 1 Pro Fra  2014-04-10

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is: I:\Système Exploitation MS\Windows 8.1 Update 1 Pro Fra  2014-04-10
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17238.amd64fre.winblue_gdr.140723-2018
Machine Name:
Kernel base = 0xfffff800`8fe01000 PsLoadedModuleList = 0xfffff800`900cb350
Debug session time: Wed Aug 13 07:20:57.348 2014 (UTC - 4:00)
System Uptime: 0 days 0:00:01.989
Loading Kernel Symbols
...............................................................
.........................
Loading User Symbols
Loading unloaded module list
..
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffff800901947d1, ffffd001494c74a8, ffffd001494c6cb0}

Probably caused by : mup.sys ( mup!MupSurrogateRegisterProvider+159 )

Followup: MachineOwner
---------

2: kd> !analyze -v;!thread;r;kv;lmtn;lmtsmn;.bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800901947d1, The address that the exception occurred at
Arg3: ffffd001494c74a8, Exception Record Address
Arg4: ffffd001494c6cb0, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L

FAULTING_IP: 
nt!RtlEqualUnicodeString+9
fffff800`901947d1 0fb702          movzx   eax,word ptr [rdx]

EXCEPTION_RECORD:  ffffd001494c74a8 -- (.exr 0xffffd001494c74a8)
ExceptionAddress: fffff800901947d1 (nt!RtlEqualUnicodeString+0x0000000000000009)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000018
Attempt to read from address 0000000000000018

CONTEXT:  ffffd001494c6cb0 -- (.cxr 0xffffd001494c6cb0;r)
rax=0000000000000001 rbx=fffffffffffffff8 rcx=ffffd001494c7770
rdx=0000000000000018 rsi=ffffd001494c7770 rdi=0000000000000000
rip=fffff800901947d1 rsp=ffffd001494c76e8 rbp=0000000000000002
 r8=fffff8001a235e01  r9=fffff8001a235900 r10=0000000000000022
r11=ffffd001494c76c0 r12=0000000000000000 r13=fffff80019605268
r14=fffff8001a235900 r15=fffff8001a235e20
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
nt!RtlEqualUnicodeString+0x9:
fffff800`901947d1 0fb702          movzx   eax,word ptr [rdx] ds:002b:00000000`00000018=????
Last set context:
rax=0000000000000001 rbx=fffffffffffffff8 rcx=ffffd001494c7770
rdx=0000000000000018 rsi=ffffd001494c7770 rdi=0000000000000000
rip=fffff800901947d1 rsp=ffffd001494c76e8 rbp=0000000000000002
 r8=fffff8001a235e01  r9=fffff8001a235900 r10=0000000000000022
r11=ffffd001494c76c0 r12=0000000000000000 r13=fffff80019605268
r14=fffff8001a235900 r15=fffff8001a235e20
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
nt!RtlEqualUnicodeString+0x9:
fffff800`901947d1 0fb702          movzx   eax,word ptr [rdx] ds:002b:00000000`00000018=????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - L

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000018

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80090155138
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 0000000000000018 

FOLLOWUP_IP: 
mup!MupSurrogateRegisterProvider+159
fffff800`1960cd4d 84c0            test    al,al

BUGCHECK_STR:  AV

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LAST_CONTROL_TRANSFER:  from fffff8001960cd4d to fffff800901947d1

STACK_TEXT:  
ffffd001`494c76e8 fffff800`1960cd4d : ffffffff`fffffff8 00000000`00000000 00000000`00000002 ffffd001`494c7770 : nt!RtlEqualUnicodeString+0x9
ffffd001`494c76f0 fffff800`1a23c68c : 00000000`00000000 00000000`00000000 00000000`00000004 00000000`00000240 : mup!MupSurrogateRegisterProvider+0x159
ffffd001`494c7750 fffff800`1a24847a : 00000000`00000000 00000000`00000000 00000000`00000004 ffffffff`800002a0 : dfsc!DfscRegisterMup+0x34
ffffd001`494c7790 fffff800`1a2481cb : ffffffff`00000001 00000000`00000000 ffffe000`fe3c8000 ffffe000`fe1a5060 : dfsc!DfscInitVariables+0x27e
ffffd001`494c77e0 fffff800`902bea52 : ffffe000`fe1a5060 ffffd001`494c7950 ffffe000`fe3c8000 00000000`000007ff : dfsc!DriverEntry+0x19b
ffffd001`494c7850 fffff800`905062c3 : ffffe000`fe1780c8 ffffe000`fe1780c8 ffffd001`494c7b70 ffffe000`20206f49 : nt!IopLoadDriver+0x5e2
ffffd001`494c7b10 fffff800`9052f49a : fffff800`00000000 ffffc000`37dc0750 00000000`00000000 fffff800`8eb22c50 : nt!IopInitializeSystemDrivers+0x14f
ffffd001`494c7ba0 fffff800`903b0ac2 : 80000000`00f80121 fffff800`8eb22c50 ffffe000`fa46a040 ffffe000`fa486bc8 : nt!IoInitSystem+0x16
ffffd001`494c7bd0 fffff800`8feda514 : ffffe000`fa46a040 80000000`00f80121 80000000`00f80121 80000000`00f80121 : nt!Phase1Initialization+0x2a
ffffd001`494c7c00 fffff800`8ff5b2c6 : fffff800`900e7180 ffffe000`fa46a040 fffff800`9014ea00 80000000`00f80121 : nt!PspSystemThreadStartup+0x58
ffffd001`494c7c60 00000000`00000000 : ffffd001`494c8000 ffffd001`494c2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  mup!MupSurrogateRegisterProvider+159

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: mup

IMAGE_NAME:  mup.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5215f8ac

IMAGE_VERSION:  6.3.9600.16384

STACK_COMMAND:  .cxr 0xffffd001494c6cb0 ; kb

BUCKET_ID_FUNC_OFFSET:  159

FAILURE_BUCKET_ID:  AV_mup!MupSurrogateRegisterProvider

BUCKET_ID:  AV_mup!MupSurrogateRegisterProvider

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_mup!mupsurrogateregisterprovider

FAILURE_ID_HASH:  {bf04bb69-16a8-ba2f-86da-00dec8ef0a22}

Followup: MachineOwner
---------

GetPointerFromAddress: unable to read from fffff80090155000
THREAD ffffe000fa46a040  Cid 0004.0008  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 2
Not impersonating
GetUlongFromAddress: unable to read from fffff800900a1300
Owning Process            ffffe000fa486900       Image:         System
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      127          
Context Switch Count      1466           IdealProcessor: 0             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address nt!Phase1Initialization (0xfffff800903b0a98)
Stack Init ffffd001494c7c90 Current ffffd001494c6930
Base ffffd001494c8000 Limit ffffd001494c2000 Call 0
Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd001`494c76e8 fffff800`1960cd4d : ffffffff`fffffff8 00000000`00000000 00000000`00000002 ffffd001`494c7770 : nt!RtlEqualUnicodeString+0x9
ffffd001`494c76f0 fffff800`1a23c68c : 00000000`00000000 00000000`00000000 00000000`00000004 00000000`00000240 : mup!MupSurrogateRegisterProvider+0x159
ffffd001`494c7750 fffff800`1a24847a : 00000000`00000000 00000000`00000000 00000000`00000004 ffffffff`800002a0 : dfsc!DfscRegisterMup+0x34
ffffd001`494c7790 fffff800`1a2481cb : ffffffff`00000001 00000000`00000000 ffffe000`fe3c8000 ffffe000`fe1a5060 : dfsc!DfscInitVariables+0x27e
ffffd001`494c77e0 fffff800`902bea52 : ffffe000`fe1a5060 ffffd001`494c7950 ffffe000`fe3c8000 00000000`000007ff : dfsc!DriverEntry+0x19b
ffffd001`494c7850 fffff800`905062c3 : ffffe000`fe1780c8 ffffe000`fe1780c8 ffffd001`494c7b70 ffffe000`20206f49 : nt!IopLoadDriver+0x5e2
ffffd001`494c7b10 fffff800`9052f49a : fffff800`00000000 ffffc000`37dc0750 00000000`00000000 fffff800`8eb22c50 : nt!IopInitializeSystemDrivers+0x14f
ffffd001`494c7ba0 fffff800`903b0ac2 : 80000000`00f80121 fffff800`8eb22c50 ffffe000`fa46a040 ffffe000`fa486bc8 : nt!IoInitSystem+0x16
ffffd001`494c7bd0 fffff800`8feda514 : ffffe000`fa46a040 80000000`00f80121 80000000`00f80121 80000000`00f80121 : nt!Phase1Initialization+0x2a
ffffd001`494c7c00 fffff800`8ff5b2c6 : fffff800`900e7180 ffffe000`fa46a040 fffff800`9014ea00 80000000`00f80121 : nt!PspSystemThreadStartup+0x58
ffffd001`494c7c60 00000000`00000000 : ffffd001`494c8000 ffffd001`494c2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

rax=0000000000000001 rbx=fffffffffffffff8 rcx=ffffd001494c7770
rdx=0000000000000018 rsi=ffffd001494c7770 rdi=0000000000000000
rip=fffff800901947d1 rsp=ffffd001494c76e8 rbp=0000000000000002
 r8=fffff8001a235e01  r9=fffff8001a235900 r10=0000000000000022
r11=ffffd001494c76c0 r12=0000000000000000 r13=fffff80019605268
r14=fffff8001a235900 r15=fffff8001a235e20
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
nt!RtlEqualUnicodeString+0x9:
fffff800`901947d1 0fb702          movzx   eax,word ptr [rdx] ds:002b:00000000`00000018=????
Child-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd001`494c76e8 fffff800`1960cd4d : ffffffff`fffffff8 00000000`00000000 00000000`00000002 ffffd001`494c7770 : nt!RtlEqualUnicodeString+0x9
ffffd001`494c76f0 fffff800`1a23c68c : 00000000`00000000 00000000`00000000 00000000`00000004 00000000`00000240 : mup!MupSurrogateRegisterProvider+0x159
ffffd001`494c7750 fffff800`1a24847a : 00000000`00000000 00000000`00000000 00000000`00000004 ffffffff`800002a0 : dfsc!DfscRegisterMup+0x34
ffffd001`494c7790 fffff800`1a2481cb : ffffffff`00000001 00000000`00000000 ffffe000`fe3c8000 ffffe000`fe1a5060 : dfsc!DfscInitVariables+0x27e
ffffd001`494c77e0 fffff800`902bea52 : ffffe000`fe1a5060 ffffd001`494c7950 ffffe000`fe3c8000 00000000`000007ff : dfsc!DriverEntry+0x19b
ffffd001`494c7850 fffff800`905062c3 : ffffe000`fe1780c8 ffffe000`fe1780c8 ffffd001`494c7b70 ffffe000`20206f49 : nt!IopLoadDriver+0x5e2
ffffd001`494c7b10 fffff800`9052f49a : fffff800`00000000 ffffc000`37dc0750 00000000`00000000 fffff800`8eb22c50 : nt!IopInitializeSystemDrivers+0x14f
ffffd001`494c7ba0 fffff800`903b0ac2 : 80000000`00f80121 fffff800`8eb22c50 ffffe000`fa46a040 ffffe000`fa486bc8 : nt!IoInitSystem+0x16
ffffd001`494c7bd0 fffff800`8feda514 : ffffe000`fa46a040 80000000`00f80121 80000000`00f80121 80000000`00f80121 : nt!Phase1Initialization+0x2a
ffffd001`494c7c00 fffff800`8ff5b2c6 : fffff800`900e7180 ffffe000`fa46a040 fffff800`9014ea00 80000000`00f80121 : nt!PspSystemThreadStartup+0x58
ffffd001`494c7c60 00000000`00000000 : ffffd001`494c8000 ffffd001`494c2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
start             end                 module name
fffff800`18200000 fffff800`18288000   CI       CI.dll       Sat Feb 22 07:12:12 2014 (5308941C)
fffff800`182b0000 fffff800`18316000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Thu Aug 22 07:40:16 2013 (5215F8A0)
fffff800`18316000 fffff800`18324000   werkernel werkernel.sys Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`18324000 fffff800`18385000   CLFS     CLFS.SYS     Wed Mar 19 04:12:20 2014 (53295164)
fffff800`18385000 fffff800`183a7000   tm       tm.sys       Thu Aug 22 07:39:33 2013 (5215F875)
fffff800`183a7000 fffff800`183bc000   PSHED    PSHED.dll    Sat Sep 14 09:57:19 2013 (52346B3F)
fffff800`183bc000 fffff800`183c6000   BOOTVID  BOOTVID.dll  Thu Aug 22 07:40:26 2013 (5215F8AA)
fffff800`18419000 fffff800`18476000   msrpc    msrpc.sys    Thu Aug 22 07:39:22 2013 (5215F86A)
fffff800`18476000 fffff800`18545000   Wdf01000 Wdf01000.sys Thu Aug 22 07:38:56 2013 (5215F850)
fffff800`18545000 fffff800`18556000   WDFLDR   WDFLDR.SYS   Thu Aug 22 07:39:03 2013 (5215F857)
fffff800`18556000 fffff800`1856e000   acpiex   acpiex.sys   Thu Aug 22 07:37:47 2013 (5215F80B)
fffff800`1856e000 fffff800`18579000   WppRecorder WppRecorder.sys Thu Aug 22 07:39:40 2013 (5215F87C)
fffff800`18579000 fffff800`185e2000   spaceport spaceport.sys Thu Jul 24 07:45:14 2014 (53D0F1CA)
fffff800`18600000 fffff800`18615000   volmgr   volmgr.sys   Thu Aug 22 07:39:53 2013 (5215F889)
fffff800`18640000 fffff800`186ca000   ACPI     ACPI.sys     Sat Feb 22 07:13:57 2014 (53089485)
fffff800`186ca000 fffff800`186d4000   WMILIB   WMILIB.SYS   Thu Aug 22 07:40:23 2013 (5215F8A7)
fffff800`186d4000 fffff800`18760000   cng      cng.sys      Thu May 29 03:45:47 2014 (5386E5AB)
fffff800`18760000 fffff800`1876a000   msisadrv msisadrv.sys Thu Aug 22 07:39:03 2013 (5215F857)
fffff800`1876a000 fffff800`187b2000   pci      pci.sys      Thu Jul 24 07:45:24 2014 (53D0F1D4)
fffff800`187b2000 fffff800`187bf000   vdrvroot vdrvroot.sys Thu Aug 22 07:38:49 2013 (5215F849)
fffff800`187bf000 fffff800`187db000   pdc      pdc.sys      Fri Nov 01 00:58:42 2013 (52733502)
fffff800`187db000 fffff800`187f3000   partmgr  partmgr.sys  Thu Aug 22 07:40:20 2013 (5215F8A4)
fffff800`18800000 fffff800`1883d000   edevmon  edevmon.sys  Mon Aug 19 09:00:54 2013 (52121706)
fffff800`1883d000 fffff800`1888c000   volsnap  volsnap.sys  Wed Jun 18 18:41:28 2014 (53A21598)
fffff800`188b8000 fffff800`18917000   volmgrx  volmgrx.sys  Thu Aug 22 07:40:23 2013 (5215F8A7)
fffff800`18917000 fffff800`18932000   mountmgr mountmgr.sys Thu Aug 22 07:40:04 2013 (5215F894)
fffff800`18932000 fffff800`1895d000   Wof      Wof.sys      Thu Mar 13 04:27:29 2014 (53216BF1)
fffff800`1895d000 fffff800`189c5000   PGPwded  PGPwded.sys  Thu Jun 12 17:10:04 2014 (539A172C)
fffff800`189c5000 fffff800`189f6000   ksecpkg  ksecpkg.sys  Sat Mar 08 04:24:07 2014 (531AE1B7)
fffff800`18a00000 fffff800`18a1a000   EhStorClass EhStorClass.sys Thu Aug 22 07:38:15 2013 (5215F827)
fffff800`18a1a000 fffff800`18a76000   fltmgr   fltmgr.sys   Sun Apr 06 10:10:42 2014 (53416062)
fffff800`18a76000 fffff800`18a8c000   fileinfo fileinfo.sys Sat Feb 22 07:13:10 2014 (53089456)
fffff800`18a8c000 fffff800`18ac3000   PGPfsfd  PGPfsfd.sys  Thu Jun 12 17:10:10 2014 (539A1732)
fffff800`18ac6000 fffff800`18d90000   iaStorA  iaStorA.sys  Fri Jun 06 19:20:24 2014 (53924CB8)
fffff800`18d90000 fffff800`18def000   storport storport.sys Sun Apr 06 10:08:55 2014 (53415FF7)
fffff800`18def000 fffff800`18df8000   Pgpwdefs Pgpwdefs.sys Thu Jun 12 17:09:00 2014 (539A16EC)
fffff800`18e25000 fffff800`1901b000   Ntfs     Ntfs.sys     Thu Jul 24 03:30:36 2014 (53D0B61C)
fffff800`1901b000 fffff800`19037000   ksecdd   ksecdd.sys   Sat Sep 21 03:59:44 2013 (523D51F0)
fffff800`19037000 fffff800`19047000   pcw      pcw.sys      Thu Aug 22 04:46:34 2013 (5215CFEA)
fffff800`19047000 fffff800`19052000   Fs_Rec   Fs_Rec.sys   Thu Aug 22 04:46:33 2013 (5215CFE9)
fffff800`19052000 fffff800`1916a000   ndis     ndis.sys     Thu Jun 05 07:49:03 2014 (5390592F)
fffff800`1916a000 fffff800`191e2000   NETIO    NETIO.SYS    Thu Jul 24 07:43:51 2014 (53D0F177)
fffff800`1921a000 fffff800`1948e000   tcpip    tcpip.sys    Thu Jul 24 07:46:05 2014 (53D0F1FD)
fffff800`1948e000 fffff800`194fa000   fwpkclnt fwpkclnt.sys Sun Mar 30 21:39:34 2014 (5338C756)
fffff800`194fa000 fffff800`1951f000   wfplwfs  wfplwfs.sys  Sat Mar 08 04:22:45 2014 (531AE165)
fffff800`1951f000 fffff800`195b4000   fvevol   fvevol.sys   Mon Apr 07 18:25:31 2014 (534325DB)
fffff800`195b4000 fffff800`195d2000   fltsrv   fltsrv.sys   Mon May 13 05:40:09 2013 (5190B4F9)
fffff800`195d2000 fffff800`195ee000   disk     disk.sys     Thu Aug 22 07:39:47 2013 (5215F883)
fffff800`19600000 fffff800`19617000   mup      mup.sys      Thu Aug 22 07:40:28 2013 (5215F8AC)
fffff800`19617000 fffff800`19626000   intelpep intelpep.sys Sat Nov 09 03:45:55 2013 (527DF643)
fffff800`1964d000 fffff800`19760000   tib      tib.sys      Wed Mar 20 05:00:38 2013 (51497AB6)
fffff800`19760000 fffff800`197a4000   snapman  snapman.sys  Wed Aug 14 08:17:26 2013 (520B7556)
fffff800`197a4000 fffff800`197ea000   rdyboost rdyboost.sys Sat Feb 22 07:13:40 2014 (53089474)
fffff800`19802000 fffff800`19857000   CLASSPNP CLASSPNP.SYS Wed Apr 09 02:53:25 2014 (5344EE65)
fffff800`19857000 fffff800`1986c000   crashdmp crashdmp.sys Thu Aug 22 07:40:03 2013 (5215F893)
fffff800`1986c000 fffff800`19878000   dump_diskdump dump_diskdump.sys Thu Aug 22 07:40:18 2013 (5215F8A2)
fffff800`19878000 fffff800`19946000   eamonm   eamonm.sys   Thu Aug 15 10:53:50 2013 (520CEB7E)
fffff800`19946000 fffff800`199a7000   dxgmms1  dxgmms1.sys  Thu Mar 06 04:22:14 2014 (53183E46)
fffff800`199a7000 fffff800`199f3000   netbt    netbt.sys    Thu Aug 22 07:37:01 2013 (5215F7DD)
fffff800`19c14000 fffff800`19ede000   dump_iaStorA dump_iaStorA.sys Fri Jun 06 19:20:24 2014 (53924CB8)
fffff800`19ede000 fffff800`19ef4000   dump_dumpfve dump_dumpfve.sys Sat Feb 22 07:14:48 2014 (530894B8)
fffff800`19ef4000 fffff800`19f1f000   dump_PGPwdeDumpFilter dump_PGPwdeDumpFilter.sys Thu Jun 12 17:10:06 2014 (539A172E)
fffff800`19f1f000 fffff800`19f4d000   cdrom    cdrom.sys    Thu Aug 22 04:46:35 2013 (5215CFEB)
fffff800`19f4d000 fffff800`19f56000   Null     Null.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`19f56000 fffff800`19f5e000   Beep     Beep.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`19f5e000 fffff800`19f8b000   ehdrv    ehdrv.sys    Thu Aug 15 10:54:11 2013 (520CEB93)
fffff800`19f8b000 fffff800`19fa0f00   ctxusbm  ctxusbm.sys  Mon Sep 09 12:02:22 2013 (522DF10E)
fffff800`19fa1000 fffff800`19faf000   BasicRender BasicRender.sys Sat Feb 22 07:14:02 2014 (5308948A)
fffff800`19faf000 fffff800`19fcc000   NEOFLTR_740_30599 NEOFLTR_740_30599.SYS Tue Apr 08 11:06:04 2014 (5344105C)
fffff800`1a000000 fffff800`1a00e000   TDI      TDI.SYS      Thu Aug 22 07:39:01 2013 (5215F855)
fffff800`1a014000 fffff800`1a195000   dxgkrnl  dxgkrnl.sys  Thu Jun 12 18:32:12 2014 (539A2A6C)
fffff800`1a195000 fffff800`1a1a7000   watchdog watchdog.sys Sat Feb 22 07:14:39 2014 (530894AF)
fffff800`1a1a7000 fffff800`1a1b9000   BasicDisplay BasicDisplay.sys Thu Aug 22 07:39:31 2013 (5215F873)
fffff800`1a1b9000 fffff800`1a1cd000   Npfs     Npfs.SYS     Thu Aug 22 07:40:25 2013 (5215F8A9)
fffff800`1a1cd000 fffff800`1a1d9000   Msfs     Msfs.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`1a1d9000 fffff800`1a1f9000   tdx      tdx.sys      Thu Aug 22 07:36:34 2013 (5215F7C2)
fffff800`1a200000 fffff800`1a20e000   nsiproxy nsiproxy.sys Thu Aug 22 07:36:34 2013 (5215F7C2)
fffff800`1a20e000 fffff800`1a21a000   npsvctrig npsvctrig.sys Thu Aug 22 07:38:22 2013 (5215F82E)
fffff800`1a21a000 fffff800`1a226000   mssmbios mssmbios.sys Thu Aug 22 07:39:41 2013 (5215F87D)
fffff800`1a226000 fffff800`1a24c000   dfsc     dfsc.sys     Thu Mar 06 04:22:50 2014 (53183E6A)
fffff800`1a270000 fffff800`1a302000   afd      afd.sys      Thu May 29 23:03:01 2014 (5387F4E5)
fffff800`1a302000 fffff800`1a32c000   pacer    pacer.sys    Thu Aug 22 07:36:06 2013 (5215F7A6)
fffff800`1a32c000 fffff800`1a33d000   netbios  netbios.sys  Thu Aug 22 07:38:58 2013 (5215F852)
fffff800`1a33d000 fffff800`1a3ad000   rdbss    rdbss.sys    Tue Dec 17 02:21:22 2013 (52AFFB72)
fffff800`1a3ad000 fffff800`1a3ee000   truecrypt truecrypt.sys Mon May 26 20:39:59 2014 (5383DEDF)
fffff800`1a3ee000 fffff800`1a3fe000   PGPsdk   PGPsdk.sys   Thu Jun 12 17:09:17 2014 (539A16FD)
fffff800`8ee81000 fffff800`8ee8a000   kd       kd.dll       Thu Aug 22 07:40:43 2013 (5215F8BB)
fffff800`8fe01000 fffff800`9058a000   nt       ntkrnlmp.exe Thu Jul 24 03:37:39 2014 (53D0B7C3)
fffff800`9058a000 fffff800`905fa000   hal      hal.dll      Sun Jun 01 18:49:12 2014 (538BADE8)

Unloaded modules:
fffff800`1a4b5000 fffff800`1a543000   csc.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0008E000
fffff800`19626000 fffff800`19632000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
start             end                 module name
fffff800`18640000 fffff800`186ca000   ACPI     ACPI.sys     Sat Feb 22 07:13:57 2014 (53089485)
fffff800`18556000 fffff800`1856e000   acpiex   acpiex.sys   Thu Aug 22 07:37:47 2013 (5215F80B)
fffff800`1a270000 fffff800`1a302000   afd      afd.sys      Thu May 29 23:03:01 2014 (5387F4E5)
fffff800`1a1a7000 fffff800`1a1b9000   BasicDisplay BasicDisplay.sys Thu Aug 22 07:39:31 2013 (5215F873)
fffff800`19fa1000 fffff800`19faf000   BasicRender BasicRender.sys Sat Feb 22 07:14:02 2014 (5308948A)
fffff800`19f56000 fffff800`19f5e000   Beep     Beep.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`183bc000 fffff800`183c6000   BOOTVID  BOOTVID.dll  Thu Aug 22 07:40:26 2013 (5215F8AA)
fffff800`19f1f000 fffff800`19f4d000   cdrom    cdrom.sys    Thu Aug 22 04:46:35 2013 (5215CFEB)
fffff800`18200000 fffff800`18288000   CI       CI.dll       Sat Feb 22 07:12:12 2014 (5308941C)
fffff800`19802000 fffff800`19857000   CLASSPNP CLASSPNP.SYS Wed Apr 09 02:53:25 2014 (5344EE65)
fffff800`18324000 fffff800`18385000   CLFS     CLFS.SYS     Wed Mar 19 04:12:20 2014 (53295164)
fffff800`186d4000 fffff800`18760000   cng      cng.sys      Thu May 29 03:45:47 2014 (5386E5AB)
fffff800`19857000 fffff800`1986c000   crashdmp crashdmp.sys Thu Aug 22 07:40:03 2013 (5215F893)
fffff800`19f8b000 fffff800`19fa0f00   ctxusbm  ctxusbm.sys  Mon Sep 09 12:02:22 2013 (522DF10E)
fffff800`1a226000 fffff800`1a24c000   dfsc     dfsc.sys     Thu Mar 06 04:22:50 2014 (53183E6A)
fffff800`195d2000 fffff800`195ee000   disk     disk.sys     Thu Aug 22 07:39:47 2013 (5215F883)
fffff800`1986c000 fffff800`19878000   dump_diskdump dump_diskdump.sys Thu Aug 22 07:40:18 2013 (5215F8A2)
fffff800`19ede000 fffff800`19ef4000   dump_dumpfve dump_dumpfve.sys Sat Feb 22 07:14:48 2014 (530894B8)
fffff800`19c14000 fffff800`19ede000   dump_iaStorA dump_iaStorA.sys Fri Jun 06 19:20:24 2014 (53924CB8)
fffff800`19ef4000 fffff800`19f1f000   dump_PGPwdeDumpFilter dump_PGPwdeDumpFilter.sys Thu Jun 12 17:10:06 2014 (539A172E)
fffff800`1a014000 fffff800`1a195000   dxgkrnl  dxgkrnl.sys  Thu Jun 12 18:32:12 2014 (539A2A6C)
fffff800`19946000 fffff800`199a7000   dxgmms1  dxgmms1.sys  Thu Mar 06 04:22:14 2014 (53183E46)
fffff800`19878000 fffff800`19946000   eamonm   eamonm.sys   Thu Aug 15 10:53:50 2013 (520CEB7E)
fffff800`18800000 fffff800`1883d000   edevmon  edevmon.sys  Mon Aug 19 09:00:54 2013 (52121706)
fffff800`19f5e000 fffff800`19f8b000   ehdrv    ehdrv.sys    Thu Aug 15 10:54:11 2013 (520CEB93)
fffff800`18a00000 fffff800`18a1a000   EhStorClass EhStorClass.sys Thu Aug 22 07:38:15 2013 (5215F827)
fffff800`18a76000 fffff800`18a8c000   fileinfo fileinfo.sys Sat Feb 22 07:13:10 2014 (53089456)
fffff800`18a1a000 fffff800`18a76000   fltmgr   fltmgr.sys   Sun Apr 06 10:10:42 2014 (53416062)
fffff800`195b4000 fffff800`195d2000   fltsrv   fltsrv.sys   Mon May 13 05:40:09 2013 (5190B4F9)
fffff800`19047000 fffff800`19052000   Fs_Rec   Fs_Rec.sys   Thu Aug 22 04:46:33 2013 (5215CFE9)
fffff800`1951f000 fffff800`195b4000   fvevol   fvevol.sys   Mon Apr 07 18:25:31 2014 (534325DB)
fffff800`1948e000 fffff800`194fa000   fwpkclnt fwpkclnt.sys Sun Mar 30 21:39:34 2014 (5338C756)
fffff800`9058a000 fffff800`905fa000   hal      hal.dll      Sun Jun 01 18:49:12 2014 (538BADE8)
fffff800`18ac6000 fffff800`18d90000   iaStorA  iaStorA.sys  Fri Jun 06 19:20:24 2014 (53924CB8)
fffff800`19617000 fffff800`19626000   intelpep intelpep.sys Sat Nov 09 03:45:55 2013 (527DF643)
fffff800`8ee81000 fffff800`8ee8a000   kd       kd.dll       Thu Aug 22 07:40:43 2013 (5215F8BB)
fffff800`1901b000 fffff800`19037000   ksecdd   ksecdd.sys   Sat Sep 21 03:59:44 2013 (523D51F0)
fffff800`189c5000 fffff800`189f6000   ksecpkg  ksecpkg.sys  Sat Mar 08 04:24:07 2014 (531AE1B7)
fffff800`182b0000 fffff800`18316000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Thu Aug 22 07:40:16 2013 (5215F8A0)
fffff800`18917000 fffff800`18932000   mountmgr mountmgr.sys Thu Aug 22 07:40:04 2013 (5215F894)
fffff800`1a1cd000 fffff800`1a1d9000   Msfs     Msfs.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`18760000 fffff800`1876a000   msisadrv msisadrv.sys Thu Aug 22 07:39:03 2013 (5215F857)
fffff800`18419000 fffff800`18476000   msrpc    msrpc.sys    Thu Aug 22 07:39:22 2013 (5215F86A)
fffff800`1a21a000 fffff800`1a226000   mssmbios mssmbios.sys Thu Aug 22 07:39:41 2013 (5215F87D)
fffff800`19600000 fffff800`19617000   mup      mup.sys      Thu Aug 22 07:40:28 2013 (5215F8AC)
fffff800`19052000 fffff800`1916a000   ndis     ndis.sys     Thu Jun 05 07:49:03 2014 (5390592F)
fffff800`19faf000 fffff800`19fcc000   NEOFLTR_740_30599 NEOFLTR_740_30599.SYS Tue Apr 08 11:06:04 2014 (5344105C)
fffff800`1a32c000 fffff800`1a33d000   netbios  netbios.sys  Thu Aug 22 07:38:58 2013 (5215F852)
fffff800`199a7000 fffff800`199f3000   netbt    netbt.sys    Thu Aug 22 07:37:01 2013 (5215F7DD)
fffff800`1916a000 fffff800`191e2000   NETIO    NETIO.SYS    Thu Jul 24 07:43:51 2014 (53D0F177)
fffff800`1a1b9000 fffff800`1a1cd000   Npfs     Npfs.SYS     Thu Aug 22 07:40:25 2013 (5215F8A9)
fffff800`1a20e000 fffff800`1a21a000   npsvctrig npsvctrig.sys Thu Aug 22 07:38:22 2013 (5215F82E)
fffff800`1a200000 fffff800`1a20e000   nsiproxy nsiproxy.sys Thu Aug 22 07:36:34 2013 (5215F7C2)
fffff800`8fe01000 fffff800`9058a000   nt       ntkrnlmp.exe Thu Jul 24 03:37:39 2014 (53D0B7C3)
fffff800`18e25000 fffff800`1901b000   Ntfs     Ntfs.sys     Thu Jul 24 03:30:36 2014 (53D0B61C)
fffff800`19f4d000 fffff800`19f56000   Null     Null.SYS     Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`1a302000 fffff800`1a32c000   pacer    pacer.sys    Thu Aug 22 07:36:06 2013 (5215F7A6)
fffff800`187db000 fffff800`187f3000   partmgr  partmgr.sys  Thu Aug 22 07:40:20 2013 (5215F8A4)
fffff800`1876a000 fffff800`187b2000   pci      pci.sys      Thu Jul 24 07:45:24 2014 (53D0F1D4)
fffff800`19037000 fffff800`19047000   pcw      pcw.sys      Thu Aug 22 04:46:34 2013 (5215CFEA)
fffff800`187bf000 fffff800`187db000   pdc      pdc.sys      Fri Nov 01 00:58:42 2013 (52733502)
fffff800`18a8c000 fffff800`18ac3000   PGPfsfd  PGPfsfd.sys  Thu Jun 12 17:10:10 2014 (539A1732)
fffff800`1a3ee000 fffff800`1a3fe000   PGPsdk   PGPsdk.sys   Thu Jun 12 17:09:17 2014 (539A16FD)
fffff800`1895d000 fffff800`189c5000   PGPwded  PGPwded.sys  Thu Jun 12 17:10:04 2014 (539A172C)
fffff800`18def000 fffff800`18df8000   Pgpwdefs Pgpwdefs.sys Thu Jun 12 17:09:00 2014 (539A16EC)
fffff800`183a7000 fffff800`183bc000   PSHED    PSHED.dll    Sat Sep 14 09:57:19 2013 (52346B3F)
fffff800`1a33d000 fffff800`1a3ad000   rdbss    rdbss.sys    Tue Dec 17 02:21:22 2013 (52AFFB72)
fffff800`197a4000 fffff800`197ea000   rdyboost rdyboost.sys Sat Feb 22 07:13:40 2014 (53089474)
fffff800`19760000 fffff800`197a4000   snapman  snapman.sys  Wed Aug 14 08:17:26 2013 (520B7556)
fffff800`18579000 fffff800`185e2000   spaceport spaceport.sys Thu Jul 24 07:45:14 2014 (53D0F1CA)
fffff800`18d90000 fffff800`18def000   storport storport.sys Sun Apr 06 10:08:55 2014 (53415FF7)
fffff800`1921a000 fffff800`1948e000   tcpip    tcpip.sys    Thu Jul 24 07:46:05 2014 (53D0F1FD)
fffff800`1a000000 fffff800`1a00e000   TDI      TDI.SYS      Thu Aug 22 07:39:01 2013 (5215F855)
fffff800`1a1d9000 fffff800`1a1f9000   tdx      tdx.sys      Thu Aug 22 07:36:34 2013 (5215F7C2)
fffff800`1964d000 fffff800`19760000   tib      tib.sys      Wed Mar 20 05:00:38 2013 (51497AB6)
fffff800`18385000 fffff800`183a7000   tm       tm.sys       Thu Aug 22 07:39:33 2013 (5215F875)
fffff800`1a3ad000 fffff800`1a3ee000   truecrypt truecrypt.sys Mon May 26 20:39:59 2014 (5383DEDF)
fffff800`187b2000 fffff800`187bf000   vdrvroot vdrvroot.sys Thu Aug 22 07:38:49 2013 (5215F849)
fffff800`18600000 fffff800`18615000   volmgr   volmgr.sys   Thu Aug 22 07:39:53 2013 (5215F889)
fffff800`188b8000 fffff800`18917000   volmgrx  volmgrx.sys  Thu Aug 22 07:40:23 2013 (5215F8A7)
fffff800`1883d000 fffff800`1888c000   volsnap  volsnap.sys  Wed Jun 18 18:41:28 2014 (53A21598)
fffff800`1a195000 fffff800`1a1a7000   watchdog watchdog.sys Sat Feb 22 07:14:39 2014 (530894AF)
fffff800`18476000 fffff800`18545000   Wdf01000 Wdf01000.sys Thu Aug 22 07:38:56 2013 (5215F850)
fffff800`18545000 fffff800`18556000   WDFLDR   WDFLDR.SYS   Thu Aug 22 07:39:03 2013 (5215F857)
fffff800`18316000 fffff800`18324000   werkernel werkernel.sys Thu Aug 22 07:40:24 2013 (5215F8A8)
fffff800`194fa000 fffff800`1951f000   wfplwfs  wfplwfs.sys  Sat Mar 08 04:22:45 2014 (531AE165)
fffff800`186ca000 fffff800`186d4000   WMILIB   WMILIB.SYS   Thu Aug 22 07:40:23 2013 (5215F8A7)
fffff800`18932000 fffff800`1895d000   Wof      Wof.sys      Thu Mar 13 04:27:29 2014 (53216BF1)
fffff800`1856e000 fffff800`18579000   WppRecorder WppRecorder.sys Thu Aug 22 07:39:40 2013 (5215F87C)

Unloaded modules:
fffff800`1a4b5000 fffff800`1a543000   csc.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0008E000
fffff800`19626000 fffff800`19632000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
Bugcheck code 1000007E
Arguments ffffffff`c0000005 fffff800`901947d1 ffffd001`494c74a8 ffffd001`494c6cb0

View attachment 8925

Patrick · Aug 13, 2014

Bonjour à nouveau mon ami! : )

Will they be updated?

Yes, we're actually releasing the new processing app very soon. Tons of new features, bug fixes, etc. We've rewritten a lot of the old code, just running it through some tests before release to ensure it's working well on all Vista and future platforms.

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This indicates that a system thread generated an exception which the error handler did not catch.

Code:

BugCheck 1000007E, {[COLOR=#ff0000]ffffffffc0000005[/COLOR], fffff800901947d1, [COLOR=#000080]ffffd001494c74a8[/COLOR], [COLOR=#4b0082]ffffd001494c6cb0[/COLOR]}

1st argument implies an access violation occurred.

Code:

2: kd> .exr 0xffffd001494c74a8
ExceptionAddress: fffff800901947d1 ([COLOR=#000080]nt!RtlEqualUnicodeString+0x0000000000000009[/COLOR])
   ExceptionCode: [COLOR=#ff0000]c0000005 (Access violation)[/COLOR]

The violation occurred in the nt!RtlEqualUnicodeString+0x0000000000000009 routine which compares two Unicode strings to determine whether they are equal. It's generally used a driver routine, so this is likely being caused by a driver.

Code:

2: kd> .cxr [COLOR=#000080]0xffffd001494c6cb0;r[/COLOR]
rax=0000000000000001 rbx=fffffffffffffff8 rcx=ffffd001494c7770
rdx=0000000000000018 rsi=ffffd001494c7770 rdi=0000000000000000
rip=fffff800901947d1 rsp=ffffd001494c76e8 rbp=0000000000000002
 r8=fffff8001a235e01  r9=fffff8001a235900 r10=0000000000000022
r11=ffffd001494c76c0 r12=0000000000000000 r13=fffff80019605268
r14=fffff8001a235900 r15=fffff8001a235e20
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
[COLOR=#ff0000]nt!RtlEqualUnicodeString+0x9[/COLOR]:
fffff800`901947d1 0fb702          [COLOR=#006400]movzx   [/COLOR][COLOR=#4b0082]eax[/COLOR],word [COLOR=#4b0082]ptr[/COLOR] [[COLOR=#006400]rdx[/COLOR]] ds:002b:00000000`00000018=????

On the faulting instruction, there was a failure moving a pointer (with zero extend) containing two different data sizes that was stored in rdx. rdx was then dereferenced (treated as a memory address), to ultimately store the contents of a word in eax.

So, where's our problem here?

Code:

rdx=[COLOR=#ff0000]0000000000000018[/COLOR]

That's our problem, rdx is 18. You can imagine that 18 is certainly not a valid address by any means.

Code:

2: kd> !pte 0000000000000018 
                                           VA 0000000000000018
PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000000    PTE at FFFFF68000000000
contains 03000000013BE867  contains 0000000000000000
GetUlongFromAddress: unable to read from fffff80090155104
pfn 13be      ---DA--UWEV  [COLOR=#ff0000]not valid[/COLOR]

Again, a 3rd party driver not doing its job! Which driver?

Code:

Child-SP          RetAddr           Call Site
ffffd001`494c76e8 fffff800`1960cd4d [COLOR=#ff0000]nt!RtlEqualUnicodeString+0x9[/COLOR]
ffffd001`494c76f0 fffff800`1a23c68c [COLOR=#000080]mup!MupSurrogateRegisterProvider+0x159[/COLOR]
ffffd001`494c7750 fffff800`1a24847a [COLOR=#4b0082]dfsc!DfscRegisterMup+0x34[/COLOR]
ffffd001`494c7790 fffff800`1a2481cb [COLOR=#4b0082]dfsc!DfscInitVariables+0x27e[/COLOR]
ffffd001`494c77e0 fffff800`902bea52 [COLOR=#4b0082]dfsc!DriverEntry+0x19b[/COLOR]
ffffd001`494c7850 fffff800`905062c3 nt!IopLoadDriver+0x5e2
ffffd001`494c7b10 fffff800`9052f49a nt!IopInitializeSystemDrivers+0x14f
ffffd001`494c7ba0 fffff800`903b0ac2 nt!IoInitSystem+0x16
ffffd001`494c7bd0 fffff800`8feda514 nt!Phase1Initialization+0x2a
ffffd001`494c7c00 fffff800`8ff5b2c6 nt!PspSystemThreadStartup+0x58
ffffd001`494c7c60 00000000`00000000 nt!KiStartSystemThread+0x16

We're doing some DFS Namespace Client stuff before the crash, and then calling into the Multiple UNC Provider which then shortly after we hit our violation. This kernel-mode component is responsible for channeling all remote file system accesses using a Universal Naming Convention (UNC) name to a network redirector (the UNC provider) that is capable of handling the remote file system requests. With that said, an antivirus is certainly not playing nice.

Code:

2: kd> lmvm eamonm
start             end                 module name
fffff800`19878000 fffff800`19946000   eamonm     (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\eamonm.sys
    Image name: eamonm.sys
    Timestamp:        Thu Aug 15 10:53:50 [COLOR=#ff0000]2013[/COLOR]

ESET is on the system. I don't see ESET causing too many issues these days, but yours is pretty old (2013). Either get it updated or remove and replace it ASAP with Windows Defender.

ESET removal - How do I uninstall or reinstall ESET Smart Security/ESET NOD32 Antivirus? - ESET Knowledgebase

Windows Defender (how to turn on after removal) - Windows Defender - Turn On or Off in Windows 8

Regards,

Patrick

Jared · Aug 13, 2014

Code:

BugCheck 1000007E, {[COLOR="#FF0000"]ffffffffc0000005[/COLOR], [COLOR="#800080"]fffff800901947d1[/COLOR], [COLOR="#008000"]ffffd001494c74a8[/COLOR], ffffd001494c6cb0}

This bugcheck indicates a system thread generated an exception which wasn't handled.
The exception was an access violation where memory being referenced couldn't physically be addressed by the CPU.

Code:

2: kd> [COLOR="#008000"].exr 0xffffd001494c74a8[/COLOR]
ExceptionAddress: fffff800901947d1 (nt!RtlEqualUnicodeString+0x0000000000000009)
   [COLOR="#FF0000"]ExceptionCode: c0000005 (Access violation)[/COLOR]
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000018
[COLOR="#FF0000"]Attempt to read from address 0000000000000018[/COLOR]

An attempt to read to an invalid address caused the access violation.

Code:

2: kd> [COLOR="#008000"].cxr 0xffffd001494c6cb0;r[/COLOR]
rax=0000000000000001 rbx=fffffffffffffff8 rcx=ffffd001494c7770
[COLOR="#FF0000"]rdx=0000000000000018[/COLOR] rsi=ffffd001494c7770 rdi=0000000000000000
rip=fffff800901947d1 rsp=ffffd001494c76e8 rbp=0000000000000002
 r8=fffff8001a235e01  r9=fffff8001a235900 r10=0000000000000022
r11=ffffd001494c76c0 r12=0000000000000000 r13=fffff80019605268
r14=fffff8001a235900 r15=fffff8001a235e20
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
nt!RtlEqualUnicodeString+0x9:
fffff800`901947d1 0fb702          [COLOR="#800080"]movzx[/COLOR]   [COLOR="#00FFFF"]eax[/COLOR],word ptr [[COLOR="#FF8C00"]rdx[/COLOR]] ds:002b:[COLOR="#FF0000"]00000000`00000018[/COLOR]=????

So a pointer stored in rdx was dereferenced and moved to eax which is an invalid address.
It was converted from bytes to a word value in doing so, this is done by using the movzx instruction which is move with zero extend.

It seems network related, have you updated your network drivers?

If you have then I suggets running Driver Verifier.

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

EDIT: Again Patrick beat me to it. Go to bed or have your breakfast or something. :grin1:

Patrick · Aug 13, 2014

LOL!

I am getting breakfast soon, don't worry.

Jared · Aug 13, 2014

On x64 systems AFAIK the starting valid address is somewhere around 0x10000 which is reserved for user mode boot processes if I remember correctly so I don't normally bother checking the PTEs as they aren't allowed to be accessed anyway.

Zardoc · Aug 13, 2014

First of all, Thanks Guys.

Patrick, I don't know why your info is showing an old AV, but I have the latest version of NOD32 7.0.317.4 updated this morning. Maybe the signature is 2013.

Jared, I will run driver verifier but I might suspect an old friend HAMACHI!! I use it for work so flushing it is not an option :banghead:

Thanks.

Patrick · Aug 13, 2014

Gah, yea.... Hamaci + AV's don't work well. Hamachi in general doesn't play nice.

We'll see.

Regards,

Patrick

Jared · Aug 13, 2014

Aye, I used to use Hamachi, I didn't particularly like it but if it's necessary to you then that shouldn't be a problem.

Windows 8.1 X64 crash

Zardoc

Contributor

Patrick

Sysnative Staff

Jared

Sysnative Staff, BSOD Kernel Dump Expert

Patrick

Sysnative Staff

Jared

Sysnative Staff, BSOD Kernel Dump Expert

Zardoc

Contributor

Patrick

Sysnative Staff

Jared

Sysnative Staff, BSOD Kernel Dump Expert