Archief - Blue screen (driver probleem?)

Heb op 1 dag 2x die blue screen gehad.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

STOP: 0x00000000, 0x00000002, 0x00000008, 0x00000000)

Minidump : Minidump.rar

Kan iemand mij vertellen welke driver dit probleem veroorzaakt?

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001902fe
Arg2: f7c5db6c
Arg3: f7c5d868
Arg4: f75938d6

Debugging Details:
------------------


EXCEPTION_RECORD: f7c5db6c -- (.exr 0xfffffffff7c5db6c)
ExceptionAddress: f75938d6 (Ntfs!NtfsPerformHotFix+0x00000458)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000034
Attempt to read from address 00000034

CONTEXT: f7c5d868 -- (.cxr 0xfffffffff7c5d868)
eax=00000000 ebx=00000000 ecx=00000000 edx=00008000 esi=858da860 edi=8670dea8
eip=f75938d6 esp=f7c5dc34 ebp=f7c5dd74 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
Ntfs!NtfsPerformHotFix+0x458:
f75938d6 3b4834 cmp ecx,dword ptr [eax+34h] ds:0023:00000034=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 00000034

READ_ADDRESS: 00000034

FOLLOWUP_IP:
Ntfs!NtfsPerformHotFix+458
f75938d6 3b4834 cmp ecx,dword ptr [eax+34h]

FAULTING_IP:
Ntfs!NtfsPerformHotFix+458
f75938d6 3b4834 cmp ecx,dword ptr [eax+34h]

BUGCHECK_STR: 0x24

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from 804e427b to f75938d6

STACK_TEXT:
f7c5dd74 804e427b 858da860 00000000 867c5b30 Ntfs!NtfsPerformHotFix+0x458
f7c5ddac 8057b0df 858da860 00000000 00000000 nt!ExpWorkerThread+0x100
f7c5dddc 804f88fa 804e41a6 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: Ntfs!NtfsPerformHotFix+458

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME: Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 48025be5

STACK_COMMAND: .cxr 0xfffffffff7c5d868 ; kb

FAILURE_BUCKET_ID: 0x24_Ntfs!NtfsPerformHotFix+458

BUCKET_ID: 0x24_Ntfs!NtfsPerformHotFix+458

Followup: MachineOwner




kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000014c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f6acd526, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 0000014c

CURRENT_IRQL: 2

FAULTING_IP:
ALCXWDM+82526
f6acd526 8b804c010000 mov eax,dword ptr [eax+14Ch]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Gunz.exe

LAST_CONTROL_TRANSFER: from f6ac5be8 to f6acd526

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f7c49c78 f6ac5be8 8613e1a0 f7c49cd4 86130b80 ALCXWDM+0x82526
f7c49ce0 f6ab16e1 86151a90 f7c49d3c 86130000 ALCXWDM+0x7abe8
f7c49fb0 f6ab4085 00000000 ffdff002 f6ab4085 ALCXWDM+0x666e1
f7c49fd0 804dbbd4 861550b4 86130000 86304ad0 ALCXWDM+0x69085
f7c49ff4 804db89e b8b8f908 00000000 00000000 nt!KiRetireDpcList+0x46
f7c49ff8 b8b8f908 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
804db89e 00000000 00000009 bb835675 00000128 0xb8b8f908


STACK_COMMAND: kb

FOLLOWUP_IP:
ALCXWDM+82526
f6acd526 8b804c010000 mov eax,dword ptr [eax+14Ch]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: ALCXWDM+82526

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ALCXWDM

IMAGE_NAME: ALCXWDM.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 48d9a891

FAILURE_BUCKET_ID: 0xD1_ALCXWDM+82526

BUCKET_ID: 0xD1_ALCXWDM+82526

Followup: MachineOwner



eerste bluescreen verwijst naar Ntfs.sys, terwijl de tweede verwijst naar ALCXWDM.SYS tijdens Gunz.exe