Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600 Machine Name: Kernel base = 0xfffff800`03868000 PsLoadedModuleList = 0xfffff800`03aaa750 Debug session time: Tue Feb 13 14:47:50.895 2018 (UTC - 3:00) System Uptime: 0 days 3:42:40.051 Loading Kernel Symbols ............................................................... ................................................................ .......Page 1d33a1 not present in the dump file. Type ".hh dbgerr004" for details ...............Page 1d26d1 not present in the dump file. Type ".hh dbgerr004" for details ..Page 1cfd19 not present in the dump file. Type ".hh dbgerr004" for details ....................... Loading User Symbols PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details Loading unloaded module list .......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {97ffffffff8, 2, 0, fffff800038e442b} Page 1d33a1 not present in the dump file. Type ".hh dbgerr004" for details Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+13b ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000097ffffffff8, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800038e442b, address which referenced memory Debugging Details: ------------------ Page 1d33a1 not present in the dump file. Type ".hh dbgerr004" for details READ_ADDRESS: 0000097ffffffff8 CURRENT_IRQL: 2 FAULTING_IP: nt!KiInsertTimerTable+13b fffff800`038e442b 488b42f8 mov rax,qword ptr [rdx-8] DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: svchost.exe TRAP_FRAME: fffff8800a59d610 -- (.trap 0xfffff8800a59d610) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000003 rbx=0000000000000000 rcx=0000000000000003 rdx=0000098000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800038e442b rsp=fffff8800a59d7a0 rbp=fffff880031d9948 r8=ffffffffffffffcb r9=000000000000001e r10=fffff880031d7180 r11=00000000000f0000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz ac po cy nt!KiInsertTimerTable+0x13b: fffff800`038e442b 488b42f8 mov rax,qword ptr [rdx-8] ds:a460:fff8=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800038d83a9 to fffff800038d8e00 STACK_TEXT: fffff880`0a59d4c8 fffff800`038d83a9 : 00000000`0000000a 0000097f`fffffff8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0a59d4d0 fffff800`038d7020 : fffffa80`07270700 fffff800`03826b7f 00000000`00000000 fffffa80`15039c10 : nt!KiBugCheckDispatch+0x69 fffff880`0a59d610 fffff800`038e442b : 00000000`00000000 fffff800`03bed312 00000000`00000000 fffffa80`15039b50 : nt!KiPageFault+0x260 fffff880`0a59d7a0 fffff800`038de192 : fffffa80`15039b50 00000000`000005b4 00000000`0000144c 00000000`00000003 : nt!KiInsertTimerTable+0x13b fffff880`0a59d800 fffff800`038e1093 : 00000000`00000000 00000000`00000001 00000000`0000001e 00000000`06ec9e20 : nt!KiCommitThreadWait+0x332 fffff880`0a59d890 fffff800`03bc521c : 000007fe`fda10000 00000000`002c0901 fffff880`0a59da01 fffff880`04098e67 : nt!KeRemoveQueueEx+0x323 fffff880`0a59d950 fffff800`038c5366 : 000007fe`fda4ee00 fffff880`0a59da68 fffff880`0a59da88 00000000`00000001 : nt!IoRemoveIoCompletion+0x5c fffff880`0a59d9e0 fffff800`038d8093 : fffffa80`15039b50 00000000`7797f5c0 00000000`00000000 00000000`00000001 : nt!NtWaitForWorkViaWorkerFactory+0x285 fffff880`0a59dae0 00000000`778cd63a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`063af8d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x778cd63a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiInsertTimerTable+13b fffff800`038e442b 488b42f8 mov rax,qword ptr [rdx-8] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!KiInsertTimerTable+13b FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 59b946d1 FAILURE_BUCKET_ID: X64_0xA_nt!KiInsertTimerTable+13b BUCKET_ID: X64_0xA_nt!KiInsertTimerTable+13b Followup: MachineOwner ---------