Thanks a lot, Alex, Santi.
Here is my analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 9659c196, The address that the exception occurred at
Arg3: 990238cc, Trap Frame
Arg4: 00000000
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
SwapBuffers+1196
9659c196 8908 mov dword ptr [eax],ecx
TRAP_FRAME: 990238cc – (.trap 0xffffffff990238cc)
ErrCode = 00000002
eax=00000000 ebx=81e0be40 ecx=00010000 edx=823a1008 esi=81e0be98 edi=81e0bde0
eip=9659c196 esp=99023940 ebp=99023968 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
SwapBuffers+0x1196:
9659c196 8908 mov dword ptr [eax],ecx ds:0023:00000000=???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: sc.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 86e56324 to 9659c196
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
99023968 86e56324 81e0be40 9902398c 00000000 SwapBuffers+0x1196
990239d0 86e59512 00e0bde0 81e0bde0 1000000c fltmgr!FltpPerformPostCallbacks+0x24a
990239e4 86e59b46 81e0bde0 822377a8 99023a24 fltmgr!FltpProcessIoCompletion+0x10
990239f4 86e5a29c 85057688 822377a8 81e0bde0 fltmgr!FltpPassThroughCompletion+0x98
99023a24 86e6d8c9 99023a44 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a
99023a70 828794bc 85057688 85071008 8210942c fltmgr!FltpCreate+0x2db
99023a88 82a7d62d a3c6fda6 99023c30 00000000 nt!IofCallDriver+0x63
99023b60 82a5e1d7 8501eb98 85401d20 820ed2f0 nt!IopParseDevice+0xed7
99023bdc 82a8424d 00000000 99023c30 00000040 nt!ObpLookupObjectName+0x4fa
99023c38 82a7c5ab 000bf264 84401d20 00000001 nt!ObOpenObjectByName+0x159
99023cb4 82a87eb6 000bf2a8 80100080 000bf264 nt!IopCreateFile+0x673
99023d00 8288042a 000bf2a8 80100080 000bf264 nt!NtCreateFile+0x34
99023d00 77c764f4 000bf2a8 80100080 000bf264 nt!KiFastCallEntry+0x12a
000bf244 00000000 00000000 00000000 00000000 0x77c764f4
STACK_COMMAND: kb
FOLLOWUP_IP:
SwapBuffers+1196
9659c196 8908 mov dword ptr [eax],ecx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: SwapBuffers+1196
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SwapBuffers
IMAGE_NAME: SwapBuffers.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f32b57e
FAILURE_BUCKET_ID: 0x8E_SwapBuffers+1196
BUCKET_ID: 0x8E_SwapBuffers+1196
Followup: MachineOwner
I’m thinking about your approach, Alex.
Thanks.