Hello All,
I have got this weird bug check after installing my encryption file system
filter driver.
This happens only when i access the machine from the network.
say i have the Encryption/Decryption FSFD loaded on Machine A. and i share
some folders
From machine B when i type \MachineA and try to access the shared folder
immediately machine A bugchecks and throws this
in the debugger. the problem is Analyze -v never says anything about my
driver but i am pretty sure its because of my driver only.
Could anyone help me to decipher this isssue…
Thanks very Much in Advance
Regards
Shal.
*** Fatal System Error: 0x000000d1
(0x1200001C,0x00000002,0x00000000,0xBFCA9C37)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows 2000 2195 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols
…
Loading unloaded module list
…
Loading User Symbols
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {1200001c, 2, 0, bfca9c37}
Probably caused by : el90xbc5.sys ( el90xbc5!SendComplete+43 )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
804568ca cc int 3
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 1200001c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: bfca9c37, address which referenced memory
Debugging Details:
READ_ADDRESS: 1200001c
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TCPDataRequestComplete+10
bfca9c37 8b780c mov edi,[eax+0xc]
DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from bfcab553 to bfca9c37
TRAP_FRAME: 80473dd4 – (.trap ffffffff80473dd4)
ErrCode = 00000000
eax=12000010 ebx=00000000 ecx=00000000 edx=00010001 esi=81d74880
edi=81c1a704
eip=bfca9c37 esp=80473e48 ebp=80473e58 iopl=0 nv up ei pl zr na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
tcpip!TCPDataRequestComplete+0x10:
bfca9c37 8b780c mov edi,[eax+0xc]
Resetting default scope
STACK_TEXT:
80473e58 bfcab553 81d74880 00000000 0000014f
tcpip!TCPDataRequestComplete+0x10
80473e74 bfcab6eb 00000000 00000000 00000000 tcpip!TCPRcvComplete+0x4a
80473e8c bfca9682 00000001 81e45148 00000000 tcpip!TCPSendComplete+0xe9
80473ec4 bfca9536 81e26c28 00000000 00000000 tcpip!IPSendComplete+0x13c
80473ee4 bfeb3c50 81e30508 81e6efd0 00000000 tcpip!ARPSendComplete+0xec
80473f04 f20b2bdf 82021770 81e6efd0 00000000 NDIS!NdisMSendComplete+0xe1
80473f24 f20b29d3 82047008 00000042 80067aa0 el90xbc5!SendComplete+0x43
80473f48 f20b25e4 82047008 80402330 82021770
el90xbc5!CountDownTimerEvent+0x4d
80473f64 bfea5974 82047008 8046fd60 8046fff0 el90xbc5!NICInterrupt+0xfa
80473f80 804650d4 820471f4 820471e0 00000000 NDIS!ndisMDpc+0xc8
80473f94 8046506f 0000000e 00000000 00000000 nt!KiRetireDpcList+0x30
80473f9c 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x26
FOLLOWUP_IP:
el90xbc5!SendComplete+43
f20b2bdf 5f pop edi
SYMBOL_STACK_INDEX: 6
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: el90xbc5!SendComplete+43
MODULE_NAME: el90xbc5
IMAGE_NAME: el90xbc5.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 380ca5be
STACK_COMMAND: .trap ffffffff80473dd4 ; kb
FAILURE_BUCKET_ID: 0xD1_el90xbc5!SendComplete+43
BUCKET_ID: 0xD1_el90xbc5!SendComplete+43
Followup: MachineOwner
kd> !thread
THREAD 8046fff0 Cid 0.0 Teb: 00000000 Win32Thread: 00000000 RUNNING
IRP List:
unable to get IRP object
Not impersonating
Owning Process 8046fd60
Wait Start TickCount 0 Elapsed Ticks: 67344
Context Switch Count 34866
UserTime 0:00:00.0000
KernelTime 0:10:33.0190
Start Address 0x00000000
Stack Init 80474240 Current 80473f90 Base 80474240 Limit 80471240 Call 0
Priority 16 BasePriority 0 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
804739fc 8042c5e5 00000003 80473a44 1200001c
nt!RtlpBreakWithStatusInstruction
80473a2c 8042c9a9 00000003 1200001c bfca9c37 nt!KiBugCheckDebugBreak+0x31
80473db8 804690f3 00000000 1200001c 00000002 nt!KeBugCheckEx+0x390
80473db8 bfca9c37 00000000 1200001c 00000002 nt!KiTrap0E+0x27c
80473e58 bfcab553 81d74880 00000000 0000014f
tcpip!TCPDataRequestComplete+0x10
80473e74 bfcab6eb 00000000 00000000 00000000 tcpip!TCPRcvComplete+0x4a
80473e8c bfca9682 00000001 81e45148 00000000 tcpip!TCPSendComplete+0xe9
80473ec4 bfca9536 81e26c28 00000000 00000000 tcpip!IPSendComplete+0x13c
80473ee4 bfeb3c50 81e30508 81e6efd0 00000000 tcpip!ARPSendComplete+0xec
80473f04 f20b2bdf 82021770 81e6efd0 00000000 NDIS!NdisMSendComplete+0xe1
80473f24 f20b29d3 82047008 00000042 80067aa0 el90xbc5!SendComplete+0x43
80473f48 f20b25e4 82047008 80402330 82021770
el90xbc5!CountDownTimerEvent+0x4d
80473f64 bfea5974 82047008 8046fd60 8046fff0 el90xbc5!NICInterrupt+0xfa
80473f80 804650d4 820471f4 820471e0 00000000 NDIS!ndisMDpc+0xc8
80473f94 8046506f 0000000e 00000000 00000000 nt!KiRetireDpcList+0x30
80473f9c 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x26