[vpn-devel] bluescreen - vfilter.sys

anthony.abate at gmail.com anthony.abate at gmail.com
Wed Jan 13 00:52:44 CST 2010 

I cant figure out where the support" email is, nor can i figure out
where to officially report a bug based on this:
(http://shrewsoft.com/support/wiki/BugReportVpnWindows)

so im sending to this list at it seems most appropriate.

I get a random blue screen and kernel dump.  Below you can see the
window's debugger info from the crash dump.  You can see its pointing
to vfilter.sys.

I was *NOT* connected to any vpn at the time of blue screen.

Let me know what I can do to help narrow this down.  (I can send the
dumps if needed)

Windows 7 Ultimate x64bit
vpn client 2.1.5

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation
(only on chips which support this level of status)
Arg4: fffff80002cd60b6, address which referenced memory

Debugging Details:
------------------

Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for vfilter.sys

READ_ADDRESS:  0000000000000000

CURRENT_IRQL:  2

FAULTING_IP:
nt!KeSetEvent+226
fffff800`02cd60b6 488b09          mov     rcx,qword ptr [rcx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  svchost.exe

TRAP_FRAME:  fffff88008bd2fb0 -- (.trap 0xfffff88008bd2fb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8007ce1268 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd60b6 rsp=fffff88008bd3140 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe cy
nt!KeSetEvent+0x226:
fffff800`02cd60b6 488b09          mov     rcx,qword ptr [rcx]
ds:0002:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002cd1469 to fffff80002cd1f00

STACK_TEXT:
fffff880`08bd2e68 fffff800`02cd1469 : 00000000`0000000a
00000000`00000000 00000000`00000002 00000000`00000000 :
nt!KeBugCheckEx
fffff880`08bd2e70 fffff800`02cd00e0 : 00000000`00000002
fffffa80`07ce1260 00000000`00000000 00000000`00000000 :
nt!KiBugCheckDispatch+0x69
fffff880`08bd2fb0 fffff800`02cd60b6 : fffff880`08bd31b0
fffff880`03da7b0e 00000000`00000051 fffff880`08bd3230 :
nt!KiPageFault+0x260
fffff880`08bd3140 fffff880`03da79a6 : fffffa80`00000000
00000000`00000000 00000000`00000000 fffffa80`07ce1250 :
nt!KeSetEvent+0x226
fffff880`08bd31b0 fffffa80`00000000 : 00000000`00000000
00000000`00000000 fffffa80`07ce1250 00000000`00000000 : vfilter+0x29a6
fffff880`08bd31b8 00000000`00000000 : 00000000`00000000
fffffa80`07ce1250 00000000`00000000 fffff880`03da742b :
0xfffffa80`00000000


STACK_COMMAND:  kb

FOLLOWUP_IP:
vfilter+29a6
fffff880`03da79a6 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  vfilter+29a6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vfilter

IMAGE_NAME:  vfilter.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b048bff

FAILURE_BUCKET_ID:  X64_0xA_vfilter+29a6

BUCKET_ID:  X64_0xA_vfilter+29a6

Followup: MachineOwner
---------

6: kd> lmvm vfilter
start             end                 module name
fffff880`03da5000 fffff880`03daf000   vfilter  T (no symbols)
    Loaded symbol image file: vfilter.sys
    Image path: \SystemRoot\system32\DRIVERS\vfilter.sys
    Image name: vfilter.sys
    Timestamp:        Wed Nov 18 19:06:23 2009 (4B048BFF)
    CheckSum:         0001348B
    ImageSize:        0000A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

More information about the vpn-devel mailing list