Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: srv*c:\mss*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Kernel Version 9200 MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 9200.16581.amd64fre.win8_gdr.130410-1505 Machine Name: Kernel base = 0xfffff803`37609000 PsLoadedModuleList = 0xfffff803`378d5a20 Debug session time: Tue Sep 24 12:35:10.693 2013 (UTC - 7:00) System Uptime: 22 days 20:07:06.070 Loading Kernel Symbols ............................................................... ................................................................ ................. Loading User Symbols Loading unloaded module list .......................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {fffff88020c8169d, 2, 0, fffff880039379c0} *** WARNING: Unable to verify timestamp for vfilter.sys *** ERROR: Module load completed but symbols could not be loaded for vfilter.sys Probably caused by : vfilter.sys ( vfilter+49c0 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff88020c8169d, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff880039379c0, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80337961168 GetUlongFromAddress: unable to read from fffff803379611f8 fffff88020c8169d Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: vfilter+49c0 fffff880`039379c0 488b040a mov rax,qword ptr [rdx+rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System TRAP_FRAME: fffff880009d2060 -- (.trap 0xfffff880009d2060) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000000000004c rbx=0000000000000000 rcx=fffff880009d2320 rdx=00000000202af37d rsi=0000000000000000 rdi=0000000000000000 rip=fffff880039379c0 rsp=fffff880009d21f8 rbp=0000000000000000 r8=000000000000004c r9=0000000000000002 r10=fffffa800c2af4f8 r11=fffff880009d2320 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe cy vfilter+0x49c0: fffff880`039379c0 488b040a mov rax,qword ptr [rdx+rcx] ds:fffff880`20c8169d=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80337662769 to fffff80337663440 STACK_TEXT: fffff880`009d1f18 fffff803`37662769 : 00000000`0000000a fffff880`20c8169d 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`009d1f20 fffff803`37660fe0 : 00000000`00000000 fffffa80`0c2af4c0 00000000`00000000 fffff880`009d2060 : nt!KiBugCheckDispatch+0x69 fffff880`009d2060 fffff880`039379c0 : fffff880`03935f77 fffffa80`00000001 ffffc272`00000006 00000000`0c2af1b0 : nt!KiPageFault+0x260 fffff880`009d21f8 fffff880`03935f77 : fffffa80`00000001 ffffc272`00000006 00000000`0c2af1b0 00000000`00000000 : vfilter+0x49c0 fffff880`009d2200 fffffa80`00000001 : ffffc272`00000006 00000000`0c2af1b0 00000000`00000000 00000000`00000000 : vfilter+0x2f77 fffff880`009d2208 ffffc272`00000006 : 00000000`0c2af1b0 00000000`00000000 00000000`00000000 fffff803`00000010 : 0xfffffa80`00000001 fffff880`009d2210 00000000`0c2af1b0 : 00000000`00000000 00000000`00000000 fffff803`00000010 fffffa80`0bdac001 : 0xffffc272`00000006 fffff880`009d2218 00000000`00000000 : 00000000`00000000 fffff803`00000010 fffffa80`0bdac001 fffff880`009d22f0 : 0xc2af1b0 STACK_COMMAND: kb FOLLOWUP_IP: vfilter+49c0 fffff880`039379c0 488b040a mov rax,qword ptr [rdx+rcx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: vfilter+49c0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: vfilter IMAGE_NAME: vfilter.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d0af841 FAILURE_BUCKET_ID: AV_vfilter+49c0 BUCKET_ID: AV_vfilter+49c0 Followup: MachineOwner ---------