Wow, this Microsoft debugger thing rocks.
Can someone verify that PGP 8.0 beta is causing my crashes? Look at the very end of the analysis.
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck parens is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1000007f_8
DEFAULT_BUCKET_ID: DRIVER_FAULT
TRAP_FRAME: eca1d8c4 -- (.trap ffffffffeca1d8c4)
ErrCode = 00000000
eax=0000000f ebx=00000001 ecx=cf480000 edx=00000000 esi=81db9278 edi=00000000
eip=80580be5 esp=eca1d938 ebp=eca1d984 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010293
nt!CcMapData+ef:
80580be5 ?? ???
Resetting default context
LAST_CONTROL_TRANSFER: from f83ef822 to 80580be5
STACK_TEXT:
eca1d984 f83ef822 81ddde78 eca1d9b4 000003a0 nt!CcMapData+0xef
eca1d9a4 f84156a8 eca1dc2c 81fb1490 00000000 Ntfs!NtfsMapStream+0x44
eca1d9dc f83f331b eca1dc2c e1746008 eca1da84 Ntfs!NtfsMapAttributeValue+0x99
eca1da10 f83feffd eca1dc2c e1746008 c7a37098 Ntfs!NtfsLookupInFileRecord+0xf3
eca1dabc f83ff09c eca1dc2c e1746008 f83ff13a Ntfs!NtfsWalkUpTree+0x79
eca1db18 f83fe6e5 eca1dc2c e1746008 00000000 Ntfs!NtfsBuildNormalizedName+0x44
eca1db44 f83f1c14 eca1dc2c 81ddde78 81fb1490 Ntfs!NtfsQueryNameInfo+0x49
eca1dbb4 f83ebf22 eca1dc2c 81cb0290 804f46ad Ntfs!NtfsCommonQueryInformation+0x28c
eca1dc18 f83ebf54 eca1dc2c 81cb0290 00000001 Ntfs!NtfsFsdDispatchSwitch+0x12a
eca1dd3c 804eca36 82344020 81cb0290 82391a30 Ntfs!NtfsFsdDispatchWait+0x1a
eca1dd4c f846842d 804eca36 82345bc8 81cb0290 nt!IopfCallDriver+0x31
eca1dd50 804eca36 82345bc8 81cb0290 81cb0444 sr!SrPassThrough+0x2f
eca1dd60 f879b7e5 804f46ad 8217f030 eca1de30 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
81cb0444 00000000 00000000 00000000 00000000 PGPsdk+0x57e5
FOLLOWUP_IP:
PGPsdk+57e5
f879b7e5 ?? ???
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: PGPsdk+57e5
MODULE_NAME: PGPsdk
IMAGE_NAME: PGPsdk.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3da682c6
STACK_COMMAND: .trap ffffffffeca1d8c4 ; kb
BUCKET_ID: 0x1000007f_8_PGPsdk+57e5
Followup: MachineOwner
---------
And I did an analyze -f and this came up:
kd> !analyze -f
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
Probably caused by : PGPsdk.sys ( PGPsdk+57e5 )
Followup: MachineOwner
---------
Gotta love WinDbg!!!!!
Facebook
Twitter