Windows Vista x64. I was scrolling through my Vista Themes.
Scrolling, not applying any of them. Active was the default Aero skin. As soon as I scrolled to a certain theme I got bluescreened. I'm trying to find the culprit file please help me. By the way, the rundll32.exe is the skin browser itself. I tried repeating what I was doing but scrolling over the theme didn't crash me again.
Code:
Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini112108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows (x64)\sym*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.amd64fre.vistasp1_gdr.080917-1612
Kernel base = 0xfffff800`01c46000 PsLoadedModuleList = 0xfffff800`01e0bdb0
Debug session time: Fri Nov 21 16:06:57.831 2008 (GMT+2)
System Uptime: 0 days 0:38:21.651
Loading Kernel Symbols
..............................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {e8, 2, 1, fffff80001cbddbb}
Probably caused by : memory_corruption ( nt!MiUnlinkFreeOrZeroedPage+db )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000000e8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80001cbddbb, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e6f080
00000000000000e8
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiUnlinkFreeOrZeroedPage+db
fffff800`01cbddbb 488344ca10ff add qword ptr [rdx+rcx*8+10h],0FFFFFFFFFFFFFFFFh
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: rundll32.exe
TRAP_FRAME: fffffa6008ecc1a0 -- (.trap 0xfffffa6008ecc1a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000009 rbx=0000066aada24a5b rcx=000000000000001b
rdx=0000000000000000 rsi=0000000000000004 rdi=fffff80001c9e56f
rip=fffff80001cbddbb rsp=fffffa6008ecc330 rbp=0000000000000005
r8=0000000000000009 r9=fffff6fb40000110 r10=0000000000000000
r11=0000000000000005 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MiUnlinkFreeOrZeroedPage+0xdb:
fffff800`01cbddbb 488344ca10ff add qword ptr [rdx+rcx*8+10h],0FFFFFFFFFFFFFFFFh ds:fde4:00000000`000000e8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001c9b0ee to fffff80001c9b350
STACK_TEXT:
fffffa60`08ecc058 fffff800`01c9b0ee : 00000000`0000000a 00000000`000000e8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffffa60`08ecc060 fffff800`01c99fcb : 00000000`00000001 fffff800`01d5d527 00000000`00000000 fffffa80`005905b0 : nt!KiBugCheckDispatch+0x6e
fffffa60`08ecc1a0 fffff800`01cbddbb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x20b
fffffa60`08ecc330 fffff800`01cbdaca : 00000000`00000009 00000000`00000000 00000000`00000009 fffff700`01080000 : nt!MiUnlinkFreeOrZeroedPage+0xdb
fffffa60`08ecc370 fffff800`01cab4cb : fffffa80`01e9c570 00000000`00000000 fffff680`000221d8 fffffa80`01e9c570 : nt!MiRemoveAnyPage+0xda
fffffa60`08ecc3c0 fffff800`01c99ed9 : 00000000`00000001 fffffa60`08ecc530 00000000`ffffff01 00000000`00000000 : nt!MmAccessFault+0x24db
fffffa60`08ecc4b0 000007fe`fdd0117b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x119
00000000`0014bdb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fdd0117b
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiUnlinkFreeOrZeroedPage+db
fffff800`01cbddbb 488344ca10ff add qword ptr [rdx+rcx*8+10h],0FFFFFFFFFFFFFFFFh
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiUnlinkFreeOrZeroedPage+db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 48d1ba35
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xA_W_nt!MiUnlinkFreeOrZeroedPage+db
BUCKET_ID: X64_0xA_W_nt!MiUnlinkFreeOrZeroedPage+db
Followup: MachineOwner
---------