Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Mike\AppData\Local\Temp\Rar$DI00.971\032711-36909-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02c06000 PsLoadedModuleList = 0xfffff800`02e43e50
Debug session time: Sun Mar 27 17:23:10.960 2011 (UTC - 4:00)
System Uptime: 0 days 0:01:11.942
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {f6, 610, fffffa80055055b0, fffff88005b447d9}
Unable to load image \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AVGIDSDriver.sys
*** ERROR: Module load completed but symbols could not be loaded for AVGIDSDriver.sys
Probably caused by : AVGIDSDriver.sys ( AVGIDSDriver+167d9 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000610, Handle value being referenced.
Arg3: fffffa80055055b0, Address of the current process.
Arg4: fffff88005b447d9, Address inside the driver that is performing the incorrect reference.
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_f6
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: CurseClient.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800031013dc to fffff80002c76740
STACK_TEXT:
fffff880`0394d928 fffff800`031013dc : 00000000`000000c4 00000000`000000f6 00000000`00000610 fffffa80`055055b0 : nt!KeBugCheckEx
fffff880`0394d930 fffff800`03116ae4 : 00000000`00000610 fffffa80`055055b0 00000000`00000003 fffff800`02c7493d : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0394d970 fffff800`02ed1030 : 00000000`00000000 fffff880`0394db60 fffff880`0394dc00 00000000`00000000 : nt!VfCheckUserHandle+0x1b4
fffff880`0394da50 fffff800`02f24029 : fffff880`05b56200 00000000`00000001 fffffa80`0186cde0 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x20b4e
fffff880`0394db20 fffff800`02c75993 : fffffa80`05506b60 00000000`00000000 00000000`00000001 fffff800`00000000 : nt!NtQuerySymbolicLinkObject+0xfc
fffff880`0394dbb0 fffff800`02c71f30 : fffff880`05b447d9 fffff880`05b565b8 00000000`80000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0394dd48 fffff880`05b447d9 : fffff880`05b565b8 00000000`80000000 00000000`00000000 00000000`000000ff : nt!KiServiceLinkage
fffff880`0394dd50 fffff880`05b565b8 : 00000000`80000000 00000000`00000000 00000000`000000ff 00000000`02000000 : AVGIDSDriver+0x167d9
fffff880`0394dd58 00000000`80000000 : 00000000`00000000 00000000`000000ff 00000000`02000000 fffff880`0394dde0 : AVGIDSDriver+0x285b8
fffff880`0394dd60 00000000`00000000 : 00000000`000000ff 00000000`02000000 fffff880`0394dde0 005c003f`003f005c : 0x80000000
STACK_COMMAND: kb
FOLLOWUP_IP:
AVGIDSDriver+167d9
fffff880`05b447d9 85c0 test eax,eax
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: AVGIDSDriver+167d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: AVGIDSDriver
IMAGE_NAME: AVGIDSDriver.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4be9fb28
FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_AVGIDSDriver+167d9
BUCKET_ID: X64_0xc4_f6_VRF_AVGIDSDriver+167d9
Followup: MachineOwner
---------