First memory dump from Win10

Page 2 of 2 FirstFirst 12

  1. Posts : 516
    Windows 10 Enterprise
       #11

    Hi John,

    Nice to see you're still bugging Windows all over the web.
      My Computer


  2. Posts : 12,799
    Windows 11 Pro
       #12

    John, is this a Windows Phone/tablet driver? I can't find any references for it.

    Code:
    win32kfull
    start             end                 module name
    fffff960`2ae00000 fffff960`2b162000   win32kfull T (no symbols)           
        Loaded symbol image file: win32kfull.sys
        Image path: \SystemRoot\System32\win32kfull.sys
        Image name: win32kfull.sys
        Timestamp:        unavailable (00000000)
        CheckSum:         00000000
        ImageSize:        00362000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
      My Computer


  3. Posts : 230
    10
    Thread Starter
       #13

    It appears that the symbols are available on the symbol server.
    Here's the WinDbg output w/!analyze -v and lmtsmn:
    Code:
    Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\John\Downloads\100114-5937-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Deferred                                       srv*c:\SymcachePublic*http://ctxsym.citrix.com/symbolsad/symbols
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*c:\SymcachePublic*http://ctxsym.citrix.com/symbolsad/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9841 UP Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 9841.0.amd64fre.fbl_release.140912-1613
    Machine Name:
    Kernel base = 0xfffff801`6d201000 PsLoadedModuleList = 0xfffff801`6d4f08b0
    Debug session time: Wed Oct  1 13:11:08.529 2014 (UTC - 4:00)
    System Uptime: 0 days 0:15:34.874
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ........
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {ffffc0012f5306b0, 2, 0, fffff80072101385}
    
    *** WARNING: Unable to verify timestamp for myfault.sys
    *** ERROR: Module load completed but symbols could not be loaded for myfault.sys
    GetPointerFromAddress: unable to read from fffff8016d5848f0
    Probably caused by : myfault.sys ( myfault+1385 )
    
    Followup: MachineOwner
    ---------
    
    kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: ffffc0012f5306b0, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff80072101385, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    OVERLAPPED_MODULE: Address regions for 'mrxsmb' and 'dump_ataport' overlap
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8016d584920
    unable to get nt!MmNonPagedPoolStart
    unable to get nt!MmSizeOfNonPagedPoolInBytes
     ffffc0012f5306b0 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    myfault+1385
    fffff800`72101385 8b03            mov     eax,dword ptr [rbx]
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    BUGCHECK_STR:  AV
    
    PROCESS_NAME:  NotMyfault.exe
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    TRAP_FRAME:  ffffd001d7a1c880 -- (.trap 0xffffd001d7a1c880)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=000000002d861c60 rbx=0000000000000000 rcx=ffffc0012f70c010
    rdx=000000000000074e rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80072101385 rsp=ffffd001d7a1ca10 rbp=ffffd001d7a1cec0
     r8=ffffe0005d21b000  r9=00000000000007ff r10=fffff8016d201000
    r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    myfault+0x1385:
    fffff800`72101385 8b03            mov     eax,dword ptr [rbx] ds:00000000`00000000=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff8016d32ce48 to fffff8016d32e629
    
    STACK_TEXT:  
    ffffd001`d7a1c740 fffff801`6d32ce48 : ffffd001`00000002 ffffd001`d7a1c8e0 00000000`00000030 ffffd001`d7a1c980 : nt!KiBugCheckDispatch+0x69
    ffffd001`d7a1c880 fffff800`72101385 : 00000000`00000001 00000000`00001000 ffffe000`5e63c040 00000000`656e6f4e : nt!KiPageFault+0x248
    ffffd001`d7a1ca10 00000000`00000001 : 00000000`00001000 ffffe000`5e63c040 00000000`656e6f4e 00000000`00000000 : myfault+0x1385
    ffffd001`d7a1ca18 00000000`00001000 : ffffe000`5e63c040 00000000`656e6f4e 00000000`00000000 fffff801`6d213610 : 0x1
    ffffd001`d7a1ca20 ffffe000`5e63c040 : 00000000`656e6f4e 00000000`00000000 fffff801`6d213610 fffff960`2ae00000 : 0x1000
    ffffd001`d7a1ca28 00000000`656e6f4e : 00000000`00000000 fffff801`6d213610 fffff960`2ae00000 00000000`000000f0 : 0xffffe000`5e63c040
    ffffd001`d7a1ca30 00000000`00000000 : fffff801`6d213610 fffff960`2ae00000 00000000`000000f0 00000000`00000001 : 0x656e6f4e
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    myfault+1385
    fffff800`72101385 8b03            mov     eax,dword ptr [rbx]
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  myfault+1385
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: myfault
    
    IMAGE_NAME:  myfault.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4f806ca1
    
    FAILURE_BUCKET_ID:  AV_myfault+1385
    
    BUCKET_ID:  AV_myfault+1385
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:av_myfault+1385
    
    FAILURE_ID_HASH:  {88284f85-8087-2f77-5c4e-f6ddb4b8e5f8}
    
    Followup: MachineOwner
    ---------
    
    kd> lmtsmn
    start             end                 module name
    fffff800`6ffc0000 fffff800`7004f000   ACPI     ACPI.sys     Fri Sep 12 21:39:21 2014 (5413A049)
    fffff800`6ff90000 fffff800`6ffae000   acpiex   acpiex.sys   Sat Sep 13 00:12:36 2014 (5413C434)
    fffff800`71220000 fffff800`712ac000   afd      afd.sys      Sat Sep 13 00:11:38 2014 (5413C3FA)
    fffff800`71470000 fffff800`7149b000   ahcache  ahcache.sys  Fri Sep 12 21:39:11 2014 (5413A03F)
    fffff800`70550000 fffff800`7055a000   atapi    atapi.sys    Sat Sep 13 00:14:55 2014 (5413C4BF)
    fffff800`70560000 fffff800`70594000   ataport  ataport.SYS  Fri Sep 12 21:39:13 2014 (5413A041)
    fffff800`70f70000 fffff800`70f82000   BasicDisplay BasicDisplay.sys Sat Sep 13 00:14:06 2014 (5413C48E)
    fffff800`71160000 fffff800`7116e000   BasicRender BasicRender.sys Sat Sep 13 00:13:57 2014 (5413C485)
    fffff800`71630000 fffff800`7163c000   BATTC    BATTC.SYS    Sat Sep 13 00:14:33 2014 (5413C4A9)
    fffff800`70f60000 fffff800`70f68000   Beep     Beep.SYS     Sat Sep 13 00:14:46 2014 (5413C4B6)
    fffff800`702d0000 fffff800`702db000   BOOTVID  BOOTVID.dll  Sat Sep 13 00:14:49 2014 (5413C4B9)
    fffff800`71b80000 fffff800`71ba0000   bowser   bowser.sys   Sat Sep 13 00:13:10 2014 (5413C456)
    fffff960`50000000 fffff960`5003a000   cdd      cdd.dll      unavailable (00000000)
    fffff800`70f20000 fffff800`70f4f000   cdrom    cdrom.sys    Fri Sep 12 21:39:15 2014 (5413A043)
    fffff800`70dd0000 fffff800`70de4000   CEA      CEA.sys      Sat Sep 13 00:13:23 2014 (5413C463)
    fffff800`70300000 fffff800`70387000   CI       CI.dll       Sat Sep 13 00:12:49 2014 (5413C441)
    fffff800`70e00000 fffff800`70e5e000   CLASSPNP CLASSPNP.SYS Fri Sep 12 21:39:18 2014 (5413A046)
    fffff800`70220000 fffff800`7027f000   CLFS     CLFS.SYS     Sat Sep 13 00:14:28 2014 (5413C4A4)
    fffff800`6fe80000 fffff800`6fe93000   clipsp   clipsp.sys   Sat Sep 13 00:13:48 2014 (5413C47C)
    fffff800`71620000 fffff800`7162c000   CmBatt   CmBatt.sys   Sat Sep 13 00:14:17 2014 (5413C499)
    fffff800`702e0000 fffff800`702ec000   cmimcext cmimcext.sys Sat Sep 13 00:14:46 2014 (5413C4B6)
    fffff800`70060000 fffff800`700ed000   cng      cng.sys      Sat Sep 13 00:12:33 2014 (5413C431)
    fffff800`714a0000 fffff800`714af000   CompositeBus CompositeBus.sys Sat Sep 13 00:13:40 2014 (5413C474)
    fffff800`720f0000 fffff800`72100000   condrv   condrv.sys   Sat Sep 13 00:14:42 2014 (5413C4B2)
    fffff800`70e80000 fffff800`70e95000   crashdmp crashdmp.sys Sat Sep 13 00:14:31 2014 (5413C4A7)
    fffff800`71360000 fffff800`713eb000   csc      csc.sys      Sat Sep 13 00:13:10 2014 (5413C456)
    fffff800`71420000 fffff800`71447000   dfsc     dfsc.sys     Sat Sep 13 00:12:58 2014 (5413C44A)
    fffff800`71da0000 fffff800`71dbb000   disk     disk.sys     Fri Sep 12 21:39:14 2014 (5413A042)
    fffff800`71820000 fffff800`7182a000   dump_atapi dump_atapi.sys Sat Sep 13 00:14:55 2014 (5413C4BF)
    fffff800`71800000 fffff800`7180d000   dump_ataport dump_ataport.sys Sat Sep 13 00:14:22 2014 (5413C49E)
    fffff800`71850000 fffff800`71866000   dump_dumpfve dump_dumpfve.sys Sat Sep 13 00:14:24 2014 (5413C4A0)
    fffff800`70fb0000 fffff800`71157000   dxgkrnl  dxgkrnl.sys  Sat Sep 13 00:12:37 2014 (5413C435)
    fffff800`71940000 fffff800`719a1000   dxgmms1  dxgmms1.sys  Sat Sep 13 00:12:27 2014 (5413C42B)
    fffff800`71550000 fffff800`71574080   E1G6032E E1G6032E.sys Tue Mar 23 17:08:16 2010 (4BA92DC0)
    fffff800`705a0000 fffff800`705ba000   EhStorClass EhStorClass.sys Sat Sep 13 00:13:18 2014 (5413C45E)
    fffff800`705c0000 fffff800`705d6000   fileinfo fileinfo.sys Sat Sep 13 00:13:31 2014 (5413C46B)
    fffff800`6fe00000 fffff800`6fe59000   FLTMGR   FLTMGR.SYS   Sat Sep 13 00:14:27 2014 (5413C4A3)
    fffff800`70870000 fffff800`7087c000   Fs_Rec   Fs_Rec.sys   unavailable (00000000)
    fffff800`71c00000 fffff800`71c9b000   fvevol   fvevol.sys   Sat Sep 13 00:12:27 2014 (5413C42B)
    fffff800`70cb0000 fffff800`70d13000   fwpkclnt fwpkclnt.sys Sat Sep 13 00:11:41 2014 (5413C3FD)
    fffff801`6d9d5000 fffff801`6da3f000   hal      hal.dll      Fri Sep 12 21:39:19 2014 (5413A047)
    fffff800`719c0000 fffff800`719e1000   HIDCLASS HIDCLASS.SYS Sat Sep 13 00:13:52 2014 (5413C480)
    fffff800`71be0000 fffff800`71bef000   HIDPARSE HIDPARSE.SYS Sat Sep 13 00:14:49 2014 (5413C4B9)
    fffff800`719b0000 fffff800`719bd000   hidusb   hidusb.sys   Sat Sep 13 00:13:42 2014 (5413C476)
    fffff800`71a70000 fffff800`71b5f000   HTTP     HTTP.sys     Sat Sep 13 00:11:41 2014 (5413C3FD)
    fffff800`714e0000 fffff800`714fc000   i8042prt i8042prt.sys Sat Sep 13 00:13:55 2014 (5413C483)
    fffff800`70510000 fffff800`70518000   intelide intelide.sys Sat Sep 13 00:14:32 2014 (5413C4A8)
    fffff800`71d80000 fffff800`71d8f000   intelpep intelpep.sys Sat Sep 13 00:13:39 2014 (5413C473)
    fffff800`71640000 fffff800`71663000   intelppm intelppm.sys Fri Sep 12 21:39:14 2014 (5413A042)
    fffff800`71500000 fffff800`71512000   kbdclass kbdclass.sys Sat Sep 13 00:13:59 2014 (5413C487)
    fffff801`6c8f6000 fffff801`6c8ff000   kdcom    kdcom.dll    Sat Sep 13 00:14:58 2014 (5413C4C2)
    fffff800`714b0000 fffff800`714bb000   kdnic    kdnic.sys    Sat Sep 13 00:13:05 2014 (5413C451)
    fffff800`71690000 fffff800`716e8000   ks       ks.sys       Sat Sep 13 00:14:20 2014 (5413C49C)
    fffff800`6fe60000 fffff800`6fe80000   ksecdd   ksecdd.sys   Sat Sep 13 00:13:50 2014 (5413C47E)
    fffff800`70a10000 fffff800`70a3a000   ksecpkg  ksecpkg.sys  Sat Sep 13 00:12:16 2014 (5413C420)
    fffff800`71a30000 fffff800`71a44000   lltdio   lltdio.sys   Sat Sep 13 00:11:44 2014 (5413C400)
    fffff800`71a00000 fffff800`71a25000   luafv    luafv.sys    Sat Sep 13 00:14:12 2014 (5413C494)
    fffff800`701a0000 fffff800`7020c000   mcupdate mcupdate.dll Sat Sep 13 00:14:42 2014 (5413C4B2)
    fffff800`73080000 fffff800`73091000   mmcss    mmcss.sys    Sat Sep 13 00:13:49 2014 (5413C47D)
    fffff800`71930000 fffff800`7193e000   monitor  monitor.sys  Sat Sep 13 00:12:00 2014 (5413C410)
    fffff800`71520000 fffff800`71530000   mouclass mouclass.sys Sat Sep 13 00:13:58 2014 (5413C486)
    fffff800`719f0000 fffff800`719fd000   mouhid   mouhid.sys   Sat Sep 13 00:13:58 2014 (5413C486)
    fffff800`70530000 fffff800`7054b000   mountmgr mountmgr.sys Sat Sep 13 00:14:24 2014 (5413C4A0)
    fffff800`718b0000 fffff800`718c7000   mpsdrv   mpsdrv.sys   Sat Sep 13 00:10:07 2014 (5413C39F)
    fffff800`70ea0000 fffff800`70f0d000   mrxsmb   mrxsmb.sys   Sat Sep 13 00:09:53 2014 (5413C391)
    fffff800`730a0000 fffff800`730eb000   mrxsmb10 mrxsmb10.sys Sat Sep 13 00:09:51 2014 (5413C38F)
    fffff800`71870000 fffff800`718a9000   mrxsmb20 mrxsmb20.sys Sat Sep 13 00:12:30 2014 (5413C42E)
    fffff800`71190000 fffff800`7119c000   Msfs     Msfs.SYS     Sat Sep 13 00:14:46 2014 (5413C4B6)
    fffff800`70110000 fffff800`7011a000   msisadrv msisadrv.sys Sat Sep 13 00:13:50 2014 (5413C47E)
    fffff800`71b60000 fffff800`71b76000   mslldp   mslldp.sys   Sat Sep 13 00:11:32 2014 (5413C3F4)
    fffff800`70390000 fffff800`703e8000   msrpc    msrpc.sys    unavailable (00000000)
    fffff800`71410000 fffff800`7141c000   mssmbios mssmbios.sys Sat Sep 13 00:14:11 2014 (5413C493)
    fffff800`71d60000 fffff800`71d75000   mup      mup.sys      Sat Sep 13 00:14:45 2014 (5413C4B5)
    fffff800`72100000 fffff800`72107000   myfault  myfault.sys  Sat Apr 07 12:34:41 2012 (4F806CA1)
    fffff800`70880000 fffff800`70997000   ndis     ndis.sys     Sat Sep 13 00:11:52 2014 (5413C408)
    fffff800`71670000 fffff800`7167b000   NdisVirtualBus NdisVirtualBus.sys Sat Sep 13 00:11:53 2014 (5413C409)
    fffff800`730f0000 fffff800`7310d000   Ndu      Ndu.sys      Sat Sep 13 00:10:01 2014 (5413C399)
    fffff800`712e0000 fffff800`712f0000   netbios  netbios.sys  Sat Sep 13 00:13:16 2014 (5413C45C)
    fffff800`711d0000 fffff800`71219000   netbt    netbt.sys    Sat Sep 13 00:11:41 2014 (5413C3FD)
    fffff800`709a0000 fffff800`70a0d000   NETIO    NETIO.SYS    Sat Sep 13 00:11:41 2014 (5413C3FD)
    fffff800`71170000 fffff800`71185000   Npfs     Npfs.SYS     Sat Sep 13 00:14:47 2014 (5413C4B7)
    fffff800`71400000 fffff800`7140c000   npsvctrig npsvctrig.sys Sat Sep 13 00:13:22 2014 (5413C462)
    fffff800`713f0000 fffff800`713fe000   nsiproxy nsiproxy.sys Sat Sep 13 00:12:00 2014 (5413C410)
    fffff801`6d201000 fffff801`6d9d5000   nt       ntkrnlmp.exe Sat Sep 13 00:19:10 2014 (5413C5BE)
    fffff800`70670000 fffff800`7086c000   Ntfs     Ntfs.sys     Fri Sep 12 21:39:37 2014 (5413A059)
    fffff800`702f0000 fffff800`702fa000   ntosext  ntosext.sys  Fri Sep 12 21:39:09 2014 (5413A03D)
    fffff800`70f50000 fffff800`70f58000   Null     Null.SYS     unavailable (00000000)
    fffff800`712b0000 fffff800`712d9000   pacer    pacer.sys    Sat Sep 13 00:09:56 2014 (5413C394)
    fffff800`71530000 fffff800`7154c000   parport  parport.sys  Sat Sep 13 00:14:30 2014 (5413C4A6)
    fffff800`70400000 fffff800`7041c000   partmgr  partmgr.sys  Fri Sep 12 21:39:14 2014 (5413A042)
    fffff800`70120000 fffff800`70169000   pci      pci.sys      Sat Sep 13 00:13:16 2014 (5413C45C)
    fffff800`70520000 fffff800`7052f000   PCIIDEX  PCIIDEX.SYS  Sat Sep 13 00:14:17 2014 (5413C499)
    fffff800`70100000 fffff800`70110000   pcw      pcw.sys      Fri Sep 12 21:39:10 2014 (5413A03E)
    fffff800`70180000 fffff800`7019b000   pdc      pdc.sys      Fri Sep 12 21:39:12 2014 (5413A040)
    fffff800`73110000 fffff800`731ba000   peauth   peauth.sys   Sat Sep 13 00:11:42 2014 (5413C3FE)
    fffff800`702b0000 fffff800`702c6000   PSHED    PSHED.dll    Sat Sep 13 01:35:42 2014 (5413D7AE)
    fffff800`712f0000 fffff800`7135e000   rdbss    rdbss.sys    Sat Sep 13 00:12:19 2014 (5413C423)
    fffff800`716f0000 fffff800`716fb000   rdpbus   rdpbus.sys   Sat Sep 13 00:13:44 2014 (5413C478)
    fffff800`71d10000 fffff800`71d52000   rdyboost rdyboost.sys Sat Sep 13 00:13:27 2014 (5413C467)
    fffff800`71a50000 fffff800`71a68000   rspndr   rspndr.sys   Sat Sep 13 00:11:46 2014 (5413C402)
    fffff800`72090000 fffff800`7209b000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
    fffff800`70420000 fffff800`7048d000   spaceport spaceport.sys unavailable (00000000)
    fffff800`72000000 fffff800`7208c000   srv      srv.sys      Sat Sep 13 00:12:05 2014 (5413C415)
    fffff800`72fd0000 fffff800`7307c000   srv2     srv2.sys     Sat Sep 13 00:12:07 2014 (5413C417)
    fffff800`718d0000 fffff800`71910000   srvnet   srvnet.sys   Sat Sep 13 00:09:51 2014 (5413C38F)
    fffff800`71680000 fffff800`7168a000   swenum   swenum.sys   Sat Sep 13 00:14:12 2014 (5413C494)
    fffff800`70a40000 fffff800`70ca2000   tcpip    tcpip.sys    Sat Sep 13 00:11:20 2014 (5413C3E8)
    fffff800`720a0000 fffff800`720b2000   tcpipreg tcpipreg.sys Sat Sep 13 00:10:08 2014 (5413C3A0)
    fffff800`711c0000 fffff800`711cd000   TDI      TDI.SYS      Sat Sep 13 00:13:20 2014 (5413C460)
    fffff800`711a0000 fffff800`711bf000   tdx      tdx.sys      Sat Sep 13 00:11:47 2014 (5413C403)
    fffff800`70280000 fffff800`702a2000   tm       tm.sys       Fri Sep 12 21:39:11 2014 (5413A03F)
    fffff960`3a200000 fffff960`3a209000   TSDDD    TSDDD.dll    unavailable (00000000)
    fffff800`720c0000 fffff800`720ec000   tunnel   tunnel.sys   Sat Sep 13 00:09:51 2014 (5413C38F)
    fffff800`71790000 fffff800`717e3000   udfs     udfs.sys     Sat Sep 13 00:14:44 2014 (5413C4B4)
    fffff800`714c0000 fffff800`714d1000   umbus    umbus.sys    Sat Sep 13 00:13:48 2014 (5413C47C)
    fffff800`71780000 fffff800`7178c000   USBD     USBD.SYS     Sat Sep 13 00:14:45 2014 (5413C4B5)
    fffff800`71600000 fffff800`71619000   usbehci  usbehci.sys  Sat Sep 13 00:13:58 2014 (5413C486)
    fffff800`71700000 fffff800`71779000   usbhub   usbhub.sys   Sat Sep 13 00:13:27 2014 (5413C467)
    fffff800`71580000 fffff800`7158c000   usbohci  usbohci.sys  Sat Sep 13 00:14:03 2014 (5413C48B)
    fffff800`71590000 fffff800`715ff000   USBPORT  USBPORT.SYS  Sat Sep 13 00:14:14 2014 (5413C496)
    fffff800`70170000 fffff800`7017d000   vdrvroot vdrvroot.sys Sat Sep 13 00:13:42 2014 (5413C476)
    fffff800`70490000 fffff800`704a6000   volmgr   volmgr.sys   Fri Sep 12 21:39:14 2014 (5413A042)
    fffff800`704b0000 fffff800`7050b000   volmgrx  volmgrx.sys  unavailable (00000000)
    fffff800`71ca0000 fffff800`71d03000   volsnap  volsnap.sys  Sat Sep 13 00:14:46 2014 (5413C4B6)
    fffff800`70f90000 fffff800`70fa2000   watchdog watchdog.sys Sat Sep 13 00:14:13 2014 (5413C495)
    fffff800`6fea0000 fffff800`6ff72000   Wdf01000 Wdf01000.sys Sat Sep 13 00:12:08 2014 (5413C418)
    fffff800`70620000 fffff800`70667000   WdFilter WdFilter.sys Sat Sep 13 00:13:55 2014 (5413C483)
    fffff800`6ff80000 fffff800`6ff90000   WDFLDR   WDFLDR.SYS   Sat Sep 13 00:13:49 2014 (5413C47D)
    fffff800`70210000 fffff800`7021e000   werkernel werkernel.sys Sat Sep 13 00:14:47 2014 (5413C4B7)
    fffff800`70d20000 fffff800`70d43000   wfplwfs  wfplwfs.sys  Sat Sep 13 00:11:31 2014 (5413C3F3)
    fffff960`0bc00000 fffff960`0bc1c000   win32k   win32k.sys   unavailable (00000000)
    fffff960`35e00000 fffff960`35eb8000   win32kbase win32kbase.sys unavailable (00000000)
    fffff960`2ae00000 fffff960`2b162000   win32kfull win32kfull.sys unavailable (00000000)
    fffff800`70050000 fffff800`7005a000   WMILIB   WMILIB.SYS   Sat Sep 13 00:14:46 2014 (5413C4B6)
    fffff800`705e0000 fffff800`7061e000   Wof      Wof.sys      Sat Sep 13 00:12:16 2014 (5413C420)
    fffff800`6ffb0000 fffff800`6ffbb000   WppRecorder WppRecorder.sys Fri Sep 12 21:39:10 2014 (5413A03E)
    
    Unloaded modules:
    fffff800`70eb0000 fffff800`70ebd000   dump_ataport
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000D000
    fffff800`70ed0000 fffff800`70eda000   dump_atapi.s
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000A000
    fffff800`70f00000 fffff800`70f16000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00016000
    fffff800`71450000 fffff800`71461000   dam.sys 
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00011000
    fffff800`700f0000 fffff800`700fb000   WdBoot.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000B000
    fffff800`71d90000 fffff800`71d9c000   hwpolicy.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000C000
      My Computer


  4. Posts : 230
    10
    Thread Starter
       #14

    Hi Zardoc!

    essenbe - I spent 20 minutes trying to find out why these drivers didn't appear in my System32/drivers folder - only to look again and see that they're in the System32 folder

    From my VM:

    Win32k.sys = Full/Desktop Multi-User Win32 Driver (90 kB)
    Win32kbase.sys = Base Win32k Kernel Driver (681 kB)
    Win32kfull.sys = Full/Desktop Win32k Kernel Driver (3383 kB)

    As Win32k.sys is small (as is Win32kbase.sys), I'd suspect that Win32k.sys has been changed to reference the 2 other drivers (yet it still has some core functionality that applies to all devices).

    So, I'd presume that Win32kbase.sys is used for other (?smaller?) devices (EDIT: may be used on larger systems also?), and the Win32kfull.sys driver is designed for greater functionality on systems with a lot of resources (such as Desktop computers)
      My Computer


  5. Posts : 12,799
    Windows 11 Pro
       #15

    Thanks a lot. I thought Win32kbase.sys was used on Windows Phone, but had never heard of win32kfull. Your explanation sounds most likely the case. Thanks again.
      My Computer


  6. Posts : 73
    Windows Embedded 8.1 Industry Pro
       #16

    It's great to see the dump file. Usasma, it would be a lot of work on addition of new drivers to the DRT soon...

    I am looking forward to more BSOD's ^_^
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:26.
Find Us




Windows 10 Forums