New
#11
The DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x000000D1. This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
Delete Daemon tools lite (or alcohol 120% it depends what you have)Code:Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [F:\041219-90531-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Mini Kernel Dump does not have process information ************* Path validation summary ************** Response Time (ms) Location Deferred SRV* Symbol search path is: SRV* Executable search path is: Windows 10 Kernel Version 17763 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0xfffff802`5d4b5000 PsLoadedModuleList = 0xfffff802`5d8d0790 Debug session time: Fri Apr 12 16:52:46.762 2019 (UTC + 2:00) System Uptime: 0 days 0:04:26.492 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ ...... Loading User Symbols Loading unloaded module list ............ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {fffff80347fd3a9c, ff, 0, fffff80347fd3a9c} *** WARNING: Unable to verify timestamp for sptd2.sys *** ERROR: Module load completed but symbols could not be loaded for sptd2.sys Probably caused by : sptd2.sys ( sptd2+3a9c ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff80347fd3a9c, memory referenced Arg2: 00000000000000ff, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff80347fd3a9c, address which referenced memory Debugging Details: ------------------ KEY_VALUES_STRING: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 10.0.17763.437 (WinBuild.160101.0800) DUMP_FILE_ATTRIBUTES: 0x9 Hiber Crash Dump Kernel Generated Triage Dump DUMP_TYPE: 2 BUGCHECK_P1: fffff80347fd3a9c BUGCHECK_P2: ff BUGCHECK_P3: 0 BUGCHECK_P4: fffff80347fd3a9c READ_ADDRESS: fffff8025d9f7390: Unable to get MiVisibleState Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd fffff80347fd3a9c CURRENT_IRQL: f FAULTING_IP: sptd2+3a9c fffff803`47fd3a9c ?? ??? IP_IN_PAGED_CODE: sptd2+3a9c fffff803`47fd3a9c ?? ??? CPU_COUNT: 4 CPU_MHZ: c15 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 2a CPU_STEPPING: 7 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV ANALYSIS_SESSION_HOST: MICHAL ANALYSIS_SESSION_TIME: 04-16-2019 17:49:31.0774 ANALYSIS_VERSION: 10.0.17763.132 amd64fre TRAP_FRAME: ffffdc0326b95270 -- (.trap 0xffffdc0326b95270) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff80347fd3a9c rbx=0000000000000000 rcx=ffff8a0278937940 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80347fd3a9c rsp=ffffdc0326b95408 rbp=ffffdc0326b954a0 r8=000000000000005f r9=ffffdc0326b954a0 r10=0000000000000100 r11=ffffdc0326b95580 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di ng nz na po cy sptd2+0x3a9c: fffff803`47fd3a9c ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8025d679e69 to fffff8025d668730 FAILED_INSTRUCTION_ADDRESS: sptd2+3a9c fffff803`47fd3a9c ?? ??? STACK_TEXT: ffffdc03`26b95128 fffff802`5d679e69 : 00000000`0000000a fffff803`47fd3a9c 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx ffffdc03`26b95130 fffff802`5d67628e : 00000000`00000000 00000000`5dfcf000 00000000`00000000 00000000`0000000a : nt!KiBugCheckDispatch+0x69 ffffdc03`26b95270 fffff803`47fd3a9c : fffff803`480350de ffffda17`880e14b0 00000000`00000020 fffff0fb`dd200038 : nt!KiPageFault+0x44e ffffdc03`26b95408 fffff803`480350de : ffffda17`880e14b0 00000000`00000020 fffff0fb`dd200038 fffff0f8`7dee9000 : sptd2+0x3a9c ffffdc03`26b95410 fffff803`48042e9f : ffff8a02`7a4511f0 00000000`00000003 ffff8a02`7897d1c0 fffff802`5d4e4de3 : pci!PciReadDeviceConfig+0x6e ffffdc03`26b95480 fffff803`48042da3 : 00000000`00000100 ffffdc03`26b956d0 00000000`00000001 00000000`00037405 : pci!PciEarlyRestoreSkipAllowed+0x7f ffffdc03`26b955e0 fffff803`48042d72 : 00000000`00000100 ffffdc03`26b956d0 00000000`00000001 00000000`00000001 : pci!PciEarlyRestoreResourcesInternal+0x23 ffffdc03`26b95620 fffff802`5d49e0e6 : 00000000`00000006 00000000`00000100 ffffdc03`26b956d0 fffff802`5d8f266c : pci!PciEarlyRestoreResources+0x22 ffffdc03`26b95650 fffff802`5d422e8b : 00000000`00000001 00000000`00000001 fffff802`5d8f266c 00000000`00000000 : hal!HalpAcpiPostSleep+0x3a2a ffffdc03`26b95700 fffff802`5da1dfde : 00000000`00000000 fffff802`5d670220 ffff8a02`7a4ff4f0 ffffdd01`68020180 : hal!HaliAcpiSleep+0x2db ffffdc03`26b957a0 fffff802`5da1dd3e : fffff802`5d8f2630 ffffdc03`26b95920 fffff802`5d8f2630 00000000`0000008e : nt!PopHandleNextState+0x1ee ffffdc03`26b957f0 fffff802`5da1da34 : 00000000`00000100 fffff802`5d66f75f 00000404`ad9bbffe ffffdc03`26b95900 : nt!PopIssueNextState+0x1a ffffdc03`26b95820 fffff802`5da202dc : 00000000`0000000c ffffdb00`000077c0 00000000`00000000 fffff802`5d5e72d4 : nt!PopInvokeSystemStateHandler+0x29c ffffdc03`26b95a30 fffff802`5da20f62 : ffffffff`ffffffff ffffffff`ffffffff 00000000`00000011 00000000`00000000 : nt!PopEndMirroring+0x1cc ffffdc03`26b95af0 fffff802`5da20c9f : 00000000`00000000 00000003`00000000 00000011`00000001 bc9a4c3a`00000001 : nt!MmDuplicateMemory+0x26e ffffdc03`26b95b80 fffff802`5d4f2a45 : ffff8a02`81ce9000 ffff8a02`81ce9040 fffff802`5da20b70 bc963aea`bf42eae1 : nt!PopTransitionToSleep+0x12f ffffdc03`26b95c10 fffff802`5d66fb8c : fffff802`5c582180 ffff8a02`81ce9040 fffff802`5d4f29f0 bc97d023`f956f9f3 : nt!PspSystemThreadStartup+0x55 ffffdc03`26b95c60 00000000`00000000 : ffffdc03`26b96000 ffffdc03`26b90000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c THREAD_SHA1_HASH_MOD_FUNC: ddd1119b10370d4222139df8dd967d80e126a94c THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a9a24880dc278dfdfa55b2feb62d2aa539e48ff5 THREAD_SHA1_HASH_MOD: 66b84fa04b1930d7a5082c955ed7ebd181482726 FOLLOWUP_IP: sptd2+3a9c fffff803`47fd3a9c ?? ??? SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: sptd2+3a9c FOLLOWUP_NAME: MachineOwner MODULE_NAME: sptd2 IMAGE_NAME: sptd2.sys DEBUG_FLR_IMAGE_TIMESTAMP: 54c52a71 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 3a9c FAILURE_BUCKET_ID: AV_CODE_AV_PAGED_IP_sptd2!unknown_function BUCKET_ID: AV_CODE_AV_PAGED_IP_sptd2!unknown_function PRIMARY_PROBLEM_CLASS: AV_CODE_AV_PAGED_IP_sptd2!unknown_function TARGET_TIME: 2019-04-12T14:52:46.000Z OSBUILD: 17763 OSSERVICEPACK: 437 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2005-12-02 08:58:59 BUILDDATESTAMP_STR: 160101.0800 BUILDLAB_STR: WinBuild BUILDOSVER_STR: 10.0.17763.437 ANALYSIS_SESSION_ELAPSED_TIME: a0a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_code_av_paged_ip_sptd2!unknown_function FAILURE_ID_HASH: {dc797598-11b0-58c7-e17a-9742fc702ce6} Followup: MachineOwner ---------