Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Minidump\081715-6140-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Minidump\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Minidump\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Kernel Version 9600 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 9600.17936.amd64fre.winblue_ltsb.150715-0840 Machine Name: Kernel base = 0xfffff803`14e1a000 PsLoadedModuleList = 0xfffff803`150ef7b0 Debug session time: Mon Aug 17 13:33:46.528 2015 (UTC + 2:00) System Uptime: 0 days 0:21:32.135 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list ........... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {40, 2, 1, fffff801bfbd86f0} *** WARNING: Unable to verify timestamp for IDSvia64.sys *** ERROR: Module load completed but symbols could not be loaded for IDSvia64.sys Probably caused by : IDSvia64.sys ( IDSvia64+846f0 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000040, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff801bfbd86f0, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80315179138 unable to get nt!MmNonPagedPoolStart unable to get nt!MmSizeOfNonPagedPoolInBytes 0000000000000040 CURRENT_IRQL: 2 FAULTING_IP: IDSvia64+846f0 fffff801`bfbd86f0 488911 mov qword ptr [rcx],rdx CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: svchost.exe ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre TRAP_FRAME: ffffd00021858ec0 -- (.trap 0xffffd00021858ec0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000040 rbx=0000000000000000 rcx=0000000000000040 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff801bfbd86f0 rsp=ffffd00021859058 rbp=0000000000000000 r8=0000000000000000 r9=000000000000000c r10=0000000000000000 r11=000000000000006f r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po cy IDSvia64+0x846f0: fffff801`bfbd86f0 488911 mov qword ptr [rcx],rdx ds:00000000`00000040=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80314f754e9 to fffff80314f699a0 STACK_TEXT: ffffd000`21858d78 fffff803`14f754e9 : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx ffffd000`21858d80 fffff803`14f73d3a : 00000000`00000001 ffffd000`218590d8 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 ffffd000`21858ec0 fffff801`bfbd86f0 : fffff801`bfba98b1 00000000`00000067 00000000`00000000 ffffe001`14295290 : nt!KiPageFault+0x23a ffffd000`21859058 fffff801`bfba98b1 : 00000000`00000067 00000000`00000000 ffffe001`14295290 ffffd000`21859388 : IDSvia64+0x846f0 ffffd000`21859060 00000000`00000067 : 00000000`00000000 ffffe001`14295290 ffffd000`21859388 00000000`ffffffe1 : IDSvia64+0x558b1 ffffd000`21859068 00000000`00000000 : ffffe001`14295290 ffffd000`21859388 00000000`ffffffe1 fffff801`bfb595c5 : 0x67 STACK_COMMAND: kb FOLLOWUP_IP: IDSvia64+846f0 fffff801`bfbd86f0 488911 mov qword ptr [rcx],rdx SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: IDSvia64+846f0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: IDSvia64 IMAGE_NAME: IDSvia64.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5508bc17 FAILURE_BUCKET_ID: AV_IDSvia64+846f0 BUCKET_ID: AV_IDSvia64+846f0 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_idsvia64+846f0 FAILURE_ID_HASH: {00abd0e2-769a-9f36-a79f-9fa24299bf6f} Followup: MachineOwner ---------