CIS BSOD

Comodo CIS_Setup_3.13.120417.573_XP_Vista_x64

Many BSOD lately, the previous version was a little more stable…

Windows XP PRO x64 SP3 - v5.2, Build 3790 (up to date)

BIOS : Award ASUS P5N-E SLI ACPI BIOS Revision 0901
BIOS Type : Award Phoenix - AwardBIOS v6.00PG

Motherboard : ASUS P5N-E SLI
Motherboard Chipsets :

• North Bridge: nVIDIA nForce 650i SLI (C55)
• South Bridge: nVIDIA nForce 430i (MCP51)
  CPU : Intel QuadCore 6600 CPU 2.40Ghz
  RAM : 4090MB RAM
  GFX : GeForce 8800 GTX
  GFX Driver : NVIDIA GeForce-ION Driver Release 191.07_desktop_winxp_64bit_english_whql
  Mothrboard : NVIDIA nForce 650i SLI 15.45_nforce_winxp64_international_whql
  Soundcard : built-in Realtek ALC883 [at] nVIDIA nForce 430i (MCP51) - High Definition Audio Controller PCI
  Soundcard Driver : Realtek High Definition Audio Codecs R2.28
  DirectX : v9.0c (4.09.0000.0904)

DirectVobSub 2.39
K-Lite Codec Pack 64-bit 2.9.4
K-Lite Codec Pack 32-bit Full 5.4.4f

Adobe Flash Player 10.0.32.18

Comodo Internet Security
Antivirus : Disabled
Defense : Perm. Disabled
Firewall : Custom

[attachment deleted by admin]

another BSOD, different

[attachment deleted by admin]

recent BSOD’s collection…

[attachment deleted by admin]

another BSOD

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d04f865, fffffadf9122a770, fffffadf9122a180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d04f865, The address that the exception occurred at
Arg3: fffffadf9122a770, Exception Record Address
Arg4: fffffadf9122a180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d04f865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf9122a770 – (.exr 0xfffffadf9122a770)
ExceptionAddress: fffffadf8d04f865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf9122a180 – (.cxr 0xfffffadf9122a180)
rax=00000000000000d2 rbx=000000000000f4d2 rcx=000000000000f400
rdx=000000000000000b rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d04f865 rsp=fffffadf9122a990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d053b26 r10=fffffadf98c442ac
r11=fffffadf98c44200 r12=0000000000000000 r13=00000000000000b5
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d04f865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d548954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d04bcf8 to fffffadf8d04f865

STACK_TEXT:
fffffadf9122a990 fffffadf8d04bcf8 : fffffadf98537390 fffffadf99cc712c 000000006401a8c0 fffffadf99961c90 : tcpip!XsumSendChain+0x56
fffffadf9122a9d0 fffffadf8d04b933 : 00000000000000ad 00000000c0000141 fffffadf8d04bab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf9122aad0 fffffadf8d04c028 : fffffadf99cc70f8 000000000f50ee74 00000000000000ad fffffadf98c44128 : tcpip!TdiSendDatagram+0x196
fffffadf9122ab40 fffffadf8d061f92 : 0000000000000246 fffff800011ad8fd fffffadf98c44128 fffffadf98c44010 : tcpip!UDPSendDatagram+0x68
fffffadf9122aba0 fffffadf8d548954 : fffffa80003b7000 fffffadf98c44010 000000000000dc8c fffffadf98c44011 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf9122abf0 fffffa80003b7000 : fffffadf98c44010 000000000000dc8c fffffadf98c44011 0000000000000000 : cmdhlp+0x2954
fffffadf9122abf8 fffffadf98c44010 : 000000000000dc8c fffffadf98c44011 0000000000000000 fffffadf90c9b180 : 0xfffffa80003b7000 fffffadf9122ac00 000000000000dc8c : fffffadf98c44011 0000000000000000 fffffadf90c9b180 0000000000000001 : 0xfffffadf98c44010
fffffadf9122ac08 fffffadf98c44011 : 0000000000000000 fffffadf90c9b180 0000000000000001 fffff800011e0440 : 0xdc8c
fffffadf9122ac10 0000000000000000 : fffffadf90c9b180 0000000000000001 fffff800011e0440 fffffadf9a06bbf0 : 0xfffffadf`98c44011

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf9122a180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

BugCheck 19, {20, fffffa8000d56230, fffffa8000d562d0, 60a0108}

Probably caused by : rdbss.sys ( rdbss!RxUnload+9c )

Followup: MachineOwner

2: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8000d56230, The pool entry we were looking for within the page.
Arg3: fffffa8000d562d0, The next pool entry.
Arg4: 00000000060a0108, (reserved)

Debugging Details:

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffffa8000d56230

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800011af36c to fffff8000102eb50

STACK_TEXT:
fffffadf91094838 fffff800011af36c : 0000000000000019 0000000000000020 fffffa8000d56230 fffffa8000d562d0 : nt!KeBugCheckEx
fffffadf91094840 fffff8000103c4c7 : fffffa8000d56260 00000000000010f4 fffffa8000d56260 00000000000010f4 : nt!ExFreePoolWithTag+0x45e
fffffadf91094900 fffff8000128be67 : fffffa80036503d0 fffffa80036503d0 fffffa8000003e00 0000000000000000 : nt!ObfDereferenceObject+0x83
fffffadf91094930 fffff80001288a24 : fffffadf9cc89040 00000000000010f4 fffffadf9cc8d8e0 fffffadf9cc89040 : nt!ObpCloseHandleTableEntry+0x24b
fffffadf910949d0 fffff8000102e5fd : fffffadf9cc89040 fffffadf91094ad0 fffffadf9cc89040 0000000000000000 : nt!ObpCloseHandle+0xb0
fffffadf91094a50 fffff8000102eac0 : fffff80001312255 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x3
fffffadf91094be8 fffff80001312255 : 0000000000000000 0000000000000000 0000000000000000 0000000000000001 : nt!KiServiceLinkage
fffffadf91094bf0 fffffadf8d0cc27a : ffffffff800010f4 fffff8000131dc60 fffffadf8d0a0150 fffffadf8d0a0150 : nt!IoDeleteSymbolicLink+0x65
fffffadf91094c50 fffff8000131dc83 : fffffadf9cc89040 fffffadf90cab180 fffffadf7eb8e8c0 fffffadf7eb8e8c0 : rdbss!RxUnload+0x9c
fffffadf91094c90 fffff800010377ea : 0000000000000000 fffffadf7eb8e8c0 0000000000000000 fffff800011d1af8 : nt!IopLoadUnloadDriver+0x23
fffffadf91094d00 fffff8000124e922 : fffffadf9cc89040 0000000000000080 fffffadf9cc89040 fffffadf90ca36c0 : nt!ExpWorkerThread+0x13b
fffffadf91094d70 fffff80001020516 : fffffadf90c9b180 fffffadf9cc89040 fffffadf90ca36c0 0000000000000000 : nt!PspSystemThreadStartup+0x3e
fffffadf91094dd0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxUnload+9c
fffffadf8d0cc27a 803d9135fdff00 cmp byte ptr [rdbss!EnableWmiLog (fffffadf8d09f812)],0

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: rdbss!RxUnload+9c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69a76

FAILURE_BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

Followup: MachineOwner

2: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8000d56230, The pool entry we were looking for within the page.
Arg3: fffffa8000d562d0, The next pool entry.
Arg4: 00000000060a0108, (reserved)

Debugging Details:

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffffa8000d56230

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800011af36c to fffff8000102eb50

STACK_TEXT:
fffffadf91094838 fffff800011af36c : 0000000000000019 0000000000000020 fffffa8000d56230 fffffa8000d562d0 : nt!KeBugCheckEx
fffffadf91094840 fffff8000103c4c7 : fffffa8000d56260 00000000000010f4 fffffa8000d56260 00000000000010f4 : nt!ExFreePoolWithTag+0x45e
fffffadf91094900 fffff8000128be67 : fffffa80036503d0 fffffa80036503d0 fffffa8000003e00 0000000000000000 : nt!ObfDereferenceObject+0x83
fffffadf91094930 fffff80001288a24 : fffffadf9cc89040 00000000000010f4 fffffadf9cc8d8e0 fffffadf9cc89040 : nt!ObpCloseHandleTableEntry+0x24b
fffffadf910949d0 fffff8000102e5fd : fffffadf9cc89040 fffffadf91094ad0 fffffadf9cc89040 0000000000000000 : nt!ObpCloseHandle+0xb0
fffffadf91094a50 fffff8000102eac0 : fffff80001312255 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x3
fffffadf91094be8 fffff80001312255 : 0000000000000000 0000000000000000 0000000000000000 0000000000000001 : nt!KiServiceLinkage
fffffadf91094bf0 fffffadf8d0cc27a : ffffffff800010f4 fffff8000131dc60 fffffadf8d0a0150 fffffadf8d0a0150 : nt!IoDeleteSymbolicLink+0x65
fffffadf91094c50 fffff8000131dc83 : fffffadf9cc89040 fffffadf90cab180 fffffadf7eb8e8c0 fffffadf7eb8e8c0 : rdbss!RxUnload+0x9c
fffffadf91094c90 fffff800010377ea : 0000000000000000 fffffadf7eb8e8c0 0000000000000000 fffff800011d1af8 : nt!IopLoadUnloadDriver+0x23
fffffadf91094d00 fffff8000124e922 : fffffadf9cc89040 0000000000000080 fffffadf9cc89040 fffffadf90ca36c0 : nt!ExpWorkerThread+0x13b
fffffadf91094d70 fffff80001020516 : fffffadf90c9b180 fffffadf9cc89040 fffffadf90ca36c0 0000000000000000 : nt!PspSystemThreadStartup+0x3e
fffffadf91094dd0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxUnload+9c
fffffadf8d0cc27a 803d9135fdff00 cmp byte ptr [rdbss!EnableWmiLog (fffffadf8d09f812)],0

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: rdbss!RxUnload+9c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69a76

FAILURE_BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

Followup: MachineOwner

2: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8000d56230, The pool entry we were looking for within the page.
Arg3: fffffa8000d562d0, The next pool entry.
Arg4: 00000000060a0108, (reserved)

Debugging Details:

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffffa8000d56230

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800011af36c to fffff8000102eb50

STACK_TEXT:
fffffadf91094838 fffff800011af36c : 0000000000000019 0000000000000020 fffffa8000d56230 fffffa8000d562d0 : nt!KeBugCheckEx
fffffadf91094840 fffff8000103c4c7 : fffffa8000d56260 00000000000010f4 fffffa8000d56260 00000000000010f4 : nt!ExFreePoolWithTag+0x45e
fffffadf91094900 fffff8000128be67 : fffffa80036503d0 fffffa80036503d0 fffffa8000003e00 0000000000000000 : nt!ObfDereferenceObject+0x83
fffffadf91094930 fffff80001288a24 : fffffadf9cc89040 00000000000010f4 fffffadf9cc8d8e0 fffffadf9cc89040 : nt!ObpCloseHandleTableEntry+0x24b
fffffadf910949d0 fffff8000102e5fd : fffffadf9cc89040 fffffadf91094ad0 fffffadf9cc89040 0000000000000000 : nt!ObpCloseHandle+0xb0
fffffadf91094a50 fffff8000102eac0 : fffff80001312255 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x3
fffffadf91094be8 fffff80001312255 : 0000000000000000 0000000000000000 0000000000000000 0000000000000001 : nt!KiServiceLinkage
fffffadf91094bf0 fffffadf8d0cc27a : ffffffff800010f4 fffff8000131dc60 fffffadf8d0a0150 fffffadf8d0a0150 : nt!IoDeleteSymbolicLink+0x65
fffffadf91094c50 fffff8000131dc83 : fffffadf9cc89040 fffffadf90cab180 fffffadf7eb8e8c0 fffffadf7eb8e8c0 : rdbss!RxUnload+0x9c
fffffadf91094c90 fffff800010377ea : 0000000000000000 fffffadf7eb8e8c0 0000000000000000 fffff800011d1af8 : nt!IopLoadUnloadDriver+0x23
fffffadf91094d00 fffff8000124e922 : fffffadf9cc89040 0000000000000080 fffffadf9cc89040 fffffadf90ca36c0 : nt!ExpWorkerThread+0x13b
fffffadf91094d70 fffff80001020516 : fffffadf90c9b180 fffffadf9cc89040 fffffadf90ca36c0 0000000000000000 : nt!PspSystemThreadStartup+0x3e
fffffadf91094dd0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxUnload+9c
fffffadf8d0cc27a 803d9135fdff00 cmp byte ptr [rdbss!EnableWmiLog (fffffadf8d09f812)],0

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: rdbss!RxUnload+9c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69a76

FAILURE_BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

Followup: MachineOwner

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf91215770, fffffadf91215180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner

3: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf91215770, Exception Record Address
Arg4: fffffadf91215180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf91215770 – (.exr 0xfffffadf91215770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf91215180 – (.cxr 0xfffffadf91215180)
rax=00000000000000ab rbx=00000000000031ab rcx=0000000000003100
rdx=000000000000000b rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf91215990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b26 r10=fffffadf96a8156c
r11=fffffadf96a814c0 r12=0000000000000000 r13=00000000000000b5
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf91215990 fffffadf8d2d9cf8 : fffffadf98ca3010 fffffadf99af50ac 000000006401a8c0 fffffadf98350240 : tcpip!XsumSendChain+0x56
fffffadf912159d0 fffffadf8d2d9933 : 00000000000000ad 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf91215ad0 fffffadf8d2da028 : fffffadf99af5078 00000000ce24957c 00000000000000ad fffffadf96a81bb8 : tcpip!TdiSendDatagram+0x196
fffffadf91215b40 fffffadf8d2eff92 : fffffadf90c9d450 fffff800011ad8fd fffffadf96a81bb8 fffffadf96a81aa0 : tcpip!UDPSendDatagram+0x68
fffffadf91215ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf96a81aa0 000000000000f7ad fffffadf96a81a11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf91215bf0 0000000000000000 : fffffadf96a81aa0 000000000000f7ad fffffadf96a81a11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf91215180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf91200770, fffffadf91200180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner

3: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf91200770, Exception Record Address
Arg4: fffffadf91200180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf91200770 – (.exr 0xfffffadf91200770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf91200180 – (.cxr 0xfffffadf91200180)
rax=0000000000000053 rbx=0000000000004453 rcx=0000000000004400
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf91200990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf99131f64
r11=fffffadf99131f00 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf91200990 fffffadf8d2d9cf8 : fffffadf99447680 fffffadf99c140ac 000000006401a8c0 fffffadf99998860 : tcpip!XsumSendChain+0x56
fffffadf912009d0 fffffadf8d2d9933 : 0000000000000065 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf91200ad0 fffffadf8d2da028 : fffffadf99c14078 0000000083216151 0000000000000065 fffffadf99131e28 : tcpip!TdiSendDatagram+0x196
fffffadf91200b40 fffffadf8d2eff92 : 0000000000000246 fffff800011ad8fd fffffadf99131e28 fffffadf99131d10 : tcpip!UDPSendDatagram+0x68
fffffadf91200ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf99131d10 000000000000ee63 fffffadf99131d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf91200bf0 0000000000000000 : fffffadf99131d10 000000000000ee63 fffffadf99131d11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf91200180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf911f2770, fffffadf911f2180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911f2770, Exception Record Address
Arg4: fffffadf911f2180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911f2770 – (.exr 0xfffffadf911f2770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911f2180 – (.cxr 0xfffffadf911f2180)
rax=00000000000000fd rbx=0000000000006efd rcx=0000000000006e00
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911f2990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf97c89264
r11=fffffadf97c89200 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911f2990 fffffadf8d2d9cf8 : fffffadf983fe950 fffffadf99b400ac 000000006401a8c0 fffffadf98073010 : tcpip!XsumSendChain+0x56
fffffadf911f29d0 fffffadf8d2d9933 : 0000000000000065 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911f2ad0 fffffadf8d2da028 : fffffadf99b40078 000000008162ac5f 0000000000000065 fffffadf97c89128 : tcpip!TdiSendDatagram+0x196
fffffadf911f2b40 fffffadf8d2eff92 : 0000000000000000 0000000013951f3d fffffadf97c89128 fffffadf97c89010 : tcpip!UDPSendDatagram+0x68
fffffadf911f2ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf97c89010 000000000000ee63 fffffadf97c89011 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911f2bf0 0000000000000000 : fffffadf97c89010 000000000000ee63 fffffadf97c89011 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911f2180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911f2770, Exception Record Address
Arg4: fffffadf911f2180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911f2770 – (.exr 0xfffffadf911f2770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911f2180 – (.cxr 0xfffffadf911f2180)
rax=00000000000000fd rbx=0000000000006efd rcx=0000000000006e00
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911f2990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf97c89264
r11=fffffadf97c89200 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911f2990 fffffadf8d2d9cf8 : fffffadf983fe950 fffffadf99b400ac 000000006401a8c0 fffffadf98073010 : tcpip!XsumSendChain+0x56
fffffadf911f29d0 fffffadf8d2d9933 : 0000000000000065 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911f2ad0 fffffadf8d2da028 : fffffadf99b40078 000000008162ac5f 0000000000000065 fffffadf97c89128 : tcpip!TdiSendDatagram+0x196
fffffadf911f2b40 fffffadf8d2eff92 : 0000000000000000 0000000013951f3d fffffadf97c89128 fffffadf97c89010 : tcpip!UDPSendDatagram+0x68
fffffadf911f2ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf97c89010 000000000000ee63 fffffadf97c89011 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911f2bf0 0000000000000000 : fffffadf97c89010 000000000000ee63 fffffadf97c89011 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911f2180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911f2770, Exception Record Address
Arg4: fffffadf911f2180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911f2770 – (.exr 0xfffffadf911f2770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911f2180 – (.cxr 0xfffffadf911f2180)
rax=00000000000000fd rbx=0000000000006efd rcx=0000000000006e00
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911f2990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf97c89264
r11=fffffadf97c89200 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911f2990 fffffadf8d2d9cf8 : fffffadf983fe950 fffffadf99b400ac 000000006401a8c0 fffffadf98073010 : tcpip!XsumSendChain+0x56
fffffadf911f29d0 fffffadf8d2d9933 : 0000000000000065 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911f2ad0 fffffadf8d2da028 : fffffadf99b40078 000000008162ac5f 0000000000000065 fffffadf97c89128 : tcpip!TdiSendDatagram+0x196
fffffadf911f2b40 fffffadf8d2eff92 : 0000000000000000 0000000013951f3d fffffadf97c89128 fffffadf97c89010 : tcpip!UDPSendDatagram+0x68
fffffadf911f2ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf97c89010 000000000000ee63 fffffadf97c89011 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911f2bf0 0000000000000000 : fffffadf97c89010 000000000000ee63 fffffadf97c89011 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911f2180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf911e4770, fffffadf911e4180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 – (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 – (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911e4990 fffffadf8d2d9cf8 : fffffadf988e6380 fffffadf99b420ac 000000006401a8c0 fffffadf99035460 : tcpip!XsumSendChain+0x56
fffffadf911e49d0 fffffadf8d2d9933 : 0000000000000062 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911e4ad0 fffffadf8d2da028 : fffffadf99b42078 00000000fdcbbddc 0000000000000062 fffffadf98b55e28 : tcpip!TdiSendDatagram+0x196
fffffadf911e4b40 fffffadf8d2eff92 : 0000000000000000 00000000fdcbbddc fffffadf98b55e28 fffffadf98b55d10 : tcpip!UDPSendDatagram+0x68
fffffadf911e4ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911e4bf0 0000000000000000 : fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911e4180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 – (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 – (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911e4990 fffffadf8d2d9cf8 : fffffadf988e6380 fffffadf99b420ac 000000006401a8c0 fffffadf99035460 : tcpip!XsumSendChain+0x56
fffffadf911e49d0 fffffadf8d2d9933 : 0000000000000062 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911e4ad0 fffffadf8d2da028 : fffffadf99b42078 00000000fdcbbddc 0000000000000062 fffffadf98b55e28 : tcpip!TdiSendDatagram+0x196
fffffadf911e4b40 fffffadf8d2eff92 : 0000000000000000 00000000fdcbbddc fffffadf98b55e28 fffffadf98b55d10 : tcpip!UDPSendDatagram+0x68
fffffadf911e4ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911e4bf0 0000000000000000 : fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911e4180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 – (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 – (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911e4990 fffffadf8d2d9cf8 : fffffadf988e6380 fffffadf99b420ac 000000006401a8c0 fffffadf99035460 : tcpip!XsumSendChain+0x56
fffffadf911e49d0 fffffadf8d2d9933 : 0000000000000062 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911e4ad0 fffffadf8d2da028 : fffffadf99b42078 00000000fdcbbddc 0000000000000062 fffffadf98b55e28 : tcpip!TdiSendDatagram+0x196
fffffadf911e4b40 fffffadf8d2eff92 : 0000000000000000 00000000fdcbbddc fffffadf98b55e28 fffffadf98b55d10 : tcpip!UDPSendDatagram+0x68
fffffadf911e4ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911e4bf0 0000000000000000 : fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911e4180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 – (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 – (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911e4990 fffffadf8d2d9cf8 : fffffadf988e6380 fffffadf99b420ac 000000006401a8c0 fffffadf99035460 : tcpip!XsumSendChain+0x56
fffffadf911e49d0 fffffadf8d2d9933 : 0000000000000062 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911e4ad0 fffffadf8d2da028 : fffffadf99b42078 00000000fdcbbddc 0000000000000062 fffffadf98b55e28 : tcpip!TdiSendDatagram+0x196
fffffadf911e4b40 fffffadf8d2eff92 : 0000000000000000 00000000fdcbbddc fffffadf98b55e28 fffffadf98b55d10 : tcpip!UDPSendDatagram+0x68
fffffadf911e4ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911e4bf0 0000000000000000 : fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911e4180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

0: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 – (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 – (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf911e4990 fffffadf8d2d9cf8 : fffffadf988e6380 fffffadf99b420ac 000000006401a8c0 fffffadf99035460 : tcpip!XsumSendChain+0x56
fffffadf911e49d0 fffffadf8d2d9933 : 0000000000000062 00000000c0000141 fffffadf8d2d9ab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf911e4ad0 fffffadf8d2da028 : fffffadf99b42078 00000000fdcbbddc 0000000000000062 fffffadf98b55e28 : tcpip!TdiSendDatagram+0x196
fffffadf911e4b40 fffffadf8d2eff92 : 0000000000000000 00000000fdcbbddc fffffadf98b55e28 fffffadf98b55d10 : tcpip!UDPSendDatagram+0x68
fffffadf911e4ba0 fffffadf8d7c6954 : 0000000000000000 fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf911e4bf0 0000000000000000 : fffffadf98b55d10 000000000000ee63 fffffadf98b55d11 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911e4180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

BugCheck 50, {fffffa8009864000, 0, fffff97fff1819c4, 0}

Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1bb )

Followup: MachineOwner

2: kd> !analyze -v

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8009864000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff97fff1819c4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:

Could not read faulting driver name

READ_ADDRESS: fffffa8009864000

FAULTING_IP:
win32k!NtUserfnINDEVICECHANGE+1bb
fffff97f`ff1819c4 8b4630 mov eax,dword ptr [rsi+30h]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: winamp.exe

CURRENT_IRQL: 1

TRAP_FRAME: fffffadf8302abb0 – (.trap 0xfffffadf8302abb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8009863fd0
rdx=0000000000000016 rsi=0000000000000000 rdi=0000000000000000
rip=fffff97fff1819c4 rsp=fffffadf8302ad40 rbp=00000000068ae8c0
r8=0000000000000000 r9=fffffa8009863fd0 r10=000003e800000000
r11=fffffa8009863fd0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
win32k!NtUserfnINDEVICECHANGE+0x1bb:
fffff97fff1819c4 8b4630 mov eax,dword ptr [rsi+30h] ds:ffff:0000000000000030=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800010a6acd to fffff8000102eb50

STACK_TEXT:
fffffadf8302aad8 fffff800010a6acd : 0000000000000050 fffffa8009864000 0000000000000000 fffffadf8302abb0 : nt!KeBugCheckEx
fffffadf8302aae0 fffff8000102d719 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!MmAccessFault+0xa1f
fffffadf8302abb0 fffff97fff1819c4 : 0000000000000000 00000000068ae8c0 0000000000000000 000000000000002c : nt!KiPageFault+0x119
fffffadf8302ad40 fffff97fff0a3bd1 : fffff97ff628cf90 0000000000121402 000000000000002c fffffa8009863fd0 : win32k!NtUserfnINDEVICECHANGE+0x1bb
fffffadf8302ade0 fffff8000102e5fd : 0000000000000000 0000000000000000 fffffadf9bcbdb80 0000000000000000 : win32k!NtUserMessageCall+0x142
fffffadf8302ae80 000000006b2b5e8a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x3
00000000068ad6d8 fffff800010267d0 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x6b2b5e8a
fffffadf8302b280 0000000000000000 : fffff80001037e99 0000000000000000 0000000000000000 0000000000000001 : nt!KiCallUserMode

STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!NtUserfnINDEVICECHANGE+1bb
fffff97f`ff1819c4 8b4630 mov eax,dword ptr [rsi+30h]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: win32k!NtUserfnINDEVICECHANGE+1bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a83ff89

FAILURE_BUCKET_ID: X64_0x50_win32k!NtUserfnINDEVICECHANGE+1bb

BUCKET_ID: X64_0x50_win32k!NtUserfnINDEVICECHANGE+1bb

Followup: MachineOwner

Hi freshhh,

Do you have ANY other security software installed no matter real-time or on demand?

And any other software that get’s remotely close to network activity like Netlimiter to control or monitor bandwidth usage, network monitoring tools etc?

What’s the type of network adapter you have in the system?

thanks for ur reply

I do have NetLimiter x64 installed.
+
IObit Advanced SystemCare PRO

but no other real-time security software (or even no other security software loaded in memory).

Is there a compatibility issue with NetLimiter? I haven’t used much lately (nothing is limited) but I can disable/uninstall it for a while if you ask me to do it…

Others “special” things I’ve used before :

patched tcpip.sys with :

TCP-Z V2.6.2.75
Universal Tcpip.sys Patch v1.2
Half-open limit fix v4.1

Universal Theme Patcher

Winamp Now Playing Plugin
Messenger Plus! Music Now Playing 1.3.4

Can you post the exact versions of NetLimiter and IOBit?
As posted before I’m not a developer nor Comodo Staff but we have to do some deduction here.

Based on this we have 3 potential suspects
-NetLimiter
-Patched tcpip.sys
-IOBit

How often do these BSOD’s appear? would it take long to try these one at a time to see which conflict?

Comodo :

Antivirus : Disabled
Defense : Perm. Disabled

NetLimiter v2.0.10.1
IObit Advanced SystemCare PRO v3.x (any)

I dont think it might be IObit because even before I used to have BSOD…

Frequency is hard to tell (1 to 3x a day or 1x a week!).