Use !analyze -v to get detailed debugging information.
BugCheck D1, {ffffe00108c94008, 2, 0, fffff8016e3417dc}
*** [COLOR="#FF0000"]WARNING: Unable to verify timestamp for SynTP.sys
*** ERROR: Module load completed but symbols could not be loaded for SynTP.sys[/COLOR]
[COLOR="#008000"]Bereits im Vorspann gibt es einen Hinweis auf den Übeltäter[/COLOR]
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : SynTP.sys ( SynTP+717dc )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
....
....
Debugging Details:
------------------
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffffe00108c94008
CURRENT_IRQL: 2
FAULTING_IP:
SynTP+717dc
fffff801`6e3417dc 0fb75502 movzx edx,word ptr [rbp+2]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
....
....
LAST_CONTROL_TRANSFER: from fffff8028455e2e9 to fffff80284553760
STACK_TEXT:
fffff802`865fc708 fffff802`8455e2e9 : 00000000`0000000a ffffe001`08c94008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff802`865fc710 fffff802`8455cac7 : 00000000`00000000 fffff802`8448ddc3 ffffe001`00000000 00001f80`00000201 : nt!KiBugCheckDispatch+0x69
[COLOR="#FF0000"]fffff802`865fc850 fffff801`6e3417dc : fffff802`865fca90 00000000`00269fb1 fffff802`865fd7c8 ffffe001`0cfa7048 : nt!KiPageFault+0x247
fffff802`865fc9e0 fffff802`865fca90 : 00000000`00269fb1 fffff802`865fd7c8 ffffe001`0cfa7048 ffffe001`08a57d60 : SynTP+0x717dc[/COLOR]
[COLOR="#008000"]Hier hat der Treiber SynTP.sys einen Speicher-Seitenfehler verursacht[/COLOR]
fffff802`865fc9e8 00000000`00269fb1 : fffff802`865fd7c8 ffffe001`0cfa7048 ffffe001`08a57d60 ffffe001`0d93f600 : 0xfffff802`865fca90
fffff802`865fc9f0 fffff802`865fd7c8 : ffffe001`0cfa7048 ffffe001`08a57d60 ffffe001`0d93f600 fffff801`6e341b00 : 0x269fb1
fffff802`865fc9f8 ffffe001`0cfa7048 : ffffe001`08a57d60 ffffe001`0d93f600 fffff801`6e341b00 ffffe001`0cfa7048 : 0xfffff802`865fd7c8
fffff802`865fca00 ffffe001`08a57d60 : ffffe001`0d93f600 fffff801`6e341b00 ffffe001`0cfa7048 00000000`00000001 : 0xffffe001`0cfa7048
fffff802`865fca08 ffffe001`0d93f600 : fffff801`6e341b00 ffffe001`0cfa7048 00000000`00000001 fffff801`6e341b47 : 0xffffe001`08a57d60
fffff802`865fca10 fffff801`6e341b00 : ffffe001`0cfa7048 00000000`00000001 fffff801`6e341b47 fffff802`865fca90 : 0xffffe001`0d93f600
fffff802`865fca18 ffffe001`0cfa7048 : 00000000`00000001 fffff801`6e341b47 fffff802`865fca90 fffff802`865fcb30 : SynTP+0x71b00
fffff802`865fca20 00000000`00000001 : fffff801`6e341b47 fffff802`865fca90 fffff802`865fcb30 00000000`00269fb1 : 0xffffe001`0cfa7048
fffff802`865fca28 fffff801`6e341b47 : fffff802`865fca90 fffff802`865fcb30 00000000`00269fb1 ffffe001`08a57d6c : 0x1
fffff802`865fca30 fffff802`865fca90 : fffff802`865fcb30 00000000`00269fb1 ffffe001`08a57d6c ffffe001`0d940000 : SynTP+0x71b47
fffff802`865fca38 fffff802`865fcb30 : 00000000`00269fb1 ffffe001`08a57d6c ffffe001`0d940000 ffffe001`08a57d6c : 0xfffff802`865fca90
fffff802`865fca40 00000000`00269fb1 : ffffe001`08a57d6c ffffe001`0d940000 ffffe001`08a57d6c 00000000`00000000 : 0xfffff802`865fcb30
fffff802`865fca48 ffffe001`08a57d6c : ffffe001`0d940000 ffffe001`08a57d6c 00000000`00000000 00000000`00000000 : 0x269fb1
fffff802`865fca50 ffffe001`0d940000 : ffffe001`08a57d6c 00000000`00000000 00000000`00000000 fffff801`6a61b3d0 : 0xffffe001`08a57d6c
fffff802`865fca58 ffffe001`08a57d6c : 00000000`00000000 00000000`00000000 fffff801`6a61b3d0 fffff801`6a5d10be : 0xffffe001`0d940000
fffff802`865fca60 00000000`00000000 : 00000000`00000000 fffff801`6a61b3d0 fffff801`6a5d10be ffffe001`08bcf7e0 : 0xffffe001`08a57d6c
[COLOR="#008000"]Noch eine Anmerkung zum Stackdump: da einige Symboldateien nicht geladen werden konnten,
stehen im Stackdump fast keine Symbolnamen, sondern nur Speicheradresse.
Damit kann man aber nichts anfangen wenn man die technischen Dokumententationen
der CPU- und Chip-Hersteller nicht hat und man auch kein Assembler kann.[/COLOR]
STACK_COMMAND: kb
FOLLOWUP_IP:
SynTP+717dc
fffff801`6e3417dc 0fb75502 movzx edx,word ptr [rbp+2]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: SynTP+717dc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SynTP
[COLOR="#FF0000"]IMAGE_NAME: SynTP.sys[/COLOR]
DEBUG_FLR_IMAGE_TIMESTAMP: 55ef653f
[COLOR="#FF0000"]FAILURE_BUCKET_ID: AV_SynTP+717dc
[/COLOR]