IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000d0000006, memory referenced
Arg2: 00000000000000ff, IRQL
[COLOR="#FF0000"]Arg3: 00000000000000ed, bitfield :[/COLOR]
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
[COLOR="#008000"]Hier ist schon der erste Fehler zusehen. In dem Bitfeld von Arg3 kann
es nur 0 und 1 geben, kein e oder d[/COLOR]
Arg4: fffff803529d3f37, address which referenced memory
....
Debugging Details:
------------------
[COLOR="#FF0000"]WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart[/COLOR]
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
[COLOR="#008000"]Das System findet den Startpunkt des Spezialpool nicht[/COLOR]
....
[COLOR="#FF0000"]FAULTING_IP: nt!KiInvalidOpcodeFault+37[/COLOR]
....
[COLOR="#008000"]Den StackFrame des vorhergehenden Prozeduraufrufs abfragen[/COLOR]
TRAP_FRAME: ffffca008c4c8770 -- (.trap 0xffffca008c4c8770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=ffffca008c49d180
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803529569bc rsp=ffffca008c4c8900 rbp=ffffca008c49d180
r8=0000000000000000 r9=0000000000000002 r10=ffffca008c49d180
r11=00000000a874397b r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
[COLOR="#FF0000"]nt!KiProcessThreadWaitList+0x6c:
fffff803`529569bc f0410fba2e07 lock bts dword ptr [r14],7 ds:00000000`00000000=00000000[/COLOR]
[COLOR="#008000"]Diese Prozedure bekommt ein Datensegment mit Inhalt 0 übergeben.[/COLOR]
MISALIGNED_IP:
nt!KiInvalidOpcodeFault+37
fffff803`529d3f37 0000 add byte ptr [rax],al
....
....
[COLOR="#008000"]Hier noch mal den Thread, der zum Absturzzeitpunkt aktiv war.[/COLOR]
6: kd> !thread
THREAD ffffca008c4a9cc0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 6
Not impersonating
GetUlongFromAddress: unable to read from fffff80352b76924
Owning Process fffff80352c3c940 Image: System Process
Attached Process ffff960ef04266c0 Image: System
fffff78000000000: Unable to get shared data
Wait Start TickCount 18085
Context Switch Count 187009 IdealProcessor: 6
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address nt!KiIdleLoop (0xfffff803529ce2e0)
Stack Init ffffca008c4c8c10 Current ffffca008c4c8ba0
Base ffffca008c4c9000 Limit ffffca008c4c2000 Call 0
Priority 0 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP RetAddr : Args to Child : Call Site
ffffca00`8c4c80b8 fffff803`529d6429 : 00000000`0000000a 00000000`d0000006 00000000`000000ff 00000000`000000ed : nt!KeBugCheckEx
ffffca00`8c4c80c0 fffff803`529d4a07 : ffff960e`f5d3a860 ffff960e`f5d309e0 ffff960e`f5caa3e0 ffff960e`f4cd94d0 : nt!KiBugCheckDispatch+0x69
ffffca00`8c4c8200 fffff803`529d3f37 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x247 (TrapFrame @ ffffca00`8c4c8200)
[COLOR="#FF0000"]ffffca00`8c4c8390 fffff803`52a6c90b : ffffca00`8c4c86e0 00000000`00000002 ffffca00`8c4c8770 00000000`00000000 : nt!KiInvalidOpcodeFault+0x37 (TrapFrame @ ffffca00`8c4c8390)
ffffca00`8c4c8520 fffff803`529fa52f : 00000000`00000000 ffffca00`8c4c8670 00000000`00000003 00000000`00000002 : nt!MiRaisedIrqlFault+0x213[/COLOR]
[COLOR="#008000"]Dadurch gibt es einen IRQL-Fehler und in der Folge und in der Folge einen [B]InvalidOpcodeFault[/B] [/COLOR]
ffffca00`8c4c8570 fffff803`529d48fc : 00000000`00000000 fffff803`529166d1 ffff5ffa`271a0a1c ffffca00`8c4a2ec8 : nt! ?? ::FNODOBFM::`string'+0x2009f
ffffca00`8c4c8770 fffff803`529569bc : 00000000`40300089 ffffca00`8c4c8ae0 ffffca00`8c4c8ad8 ffffca00`00000000 : nt!KiPageFault+0x13c (TrapFrame @ ffffca00`8c4c8770)
[COLOR="#FF0000"]ffffca00`8c4c8900 fffff803`528b436d : ffff960e`00000000 ffff960e`f5f35b48 00000000`00140001 00000000`00000002 : nt!KiProcessThreadWaitList+0x6c[/COLOR]
[COLOR="#008000"]Diese Prozedure übergibt einen Datenparameter 0, wie weiter oben gesehen[/COLOR]
ffffca00`8c4c8960 fffff803`529ce33a : 00000000`00000000 ffffca00`8c49d180 00000000`00000000 ffffca00`8c4a9cc0 : nt!KiRetireDpcList+0x80d
ffffca00`8c4c8be0 00000000`00000000 : ffffca00`8c4c9000 ffffca00`8c4c2000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
....
[COLOR="#008000"]Der Vollständigkeit halber noch mal den aktiven Prozessor abgefragt,
der im Threadvorspann mit Prozessor 6 bezeichnet wurde.[/COLOR]
6: kd> !prcb 6 [COLOR="#008000"]ProzessorRegionControllBlock[/COLOR]
PRCB for Processor 6 at fffff780ffff0000:
Current IRQL -- 2
Threads-- Current ffffca008c4a9cc0 Next 0000000000000000 Idle ffffca008c4a9cc0
Processor Index 6 Number (0, 6) GroupSetMember 40
Interrupt Count -- 00059efe
Times -- [COLOR="#FF0000"]Dpc 00000000[/COLOR] Interrupt 00000006
[COLOR="#008000"] deferred procedure call (DPC)= ausgesetzter ProcedureCall; ist hier ebenfalls 0[/COLOR]
Kernel 0000429b User 00000404