From, the image above, we can see the memory address being referenced and the current IRQL level. Let's see where the memory address being referenced is located.
By obtaining a Stack Trace with the kv command, I was able to find what the cause of the bugcheck was. There seemed to be multiple page faults, we can't be handled by the MmAccessFault when the IRQL level is 2 (DISPATCH_LEVEL) or above, and therefore are illegal operations.
Obtaining the registers for the trap frame for one of the Page Fault, revealed some useful information, the IopCompleteRequest created a Page Fault within the system, and we can see that the function was pointing to the rcx register which was the memory address being referenced from the first parameter.
In my opinion, the cause seems to be likely to be drivers from the above information, however, it turns out that the problem may have been a failing hard-drive.
It also turns out that the address regions for two drivers overlap each other.
|
No comments:
Post a Comment