locked
BlueScreen Error RRS feed

  • Pregunta

  • Buenas tardes,

    Llevo unos días que no dejo de tener pantallazos azules de error. No me veo capaz de achacárselo a nada en concreto de mi ordenador, ya que en cada ocasión estoy haciendo una cosa diferente, pero sospecho que es un tema de Internet por la información de la BlueScreen.

    Para ir adelantando, dejo la información que me da Windows 7 al iniciar tras el error:

    Firma con problemas:
      Nombre del evento de problema: BlueScreen
      Versión del sistema operativo: 6.1.7601.2.1.0.256.1
      Id. de configuración regional: 3082

    Información adicional del problema:
      BCCode: d1
      BCP1: 00000014
      BCP2: 00000002
      BCP3: 00000000
      BCP4: 8BE1CBF2
      OS Version: 6_1_7601
      Service Pack: 1_0
      Product: 256_1

    Y la información de la BlueScreen:

    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: NETIO.SYS

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x000000d1 (0x00000014, 0x00000002, 0x00000000, 0x8bef9bf2)

    *** NETIO.SYS - Address 0x8bef9bf2 base at 0x8bef3000 DateStamp 0x4ce78963

    Agradezco la ayuda de antemano.

    domingo, 22 de abril de 2012 14:25

Respuestas

  • Efectivamente NETIO.SYS es un componente del sistema que tiene que ver con todo lo que es redes, hay en ese sistema un  driver que está ocasionando esos pantallazos azules.

    Los primeros responsables suelen ser los drivers de red alambrada o inalambrica pero tampoco se puede descartar algun otro programa que tenga que ver con el manejo de redes como los antivirus o firewalls de terceros.

    Para saber cual es el responsable verdadero del fallo y no dar palos de ciego e ir directo al grano se deberia analizar el archivo .dmp que contiene informacion del pantallazo azul:

    BSOD - Pantalla azul. Cómo analizar el error
    http://www.multingles.net/docs/jmt/bsod.htm


    Saludos cordiales. Ivan

    domingo, 22 de abril de 2012 19:45
  • Esta linea nos dice quien es el asessino:

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Lo que esta entre comillas es un filtro del antivirus McCaffe.

    te sugiero que los sustituyas por otro antivirus, preferiblemente el de Microsoft:

    MS Security Essentials
    http://windows.microsoft.com/es-XL/windows/products/security-essentials/download

    Tanto si estuvo instalado y ya fue eliminado o lo vas a desinstalar debes ejecutar la herramienta de limpieza del fabricante:

    McAfee:
    http://service.mcafee.com/FAQDocument.aspx?id=TS100507

    Aunque existe mucha informacion respecto a ese filtro tambien es posible que no aplique al caso y que ese antivirus nunca estuvo en ese PC, en ese caso seria necesario configurar Windows para que genere un memory.dmp, tal como explica ae articulo para afinar mas los resultados.

    Comentanos cualquier incidencia.


    Saludos cordiales. Ivan

    lunes, 23 de abril de 2012 16:47
  • Ejecuta el comando de esta forma:

    !IRP 85f97e50

    La tercera linea en el segundo parrafo muestra la direccion de memoria del bendito xD1_NETIO!RtlCopyBufferToMdl+1c

    Si resulta como pienso nos deberia decir a quen pertenece el driver y ya tendremos el trabajo hecho.

    Para asegurarnos tambien intenta actualizar los drovers de red, alambrada o inalambrica, solo por si acaso.


    Saludos cordiales. Ivan

    domingo, 29 de abril de 2012 20:42
  • Disculpa cometi un error, el dato que se debe analizar es este:

    Arg2: 00000002, IRQL

    Asi que deberia ser:

    !IRP 00000002

    Voy a tener que regresar a la escuelita :-(


    Saludos cordiales. Ivan

    lunes, 30 de abril de 2012 0:29
  • El resultado es igual a los que hiciste. Lo que me llama la atencion es que windbg no muestra ningun resultado hasta no poner el comando !analyze -v

    Revisando un poco veo que no muestra el mensaje "Probably caused by..." y tampoco "Address of the IRP" que son los que nos servirian de guia para ejecuta cualquier otro comando. Primera ocasion que Windbg se queda ciego.

    La recomendacion que puedo hacer seria:

    Actualizar los drivers de red, inalambrica o cableada.

    Aunque el antivirus Mcafee no estuvo instalado en ese equipo, el analisis sigue apuntando a un componente de este. Encontré otro vinculo para el limpiador, este si funciona:

    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

    Comentanos cualquier resultado.

    ******************************************

    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\Documentos de Ivan\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*D:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17790.x86fre.win7sp1_gdr.120305-1505
    Machine Name:
    Kernel base = 0x82a49000 PsLoadedModuleList = 0x82b924d0
    Debug session time: Sun Apr 22 09:17:51.362 2012 (UTC - 5:30)
    System Uptime: 0 days 0:35:19.923
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols

    Loading unloaded module list
    .........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {14, 2, 0, 8bef9bf2}

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8bef9bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000014

    CURRENT_IRQL:  2

    FAULTING_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd9754c -- (.trap 0xffffffff8dd9754c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8bef9bf2 esp=8dd975c0 ebp=8dd975d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8bef9bf2 to 82a8a5eb

    STACK_TEXT: 
    8dd9754c 8bef9bf2 badb0d00 ffffffbc 919420d4 nt!KiTrap0E+0x2cf
    8dd975d0 8c047b46 85f97e50 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd97600 8c09677a 887994e0 8dd97650 8dd9764c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd97694 8c094dc6 861a6f40 887994e0 8dd976bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd97700 8c078438 861a6f40 887994e0 00d97774 tcpip!TcpTcbReceive+0x228
    8dd97768 8c078c6a 860d1d78 8619d000 00000000 tcpip!TcpMatchReceive+0x237
    8dd977b8 8c078cab 861a6f40 8619d000 00009efb tcpip!TcpPreValidatedReceive+0x293
    8dd977d4 8c072fd5 861a6f40 8619d000 8dd97810 tcpip!TcpReceive+0x2d
    8dd977e4 8c07b20b 8dd977f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd97810 8c07ab56 8c0f6198 8dd97864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd97830 8c078f18 8c0f5fa8 00000006 8dd97864 tcpip!IppProcessDeliverList+0x2a
    8dd97888 8c07a9ff 8c0f5fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd9791c 8c088e2c 86a2ee78 00000000 86162500 tcpip!IpFlcReceivePackets+0xbe5
    8dd97998 8c08345e 86b40cf8 882e66f8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd979cc 82ad2654 882e66f8 a7f90c6c 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd97a34 8c0835cc 8c083340 8dd97a5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd97a70 8bea418d 86b40c00 882e6601 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd97aa8 8be925be 86b42aa8 882e66f8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd97ad0 8be924b2 00000000 882e66f8 866430e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd97c4c 8be3dc1d 866430e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd97c68 8be92553 866430e0 882e66f8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd97c90 8be3dc78 866430e0 882e66f8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd97cb8 922fa6b7 866430e0 882e66f8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd97cd8 922f5730 86a34e18 882e66f8 86a34e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd97cec 82c5d558 86a34e18 923062c0 853aaa70 tunnel!LwWorker+0x12
    8dd97d00 82ac6a8b 885467d8 00000000 853aaa70 nt!IopProcessWorkItem+0x23
    8dd97d50 82c52056 00000001 a7f90bc8 00000000 nt!ExpWorkerThread+0x10d
    8dd97d90 82afa219 82ac697e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

     

    STOP: 0x000000d1


    Saludos cordiales. Ivan

    domingo, 6 de mayo de 2012 16:25

Todas las respuestas

  • Efectivamente NETIO.SYS es un componente del sistema que tiene que ver con todo lo que es redes, hay en ese sistema un  driver que está ocasionando esos pantallazos azules.

    Los primeros responsables suelen ser los drivers de red alambrada o inalambrica pero tampoco se puede descartar algun otro programa que tenga que ver con el manejo de redes como los antivirus o firewalls de terceros.

    Para saber cual es el responsable verdadero del fallo y no dar palos de ciego e ir directo al grano se deberia analizar el archivo .dmp que contiene informacion del pantallazo azul:

    BSOD - Pantalla azul. Cómo analizar el error
    http://www.multingles.net/docs/jmt/bsod.htm


    Saludos cordiales. Ivan

    domingo, 22 de abril de 2012 19:45
  • Ya está. Ha sido bastante sencillo; a ver si la solución también lo es :)

    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17790.x86fre.win7sp1_gdr.120305-1505
    Machine Name:
    Kernel base = 0x82a4e000 PsLoadedModuleList = 0x82b974d0
    Debug session time: Sun Apr 22 15:11:47.407 2012 (UTC + 2:00)
    System Uptime: 0 days 3:32:51.971
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {14, 2, 0, 8be0fbf2}

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8be0fbf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from 82bb7848
    Unable to read MiSystemVaType memory at 82b96e20
     00000014 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8be0fbf2 394614          cmp     dword ptr [esi+14h],eax

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd8b54c -- (.trap 0xffffffff8dd8b54c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8be0fbf2 esp=8dd8b5c0 ebp=8dd8b5d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8be0fbf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8be0fbf2 to 82a8f5eb

    STACK_TEXT:  
    8dd8b54c 8be0fbf2 badb0d00 ffffffbc 869420e0 nt!KiTrap0E+0x2cf
    8dd8b5d0 8beabb46 858580e8 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd8b600 8befa77a 857d3a48 8dd8b650 8dd8b64c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd8b694 8bef8dc6 861a2970 857d3a48 8dd8b6bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd8b700 8bedc438 861a2970 857d3a48 00d8b774 tcpip!TcpTcbReceive+0x228
    8dd8b768 8bedcc6a 860d2d30 8619f000 00000000 tcpip!TcpMatchReceive+0x237
    8dd8b7b8 8bedccab 861a2970 8619f000 000029e7 tcpip!TcpPreValidatedReceive+0x293
    8dd8b7d4 8bed6fd5 861a2970 8619f000 8dd8b810 tcpip!TcpReceive+0x2d
    8dd8b7e4 8bedf20b 8dd8b7f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd8b810 8bedeb56 8bf5a198 8dd8b864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd8b830 8bedcf18 8bf59fa8 00000006 8dd8b864 tcpip!IppProcessDeliverList+0x2a
    8dd8b888 8bede9ff 8bf59fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd8b91c 8beece2c 86aebea0 00000000 86164500 tcpip!IpFlcReceivePackets+0xbe5
    8dd8b998 8bee745e 86ae8a98 857874f0 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd8b9cc 82ad7654 857874f0 a7fa0a23 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd8ba34 8bee75cc 8bee7340 8dd8ba5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd8ba70 8bb9518d 86ae8a00 85787401 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd8baa8 8bb835be 86aecaa8 857874f0 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd8bad0 8bb834b2 00000000 857874f0 8661e0e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd8bc4c 8bb2ec1d 8661e0e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd8bc68 8bb83553 8661e0e0 857874f0 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd8bc90 8bb2ec78 8661e0e0 857874f0 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd8bcb8 9131f6b7 8661e0e0 857874f0 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd8bcd8 9131a730 869d7cd0 857874f0 869d7cd0 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd8bcec 82c62558 869d7cd0 9132b790 85377d48 tunnel!LwWorker+0x12
    8dd8bd00 82acba8b 872a92f8 00000000 85377d48 nt!IopProcessWorkItem+0x23
    8dd8bd50 82c57056 00000001 a7fa0d87 00000000 nt!ExpWorkerThread+0x10d
    8dd8bd90 82aff219 82acb97e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8be0fbf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

    domingo, 22 de abril de 2012 21:04
  • Esta linea nos dice quien es el asessino:

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Lo que esta entre comillas es un filtro del antivirus McCaffe.

    te sugiero que los sustituyas por otro antivirus, preferiblemente el de Microsoft:

    MS Security Essentials
    http://windows.microsoft.com/es-XL/windows/products/security-essentials/download

    Tanto si estuvo instalado y ya fue eliminado o lo vas a desinstalar debes ejecutar la herramienta de limpieza del fabricante:

    McAfee:
    http://service.mcafee.com/FAQDocument.aspx?id=TS100507

    Aunque existe mucha informacion respecto a ese filtro tambien es posible que no aplique al caso y que ese antivirus nunca estuvo en ese PC, en ese caso seria necesario configurar Windows para que genere un memory.dmp, tal como explica ae articulo para afinar mas los resultados.

    Comentanos cualquier incidencia.


    Saludos cordiales. Ivan

    lunes, 23 de abril de 2012 16:47
  • Perdón por responder tan tarde, pero he estado muy liado.

    En ningún momento he tenido el McAffe instalado. He intentado pasar la herramienta de limpieza, pero no funciona el link.

    El análisis del archivo memory.dmp me da la misma información que la posteada en mi anterior mensaje. ¿Es necesario sacar más información con el comando IRP como pone en el artículo? Es que no parece que el error tenga la misma sintáxis.

    En cualquier caso, por si acaso copio la información del programa:

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8bef9bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000014 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd9754c -- (.trap 0xffffffff8dd9754c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8bef9bf2 esp=8dd975c0 ebp=8dd975d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8bef9bf2 to 82a8a5eb

    STACK_TEXT:  
    8dd9754c 8bef9bf2 badb0d00 ffffffbc 919420d4 nt!KiTrap0E+0x2cf
    8dd975d0 8c047b46 85f97e50 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd97600 8c09677a 887994e0 8dd97650 8dd9764c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd97694 8c094dc6 861a6f40 887994e0 8dd976bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd97700 8c078438 861a6f40 887994e0 00d97774 tcpip!TcpTcbReceive+0x228
    8dd97768 8c078c6a 860d1d78 8619d000 00000000 tcpip!TcpMatchReceive+0x237
    8dd977b8 8c078cab 861a6f40 8619d000 00009efb tcpip!TcpPreValidatedReceive+0x293
    8dd977d4 8c072fd5 861a6f40 8619d000 8dd97810 tcpip!TcpReceive+0x2d
    8dd977e4 8c07b20b 8dd977f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd97810 8c07ab56 8c0f6198 8dd97864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd97830 8c078f18 8c0f5fa8 00000006 8dd97864 tcpip!IppProcessDeliverList+0x2a
    8dd97888 8c07a9ff 8c0f5fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd9791c 8c088e2c 86a2ee78 00000000 86162500 tcpip!IpFlcReceivePackets+0xbe5
    8dd97998 8c08345e 86b40cf8 882e66f8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd979cc 82ad2654 882e66f8 a7f90c6c 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd97a34 8c0835cc 8c083340 8dd97a5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd97a70 8bea418d 86b40c00 882e6601 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd97aa8 8be925be 86b42aa8 882e66f8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd97ad0 8be924b2 00000000 882e66f8 866430e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd97c4c 8be3dc1d 866430e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd97c68 8be92553 866430e0 882e66f8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd97c90 8be3dc78 866430e0 882e66f8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd97cb8 922fa6b7 866430e0 882e66f8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd97cd8 922f5730 86a34e18 882e66f8 86a34e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd97cec 82c5d558 86a34e18 923062c0 853aaa70 tunnel!LwWorker+0x12
    8dd97d00 82ac6a8b 885467d8 00000000 853aaa70 nt!IopProcessWorkItem+0x23
    8dd97d50 82c52056 00000001 a7f90bc8 00000000 nt!ExpWorkerThread+0x10d
    8dd97d90 82afa219 82ac697e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

    jueves, 26 de abril de 2012 21:03
  • Primero el mismo comando que en los anteriores !analyze -v

    Y luego de este !IRP.

    A ver si tenemos suerte en esta ocasion, esto parece ya una pelicula de detectives.


    Saludos cordiales. Ivan

    viernes, 27 de abril de 2012 18:35
  • Hola de nuevo:

    He hecho lo que me dices, pero con el comando !IRP no he conseguido sacar información. Te dejo el log completo.

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8bef9bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000014 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd9754c -- (.trap 0xffffffff8dd9754c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8bef9bf2 esp=8dd975c0 ebp=8dd975d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8bef9bf2 to 82a8a5eb

    STACK_TEXT:  
    8dd9754c 8bef9bf2 badb0d00 ffffffbc 919420d4 nt!KiTrap0E+0x2cf
    8dd975d0 8c047b46 85f97e50 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd97600 8c09677a 887994e0 8dd97650 8dd9764c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd97694 8c094dc6 861a6f40 887994e0 8dd976bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd97700 8c078438 861a6f40 887994e0 00d97774 tcpip!TcpTcbReceive+0x228
    8dd97768 8c078c6a 860d1d78 8619d000 00000000 tcpip!TcpMatchReceive+0x237
    8dd977b8 8c078cab 861a6f40 8619d000 00009efb tcpip!TcpPreValidatedReceive+0x293
    8dd977d4 8c072fd5 861a6f40 8619d000 8dd97810 tcpip!TcpReceive+0x2d
    8dd977e4 8c07b20b 8dd977f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd97810 8c07ab56 8c0f6198 8dd97864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd97830 8c078f18 8c0f5fa8 00000006 8dd97864 tcpip!IppProcessDeliverList+0x2a
    8dd97888 8c07a9ff 8c0f5fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd9791c 8c088e2c 86a2ee78 00000000 86162500 tcpip!IpFlcReceivePackets+0xbe5
    8dd97998 8c08345e 86b40cf8 882e66f8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd979cc 82ad2654 882e66f8 a7f90c6c 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd97a34 8c0835cc 8c083340 8dd97a5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd97a70 8bea418d 86b40c00 882e6601 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd97aa8 8be925be 86b42aa8 882e66f8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd97ad0 8be924b2 00000000 882e66f8 866430e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd97c4c 8be3dc1d 866430e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd97c68 8be92553 866430e0 882e66f8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd97c90 8be3dc78 866430e0 882e66f8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd97cb8 922fa6b7 866430e0 882e66f8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd97cd8 922f5730 86a34e18 882e66f8 86a34e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd97cec 82c5d558 86a34e18 923062c0 853aaa70 tunnel!LwWorker+0x12
    8dd97d00 82ac6a8b 885467d8 00000000 853aaa70 nt!IopProcessWorkItem+0x23
    8dd97d50 82c52056 00000001 a7f90bc8 00000000 nt!ExpWorkerThread+0x10d
    8dd97d90 82afa219 82ac697e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

    2: kd> !IRP
    Free build - use !irpfind to scan memory for any active IRPs
    2: kd> !IRP 00000014
    00000014: Could not read Irp
    2: kd> !IRP 00000014 00000002 00000000 8bef9bf2
    00000014: Could not read Irp
    2: kd> !IRP 00000002
    00000002: Could not read Irp
    2: kd> !IRP 00000000
    Free build - use !irpfind to scan memory for any active IRPs
    2: kd> !IRP 8bef9bf2
    IRP signature does not match, probably not an IRP

    domingo, 29 de abril de 2012 16:02
  • Ejecuta el comando de esta forma:

    !IRP 85f97e50

    La tercera linea en el segundo parrafo muestra la direccion de memoria del bendito xD1_NETIO!RtlCopyBufferToMdl+1c

    Si resulta como pienso nos deberia decir a quen pertenece el driver y ya tendremos el trabajo hecho.

    Para asegurarnos tambien intenta actualizar los drovers de red, alambrada o inalambrica, solo por si acaso.


    Saludos cordiales. Ivan

    domingo, 29 de abril de 2012 20:42
  • Sigue sin aceptar el comando. En cuanto pueda actualizo los drivers de red.

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {14, 2, 0, 8bef9bf2}

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8bef9bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000014 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd9754c -- (.trap 0xffffffff8dd9754c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8bef9bf2 esp=8dd975c0 ebp=8dd975d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8bef9bf2 to 82a8a5eb

    STACK_TEXT:  
    8dd9754c 8bef9bf2 badb0d00 ffffffbc 919420d4 nt!KiTrap0E+0x2cf
    8dd975d0 8c047b46 85f97e50 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd97600 8c09677a 887994e0 8dd97650 8dd9764c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd97694 8c094dc6 861a6f40 887994e0 8dd976bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd97700 8c078438 861a6f40 887994e0 00d97774 tcpip!TcpTcbReceive+0x228
    8dd97768 8c078c6a 860d1d78 8619d000 00000000 tcpip!TcpMatchReceive+0x237
    8dd977b8 8c078cab 861a6f40 8619d000 00009efb tcpip!TcpPreValidatedReceive+0x293
    8dd977d4 8c072fd5 861a6f40 8619d000 8dd97810 tcpip!TcpReceive+0x2d
    8dd977e4 8c07b20b 8dd977f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd97810 8c07ab56 8c0f6198 8dd97864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd97830 8c078f18 8c0f5fa8 00000006 8dd97864 tcpip!IppProcessDeliverList+0x2a
    8dd97888 8c07a9ff 8c0f5fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd9791c 8c088e2c 86a2ee78 00000000 86162500 tcpip!IpFlcReceivePackets+0xbe5
    8dd97998 8c08345e 86b40cf8 882e66f8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd979cc 82ad2654 882e66f8 a7f90c6c 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd97a34 8c0835cc 8c083340 8dd97a5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd97a70 8bea418d 86b40c00 882e6601 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd97aa8 8be925be 86b42aa8 882e66f8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd97ad0 8be924b2 00000000 882e66f8 866430e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd97c4c 8be3dc1d 866430e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd97c68 8be92553 866430e0 882e66f8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd97c90 8be3dc78 866430e0 882e66f8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd97cb8 922fa6b7 866430e0 882e66f8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd97cd8 922f5730 86a34e18 882e66f8 86a34e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd97cec 82c5d558 86a34e18 923062c0 853aaa70 tunnel!LwWorker+0x12
    8dd97d00 82ac6a8b 885467d8 00000000 853aaa70 nt!IopProcessWorkItem+0x23
    8dd97d50 82c52056 00000001 a7f90bc8 00000000 nt!ExpWorkerThread+0x10d
    8dd97d90 82afa219 82ac697e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

    2: kd> !IRP 85f97e50
    IRP signature does not match, probably not an IRP


    • Editado North Lord domingo, 29 de abril de 2012 22:30
    domingo, 29 de abril de 2012 22:30
  • Disculpa cometi un error, el dato que se debe analizar es este:

    Arg2: 00000002, IRQL

    Asi que deberia ser:

    !IRP 00000002

    Voy a tener que regresar a la escuelita :-(


    Saludos cordiales. Ivan

    lunes, 30 de abril de 2012 0:29
  • Sigue dando la misma respuesta.

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {14, 2, 0, 8bef9bf2}

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8bef9bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000014 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd9754c -- (.trap 0xffffffff8dd9754c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8bef9bf2 esp=8dd975c0 ebp=8dd975d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8bef9bf2 to 82a8a5eb

    STACK_TEXT:  
    8dd9754c 8bef9bf2 badb0d00 ffffffbc 919420d4 nt!KiTrap0E+0x2cf
    8dd975d0 8c047b46 85f97e50 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd97600 8c09677a 887994e0 8dd97650 8dd9764c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd97694 8c094dc6 861a6f40 887994e0 8dd976bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd97700 8c078438 861a6f40 887994e0 00d97774 tcpip!TcpTcbReceive+0x228
    8dd97768 8c078c6a 860d1d78 8619d000 00000000 tcpip!TcpMatchReceive+0x237
    8dd977b8 8c078cab 861a6f40 8619d000 00009efb tcpip!TcpPreValidatedReceive+0x293
    8dd977d4 8c072fd5 861a6f40 8619d000 8dd97810 tcpip!TcpReceive+0x2d
    8dd977e4 8c07b20b 8dd977f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd97810 8c07ab56 8c0f6198 8dd97864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd97830 8c078f18 8c0f5fa8 00000006 8dd97864 tcpip!IppProcessDeliverList+0x2a
    8dd97888 8c07a9ff 8c0f5fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd9791c 8c088e2c 86a2ee78 00000000 86162500 tcpip!IpFlcReceivePackets+0xbe5
    8dd97998 8c08345e 86b40cf8 882e66f8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd979cc 82ad2654 882e66f8 a7f90c6c 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd97a34 8c0835cc 8c083340 8dd97a5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd97a70 8bea418d 86b40c00 882e6601 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd97aa8 8be925be 86b42aa8 882e66f8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd97ad0 8be924b2 00000000 882e66f8 866430e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd97c4c 8be3dc1d 866430e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd97c68 8be92553 866430e0 882e66f8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd97c90 8be3dc78 866430e0 882e66f8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd97cb8 922fa6b7 866430e0 882e66f8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd97cd8 922f5730 86a34e18 882e66f8 86a34e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd97cec 82c5d558 86a34e18 923062c0 853aaa70 tunnel!LwWorker+0x12
    8dd97d00 82ac6a8b 885467d8 00000000 853aaa70 nt!IopProcessWorkItem+0x23
    8dd97d50 82c52056 00000001 a7f90bc8 00000000 nt!ExpWorkerThread+0x10d
    8dd97d90 82afa219 82ac697e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

    2: kd> !IRP 00000002
    00000002: Could not read Irp

    lunes, 30 de abril de 2012 8:02
  • Se veia tan sencillo al principio.
    Toda la informacion que encuentro sobre el componente  !RtlCopyBufferToMdl+1c lleva al antivirus Mccafee, pero dices que nunca ha estado instalado en  ese equipo.

    A ver si es posible que subas el memory.dmp a Skydrive para meterle el  ojo por aqui y ver que ocurre.


    Saludos cordiales. Ivan
    lunes, 30 de abril de 2012 18:50
  • Estoy en ello. Son más de 200MB, así que es posible que me cueste.

    Te aviso en cuanto lo tenga.

    lunes, 30 de abril de 2012 19:17
  • Ya lo he subido, pero no veo la opción de mensaje privado para enviarte el link con el enlace. ¿Cómo quieres que lo haga?
    martes, 1 de mayo de 2012 12:14
  • Si lo pones privado no se podra poner en el foro, dejalo publico, por favor.

    A ver si tenemos suerte en esta ocasion.


    Saludos cordiales. Ivan

    martes, 1 de mayo de 2012 17:00
  • https://skydrive.live.com/redir.aspx?cid=7517d436d4ac6577&resid=7517D436D4AC6577!170&parid=7517D436D4AC6577!169&authkey=!ADcnMjLXbHUOsxo

    Ahí va el link. De nuevo, siento el retraso.

    sábado, 5 de mayo de 2012 10:12
  • El resultado es igual a los que hiciste. Lo que me llama la atencion es que windbg no muestra ningun resultado hasta no poner el comando !analyze -v

    Revisando un poco veo que no muestra el mensaje "Probably caused by..." y tampoco "Address of the IRP" que son los que nos servirian de guia para ejecuta cualquier otro comando. Primera ocasion que Windbg se queda ciego.

    La recomendacion que puedo hacer seria:

    Actualizar los drivers de red, inalambrica o cableada.

    Aunque el antivirus Mcafee no estuvo instalado en ese equipo, el analisis sigue apuntando a un componente de este. Encontré otro vinculo para el limpiador, este si funciona:

    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

    Comentanos cualquier resultado.

    ******************************************

    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\Documentos de Ivan\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*D:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17790.x86fre.win7sp1_gdr.120305-1505
    Machine Name:
    Kernel base = 0x82a49000 PsLoadedModuleList = 0x82b924d0
    Debug session time: Sun Apr 22 09:17:51.362 2012 (UTC - 5:30)
    System Uptime: 0 days 0:35:19.923
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols

    Loading unloaded module list
    .........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {14, 2, 0, 8bef9bf2}

    Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1c )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8bef9bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  00000014

    CURRENT_IRQL:  2

    FAULTING_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8dd9754c -- (.trap 0xffffffff8dd9754c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8bef9bf2 esp=8dd975c0 ebp=8dd975d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8bef9bf2 to 82a8a5eb

    STACK_TEXT: 
    8dd9754c 8bef9bf2 badb0d00 ffffffbc 919420d4 nt!KiTrap0E+0x2cf
    8dd975d0 8c047b46 85f97e50 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8dd97600 8c09677a 887994e0 8dd97650 8dd9764c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8dd97694 8c094dc6 861a6f40 887994e0 8dd976bc tcpip!TcpTcbCarefulDatagram+0x168a
    8dd97700 8c078438 861a6f40 887994e0 00d97774 tcpip!TcpTcbReceive+0x228
    8dd97768 8c078c6a 860d1d78 8619d000 00000000 tcpip!TcpMatchReceive+0x237
    8dd977b8 8c078cab 861a6f40 8619d000 00009efb tcpip!TcpPreValidatedReceive+0x293
    8dd977d4 8c072fd5 861a6f40 8619d000 8dd97810 tcpip!TcpReceive+0x2d
    8dd977e4 8c07b20b 8dd977f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8dd97810 8c07ab56 8c0f6198 8dd97864 c000023e tcpip!IppDeliverListToProtocol+0x49
    8dd97830 8c078f18 8c0f5fa8 00000006 8dd97864 tcpip!IppProcessDeliverList+0x2a
    8dd97888 8c07a9ff 8c0f5fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8dd9791c 8c088e2c 86a2ee78 00000000 86162500 tcpip!IpFlcReceivePackets+0xbe5
    8dd97998 8c08345e 86b40cf8 882e66f8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8dd979cc 82ad2654 882e66f8 a7f90c6c 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8dd97a34 8c0835cc 8c083340 8dd97a5c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8dd97a70 8bea418d 86b40c00 882e6601 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8dd97aa8 8be925be 86b42aa8 882e66f8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8dd97ad0 8be924b2 00000000 882e66f8 866430e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8dd97c4c 8be3dc1d 866430e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8dd97c68 8be92553 866430e0 882e66f8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8dd97c90 8be3dc78 866430e0 882e66f8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8dd97cb8 922fa6b7 866430e0 882e66f8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8dd97cd8 922f5730 86a34e18 882e66f8 86a34e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8dd97cec 82c5d558 86a34e18 923062c0 853aaa70 tunnel!LwWorker+0x12
    8dd97d00 82ac6a8b 885467d8 00000000 853aaa70 nt!IopProcessWorkItem+0x23
    8dd97d50 82c52056 00000001 a7f90bc8 00000000 nt!ExpWorkerThread+0x10d
    8dd97d90 82afa219 82ac697e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8bef9bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------

     

    STOP: 0x000000d1


    Saludos cordiales. Ivan

    domingo, 6 de mayo de 2012 16:25