Microsoft (R) Windows Debugger Version 10.0.10586.567 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. Symbol search path is: srv* Executable search path is: *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe - Windows 10 Kernel Version 10586 MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 10586.420.x86fre.th2_release_sec.160527-1834 Machine Name: Kernel base = 0x81a01000 PsLoadedModuleList = 0x81c071b8 Debug session time: Tue Jul 12 08:45:51.264 2016 (UTC + 1:00) System Uptime: 2 days 17:40:46.115 Loading Kernel Symbols ............................................................... ................................................................ .......................................................Page 50111 not present in the dump file. Type ".hh dbgerr004" for details ... Loading User Symbols PEB is paged out (Peb.Ldr = 0105000c). Type ".hh dbgerr001" for details Loading unloaded module list .................................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {196078, 2, 2, 8ade1260} *** ERROR: Module load completed but symbols could not be loaded for Win10Pcap.sys Probably caused by : Win10Pcap.sys ( Win10Pcap+1260 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00196078, memory referenced Arg2: 00000002, IRQL Arg3: 00000002, value 0 = read operation, 1 = write operation Arg4: 8ade1260, address which referenced memory Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 10586.420.x86fre.th2_release_sec.160527-1834 SYSTEM_MANUFACTURER: Dell Inc. SYSTEM_PRODUCT_NAME: Inspiron 530 BIOS_VENDOR: Dell Inc. BIOS_VERSION: 1.0.18 BIOS_DATE: 02/24/2009 BASEBOARD_MANUFACTURER: Dell Inc. BASEBOARD_PRODUCT: 0FM586 BASEBOARD_VERSION: DUMP_TYPE: 1 BUGCHECK_P1: 196078 BUGCHECK_P2: 2 BUGCHECK_P3: 2 BUGCHECK_P4: ffffffff8ade1260 READ_ADDRESS: 00196078 CURRENT_IRQL: 2 FAULTING_IP: Win10Pcap+1260 8ade1260 894c1004 mov dword ptr [eax+edx+4],ecx CPU_COUNT: 4 CPU_MHZ: 918 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 17 CPU_STEPPING: 7 CPU_MICROCODE: 6,17,7,0 (F,M,S,R) SIG: 70B'00000000 (cache) 70B'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: PowerLine Util ANALYSIS_SESSION_HOST: JOHNHOLLAND-PC ANALYSIS_SESSION_TIME: 07-12-2016 16:27:19.0086 ANALYSIS_VERSION: 10.0.10586.567 x86fre TRAP_FRAME: b63d5b68 -- (.trap 0xffffffffb63d5b68) ErrCode = 00000002 eax=0017b240 ebx=9b57c303 ecx=000005a6 edx=0001ae34 esi=9b57c328 edi=00000000 eip=8ade1260 esp=b63d5bdc ebp=b63d5c28 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 Win10Pcap+0x1260: 8ade1260 894c1004 mov dword ptr [eax+edx+4],ecx ds:0023:00196078=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 81b2ae6a to 81b18f3c STACK_TEXT: b63d5ac0 81b2ae6a 0000000a 00196078 00000002 nt!KiBugCheck2 b63d5ac0 8ade1260 0000000a 00196078 00000002 nt!KiTrap0E+0x1ca WARNING: Stack unwind information not available. Following frames may be wrong. b63d5c28 81a473c3 9b57c328 96674c10 9b57c301 Win10Pcap+0x1260 b63d5c44 81cc7e57 96674ca4 96674c10 9b57c328 nt!IofCallDriver+0x43 b63d5c98 81c842f3 d558b4b0 00000001 00000001 nt!IopSynchronousServiceTail+0x137 b63d5d28 81b27787 9b57c328 00000000 00000000 nt!NtReadFile+0x443 b63d5d28 771113f0 9b57c328 00000000 00000000 nt!KiSystemServicePostCall 26e49b88 00000000 00000000 00000000 00000000 0x771113f0 STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: 505fa214ceecd5f6670971ffc2bfaa1a6c636787 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ee6eadf463d83db820da910f2c94b3eea21f5bf1 THREAD_SHA1_HASH_MOD: f1534525f6dcdfd2fd65f5818d607c12d752bc47 FOLLOWUP_IP: Win10Pcap+1260 8ade1260 894c1004 mov dword ptr [eax+edx+4],ecx FAULT_INSTR_CODE: 4104c89 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: Win10Pcap+1260 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Win10Pcap IMAGE_NAME: Win10Pcap.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5615dd3e BUCKET_ID_FUNC_OFFSET: 1260 FAILURE_BUCKET_ID: AV_Win10Pcap!Unknown_Function BUCKET_ID: AV_Win10Pcap!Unknown_Function PRIMARY_PROBLEM_CLASS: AV_Win10Pcap!Unknown_Function TARGET_TIME: 2016-07-12T07:45:51.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 784 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x86 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-05-28 04:59:14 BUILDDATESTAMP_STR: 160527-1834 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.420.x86fre.th2_release_sec.160527-1834 ANALYSIS_SESSION_ELAPSED_TIME: 33f7 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_win10pcap!unknown_function FAILURE_ID_HASH: {f09fb7a3-7db6-0b83-0237-f175413bcc89} Followup: MachineOwner ---------