Code:
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WDF_VIOLATION (10d)
The Kernel-Mode Driver Framework was notified that Windows detected an error
in a framework-based driver. In general, the dump file will yield additional
information about the driver that caused this bug check.
Arguments:
Arg1: 0000000000000005, A framework object handle of the incorrect type was passed to
a framework object method.
Arg2: 0000000000000000, The handle value passed in.
Arg3: 0000000000001401, Reserved.
Arg4: fffffa8008feb960, Reserved.
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: fffff80002e60000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc19f
BUGCHECK_STR: 0x10D_5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff88000f0c808 to fffff80002edcc40
STACK_TEXT:
fffff880`073c8cc8 fffff880`00f0c808 : 00000000`0000010d 00000000`00000005 00000000`00000000 00000000`00001401 : nt+0x7cc40
fffff880`073c8cd0 00000000`0000010d : 00000000`00000005 00000000`00000000 00000000`00001401 fffffa80`08feb960 : Wdf01000+0x3808
fffff880`073c8cd8 00000000`00000005 : 00000000`00000000 00000000`00001401 fffffa80`08feb960 fffffa80`0a129e70 : 0x10d
fffff880`073c8ce0 00000000`00000000 : 00000000`00001401 fffffa80`08feb960 fffffa80`0a129e70 0000057f`f502e788 : 0x5
STACK_COMMAND: kb
FOLLOWUP_IP:
Wdf01000+3808
fffff880`00f0c808 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Wdf01000+3808
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
3: kd> lmvm Wdf01000
start end module name
fffff880`00f09000 fffff880`00fad000 Wdf01000 T (no symbols)
Loaded symbol image file: Wdf01000.sys
Image path: \SystemRoot\system32\drivers\Wdf01000.sys
Image name: Wdf01000.sys
Timestamp: Tue Jul 14 01:22:07 2009 (4A5BC19F)
CheckSum: 000A2E74
ImageSize: 000A4000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
3: kd> lmvm nt
start end module name
fffff800`02e60000 fffff800`03449000 nt T (no symbols)
Loaded symbol image file: ntoskrnl.exe
Image path: \SystemRoot\system32\ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Thu Jun 23 04:53:23 2011 (4E02AAA3)
CheckSum: 0055C228
ImageSize: 005E9000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
zweiter Teil