BSOD [SYSTEM_SERVICE_EXCEPTION] Windows 7 Pro sp1 x64

Discussion in 'Windows 7' started by r@pt0r, Apr 26, 2011.

  1. r@pt0r

    r@pt0r MDL Novice

    Jul 27, 2010
    6
    0
    0
    #1 r@pt0r, Apr 26, 2011
    Last edited: Apr 26, 2011
    Bug Code : 0x0000003b
    Caused by : ntoskrnl.exe
    Caused at : ntoskrnl.exe+80640
    File ver : 6.1.7601.17514 (win7sp1_rtm.101119-1850)

    test ram as well as drive but still under testing any one experienced the same issue

    so i ran a test and found bug in process explorer

    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\042411-30264-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`02a1b000 PsLoadedModuleList = 0xfffff800`02c60e90
    Debug session time: Sun Apr 24 15:06:01.590 2011 (UTC + 5:30)
    System Uptime: 0 days 1:44:48.947
    Loading Kernel Symbols
    .

    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.

    ..............................................................
    ................................................................
    ......................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 3B, {c0000005, fffff80002abac3e, fffff88008a85100, 0}

    Unable to load image \??\C:\Windows\system32\Drivers\PROCEXP110.SYS, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for PROCEXP110.SYS
    *** ERROR: Module load completed but symbols could not be loaded for PROCEXP110.SYS


    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff80002abac3e, Address of the instruction which caused the bugcheck
    Arg3: fffff88008a85100, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    FAULTING_IP:
    nt!ExfReleaseRundownProtection+2a
    fffff800`02abac3e f0488301ff lock add qword ptr [rcx],0FFFFFFFFFFFFFFFFh

    CONTEXT: fffff88008a85100 -- (.cxr 0xfffff88008a85100)
    rax=0000000000000001 rbx=fffff88006ef522c rcx=0000000000000000
    rdx=fffffffffffffffe rsi=00000000000015a9 rdi=0000000000000000
    rip=fffff80002abac3e rsp=fffff88008a85ae0 rbp=fffff88008a867c0
    r8=fffffa80086609c8 r9=0000000000000530 r10=fffff80002a1b000
    r11=fffff80002e21770 r12=fffff88006ef5224 r13=00000000000015a7
    r14=fffff88006ef2000 r15=fffff88008a85d20
    iopl=0 nv up ei pl zr na po nc
    cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
    nt!ExfReleaseRundownProtection+0x2a:
    fffff800`02abac3e f0488301ff lock add qword ptr [rcx],0FFFFFFFFFFFFFFFFh ds:002b:00000000`00000000=????????????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    BUGCHECK_STR: 0x3B

    PROCESS_NAME: procexp64.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from fffff80002e21795 to fffff80002abac3e

    STACK_TEXT:
    fffff880`08a85ae0 fffff800`02e21795 : fffff880`00000000 00000000`00000000 00000000`00001500 fffff880`08a867c0 : nt!ExfReleaseRundownProtection+0x2a
    fffff880`08a85b10 fffff880`06ef3781 : fffff880`08a867c0 fffff880`06ef522c 00000000`000015a9 00000000`0233ff80 : nt!PsReleaseProcessExitSynchronization+0x25
    fffff880`08a85b40 fffff880`08a867c0 : fffff880`06ef522c 00000000`000015a9 00000000`0233ff80 00000000`00000000 : PROCEXP110+0x1781
    fffff880`08a85b48 fffff880`06ef522c : 00000000`000015a9 00000000`0233ff80 00000000`00000000 00000000`00000000 : 0xfffff880`08a867c0
    fffff880`08a85b50 00000000`000015a9 : 00000000`0233ff80 00000000`00000000 00000000`00000000 fffff900`ffffffff : PROCEXP110+0x322c
    fffff880`08a85b58 00000000`0233ff80 : 00000000`00000000 00000000`00000000 fffff900`ffffffff 00000004`00000000 : 0x15a9
    fffff880`08a85b60 00000000`00000000 : 00000000`00000000 fffff900`ffffffff 00000004`00000000 fffff960`003b6e80 : 0x233ff80


    FOLLOWUP_IP:
    PROCEXP110+1781
    fffff880`06ef3781 ?? ???

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: PROCEXP110+1781

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: PROCEXP110

    IMAGE_NAME: PROCEXP110.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP: 46cb2323

    STACK_COMMAND: .cxr 0xfffff88008a85100 ; kb

    FAILURE_BUCKET_ID: X64_0x3B_PROCEXP110+1781

    BUCKET_ID: X64_0x3B_PROCEXP110+1781

    Followup: MachineOwner
    ---------