Windows TCPIP.SYS problem BLUESCREEN and reboot

[MaciejKra]

Hi, after installing vista and Bitspirit (torrent client) my system
restarts form time to time (but before this i have the blue screen)
here is the dump file (maybe somebody could help):


Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Downloads\Mini081807-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search
path. *
* Use .symfix to have the debugger choose a symbol
path. *
* After setting your symbol path, use .reload to refresh symbol
locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error
0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList =
0xfffff800`01d9af50
Debug session time: Sat Aug 18 20:21:21.107 2007 (GMT+2)
System Uptime: 0 days 6:17:15.929
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error
0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntoskrnl.exe
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {1000028, 2, 0, fffff9800d545d79}

Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32
error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for
tcpip.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
Probably caused by : tcpip.sys ( tcpip+7dd79 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000001000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff9800d545d79, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************

MODULE_NAME: tcpip

FAULTING_MODULE: fffff80001c00000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4549bee1

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0000000001000028

CURRENT_IRQL: 2

FAULTING_IP:
tcpip+7dd79
fffff980`0d545d79 ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from fffff80001c4d973 to fffff80001c4dbd0

STACK_TEXT:
fffff980`03ee0438 fffff800`01c4d973 : 00000000`0000000a
00000000`01000028 00000000`00000002 00000000`00000000 : nt+0x4dbd0
fffff980`03ee0440 00000000`0000000a : 00000000`01000028
00000000`00000002 00000000`00000000 fffff980`0d545d79 : nt+0x4d973
fffff980`03ee0448 00000000`01000028 : 00000000`00000002
00000000`00000000 fffff980`0d545d79 fffffa80`090c1770 : 0xa
fffff980`03ee0450 00000000`00000002 : 00000000`00000000
fffff980`0d545d79 fffffa80`090c1770 00000000`00000000 : 0x1000028
fffff980`03ee0458 00000000`00000000 : fffff980`0d545d79
fffffa80`090c1770 00000000`00000000 00000000`00000000 : 0x2
fffff980`03ee0460 fffff980`0d545d79 : fffffa80`090c1770
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0468 fffffa80`090c1770 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : tcpip+0x7dd79
fffff980`03ee0470 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
0xfffffa80`090c1770
fffff980`03ee0478 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0480 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0488 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0490 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0498 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04a0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04a8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04b0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04b8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04c0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04c8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04d0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04d8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04e0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04e8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee04f0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 fffff6fb`7da00000 : 0x0
fffff980`03ee04f8 00000000`00000000 : 00000000`00000000
00000000`00000000 fffff6fb`7da00000 00000000`00000000 : 0x0
fffff980`03ee0500 00000000`00000000 : 00000000`00000000
fffff6fb`7da00000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0508 00000000`00000000 : fffff6fb`7da00000
00000000`00000000 00000000`00000000 00000980`00000000 : 0x0
fffff980`03ee0510 fffff6fb`7da00000 : 00000000`00000000
00000000`00000000 00000980`00000000 0000007f`fffffff8 : 0x0
fffff980`03ee0518 00000000`00000000 : 00000000`00000000
00000980`00000000 0000007f`fffffff8 00000000`00000000 :
0xfffff6fb`7da00000
fffff980`03ee0520 00000000`00000000 : 00000980`00000000
0000007f`fffffff8 00000000`00000000 fffff980`03ee0868 : 0x0
fffff980`03ee0528 00000980`00000000 : 0000007f`fffffff8
00000000`00000000 fffff980`03ee0868 00000000`00000009 : 0x0
fffff980`03ee0530 0000007f`fffffff8 : 00000000`00000000
fffff980`03ee0868 00000000`00000009 fffffa80`090021b8 : 0x980`00000000
fffff980`03ee0538 00000000`00000000 : fffff980`03ee0868
00000000`00000009 fffffa80`090021b8 00000000`00000009 : 0x7f`fffffff8
fffff980`03ee0540 fffff980`03ee0868 : 00000000`00000009
fffffa80`090021b8 00000000`00000009 fffffa80`092651e0 : 0x0
fffff980`03ee0548 00000000`00000009 : fffffa80`090021b8
00000000`00000009 fffffa80`092651e0 fffffa80`09265290 :
0xfffff980`03ee0868
fffff980`03ee0550 fffffa80`090021b8 : 00000000`00000009
fffffa80`092651e0 fffffa80`09265290 fffffa80`092652a8 : 0x9
fffff980`03ee0558 00000000`00000009 : fffffa80`092651e0
fffffa80`09265290 fffffa80`092652a8 fffff800`01c4c84b :
0xfffffa80`090021b8
fffff980`03ee0560 fffffa80`092651e0 : fffffa80`09265290
fffffa80`092652a8 fffff800`01c4c84b 00000000`00000000 : 0x9
fffff980`03ee0568 fffffa80`09265290 : fffffa80`092652a8
fffff800`01c4c84b 00000000`00000000 fffffa80`090021b8 :
0xfffffa80`092651e0
fffff980`03ee0570 fffffa80`092652a8 : fffff800`01c4c84b
00000000`00000000 fffffa80`090021b8 00000000`3851d800 :
0xfffffa80`09265290
fffff980`03ee0578 fffff800`01c4c84b : 00000000`00000000
fffffa80`090021b8 00000000`3851d800 00000000`00000000 :
0xfffffa80`092652a8
fffff980`03ee0580 00000000`00000000 : fffffa80`090021b8
00000000`3851d800 00000000`00000000 00000000`00000000 : nt+0x4c84b
fffff980`03ee0588 fffffa80`090021b8 : 00000000`3851d800
00000000`00000000 00000000`00000000 00001f80`01001770 : 0x0
fffff980`03ee0590 00000000`3851d800 : 00000000`00000000
00000000`00000000 00001f80`01001770 00000000`01000000 :
0xfffffa80`090021b8
fffff980`03ee0598 00000000`00000000 : 00000000`00000000
00001f80`01001770 00000000`01000000 00000000`00000001 : 0x3851d800
fffff980`03ee05a0 00000000`00000000 : 00001f80`01001770
00000000`01000000 00000000`00000001 fffffa80`069f90e0 : 0x0
fffff980`03ee05a8 00001f80`01001770 : 00000000`01000000
00000000`00000001 fffffa80`069f90e0 00000000`00000009 : 0x0
fffff980`03ee05b0 00000000`01000000 : 00000000`00000001
fffffa80`069f90e0 00000000`00000009 fffffa80`092651f0 :
0x1f80`01001770
fffff980`03ee05b8 00000000`00000001 : fffffa80`069f90e0
00000000`00000009 fffffa80`092651f0 00000000`00000000 : 0x1000000
fffff980`03ee05c0 fffffa80`069f90e0 : 00000000`00000009
fffffa80`092651f0 00000000`00000000 fffffa80`09265030 : 0x1
fffff980`03ee05c8 00000000`00000009 : fffffa80`092651f0
00000000`00000000 fffffa80`09265030 00000000`00000000 :
0xfffffa80`069f90e0
fffff980`03ee05d0 fffffa80`092651f0 : 00000000`00000000
fffffa80`09265030 00000000`00000000 00000000`00000000 : 0x9
fffff980`03ee05d8 00000000`00000000 : fffffa80`09265030
00000000`00000000 00000000`00000000 00000000`00000000 :
0xfffffa80`092651f0
fffff980`03ee05e0 fffffa80`09265030 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee05e8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
0xfffffa80`09265030
fffff980`03ee05f0 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee05f8 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0600 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0608 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0610 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0618 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0620 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0628 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff980`03ee0630 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`01000028 : 0x0
fffff980`03ee0638 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`01000028 00000014`0040000c : 0x0
fffff980`03ee0640 00000000`00000000 : 00000000`00000000
00000000`01000028 00000014`0040000c fffffa80`039bc3a0 : 0x0
fffff980`03ee0648 00000000`00000000 : 00000000`01000028
00000014`0040000c fffffa80`039bc3a0 fffffa80`01e38530 : 0x0
fffff980`03ee0650 00000000`01000028 : 00000014`0040000c
fffffa80`039bc3a0 fffffa80`01e38530 fffffa80`03b3b350 : 0x0
fffff980`03ee0658 00000014`0040000c : fffffa80`039bc3a0
fffffa80`01e38530 fffffa80`03b3b350 fffffa80`039c2300 : 0x1000028
fffff980`03ee0660 fffffa80`039bc3a0 : fffffa80`01e38530
fffffa80`03b3b350 fffffa80`039c2300 00000000`15a3db57 : 0x14`0040000c
fffff980`03ee0668 fffffa80`01e38530 : fffffa80`03b3b350
fffffa80`039c2300 00000000`15a3db57 00000000`00000000 :
0xfffffa80`039bc3a0
fffff980`03ee0670 fffffa80`03b3b350 : fffffa80`039c2300
00000000`15a3db57 00000000`00000000 fffffa80`090c19cc :
0xfffffa80`01e38530
fffff980`03ee0678 fffffa80`039c2300 : 00000000`15a3db57
00000000`00000000 fffffa80`090c19cc 00000000`00000001 :
0xfffffa80`03b3b350
fffff980`03ee0680 00000000`15a3db57 : 00000000`00000000
fffffa80`090c19cc 00000000`00000001 fffffa80`090c19c8 :
0xfffffa80`039c2300
fffff980`03ee0688 00000000`00000000 : fffffa80`090c19cc
00000000`00000001 fffffa80`090c19c8 00000000`00000000 : 0x15a3db57


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip+7dd79
fffff980`0d545d79 ?? ???

SYMBOL_STACK_INDEX: 6

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: tcpip.sys

SYMBOL_NAME: tcpip+7dd79

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

 

[MaciejKra]

i,m using vista buisness 64bit

 

[Andrew McLaren]

Hi, after installing vista and Bitspirit (torrent client) my system
restarts form time to time (but before this i have the blue screen)
here is the dump file (maybe somebody could help):


Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Downloads\Mini081807-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************

The Dump analysis doesn't show much, because your symbol path was invalid.

Create an environmental variable _NT_SYMBOL_PATH, and set it to a suitable
location - you'll probably want to use Microsoft's public symbol server, on
the Internet:

SET
_NT_SYMBOL_PATH=srv*C:\Symbols*http://msdl.microsoft.com/download/symbols

Then run the dump analysis again. See here for info on getting started with
WinDBG:
http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx

But, as a first stab at the problem ... I'd be ssurprised if this is a bug
in TCPIP.SYS itself. This is some of the most heavily-exercised code in
existence. Even if it only crashes once in a billion iterations, I'd expect
to hear hundreds of thousands of such blue screens, every day.

It's more likely that something else in the stack is passing a bad parameter
to TCPIP, or corrupting the pool. As a general health-and-fitness thing,
make sure you have the latest drivers for your network card, plus any other
device driver and firmware updates. It wold help to know what type of
machine you have, and which network adapter.

Let us know how you get on,

 

[MaciejKra]

Hi thanks for reply,
my hardware in general Intel Core Duo 2 E6850
2gb RAM (1066Mhz on Dual)
Motherboard: Gigabyte GA-P35-DS3R
2 network cards (i'm sharing the connection to another computer)
1) Realtek RTL8139/810x Family
2) Realtek RTL8168B/8111B (on board)

I have the newest Drivers and Firmwares... and also all Vista Updates

And here is my Dump analysys:


Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Downloads\Mini081807-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/
download/symbols

Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16514.amd64fre.vista_gdr.070627-1500
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList =
0xfffff800`01d9af50
Debug session time: Sat Aug 18 20:21:21.107 2007 (GMT+2)
System Uptime: 0 days 6:17:15.929
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {1000028, 2, 0, fffff9800d545d79}

Unable to load image \??\C:\Windows\system32\drivers\nltdi.sys, Win32
error 0n2
*** WARNING: Unable to verify timestamp for nltdi.sys
*** ERROR: Module load completed but symbols could not be loaded for
nltdi.sys
Probably caused by : tdx.sys ( tdx!TdxSendConnection+2a0 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000001000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff9800d545d79, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from
fffff80001dfa0b0
0000000001000028

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!TcpSegmentTcbSend+320
fffff980`0d545d79 037828 add edi,dword ptr [rax+28h]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

TRAP_FRAME: fffff98003ee0580 -- (.trap 0xfffff98003ee0580)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000001000000 rbx=0000000000000000 rcx=0000000000000001
rdx=fffffa80069f90e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff9800d545d79 rsp=fffff98003ee0710 rbp=fffffa800815e870
r8=0000000000000009 r9=fffffa80092651f0 r10=0000000000000000
r11=fffffa8009265030 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
tcpip!TcpSegmentTcbSend+0x320:
fffff980`0d545d79 037828 add edi,dword ptr [rax+28h] ds:
19bc:00000000`01000028=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c4d973 to fffff80001c4dbd0

STACK_TEXT:
fffff980`03ee0438 fffff800`01c4d973 : 00000000`0000000a
00000000`01000028 00000000`00000002 00000000`00000000 : nt!
KeBugCheckEx
fffff980`03ee0440 fffff800`01c4c84b : 00000000`00000000
fffffa80`090021b8 00000000`3851d800 00000000`00000000 : nt!
KiBugCheckDispatch+0x73
fffff980`03ee0580 fffff980`0d545d79 : fffff980`0d5d35e0
00000000`00000000 fffff980`03ee0960 fffff980`0085c8c5 : nt!KiPageFault
+0x20b
fffff980`03ee0710 fffff980`0d544562 : 00000000`bccfde28
fffffa80`092651e0 fffffa80`092651f0 00000000`00228afb : tcpip!
TcpSegmentTcbSend+0x320
fffff980`03ee07a0 fffff980`0d5451b6 : 0000002c`00000000
00000000`00000001 00000000`00000014 fffffa80`02120610 : tcpip!
TcpBeginTcbSend+0x3e2
fffff980`03ee0910 fffff980`0d54c1ac : 00000000`00000014
00000000`00000000 fffffa80`0815e870 fffff980`03ee0000 : tcpip!
TcpTcbSend+0x1a6
fffff980`03ee0ac0 fffff980`03e6e9cc : fffffa80`039e65b0
fffffa80`08cd6a40 fffffa80`039e65b0 00000000`00000000 : tcpip!
TcpEnqueueTcbSend+0x1dc
fffff980`03ee0b30 fffff980`03e74537 : fffffa80`03a34138
fffffa80`09002010 fffffa80`03a16b30 00000000`00003c00 : tdx!
TdxSendConnection+0x2a0
fffff980`03ee0c20 fffff980`03f29144 : fffffa80`09002010
00000000`00000000 fffffa80`024163a0 fffffa80`03a34040 : tdx!
TdxTdiDispatchInternalDeviceControl+0x1c3
fffff980`03ee0c50 fffffa80`09002010 : 00000000`00000000
fffffa80`024163a0 fffffa80`03a34040 00000000`00000000 : nltdi+0x1144
fffff980`03ee0c58 00000000`00000000 : fffffa80`024163a0
fffffa80`03a34040 00000000`00000000 fffff980`03f2cddc :
0xfffffa80`09002010
fffff980`03ee0c60 fffffa80`024163a0 : fffffa80`03a34040
00000000`00000000 fffff980`03f2cddc fffffa80`09255800 : 0x0
fffff980`03ee0c68 fffffa80`03a34040 : 00000000`00000000
fffff980`03f2cddc fffffa80`09255800 00000000`00003c00 :
0xfffffa80`024163a0
fffff980`03ee0c70 00000000`00000000 : fffff980`03f2cddc
fffffa80`09255800 00000000`00003c00 fffffa80`05849660 :
0xfffffa80`03a34040
fffff980`03ee0c78 fffff980`03f2cddc : fffffa80`09255800
00000000`00003c00 fffffa80`05849660 fffffa80`09002010 : 0x0
fffff980`03ee0c80 fffffa80`09255800 : 00000000`00003c00
fffffa80`05849660 fffffa80`09002010 fffffa80`08cb8580 : nltdi+0x4ddc
fffff980`03ee0c88 00000000`00003c00 : fffffa80`05849660
fffffa80`09002010 fffffa80`08cb8580 fffff980`03f2997c :
0xfffffa80`09255800
fffff980`03ee0c90 fffffa80`05849660 : fffffa80`09002010
fffffa80`08cb8580 fffff980`03f2997c fffff980`00ce2bc0 : 0x3c00
fffff980`03ee0c98 fffffa80`09002010 : fffffa80`08cb8580
fffff980`03f2997c fffff980`00ce2bc0 fffffa80`01886040 :
0xfffffa80`05849660
fffff980`03ee0ca0 fffffa80`08cb8580 : fffff980`03f2997c
fffff980`00ce2bc0 fffffa80`01886040 00000000`00000000 :
0xfffffa80`09002010
fffff980`03ee0ca8 fffff980`03f2997c : fffff980`00ce2bc0
fffffa80`01886040 00000000`00000000 fffff980`03f2dfcc :
0xfffffa80`08cb8580
fffff980`03ee0cb0 fffff980`00ce2bc0 : fffffa80`01886040
00000000`00000000 fffff980`03f2dfcc fffffa80`09255800 : nltdi+0x197c
fffff980`03ee0cb8 fffffa80`01886040 : 00000000`00000000
fffff980`03f2dfcc fffffa80`09255800 fffff980`03f2cfd5 :
0xfffff980`00ce2bc0
fffff980`03ee0cc0 00000000`00000000 : fffff980`03f2dfcc
fffffa80`09255800 fffff980`03f2cfd5 fffffa80`05849660 :
0xfffffa80`01886040
fffff980`03ee0cc8 fffff980`03f2dfcc : fffffa80`09255800
fffff980`03f2cfd5 fffffa80`05849660 01c7e1c4`93b19700 : 0x0
fffff980`03ee0cd0 fffffa80`09255800 : fffff980`03f2cfd5
fffffa80`05849660 01c7e1c4`93b19700 00000000`00000080 : nltdi+0x5fcc
fffff980`03ee0cd8 fffff980`03f2cfd5 : fffffa80`05849660
01c7e1c4`93b19700 00000000`00000080 00000000`00000000 :
0xfffffa80`09255800
fffff980`03ee0ce0 fffffa80`05849660 : 01c7e1c4`93b19700
00000000`00000080 00000000`00000000 fffffa80`07bee690 : nltdi+0x4fd5
fffff980`03ee0ce8 01c7e1c4`93b19700 : 00000000`00000080
00000000`00000000 fffffa80`07bee690 fffff980`03f2e0a4 :
0xfffffa80`05849660
fffff980`03ee0cf0 00000000`00000080 : 00000000`00000000
fffffa80`07bee690 fffff980`03f2e0a4 fffffa80`05849660 :
0x1c7e1c4`93b19700
fffff980`03ee0cf8 00000000`00000000 : fffffa80`07bee690
fffff980`03f2e0a4 fffffa80`05849660 01c7e1c4`93b19777 : 0x80
fffff980`03ee0d00 fffffa80`07bee690 : fffff980`03f2e0a4
fffffa80`05849660 01c7e1c4`93b19777 fffff800`01d69100 : 0x0
fffff980`03ee0d08 fffff980`03f2e0a4 : fffffa80`05849660
01c7e1c4`93b19777 fffff800`01d69100 fffff980`47415401 :
0xfffffa80`07bee690
fffff980`03ee0d10 fffffa80`05849660 : 01c7e1c4`93b19777
fffff800`01d69100 fffff980`47415401 00000000`00000000 : nltdi+0x60a4
fffff980`03ee0d18 01c7e1c4`93b19777 : fffff800`01d69100
fffff980`47415401 00000000`00000000 fffffa80`031a5c60 :
0xfffffa80`05849660
fffff980`03ee0d20 fffff800`01d69100 : fffff980`47415401
00000000`00000000 fffffa80`031a5c60 fffffa80`01886040 :
0x1c7e1c4`93b19777
fffff980`03ee0d28 fffff980`47415401 : 00000000`00000000
fffffa80`031a5c60 fffffa80`01886040 fffff800`01ee279b : nt!
ExpPoolFlags
fffff980`03ee0d30 00000000`00000000 : fffffa80`031a5c60
fffffa80`01886040 fffff800`01ee279b 01c7e1c4`8c528aad :
0xfffff980`47415401
fffff980`03ee0d38 fffffa80`031a5c60 : fffffa80`01886040
fffff800`01ee279b 01c7e1c4`8c528aad fffffa80`03a34040 : 0x0
fffff980`03ee0d40 fffffa80`01886040 : fffff800`01ee279b
01c7e1c4`8c528aad fffffa80`03a34040 00000000`00000001 :
0xfffffa80`031a5c60
fffff980`03ee0d48 fffff800`01ee279b : 01c7e1c4`8c528aad
fffffa80`03a34040 00000000`00000001 00000000`00000001 :
0xfffffa80`01886040
fffff980`03ee0d50 fffff800`01c344f6 : fffff980`00cdf180
fffffa80`03a34040 fffff980`00ce8c40 fffff980`03f3a588 : nt!
PspSystemThreadStartup+0x5b
fffff980`03ee0d80 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : nt!
KiStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
tdx!TdxSendConnection+2a0
fffff980`03e6e9cc bf03010000 mov edi,103h

SYMBOL_STACK_INDEX: 7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tdx

IMAGE_NAME: tdx.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549be90

SYMBOL_NAME: tdx!TdxSendConnection+2a0

FAILURE_BUCKET_ID: X64_0xD1_tdx!TdxSendConnection+2a0

BUCKET_ID: X64_0xD1_tdx!TdxSendConnection+2a0

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000001000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff9800d545d79, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 0000000001000028

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!TcpSegmentTcbSend+320
fffff980`0d545d79 037828 add edi,dword ptr [rax+28h]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

TRAP_FRAME: fffff98003ee0580 -- (.trap 0xfffff98003ee0580)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000001000000 rbx=0000000000000000 rcx=0000000000000001
rdx=fffffa80069f90e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff9800d545d79 rsp=fffff98003ee0710 rbp=fffffa800815e870
r8=0000000000000009 r9=fffffa80092651f0 r10=0000000000000000
r11=fffffa8009265030 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
tcpip!TcpSegmentTcbSend+0x320:
fffff980`0d545d79 037828 add edi,dword ptr [rax+28h] ds:
19bc:00000000`01000028=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c4d973 to fffff80001c4dbd0

STACK_TEXT:
fffff980`03ee0438 fffff800`01c4d973 : 00000000`0000000a
00000000`01000028 00000000`00000002 00000000`00000000 : nt!
KeBugCheckEx
fffff980`03ee0440 fffff800`01c4c84b : 00000000`00000000
fffffa80`090021b8 00000000`3851d800 00000000`00000000 : nt!
KiBugCheckDispatch+0x73
fffff980`03ee0580 fffff980`0d545d79 : fffff980`0d5d35e0
00000000`00000000 fffff980`03ee0960 fffff980`0085c8c5 : nt!KiPageFault
+0x20b
fffff980`03ee0710 fffff980`0d544562 : 00000000`bccfde28
fffffa80`092651e0 fffffa80`092651f0 00000000`00228afb : tcpip!
TcpSegmentTcbSend+0x320
fffff980`03ee07a0 fffff980`0d5451b6 : 0000002c`00000000
00000000`00000001 00000000`00000014 fffffa80`02120610 : tcpip!
TcpBeginTcbSend+0x3e2
fffff980`03ee0910 fffff980`0d54c1ac : 00000000`00000014
00000000`00000000 fffffa80`0815e870 fffff980`03ee0000 : tcpip!
TcpTcbSend+0x1a6
fffff980`03ee0ac0 fffff980`03e6e9cc : fffffa80`039e65b0
fffffa80`08cd6a40 fffffa80`039e65b0 00000000`00000000 : tcpip!
TcpEnqueueTcbSend+0x1dc
fffff980`03ee0b30 fffff980`03e74537 : fffffa80`03a34138
fffffa80`09002010 fffffa80`03a16b30 00000000`00003c00 : tdx!
TdxSendConnection+0x2a0
fffff980`03ee0c20 fffff980`03f29144 : fffffa80`09002010
00000000`00000000 fffffa80`024163a0 fffffa80`03a34040 : tdx!
TdxTdiDispatchInternalDeviceControl+0x1c3
fffff980`03ee0c50 fffffa80`09002010 : 00000000`00000000
fffffa80`024163a0 fffffa80`03a34040 00000000`00000000 : nltdi+0x1144
fffff980`03ee0c58 00000000`00000000 : fffffa80`024163a0
fffffa80`03a34040 00000000`00000000 fffff980`03f2cddc :
0xfffffa80`09002010
fffff980`03ee0c60 fffffa80`024163a0 : fffffa80`03a34040
00000000`00000000 fffff980`03f2cddc fffffa80`09255800 : 0x0
fffff980`03ee0c68 fffffa80`03a34040 : 00000000`00000000
fffff980`03f2cddc fffffa80`09255800 00000000`00003c00 :
0xfffffa80`024163a0
fffff980`03ee0c70 00000000`00000000 : fffff980`03f2cddc
fffffa80`09255800 00000000`00003c00 fffffa80`05849660 :
0xfffffa80`03a34040
fffff980`03ee0c78 fffff980`03f2cddc : fffffa80`09255800
00000000`00003c00 fffffa80`05849660 fffffa80`09002010 : 0x0
fffff980`03ee0c80 fffffa80`09255800 : 00000000`00003c00
fffffa80`05849660 fffffa80`09002010 fffffa80`08cb8580 : nltdi+0x4ddc
fffff980`03ee0c88 00000000`00003c00 : fffffa80`05849660
fffffa80`09002010 fffffa80`08cb8580 fffff980`03f2997c :
0xfffffa80`09255800
fffff980`03ee0c90 fffffa80`05849660 : fffffa80`09002010
fffffa80`08cb8580 fffff980`03f2997c fffff980`00ce2bc0 : 0x3c00
fffff980`03ee0c98 fffffa80`09002010 : fffffa80`08cb8580
fffff980`03f2997c fffff980`00ce2bc0 fffffa80`01886040 :
0xfffffa80`05849660
fffff980`03ee0ca0 fffffa80`08cb8580 : fffff980`03f2997c
fffff980`00ce2bc0 fffffa80`01886040 00000000`00000000 :
0xfffffa80`09002010
fffff980`03ee0ca8 fffff980`03f2997c : fffff980`00ce2bc0
fffffa80`01886040 00000000`00000000 fffff980`03f2dfcc :
0xfffffa80`08cb8580
fffff980`03ee0cb0 fffff980`00ce2bc0 : fffffa80`01886040
00000000`00000000 fffff980`03f2dfcc fffffa80`09255800 : nltdi+0x197c
fffff980`03ee0cb8 fffffa80`01886040 : 00000000`00000000
fffff980`03f2dfcc fffffa80`09255800 fffff980`03f2cfd5 :
0xfffff980`00ce2bc0
fffff980`03ee0cc0 00000000`00000000 : fffff980`03f2dfcc
fffffa80`09255800 fffff980`03f2cfd5 fffffa80`05849660 :
0xfffffa80`01886040
fffff980`03ee0cc8 fffff980`03f2dfcc : fffffa80`09255800
fffff980`03f2cfd5 fffffa80`05849660 01c7e1c4`93b19700 : 0x0
fffff980`03ee0cd0 fffffa80`09255800 : fffff980`03f2cfd5
fffffa80`05849660 01c7e1c4`93b19700 00000000`00000080 : nltdi+0x5fcc
fffff980`03ee0cd8 fffff980`03f2cfd5 : fffffa80`05849660
01c7e1c4`93b19700 00000000`00000080 00000000`00000000 :
0xfffffa80`09255800
fffff980`03ee0ce0 fffffa80`05849660 : 01c7e1c4`93b19700
00000000`00000080 00000000`00000000 fffffa80`07bee690 : nltdi+0x4fd5
fffff980`03ee0ce8 01c7e1c4`93b19700 : 00000000`00000080
00000000`00000000 fffffa80`07bee690 fffff980`03f2e0a4 :
0xfffffa80`05849660
fffff980`03ee0cf0 00000000`00000080 : 00000000`00000000
fffffa80`07bee690 fffff980`03f2e0a4 fffffa80`05849660 :
0x1c7e1c4`93b19700
fffff980`03ee0cf8 00000000`00000000 : fffffa80`07bee690
fffff980`03f2e0a4 fffffa80`05849660 01c7e1c4`93b19777 : 0x80
fffff980`03ee0d00 fffffa80`07bee690 : fffff980`03f2e0a4
fffffa80`05849660 01c7e1c4`93b19777 fffff800`01d69100 : 0x0
fffff980`03ee0d08 fffff980`03f2e0a4 : fffffa80`05849660
01c7e1c4`93b19777 fffff800`01d69100 fffff980`47415401 :
0xfffffa80`07bee690
fffff980`03ee0d10 fffffa80`05849660 : 01c7e1c4`93b19777
fffff800`01d69100 fffff980`47415401 00000000`00000000 : nltdi+0x60a4
fffff980`03ee0d18 01c7e1c4`93b19777 : fffff800`01d69100
fffff980`47415401 00000000`00000000 fffffa80`031a5c60 :
0xfffffa80`05849660
fffff980`03ee0d20 fffff800`01d69100 : fffff980`47415401
00000000`00000000 fffffa80`031a5c60 fffffa80`01886040 :
0x1c7e1c4`93b19777
fffff980`03ee0d28 fffff980`47415401 : 00000000`00000000
fffffa80`031a5c60 fffffa80`01886040 fffff800`01ee279b : nt!
ExpPoolFlags
fffff980`03ee0d30 00000000`00000000 : fffffa80`031a5c60
fffffa80`01886040 fffff800`01ee279b 01c7e1c4`8c528aad :
0xfffff980`47415401
fffff980`03ee0d38 fffffa80`031a5c60 : fffffa80`01886040
fffff800`01ee279b 01c7e1c4`8c528aad fffffa80`03a34040 : 0x0
fffff980`03ee0d40 fffffa80`01886040 : fffff800`01ee279b
01c7e1c4`8c528aad fffffa80`03a34040 00000000`00000001 :
0xfffffa80`031a5c60
fffff980`03ee0d48 fffff800`01ee279b : 01c7e1c4`8c528aad
fffffa80`03a34040 00000000`00000001 00000000`00000001 :
0xfffffa80`01886040
fffff980`03ee0d50 fffff800`01c344f6 : fffff980`00cdf180
fffffa80`03a34040 fffff980`00ce8c40 fffff980`03f3a588 : nt!
PspSystemThreadStartup+0x5b
fffff980`03ee0d80 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : nt!
KiStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
tdx!TdxSendConnection+2a0
fffff980`03e6e9cc bf03010000 mov edi,103h

SYMBOL_STACK_INDEX: 7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tdx

IMAGE_NAME: tdx.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549be90

SYMBOL_NAME: tdx!TdxSendConnection+2a0

FAILURE_BUCKET_ID: X64_0xD1_tdx!TdxSendConnection+2a0

BUCKET_ID: X64_0xD1_tdx!TdxSendConnection+2a0

Followup: MachineOwner
---------

1: kd> lmvm tdx
start end module name
fffff980`03e66000 fffff980`03e81000 tdx (pdb
symbols) c:\websymbols\tdx.pdb
\90E69B9C4FB74724BD2D45CBB4EAC82E1\tdx.pdb
Loaded symbol image file: tdx.sys
Mapped memory image file: c:\websymbols\tdx.sys
\4549BE901b000\tdx.sys
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Timestamp: Thu Nov 02 10:46:56 2006 (4549BE90)
CheckSum: 0001B54C
ImageSize: 0001B000
File version: 6.0.6000.16386
Product version: 6.0.6000.16386
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tdx.sys
OriginalFilename: tdx.sys
ProductVersion: 6.0.6000.16386
FileVersion: 6.0.6000.16386 (vista_rtm.061101-2205)
FileDescription: TDI Translation Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.


Looking forward to Your reply..

 

[Andrew McLaren]

Czesc, Marciej

Thanks for sending the extra dump details. It's hard to give a definitive
answer, based on the call stack alone; but we can see most of what happened
from the thread first starting up (KiStartSystemThread), right up until
TCPIP hit an exception and went into the Exception handler (KeBugCheckEx) -

(most recent event)
nt! KeBugCheckEx
nt! KiBugCheckDispatch+0x73
nt!KiPageFault+0x20b
tcpip!TcpSegmentTcbSend+0x320
tcpip!TcpBeginTcbSend+0x3e2
tcpip!TcpTcbSend+0x1a6
tcpip!TcpEnqueueTcbSend+0x1dc
tdx!TdxSendConnection+0x2a0
tdx!TdxTdiDispatchInternalDeviceControl+0x1c3
nltdi+0x1144
0xfffffa80`09002010
0x0
0xfffffa80`024163a0
0xfffffa80`03a34040
0x0
nltdi+0x4ddc
0xfffffa80`09255800
0x3c00
0xfffffa80`05849660
0xfffffa80`09002010
0xfffffa80`08cb8580
nltdi+0x197c
0xfffff980`00ce2bc0
0xfffffa80`01886040
0x0
nltdi+0x5fcc
0xfffffa80`09255800
nltdi+0x4fd5
0xfffffa80`05849660
0x1c7e1c4`93b19700
0x80
0x0
0xfffffa80`07bee690
nltdi+0x60a4
0xfffffa80`05849660
0x1c7e1c4`93b19777
nt!ExpPoolFlags
0xfffff980`47415401
0x0
0xfffffa80`031a5c60
0xfffffa80`01886040
nt!PspSystemThreadStartup+0x5b
nt!KiStartSystemThread+0x16
(start of call stack, earliest event)

I see 2 main possibilities:

1) less likely, this is a bug in TDX.SYS. Ther have been 3 hotfixes for
TDX.SYS since the RTM version 6.0.6000.16386 you have installed:
support.microsoft.com/kb/933049
support.microsoft.com/kb/934611
support.microsoft.com/kb/937385
The most recent build of TDX.SYS is the fix described in 937385, version
6.0.6000.20599, dated 16 May 2007. None of these "knonwn" issues match the
call stack in your dump, so you're not seeing exactly the same problem. But
perhaps your crash is an allotrope or variation of these known issues. Or
maybe the cause was fixed in one of the intermediate builds between 16386
and 20599, which didn't end up getting its own KB article.

Unfortunately the 937385 fix isn't available for download - you have to
contact Microsoft PSS and sepecifically ask for it. However, the fix should
be free of charge, as it is a confirmed bug. It's probably worth getting
this hotfix, if only to eliminate these known issues from the problem
scenario.

2) more likely, in my opinion - the nltdi.sys driver is passing bad data
down the call stack to TDX. I suspect the problem is a bug or Vista
incompatibility in NLTDI.SYS. This is not a Microsoft-supplied file - it
must have come from some driver or application you have installed. If you
can identify the vendor of NLTDI, I'd recommend you contact them to se if
they are aware of the issue, and/or have an updated version for you.


Hope this helps. Do widzenia

 

[MaciejKra]

Thanks for your reply You have been very helpful,
I'll inform You on my progress.
Once again thanks

 

[MaciejKra]

Thanks for your reply You have been very helpful,
I'll inform You on my progress.
Once again thanks

I must admit that your Polish is quite good

 

[MaciejKra]

I must admit that your Polish is quite good

Thanks Andrew,
it seemed that uninstallin nltdi.sys (netlimiter)
solved the problem.
I wrote a mail to the Netlimiter team and i'm waiting for their
reply

Thanks

 

[Andrew McLaren]

I have a good workmate named "Marek" ... guess where he comes from

it seemed that uninstallin nltdi.sys (netlimiter)
solved the problem.
I wrote a mail to the Netlimiter team and i'm waiting for their
reply

Interesting. So I guess "nltdi" stands for "Netlimiter TDI" - TDI being a
Microsoft-defined interface between applications and the network stack, aka
Transport Driver Interface. TDI was a great feature back in NT 3.1, NT 3.51,
because there were still many protocols in use - NetBEUI, IPX, TCP/IP, DLC,
even more exotic stuff like XNS (I used to work on a XNS LAN). TDI provided
a nice, cross-platform programming interface to the network. But these days
*everything* is TCP/IP ... by and large we don't need to assume many
different protocols. So TDI is somewhat in the legacy class, as an
unnecessary multi-protocol layer.

Vista uses a new "Next Generation" (sic) TCP/IP stack, based on a kernel
mode Sockets interface (WSK, Winsock Kernel). TDX.SYS (which also appeared
in your call stack) is Microsoft's "TDI Translation" layer, which takes the
TDI calls from higher layer drivers (like NLTDI) and translates them into
raw instructions to WSK, in order to send and receive TCP/IP frames. TDI is
supported in Vista for legacy drivers, but for maximum performance and
efficiency, Vista network drivers can bypass TDI altogether, and communicate
direct to WSK.

So maybe the NetlLimiter guys need to re-think their whole architecture! But
the TDI stuff should certainly still work; the crash you saw will be caused
by some minor bug or inconsistency somehwere.Once it is patched, they should
be back in good shape. I don't know anything about the Netlimiter product,
so I'll assume they're good guys (unless I hear otherwise

It was an interesting issue!! So, thanks for that.

Do zobaczenia,