AR
Driver verified and Related to epfwwfp.sys ESET Personal Firewall driver. Fairly uncommon that ESET crashes. I would either remove it and re-install the newest version available, or use something else.
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\zigza\Desktop\032515-38187-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17668.amd64fre.winblue_r8.150127-1500
Machine Name:
Kernel base = 0xfffff802`d1884000 PsLoadedModuleList = 0xfffff802`d1b5d250
Debug session time: Tue Mar 24 17:07:59.336 2015 (UTC - 4:00)
System Uptime: 0 days 0:03:45.278
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D5, {ffffcf808c1befe0, 0, fffff800b6f837d2, 0}
*** WARNING: Unable to verify timestamp for epfwwfp.sys
*** ERROR: Module load completed but symbols could not be loaded for epfwwfp.sys
Could not read faulting driver name
Probably caused by : epfwwfp.sys ( epfwwfp+47d2 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf808c1befe0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800b6f837d2, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff802d1be7138
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffffcf808c1befe0
FAULTING_IP:
epfwwfp+47d2
fffff800`b6f837d2 4c397378 cmp qword ptr [rbx+78h],r14
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xD5
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
TRAP_FRAME: ffffd0003246fa20 -- (.trap 0xffffd0003246fa20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000103 rbx=0000000000000000 rcx=0000000000000005
rdx=ffffe000acf537f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800b6f837d2 rsp=ffffd0003246fbb0 rbp=ffffd0003246fc30
r8=ffffe000acf537f0 r9=ffffe000aed3a160 r10=fffff802d1f2a780
r11=ffffe000ac491bb0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
epfwwfp+0x47d2:
fffff800`b6f837d2 4c397378 cmp qword ptr [rbx+78h],r14 ds:00000000`00000078=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff802d1a095a8 to fffff802d19d49a0
STACK_TEXT:
ffffd000`3246f7b8 fffff802`d1a095a8 : 00000000`00000050 ffffcf80`8c1befe0 00000000`00000000 ffffd000`3246fa20 : nt!KeBugCheckEx
ffffd000`3246f7c0 fffff802`d18eed29 : 00000000`00000000 ffffe000`aaa66040 ffffd000`3246fa20 ffffd000`32470000 : nt! ?? ::FNODOBFM::`string'+0x246f8
ffffd000`3246f860 fffff802`d19dec2f : 00000000`00000000 ffffcf80`8c1bef68 00000000`8975ae00 00000000`00000000 : nt!MmAccessFault+0x769
ffffd000`3246fa20 fffff800`b6f837d2 : ffffcf80`8c1bef68 ffffd000`3246fc30 ffffcf80`8c1bef90 fffff802`d191df79 : nt!KiPageFault+0x12f
ffffd000`3246fbb0 ffffcf80`8c1bef68 : ffffd000`3246fc30 ffffcf80`8c1bef90 fffff802`d191df79 00000000`00000000 : epfwwfp+0x47d2
ffffd000`3246fbb8 ffffd000`3246fc30 : ffffcf80`8c1bef90 fffff802`d191df79 00000000`00000000 fffff802`00000000 : 0xffffcf80`8c1bef68
ffffd000`3246fbc0 ffffcf80`8c1bef90 : fffff802`d191df79 00000000`00000000 fffff802`00000000 00000000`00000001 : 0xffffd000`3246fc30
ffffd000`3246fbc8 fffff802`d191df79 : 00000000`00000000 fffff802`00000000 00000000`00000001 ffffcf80`8c1bef90 : 0xffffcf80`8c1bef90
ffffd000`3246fbd0 fffff802`d192f3ac : fffff802`d1d1da00 fffff800`b6f83540 ffffe000`af34d880 00000000`00000000 : nt!KiCommitThreadWait+0x129
ffffd000`3246fc50 fffff802`d195c280 : ffffe000`aab17040 ffffe000`af34d880 00000000`00000080 ffffe000`af34d880 : nt!ExpWorkerThread+0x28c
ffffd000`3246fd00 fffff802`d19dafc6 : fffff802`d1b87180 ffffe000`af34d880 ffffe000`aab17040 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`3246fd60 00000000`00000000 : ffffd000`32470000 ffffd000`3246a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
epfwwfp+47d2
fffff800`b6f837d2 4c397378 cmp qword ptr [rbx+78h],r14
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: epfwwfp+47d2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: epfwwfp
IMAGE_NAME: epfwwfp.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5411c86f
FAILURE_BUCKET_ID: 0xD5_VRF_epfwwfp+47d2
BUCKET_ID: 0xD5_VRF_epfwwfp+47d2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xd5_vrf_epfwwfp+47d2
FAILURE_ID_HASH: {928c8ff5-f476-fce1-5681-eb05b940410b}
Followup: MachineOwner
---------