The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,570 other followers

Interesting: minidump/kernel dump Instant Online Crash Analysis

Posted by jpluimers on 2015/01/28

Figured using Instant Online Crash Analysis that mfefirek.sys is causing a DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD.

Well done McAfee!

This is what I did:

  1. As admin, copy %windir%\Minidump\*.dmp %temp%
  2. Uploaded these to
  3. Compare the results with Beyond Compare 4 for patterns.

The result for all *.dmp files is a pattern like this:

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arg1: 000000000000000d, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800....d70, address which referenced memory

Debugging Details:

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032..100
GetUlongFromAddress: unable to read from fffff800032..1c0
 000000000000000d Nonpaged pool


fffff880`0.....70 8a400d          mov     al,byte ptr [rax+0Dh]


via: Instant Online Crash Analysis.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: