Interesting: minidump/kernel dump Instant Online Crash Analysis
Posted by jpluimers on 2015/01/28
Figured using Instant Online Crash Analysis that mfefirek.sys is causing a DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD.
Well done McAfee!
This is what I did:
- As admin, copy %windir%\Minidump\*.dmp %temp%
- Uploaded these to http://www.osronline.com/page.cfm?name=analyze
- Compare the results with Beyond Compare 4 for patterns.
The result for all *.dmp files is a pattern like this:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 000000000000000d, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8800....d70, address which referenced memory Debugging Details: ------------------ TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032..100 GetUlongFromAddress: unable to read from fffff800032..1c0 000000000000000d Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: mfefirek+19d70 fffff880`0.....70 8a400d mov al,byte ptr [rax+0Dh]
–jeroen
via: Instant Online Crash Analysis.
The Wiert Corner - irregular stream of stuff 
Leave a comment