kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 99ebb000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 82c598bc, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 99ebb000 Paged pool
CURRENT_IRQL: 2
FAULTING_IP:
nt!memcpy+11c
82c598bc 89448ff0 mov dword ptr [edi+ecx*4-10h],eax
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: 8812b690 – (.trap 0xffffffff8812b690)
ErrCode = 00000002
eax=1a6aea16 ebx=8a743f50 ecx=00000004 edx=00000000 esi=8812b944 edi=99ebb000
eip=82c598bc esp=8812b704 ebp=8812b70c iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!memcpy+0x11c:
82c598bc 89448ff0 mov dword ptr [edi+ecx*4-10h],eax ds:0023:99ebb000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 82cf7e71 to 82c86394
STACK_TEXT:
8812b25c 82cf7e71 00000003 e08703b4 00000065 nt!RtlpBreakWithStatusInstruction
8812b2ac 82cf896d 00000003 99ebb000 82c598bc nt!KiBugCheckDebugBreak+0x1c
8812b670 82c617eb 0000000a 99ebb000 00000002 nt!KeBugCheck2+0x68b
8812b670 82c598bc 0000000a 99ebb000 00000002 nt!KiTrap0E+0x2cf
8812b70c 85c39647 99ebb000 8812b944 00000010 nt!memcpy+0x11c
8812b958 85c28423 8a743f50 00000000 00000000 cng!AesCtrRng_Generate+0x100
8812ba28 85c290a3 8a743f30 99ebb000 00000400 cng!MSCryptAesCtrGen+0x127
8812ba64 85c129c3 94c332d0 99ebb000 00010000 cng!MSCryptGenRandom+0xd9
8812ba80 85c1892f 8a6b20a0 99ebb000 00010000 cng!BCryptGenRandom+0x5d
8812baa0 85c1299b 99ebb000 00010000 00000000 cng!BCryptGenSystemPreferredRandom+0x2b
8812bab8 95601074 00000000 99ebb000 00010000 cng!BCryptGenRandom+0x35
8812bad8 82dbe728 8a6b2f38 8616e000 00000000 TestBC!DriverEntry+0x54 [c:\tmp\testbc\testbc.c @ 33]
8812bcbc 82dbc499 00000001 00000000 8812bce4 nt!IopLoadDriver+0x7ed
8812bd00 82c88f2b 807ffcd0 00000000 857aed48 nt!IopLoadUnloadDriver+0x70
8812bd50 82e2966d 00000001 e0870c88 00000000 nt!ExpWorkerThread+0x10d
8812bd90 82cdb0d9 82c88e1e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
cng!AesCtrRng_Generate+100
85c39647 0175b4 add dword ptr [ebp-4Ch],esi
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: cng!AesCtrRng_Generate+100
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cng
IMAGE_NAME: cng.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc427
FAILURE_BUCKET_ID: 0xA_VRF_cng!AesCtrRng_Generate+100
BUCKET_ID: 0xA_VRF_cng!AesCtrRng_Generate+100
Followup: MachineOwner
kd> !pool 0x99ebb000
Pool page 99ebb000 region is Paged pool
*99ebb000 : large page allocation, Tag is CBsT, size is 0x10000 bytes