err:(..\..\win32ss\user\user32\windows\window.c:321) CreateWindowExA RegisterSystemControls Access violation - code c0000005 (!!! second chance !!!) vgaddi!DrvBitBlt+0x272: f8631262 8b02 mov eax,dword ptr [edx] kd> !analyze -v Connected to Windows Server 2003 3790 x86 compatible target at (Sat Aug 4 02:08:38.963 2012 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ............................................ Loading User Symbols ......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Unknown bugcheck code (0) Unknown bugcheck description Arguments: Arg1: 00000000 Arg2: 00000000 Arg3: 00000000 Arg4: 526484ad Debugging Details: ------------------ PROCESS_NAME: winlogon.exe FAULTING_IP: vgaddi!DrvBitBlt+272 [p:\trunk_slave\x86_msvc\build\win32ss\drivers\displays\vga\objects\bitblt.c @ 492] f8631262 8b02 mov eax,dword ptr [edx] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: f8631262 (vgaddi!DrvBitBlt+0x00000272) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 READ_ADDRESS: 00000000 FOLLOWUP_IP: vgaddi!DrvBitBlt+272 [p:\trunk_slave\x86_msvc\build\win32ss\drivers\displays\vga\objects\bitblt.c @ 492] f8631262 8b02 mov eax,dword ptr [edx] BUGCHECK_STR: ACCESS_VIOLATION DEFAULT_BUCKET_ID: NULL_DEREFERENCE CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from f86d679a to f8631262 STACK_TEXT: e110cf98 00000000 00000000 vgaddi!DrvBitBlt(struct _SURFOBJ * Dest = 0xe110cf98, struct _SURFOBJ * Source = 0x00000000, struct _SURFOBJ * Mask = 0x00000000, struct _CLIPOBJ * Clip = 0xe1177300, struct _XLATEOBJ * ColorTranslation = 0x00000000, struct _RECTL * DestRect = 0xf858a254, struct _POINTL * SourcePoint = 0x00000000, struct _POINTL * MaskPoint = 0x00000000, struct _BRUSHOBJ * Brush = 0xe1184b14, struct _POINTL * BrushPoint = 0xf858a244, unsigned long rop4 = 0xf0f0)+0x272 (FPO: [Non-Fpo]) (CONV: stdcall) e110cf98 00000000 00000000 win32k!IntEngBitBlt(struct _SURFOBJ * psoTrg = 0xe110cf98, struct _SURFOBJ * psoSrc = 0x00000000, struct _SURFOBJ * psoMask = 0x00000000, struct _CLIPOBJ * pco = 0xe1177300, struct _XLATEOBJ * pxlo = 0x00000000, struct _RECTL * prclTrg = 0xf858a2c4, struct _POINTL * pptlSrc = 0x00000000, struct _POINTL * pptlMask = 0x00000000, struct _BRUSHOBJ * pbo = 0xe1184b14, struct _POINTL * pptlBrush = 0xf858a2d8, unsigned long Rop4 = 0xf0f0)+0x28a (FPO: [Non-Fpo]) (CONV: stdcall) 00000002 0000019d 00000001 win32k!IntPatBlt(struct _DC * pdc = 0xe11846f8, int XLeft = 0n2, int YLeft = 0n2, int Width = 0n413, int Height = 0n1, unsigned long dwRop = 0xf0f00000, struct _EBRUSHOBJ * pebo = 0xe1184b14)+0x1f4 (FPO: [Non-Fpo]) (CONV: fastcall) 01010055 00000002 00000002 win32k!NtGdiPatBlt(struct HDC__ * hdcDest = 0x01010055, int x = 0n2, int y = 0n2, int cx = 0n413, int cy = 0n1, unsigned long dwRop = 0xf0f00000)+0xd1 (FPO: [Non-Fpo]) (CONV: stdcall) f87495f0 01b3f710 00000018 nt!KiSystemCallTrampoline(void * Handler = 0xf87495f0, void * Arguments = 0x01b3f710, unsigned long StackBytes = 0x18)+0x19 (FPO: [Non-Fpo]) (CONV: cdecl) f858a384 01b3f710 01b3f710 nt!KiSystemCall(struct _KTRAP_FRAME * TrapFrame = 0xf858a384, void * Arguments = 0x01b3f710)+0x1f2 (FPO: [Non-Fpo]) (CONV: cdecl) 01b3f728 77bf7350 badb0d00 nt!KiFastCallEntryHandler(struct _KTRAP_FRAME * TrapFrame = 0xf858a384, void * Arguments = 0x01b3f710)+0x6d (FPO: [Non-Fpo]) (CONV: fastcall) 01b3f728 77bf7350 badb0d00 nt!KiFastCallEntry+0x71 (FPO: [0,0] TrapFrame @ f858a384) 77bf7370 01010055 00000002 ntdll!KiFastSystemCallRet (FPO: [0,0,0]) 01010055 00000002 00000002 gdi32!NtGdiPatBlt+0xc (FPO: [0,0,0]) 01010055 00000002 00000002 gdi32!PatBlt(struct HDC__ * hdc = 0x01010055, int nXLeft = 0n2, int nYLeft = 0n2, int nWidth = 0n413, int nHeight = 0n1, unsigned long dwRop = 0xf00021)+0x20 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 02040059 00000001 user32!DefWndNCPaint(struct HWND__ * hWnd = 0x00020040, struct HRGN__ * hRgn = 0x02040059, int Active = 0n1)+0x3b0 (FPO: [Non-Fpo]) (CONV: cdecl) 00020040 00000085 02040059 user32!User32DefWindowProc(struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0x85, unsigned int wParam = 0x2040059, long lParam = 0n0, int bUnicode = 0n0)+0x14e (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 00000085 02040059 user32!RealDefWindowProcA(struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0x85, unsigned int wParam = 0x2040059, long lParam = 0n0)+0x3b4 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 00000085 02040059 user32!DefWindowProcA(struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0x85, unsigned int wParam = 0x2040059, long lParam = 0n0)+0x83 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 00000085 02040059 user32!DefDlgProcA(struct HWND__ * hDlg = 0x00020040, unsigned int Msg = 0x85, unsigned int wParam = 0x2040059, long lParam = 0n0)+0x124 (FPO: [Non-Fpo]) (CONV: stdcall) 00db1060 00020040 00000085 user32!IntCallWindowProcW(int IsAnsiProc = 0n1, * WndProc = 0x77a9dd00, struct _WND * pWnd = 0x00db1060, struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0x85, unsigned int wParam = 0x2040059, long lParam = 0n0)+0x238 (FPO: [Non-Fpo]) (CONV: fastcall) 01b3fb1c 00000020 01b3fd38 user32!User32CallWindowProcFromKernel(void * Arguments = 0x01b3fb1c, unsigned long ArgumentLength = 0x20)+0x162 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 01b3fc44 00000000 ntdll!KiUserCallbackDispatcher+0x2e 00020040 0000000f 00000000 user32!User32DefWindowProc(struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n28573360, int bUnicode = 0n0)+0x510 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 0000000f 00000000 user32!RealDefWindowProcA(struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n28573360)+0x3b4 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 0000000f 00000000 user32!DefWindowProcA(struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n28573360)+0x83 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 0000000f 00000000 user32!DefDlgProcA(struct HWND__ * hDlg = 0x00020040, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n28573360)+0x124 (FPO: [Non-Fpo]) (CONV: stdcall) 00db1060 00020040 0000000f user32!IntCallWindowProcW(int IsAnsiProc = 0n1, * WndProc = 0x77a9dd00, struct _WND * pWnd = 0x00db1060, struct HWND__ * hWnd = 0x00020040, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n28573360)+0x238 (FPO: [Non-Fpo]) (CONV: fastcall) 01b3fe90 00000020 01b3fee0 user32!User32CallWindowProcFromKernel(void * Arguments = 0x01b3fe90, unsigned long ArgumentLength = 0x20)+0x162 (FPO: [Non-Fpo]) (CONV: stdcall) 01b3ff54 77a8dc93 83895060 ntdll!KiUserCallbackDispatcher+0x2e 00020040 01b3ff54 00000000 user32!IsDialogMessageW(struct HWND__ * hDlg = 0x00020040, struct tagMSG * lpMsg = 0x01b3ff54)+0x514 (FPO: [Non-Fpo]) (CONV: stdcall) 00020040 00020026 00020040 user32!DIALOG_DoDialogBox(struct HWND__ * hwnd = 0x00020040, struct HWND__ * owner = 0x00020026)+0x162 (FPO: [Non-Fpo]) (CONV: cdecl) 73220000 00000064 00020026 user32!DialogBoxParamA(struct HINSTANCE__ * hInstance = 0x73220000, char * lpTemplateName = 0x00000064 "--- memory read error at address 0x00000064 ---", struct HWND__ * hWndParent = 0x00020026, * lpDialogFunc = 0x73221230, long dwInitParam = 0n208928)+0x9a (FPO: [Non-Fpo]) (CONV: stdcall) 00033020 00000000 00000000 msgina!StartupWindowThread(void * lpParam = 0x00033020)+0x5c (FPO: [Non-Fpo]) (CONV: stdcall) 732211a0 00033020 00000000 kernel32!BaseThreadStartup( * lpStartAddress = 0x732211a0, void * lpParameter = 0x00033020)+0x52 (FPO: [Non-Fpo]) (CONV: stdcall) STACK_COMMAND: kb SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: vgaddi!DrvBitBlt+272 FOLLOWUP_NAME: MachineOwner MODULE_NAME: vgaddi IMAGE_NAME: vgaddi.dll DEBUG_FLR_IMAGE_TIMESTAMP: 501c5ccd FAILURE_BUCKET_ID: ACCESS_VIOLATION_vgaddi!DrvBitBlt+272 BUCKET_ID: ACCESS_VIOLATION_vgaddi!DrvBitBlt+272 Followup: MachineOwner ---------