WARNING:  HvpWriteLog at ..\..\lib\cmlib\hivewrt.c:26 is UNIMPLEMENTED!
WARNING:  HvpWriteLog at ..\..\lib\cmlib\hivewrt.c:26 is UNIMPLEMENTED!
Access violation - code c0000005 (!!! second chance !!!)
nt!PopFlushVolumes+0x1c7:
804d7e17 8b5120          mov     edx,dword ptr [ecx+20h]
kd> !analyze -v
Connected to Windows Server 2003 3790 x86 compatible target at (Thu Sep 20 12:46:02.229 2012 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
....................................................
Loading User Symbols
......................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 526484ad

Debugging Details:
------------------


PROCESS_NAME:  winlogon.exe

FAULTING_IP: 
nt!PopFlushVolumes+1c7 [p:\trunk_slave\x86_msvc\build\ntoskrnl\po\povolume.c @ 239]
804d7e17 8b5120          mov     edx,dword ptr [ecx+20h]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 804d7e17 (nt!PopFlushVolumes+0x000001c7)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: d0527370
Attempt to read from address d0527370

ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  d0527370

READ_ADDRESS:  d0527370 

FOLLOWUP_IP: 
nt!PopFlushVolumes+1c7 [p:\trunk_slave\x86_msvc\build\ntoskrnl\po\povolume.c @ 239]
804d7e17 8b5120          mov     edx,dword ptr [ecx+20h]

BUGCHECK_STR:  ACCESS_VIOLATION

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 804d92b1 to 804d7e17

STACK_TEXT:  
00000001 f85975d4 f85976b8 nt!PopFlushVolumes(unsigned char ShuttingDown = 0x01 '')+0x1c7 [p:\trunk_slave\x86_msvc\build\ntoskrnl\po\povolume.c @ 239]
00000005 00000004 c0000004 nt!NtSetSystemPowerState(POWER_ACTION SystemAction = PowerActionShutdownReset (0n5), _SYSTEM_POWER_STATE MinSystemState = PowerSystemSleeping3 (0n4), unsigned 

long Flags = 0xc0000004)+0x341 [p:\trunk_slave\x86_msvc\build\ntoskrnl\po\power.c @ 917]
804d8f70 f85976ac 0000000c nt!KiSystemCallTrampoline(void * Handler = 0x804d8f70, void * Arguments = 0xf85976ac, unsigned long StackBytes = 0xc)+0x19 [p:\trunk_slave\x86_msvc\build

\ntoskrnl\include\internal\i386\ke.h @ 668]
f8597634 f85976ac f85976ac nt!KiSystemCall(struct _KTRAP_FRAME * TrapFrame = 0xf8597634, void * Arguments = 0xf85976ac)+0x1f2 [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\i386\traphdlr.c @ 

1629]
f8597710 8043e4a5 00000010 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf8597634, void * Arguments = 0xf85976ac)+0x19 [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke

\i386\traphdlr.c @ 1653]
f8597710 8043e4a5 00000010 nt!KiInterruptTemplateDispatch+0x60
00000005 00000004 c0000004 nt!ZwSetSystemPowerState+0x11
00000005 00000004 c0000004 nt!NtSetSystemPowerState(POWER_ACTION SystemAction = PowerActionShutdownReset (0n5), _SYSTEM_POWER_STATE MinSystemState = PowerSystemSleeping3 (0n4), unsigned 

long Flags = 0xc0000004)+0x1a6 [p:\trunk_slave\x86_msvc\build\ntoskrnl\po\power.c @ 854]
00000001 00000005 00000004 nt!NtShutdownSystem(_SHUTDOWN_ACTION Action = ShutdownReboot (0n1))+0x7c [p:\trunk_slave\x86_msvc\build\ntoskrnl\ex\shutdown.c @ 51]
80436fd0 00dafd4c 00000004 nt!KiSystemCallTrampoline(void * Handler = 0x80436fd0, void * Arguments = 0x00dafd4c, unsigned long StackBytes = 4)+0x19 [p:\trunk_slave\x86_msvc\build

\ntoskrnl\include\internal\i386\ke.h @ 668]
f8597794 00dafd4c 00dafd4c nt!KiSystemCall(struct _KTRAP_FRAME * TrapFrame = 0xf8597794, void * Arguments = 0x00dafd4c)+0x1f2 [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\i386\traphdlr.c @ 

1629]
00dafd5c 77f2c2c6 badb0d00 nt!KiFastCallEntryHandler(struct _KTRAP_FRAME * TrapFrame = 0xf8597794, void * Arguments = 0x00dafd4c)+0x6d [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke

\i386\traphdlr.c @ 1675]
00dafd5c 77f2c2c6 badb0d00 nt!KiFastCallEntry+0x71
0040211a 00000001 000001e8 ntdll!KiFastSystemCallRet
00000001 000001e8 00034888 ntdll!ZwShutdownSystem+0xc
00033168 0000000b 0000000a winlogon!HandleShutdown(struct _WLSESSION * Session = 0x00033168, unsigned long wlxAction = 0xb)+0x26a [p:\trunk_slave\x86_msvc\build\base\system\winlogon

\sas.c @ 812]
00033168 0000000b 00000002 winlogon!DoGenericAction(struct _WLSESSION * Session = 0x00033168, unsigned long wlxAction = 0xb)+0x143 [p:\trunk_slave\x86_msvc\build\base\system\winlogon

\sas.c @ 869]
00020044 00008000 000002ac winlogon!SASWindowProc(struct HWND__ * hwndDlg = 0x00020044, unsigned int uMsg = 0x8000, unsigned int wParam = 0x2ac, long lParam = 0n2)+0x3ed [p:\trunk_slave

\x86_msvc\build\base\system\winlogon\sas.c @ 1226]
00db1320 00020044 00008000 user32!IntCallWindowProcW(int IsAnsiProc = 0n0, <function> * WndProc = 0x00402660, struct _WND * pWnd = 0x00db1320, struct HWND__ * hWnd = 0x00020044, unsigned 

int Msg = 0x8000, unsigned int wParam = 0x2ac, long lParam = 0n2)+0x3b2 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 1400]
00dafec4 00000020 ffffffff user32!User32CallWindowProcFromKernel(void * Arguments = 0x00dafec4, unsigned long ArgumentLength = 0x20)+0x15d [p:\trunk_slave\x86_msvc\build\win32ss\user

\user32\windows\message.c @ 2824]
00daff1c 00020044 00000000 ntdll!KiUserCallbackDispatcher+0x2e
00400000 00000000 000312d4 winlogon!WinMain(struct HINSTANCE__ * hInstance = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, char * lpCmdLine = 0x000312d4 "", int nShowCmd = 

0n10)+0x482 [p:\trunk_slave\x86_msvc\build\base\system\winlogon\winlogon.c @ 437]
00000001 000315d8 000309e8 winlogon!main(int flags = 0n1, char ** cmdline = 0x000315d8, char ** inst = 0x000309e8)+0x1e [p:\trunk_slave\x86_msvc\build\lib\sdk\crt\startup\crt0_c.c @ 20]
000000ff 00000000 00000000 winlogon!__tmainCRTStartup(void)+0x248 [p:\trunk_slave\x86_msvc\build\lib\sdk\crt\startup\crtexe.c @ 310]
7ffba000 e10100e0 00000000 winlogon!WinMainCRTStartup(void)+0x1f [p:\trunk_slave\x86_msvc\build\lib\sdk\crt\startup\crtexe.c @ 168]



STACK_COMMAND:  kb

FAULTING_SOURCE_CODE:  
   235:         if (!(Dope->DeviceObject->Vpb->Flags & VPB_MOUNTED) ||
   236:             (Dope->DeviceObject->Characteristics & FILE_FLOPPY_DISKETTE) ||
   237:             (Dope->DeviceObject->Characteristics & FILE_READ_ONLY_DEVICE) ||
   238:             ((Dope->DeviceObject->Vpb->RealDevice) &&
>  239:              (Dope->DeviceObject->Vpb->RealDevice->Characteristics & FILE_FLOPPY_DISKETTE)))
   240:         {
   241:             /* Not flushable */
   242:             continue;
   243:         }
   244: 


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!PopFlushVolumes+1c7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntoskrnl.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  5059ce1f

FAILURE_BUCKET_ID:  ACCESS_VIOLATION_nt!PopFlushVolumes+1c7

BUCKET_ID:  ACCESS_VIOLATION_nt!PopFlushVolumes+1c7

Followup: MachineOwner
---------