Access violation - code c0000005 (!!! second chance !!!)
nt!FsRtlCancelNotify+0x5b:
804471eb 8b08            mov     ecx,dword ptr [eax]
kd> !analyze
Connected to Windows Server 2003 3790 x86 compatible target at (Thu Feb 26 10:29:46.567 2015 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...................................................
Loading User Symbols
.......................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 0, {0, 0, 0, 764e7d8d}

*** ERROR: Module load completed but symbols could not be loaded for Explorer++.exe
Probably caused by : ntoskrnl.exe ( nt!FsRtlCancelNotify+5b )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 764e7d8d

Debugging Details:
------------------


PROCESS_NAME:  Explorer++.exe

FAULTING_IP: 
nt!FsRtlCancelNotify+5b [c:\users\john\repos\ros-trunk\ntoskrnl\fsrtl\notify.c @ 98]
804471eb 8b08                    mov     ecx,dword ptr [eax]

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000000

READ_ADDRESS:  00000000 

FOLLOWUP_IP: 
nt!FsRtlCancelNotify+5b [c:\users\john\repos\ros-trunk\ntoskrnl\fsrtl\notify.c @ 98]
804471eb 8b08                    mov     ecx,dword ptr [eax]

BUGCHECK_STR:  ACCESS_VIOLATION

DEFAULT_BUCKET_ID:  NULL_DEREFERENCE

CURRENT_IRQL:  1

LAST_CONTROL_TRANSFER:  from 804676a3 to 804471eb

STACK_TEXT:  
f95ccb6c 804676a3 b0778020 b05ec9e0 00000001 nt!FsRtlCancelNotify+0x5b [c:\users\john\repos\ros-trunk\ntoskrnl\fsrtl\notify.c @ 98]
f95ccb88 80468067 b05ec9e0 00000001 f95ccbb0 nt!IoCancelIrp+0xe3 [c:\users\john\repos\ros-trunk\ntoskrnl\io\iomgr\irp.c @ 1060]
f95ccbb4 804cf403 b05ef8c0 00200008 00000006 nt!IoCancelThreadIo+0xc7 [c:\users\john\repos\ros-trunk\ntoskrnl\io\iomgr\irp.c @ 1105]
f95ccc7c 804ceae0 00000000 00000000 f95ccce0 nt!PspExitThread+0x843 [c:\users\john\repos\ros-trunk\ntoskrnl\ps\kill.c @ 763]
f95ccc8c 8047cb63 b05f7c90 f95cccd4 f95cccc0 nt!PsExitSpecialApc+0x80 [c:\users\john\repos\ros-trunk\ntoskrnl\ps\kill.c @ 941]
f95ccce0 804f501e 00000001 00000000 f95ccd64 nt!KiDeliverApc+0x383 [c:\users\john\repos\ros-trunk\ntoskrnl\ke\apc.c @ 481]
f95cccfc 804f503d f95ccd64 f95ccd28 804f35ad nt!KiCheckForApcDelivery+0x6e [c:\users\john\repos\ros-trunk\ntoskrnl\include\internal\i386\ke.h @ 762]
f95ccd08 804f35ad f95ccd64 00000000 000000c0 nt!KiCommonExit+0xd [c:\users\john\repos\ros-trunk\ntoskrnl\ke\i386\traphdlr.c @ 97]
f95ccd28 804f4f54 8048a990 00000008 ffdff6b8 nt!KiServiceExit+0x8d [c:\users\john\repos\ros-trunk\ntoskrnl\ke\i386\traphdlr.c @ 155]
f95ccd5c 8051a603 0104ffa8 7c92d11e badb0d00 nt!KiSystemServiceHandler+0x264 [c:\users\john\repos\ros-trunk\ntoskrnl\ke\i386\traphdlr.c @ 1731]
f95ccd5c 7c92d11e 0104ffa8 7c92d11e badb0d00 nt!KiFastCallEntry+0x8c
0104ff5c 7c951bef 77d94b00 00000001 0104ff94 ntdll!KiFastSystemCallRet
0104ff60 77d94b00 00000001 0104ff94 00000024 ntdll!NtDelayExecution+0xc
0104ffa8 0046f086 ffffffff 00000001 00000000 kernel32!SleepEx+0x70 [c:\users\john\repos\ros-trunk\dll\win32\kernel32\client\synch.c @ 780]
WARNING: Stack unwind information not available. Following frames may be wrong.
0104ffec 00000000 0046f070 00000000 00000000 Explorer__+0x6f086


STACK_COMMAND:  kb

FAULTING_SOURCE_LINE:  c:\users\john\repos\ros-trunk\ntoskrnl\fsrtl\notify.c

FAULTING_SOURCE_FILE:  c:\users\john\repos\ros-trunk\ntoskrnl\fsrtl\notify.c

FAULTING_SOURCE_LINE_NUMBER:  98

FAULTING_SOURCE_CODE:  
    94:     IoSetCancelRoutine(Irp, NULL);
    95:     /* And release lock */
    96:     IoReleaseCancelSpinLock(Irp->CancelIrql);
    97:     /* Get REAL_NOTIFY_SYNC struct */
>   98:     RealNotifySync = NotifyChange->NotifySync;
    99: 
   100:     FsRtlNotifyAcquireFastMutex(RealNotifySync);
   101: 
   102:    _SEH2_TRY
   103:    {


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!FsRtlCancelNotify+5b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  54e72768

FAILURE_BUCKET_ID:  ACCESS_VIOLATION_nt!FsRtlCancelNotify+5b

BUCKET_ID:  ACCESS_VIOLATION_nt!FsRtlCancelNotify+5b

Followup: MachineOwner
---------