| Debugging Tools for Windows |
The DRIVER_VERIFIER_DETECTED_VIOLATION bug check has a value of 0x000000C4. This is the general bug check code for fatal errors found by Driver Verifier.
Four bug check parameters are displayed on the blue screen. Parameter 1 identifies the type of violation. The meaning of the remaining parameters varies with the value of Parameter 1. The parameter values are described in the following table.
| Parameter 1 | Parameter 2 | Parameter 3 | Parameter 4 | Cause of Error |
|---|---|---|---|---|
| 0x00 | Current IRQL | Pool type | 0 | The driver requested a zero-byte pool allocation. |
| 0x01 | Current IRQL | Pool type | Size of allocation, in bytes | The driver attempted to allocate paged memory with IRQL > APC_LEVEL. |
| 0x02 | Current IRQL | Pool type | Size of allocation, in bytes | The driver attempted to allocate nonpaged memory with IRQL > DISPATCH_LEVEL. |
| 0x03 (Windows Vista and later operating systems only) | Reserved | Reserved | Reserved | The driver attempted to allocate multiple pages of must succeed pool, but at most one page can be allocated using this routine. |
| 0x10 | Bad Address | 0 | 0 | The driver attempted to free an address that was not returned from an allocate call. |
| 0x11 | Current IRQL | Pool type | Address of pool | The driver attempted to free paged pool with IRQL > APC_LEVEL. |
| 0x12 | Current IRQL | Pool type | Address of pool | The driver attempted to free nonpaged pool with IRQL > DISPATCH_LEVEL. |
| 0x13 or 0x14 |
Reserved | Pointer to pool header | Pool header contents | The driver attempted to free memory pool which was already freed. |
| 0x15 | Timer entry | Pool type (-1 for special pool) | Pool address being freed | The driver attempted to free pool which contains an active timer. |
| 0x16 | Reserved | Pool address | 0 | The driver attempted to free pool at a bad address, or the driver passed invalid parameters to a memory routine. |
| 0x17 | Resource entry | Pool type (-1 for special pool) | Pool address being freed | The driver attempted to free pool which contains an active ERESOURCE. |
| 0x30 | Current IRQL | Requested IRQL | 0 | The driver passed an invalid parameter to KeRaiseIrql. (The parameter was either a value lower than the current IRQL, or a value higher than HIGH_LEVEL. This may be the result of using an uninitialized parameter.) |
| 0x31 | Current IRQL | Requested IRQL | 0: New IRQL is bad 1: New IRQL is invalid inside a DPC routine |
The driver passed an invalid parameter to KeLowerIrql. (The parameter was either a value higher than the current IRQL, or a value higher than HIGH_LEVEL. This may be the result of using an uninitialized parameter.) |
| 0x32 | Current IRQL | Spin lock address | 0 | The driver called KeReleaseSpinLock at an IRQL other than DISPATCH_LEVEL. (This may be due to a double-release of a spin lock.) |
| 0x33 | Current IRQL | Fast mutex address | 0 | The driver attempted to acquire fast mutex with IRQL > APC_LEVEL. |
| 0x34 | Current IRQL | Fast mutex address | 0 | The driver attempted to release fast mutex at an IRQL other than APC_LEVEL. |
| 0x35 | Current IRQL | Spin lock address | Old IRQL | The kernel released a spin lock with IRQL not equal to DISPATCH_LEVEL. |
| 0x36 | Current IRQL | Spin lock number | Old IRQL | The kernel released a queued spin lock with IRQL not equal to DISPATCH_LEVEL. |
| 0x37 | Current IRQL | Thread APC disable count | Resource | The driver tried to acquire a resource, but APCs are not disabled. |
| 0x38 | Current IRQL | Thread APC disable count | Resource | The driver tried to release a resource, but APCs are not disabled. |
| 0x39 | Current IRQL | Thread APC disable count | Mutex | The driver tried to acquire a mutex "unsafe" with IRQL not equal to APC_LEVEL on entry. |
| 0x3A | Current IRQL | Thread APC disable count | Mutex | The driver tried to release a mutex "unsafe" with IRQL not equal to APC_LEVEL on entry. |
| 0x3B | Current IRQL | Object to wait for | Time-out parameter | The driver called KeWaitXxx with IRQL >= DISPATCH_LEVEL. (This is permitted only if the driver already owns the DISPATCHER lock and it passes a time-out value of zero to the routine.) |
| 0x3C | Handle passed to routine | Object type | 0 | The driver called ObReferenceObjectByHandle with a bad handle. |
| 0x3D | 0 | 0 | Address of the bad resource | The driver passed a bad (unaligned) resource to ExAcquireResourceExclusive. |
| 0x3E | 0 | 0 | 0 | The driver called KeLeaveCriticalRegion for a thread that is not currently in a critical region. |
| 0x3F | Object address | New object reference count. -1: dereference case 1: reference case |
0 | The driver applied ObReferenceObject to an object that has a reference count of zero, or the driver applied ObDereferenceObject to an object that has a reference count of zero. |
| 0x40 | Current IRQL | Spin lock address | 0 | The driver called KeAcquireSpinLockAtDpcLevel with IRQL not equal to DISPATCH_LEVEL. |
| 0x41 | Current IRQL | Spin lock address | 0 | The driver called KeReleaseSpinLockFromDpcLevel with IRQL not equal to DISPATCH_LEVEL. |
| 0x42 | Current IRQL | Spin lock address | 0 | The driver called KeAcquireSpinLock with IRQL > DISPATCH_LEVEL. |
| 0x51 | Base address of allocation | Address of the reference beyond the allocation | Number of charged bytes | The driver attempted to free memory after having written past the end of the allocation. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. |
| 0x52 | Base address of allocation | Reserved | Number of charged bytes | The driver attempted to free memory after having written past the end of the allocation. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. |
| 0x53, 0x54, or 0x59 |
Base address of allocation | Reserved | Reserved | The driver attempted to free memory after having written past the end of the allocation. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. |
| 0x60 | Bytes allocated from paged pool | Bytes allocated from nonpaged pool | Total number of allocations that were not freed | The driver is unloading without first freeing its pool allocations. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. |
| 0x61 | Bytes allocated from paged pool | Bytes allocated from nonpaged pool | Total number of allocations that were not freed | A driver thread is attempting to allocate pool memory while the driver is unloading. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. |
| 0x62 | Name of the driver | Reserved | Total number of allocations that were not freed, including both paged and nonpaged pool | The driver is unloading without first freeing its pool allocations. A bug check with this parameter occurs only when the Pool Tracking option of Driver Verifier is active. |
| 0x6F | MDL address | Physical page being locked | Highest physical page in the system | The driver passed a page to MmProbeAndLockPages that was not in the PFN database. (This often results from a driver that attempts to lock its own private dualport RAM. Such behavior can corrupt memory on machines with noncontiguous physical RAM.) |
| 0x70 | Current IRQL | MDL address | Access mode | The driver called MmProbeAndLockPages with IRQL > DISPATCH_LEVEL. |
| 0x71 | Current IRQL | MDL address | Process address | The driver called MmProbeAndLockProcessPages with IRQL > DISPATCH_LEVEL. |
| 0x72 | Current IRQL | MDL address | Process address | The driver called MmProbeAndLockSelectedPages with IRQL > DISPATCH_LEVEL. |
| 0x73 | Current IRQL | In 32-bit Windows: Low 32 bits of the physical address In 64-bit Windows: the 64-bit physical address |
Number of bytes | The driver called MmMapIoSpace with IRQL > DISPATCH_LEVEL. |
| 0x74 | Current IRQL | MDL address | Access mode | The driver called MmMapLockedPages in kernel mode with IRQL > DISPATCH_LEVEL. |
| 0x75 | Current IRQL | MDL address | Access mode | The driver called MmMapLockedPages in user mode with IRQL > APC_LEVEL. |
| 0x76 | Current IRQL | MDL address | Access mode | The driver called MmMapLockedPagesSpecifyCache in kernel mode with IRQL > DISPATCH_LEVEL. |
| 0x77 | Current IRQL | MDL address | Access mode | The driver called MmMapLockedPagesSpecifyCache in user mode with IRQL > APC_LEVEL. |
| 0x78 | Current IRQL | MDL address | 0 | The driver called MmUnlockPages with IRQL > DISPATCH_LEVEL. |
| 0x79 | Current IRQL | Virtual address being unmapped | MDL address | The driver called MmUnmapLockedPages in kernel mode with IRQL > DISPATCH_LEVEL. |
| 0x7A | Current IRQL | Virtual address being unmapped | MDL address | The driver called MmUnmapLockedPages in user mode with IRQL > APC_LEVEL. |
| 0x7B | Current IRQL | Virtual address being unmapped | Number of bytes | The driver called MmUnmapIoSpace with IRQL > APC_LEVEL. |
| 0x7C | MDL address | MDL flags | 0 | The driver called MmUnlockPages, and passed an MDL whose pages were never successfully locked. |
| 0x7D | MDL address | MDL flags | 0 | The driver called MmUnlockPages, and passed an MDL whose pages are from nonpaged pool. (These should never be unlocked.) |
| 0x80 | Current IRQL | Event address | 0 | The driver called KeSetEvent with IRQL > DISPATCH_LEVEL. |
| 0x81 | MDL address | MDL flags | 0 | The driver called MmMapLockedPages. (You should use MmMapLockedPagesSpecifyCache instead, with the BugCheckOnFailure parameter set to FALSE.) |
| 0x82 | MDL address | MDL flags | 0 | The driver called MmMapLockedPagesSpecifyCache with the BugCheckOnFailure parameter equal to TRUE. (This parameter should be set to FALSE.) |
| 0x83 | Start of physical address range to map | Number of bytes to map | First page frame number that isn't locked down | The driver called MmMapIoSpace without having locked down the MDL pages. The physical pages represented by the physical address range being mapped must have been locked down prior to making this call. |
| 0x84 | Start of physical address range to map | Number of bytes to map | First page frame number that is on the free list | The driver called MmMapIoSpace without having locked down the MDL pages (or after freeing the MDL pages). |
| 0x85 | MDL address | Number of pages to map | First page frame number that isn't locked down | The driver called MmMapLockedPages without having locked down the MDL pages. |
| 0x86 | MDL address | Number of pages to map | First page frame number that is on the free list | The driver called MmMapLockedPages without having locked down the MDL pages (or after freeing the MDL pages). |
| 0x87 | Base physical page of the existing mapping (Shift left for physical address) |
Number of pages already mapped in the existing mapping | MEMORY_CACHING_TYPE of the existing mapping | The driver called MmMapIoSpace, but the caller's cache type conflicts with an existing mapping. |
| 0x88 | Base physical page of the requested mapping (Shift left for physical address) |
Number of pages in the requested mapping | MEMORY_CACHING_TYPE of the requested mapping | The driver called MmMapIoSpace to map a physical range as non-cached or write-combined, but the caller's physical range already has an existing cached mapping. |
| 0x89 | MDL address | Pointer to the non-memory page in the MDL | The non-memory page number in the MDL | An MDL is not marked as "I/O", but it contains non-memory page addresses. |
| 0x8A | MDL address | Base physical page of the requested mapping (Shift left for physical address) |
MEMORY_CACHING_TYPE of the requested mapping | The driver called MmMapLockedPagesXxx to map a physical range as non-cached or write-combined, but the caller's physical range already has an existing cached mapping. |
| 0x90 (Windows 2000, Windows XP, and Windows Server 2003 only) | Reserved | Reserved | Reserved | The driver switched stacks, and the current stack is neither a thread stack nor a DPC stack. (Typically, the driver doing this should be on the stack obtained by using the kb (Display Stack Backtrace) command.) |
| 0x91 | Reserved | Reserved | Reserved | The driver switched stacks using a method that is not supported by the operating system. The only supported way to extend a kernel mode stack is by using KeExpandKernelStackAndCallout. |
| 0xA0 (Windows Server 2003 and later operating systems only) | Pointer to the IRP making the read or write request | Device object of the lower device | Number of the sector in which the error was detected | A cyclic redundancy check (CRC) error was detected on a hard disk. A bug check with this parameter occurs only when the Disk Integrity Checking option of Driver Verifier is active. |
| 0xA1 (Windows Server 2003 and later operating systems only) | Copy of the IRP making the read or write request. (The actual IRP has been completed.) | Device object of the lower device | Number of the sector in which the error was detected | A CRC error was detected on a sector (asynchronously). A bug check with this parameter occurs only when the Disk Integrity Checking option of Driver Verifier is active. |
| 0xA2 (Windows Server 2003 and later operating systems only) | IRP making the read or write request, or a copy of this IRP | Device object of the lower device | Number of the sector in which the error was detected | The CRCDISK checksum copies don't match. This could be a paging error. A bug check with this parameter occurs only when the Disk Integrity Checking option of Driver Verifier is active. |
| 0xB0 (Windows Vista and later operating systems only) | MDL address | MDL flags | Incorrect MDL flags | The driver called MmProbeAndLockPages for an MDL with incorrect flags. For example, the driver passed an MDL created by MmBuildMdlForNonPagedPool to MmProbeAndLockPages. |
| 0xB1 (Windows Vista and later operating systems only) | MDL address | MDL flags | Incorrect MDL flags | The driver called MmProbeAndLockProcessPages for an MDL with incorrect flags. For example, the driver passed an MDL created by MmBuildMdlForNonPagedPool to MmProbeAndLockProcessPages. |
| 0xB2 (Windows Vista and later operating systems only) | MDL address | MDL flags | Incorrect MDL flags | The driver called MmMapLockedPages for an MDL with incorrect flags. For example, the driver passed an MDL that is already mapped to a system address or that was not locked to MmMapLockedPages. |
| 0xB3 (Windows Vista and later operating systems only) | MDL address | MDL flags | Missing MDL flags (at least one was expected) | The driver called MmMapLockedPages for an MDL with incorrect flags. For example, the driver passed an MDL that is not locked to MmMapLockedPages. |
| 0xB4 (Windows Vista and later operating systems only) | MDL address | MDL flags | Unexpected partial MDL flag | The driver called MmUnlockPages for a partial MDL. A partial MDL is one that was created by IoBuildPartialMdl. |
| 0xB5 (Windows Vista and later operating systems only) | MDL address | MDL flags | Unexpected partial MDL flag | The driver called MmUnmapLockedPages for a partial MDL. A partial MDL is one that was created by IoBuildPartialMdl. |
| 0xB6 (Windows Vista and later operating systems only) | MDL address | MDL flags | Missing MDL flag | The driver called MmUnmapLockedPages for an MDL that is not mapped to a system address. |
| 0xB7 (Windows Vista and later operating systems only) | Number of corrupted physical pages | Address of first corrupted physical page | Address of last corrupted physical page | The system BIOS has corrupted low physical memory during a sleep transition. |
| 0xC0 (Windows Vista and later operating systems only) | Address of the IRP | Reserved | Reserved | The driver called IoCallDriver with interrupts disabled. |
| 0xC1 (Windows Vista and later operating systems only) | Address of the driver dispatch routine | Reserved | Reserved | A driver dispatch routine was returned with interrupts disabled. |
| 0xC2 (Windows Vista and later operating systems only) | Reserved | Reserved | Reserved | The driver called a Fast I/O dispatch routine after interrupts were disabled. |
| 0xC3 (Windows Vista and later operating systems only) | Address of the driver Fast I/O dispatch routine | Reserved | Reserved | A driver Fast I/O dispatch routine was returned with interrupts disabled. |
| 0xC5 (Windows Vista and later operating systems only) | Address of the driver dispatch routine | Current thread APC disable count | Thread APC disable count prior to calling the driver dispatch routine | A driver dispatch routine has changed the thread APC disable count. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, KeInitializeMutex, or FsRtlEnterFileSystem. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Because these calls should always be in pairs, this value should be zero whenever a thread is exited. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. |
| 0xC6 (Windows Vista and later operating systems only) | Address of the driver Fast I/O dispatch routine | Current thread APC disable count | Thread APC disable count prior to calling the Fast I/O driver dispatch routine | A driver Fast I/O dispatch routine has changed the thread APC disable count. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, KeInitializeMutex, or FsRtlEnterFileSystem. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem. Because these calls should always be in pairs, this value should be zero whenever a thread is exited. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. |
| 0xCA (Windows Vista and later operating systems only) | Address of the lookaside list | Reserved | Reserved | The driver has attempted to re-initialize a lookaside list. |
| 0xCB (Windows Vista and later operating systems only) | Address of the lookaside list | Reserved | Reserved | The driver has attempted to delete an uninitialized lookaside list. |
| 0xCC (Windows Vista and later operating systems only) | Address of the lookaside list | Starting address of the pool allocation | Size of the pool allocation | The driver has attempted to free a pool allocation that contains an active lookaside list. |
| 0xCD (Windows Vista and later operating systems only) | Address of the lookaside list | Block size specified by the caller | Minimum supported block size | The driver has attempted to create a lookaside list with an allocation block size that is too small. |
| 0xD0 (Windows Vista and later operating systems only) | Address of the ERESOURCE structure | Reserved | Reserved | The driver has attempted to re-initialize an ERESOURCE structure. |
| 0xD1 (Windows Vista and later operating systems only) | Address of the ERESOURCE structure | Reserved | Reserved | The driver has attempted to delete an uninitialized ERESOURCE structure. |
| 0xD2 (Windows Vista and later operating systems only) | Address of the ERESOURCE structure | Starting address of the pool allocation | Size of the pool allocation | The driver has attempted to free a pool allocation that contains an active ERESOURCE structure. |
| 0xD5 (Windows Vista and later operating systems only) | Address of the IO_REMOVE_LOCK structure created by the checked build version of the driver | Current IoReleaseRemoveLock tag | Reserved | The current IoReleaseRemoveLock tag does not match the previous IoAcquireRemoveLock tag. If the driver calling IoReleaseRemoveLock is not in a checked build, Parameter 2 is the address of the shadow IO_REMOVE_LOCK structure created by Driver Verifier on behalf of the driver. In this case, the address of the IO_REMOVE_LOCK structure used by the driver is not used at all, because Driver Verifier is replacing the lock address for all the remove lock APIs. A bug check with this parameter occurs only when the I/O Verification option of Driver Verifier is active. |
| 0xD6 (Windows Vista and later operating systems only) | Address of the IO_REMOVE_LOCK structure created by the checked build version of the driver | Tag that does not match previous IoAcquireRemoveLock tag | Previous IoAcquireRemoveLock tag | The current IoReleaseRemoveLockAndWait tag does not match the previous IoAcquireRemoveLock tag. If the driver calling IoReleaseRemoveLock is not a checked build, Parameter 2 is the address of the shadow IO_REMOVE_LOCK structure created by Driver Verifier on behalf of the driver. In this case, the address of the IO_REMOVE_LOCK structure used by the driver is not used at all, because Driver Verifier is replacing the lock address for all the remove lock APIs. A bug check with this parameter occurs only when the I/O Verification option of Driver Verifier is active. |
| 0xDA (Windows Vista and later operating systems only) | Starting address of the driver | WMI callback address inside the driver | Reserved | An attempt was made to unload a driver that has not deregistered its WMI callback function. |
| 0xDB (Windows Vista and later operating systems only) | Address of the device object | Reserved | Reserved | An attempt was made to delete a device object that was not deregistered from WMI. |
| 0xDC (Windows Vista and later operating systems only) | Reserved | Reserved | Reserved | An invalid RegHandle value was specified as a parameter of the function EtwUnregister. |
| 0xDD (Windows Vista and later operating systems only) | Address of the call to EtwRegister | Starting address of the unloading driver | Reserved | An attempt was made to unload a driver without calling EtwUnregister. |
| 0xE0 (Windows Vista and later operating systems only) | User-mode address used as a parameter | Size ,in bytes, of the address range used as a parameter | Reserved | A call was made to an operating system Kernel function that specified a user-mode address as a parameter. |
| 0xE1 (Windows Vista and later operating systems only) | Address of the synchronization object | Reserved | Reserved | A synchronization object was found to have an address that was either invalid or pageable. |
| 0xE2 (Windows Vista and later operating systems only) | Address of the IRP | User-mode address present in the IRP | Reserved | An IRP with Irp->RequestorMode set to KernelMode was found to have a user-mode address as one of its members. |
| 0xE3 (Windows Vista and later operating systems only) | Address of the call to the API | User-mode address used as a parameter in the API | Reserved | A driver has made a call to a kernel-mode ZwXxx routine with a user-mode address as a parameter. |
| 0xE4 (Windows Vista and later operating systems only) | Address of the call to the API | Address of the malformed UNICODE_STRING structure | Reserved | A driver has made a call to a kernel-mode ZwXxx routine with a malformed UNICODE_STRING structure as a parameter. |
| 0xE5 (Windows Vista and later operating systems only) | Current IRQL | Reserved | Reserved | A call was made to a Kernel API at the incorrect IRQL. |
| 0xEA (Windows Vista and later operating systems only) | Current IRQL | Thread APC disable count | Address of the pushlock | A driver has attempted to acquire a pushlock while APCs are enabled. |
| 0xEB (Windows Vista and later operating systems only) | Current IRQL | Thread APC disable count | Address of the pushlock | A driver has attempted to release a pushlock while APCs are enabled. |
| 0xF0 (Windows Vista and later operating systems only) | Address of the destination buffer | Address of the source buffer | Number of bytes to copy | A driver called the memcpy function with overlapping source and destination buffers. |
| 0xF5 (Windows Vista and later operating systems only) | Address of the NULL handle | Object type | Reserved | A driver passed a NULL handle to ObReferenceObjectByHandle. |
| 0x1000 (Windows XP and later operating systems only) | Address of the resource | Reserved | Reserved | Self-deadlock: The current thread has tried to recursively acquire a resource. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
| 0x1001 (Windows XP and later operating systems only) | Address of the resource that was the final cause of the deadlock | Reserved | Reserved | Deadlock: A lock hierarchy violation has been found. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. (Use the !deadlock extension for further information.) |
| 0x1002 (Windows XP and later operating systems only) | Address of the resource | Reserved | Reserved | Uninitialized resource: A resource has been acquired without having been initialized first. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
| 0x1003 (Windows XP and later operating systems only) | Address of the resource that is being released deadlocked | Address of the resource which should have been released first | Reserved | Unexpected release: A resource has been released out of the proper order. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
| 0x1004 (Windows XP and later operating systems only) | Address of the resource | Address of the thread that acquired the resource | Address of the current thread | Unexpected thread: The wrong thread is releasing a resource. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
| 0x1005 (Windows XP and later operating systems only) | Address of the resource | Reserved | Reserved | Multiple initialization: A resource is being initialized more than once. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
| 0x1006 (Windows XP and later operating systems only) | Address of the thread being deleted | Address of the resource owned by the thread | Reserved | Thread holds resources: A thread is being deleted without first releasing its resources. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
| 0x1007 (Windows XP and later operating systems only) | Address of the resource | Reserved | Reserved | Unacquired resource: A resource is being released without having first been acquired. A bug check with this parameter occurs only when the Deadlock Detection option of Driver Verifier is active. |
See the description of each code in the Parameters section for a description of the cause. Note that values 0x1000 through 0x1020 for Parameter 1 are deadlock verifier error codes. Further information can be obtained by using the !deadlock extension.
This bug check can only occur when Driver Verifier has been instructed to monitor one or more drivers. If you did not intend to use Driver Verifier, you should deactivate it. You might consider removing the driver which caused this problem as well.
If you are the driver writer, use the information obtained through this bug check to fix the bugs in your code.
After a Memory Allocation Tracking bug check, use the following command in the kernel debugger:
This will return the name of the driver causing the error.
Then use the the !verifier extension:
This will return information about the leaked memory allocations.
For full details on Driver Verifier, see the Driver Verifier section of the Windows Driver Kit (WDK).
The value of Parameter 1 is limited by the Driver Verifier options that are activated.
The _POOL_TYPE codes are enumerated in Ntddk.h. In particular, 0 (zero) indicates nonpaged pool and 1 (one) indicates paged pool.