Probably caused by : win32k.sys ( win32k!AllocCallbackMessage+3 )

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini061408-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: c:\windows\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Sat Jun 14 19:04:44.921 2008 (GMT+3)
System Uptime: 0 days 3:25:17.532
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {d, 0, 0, 0}

Probably caused by : win32k.sys ( win32k!AllocCallbackMessage+3 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from bf8586fa to bf8346ec

STACK_TEXT:
a2fef920 bf8586fa 0000003c 00000001 000003c0 win32k!AllocCallbackMessage+0x3
a2fefbf4 bf813f31 bc78cc10 0000004a 000102c6 win32k!SfnCOPYDATA+0x85
a2fefc3c bf8419f1 0078cc10 0000004a 000102c6 win32k!xxxSendMessageToClient+0x176
a2fefcac bf801eda e326e008 a2fefd64 00000000 win32k!xxxReceiveMessage+0x2b5
a2fefce8 bf8036ec a2fefd14 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x1d7
a2fefd48 804dd98f 0148ff28 00000000 00000000 win32k!NtUserPeekMessage+0x40
a2fefd60 0148fed4 7c90e4f4 badb0d00 0148feb4 nt!ZwSetSystemInformation+0x13
WARNING: Frame IP not in any known module. Following frames may be wrong.
a2fefd64 7c90e4f4 badb0d00 0148feb4 00000000 0x148fed4
a2fefd68 badb0d00 0148feb4 00000000 00000000 0x7c90e4f4
a2fefd6c 0148feb4 00000000 00000000 00000000 0xbadb0d00
a2fefd70 00000000 00000000 00000000 00000000 0x148feb4


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!AllocCallbackMessage+3
bf8346ec cb retf

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!AllocCallbackMessage+3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 48025f2a

FAILURE_BUCKET_ID: 0x7f_d_win32k!AllocCallbackMessage+3

BUCKET_ID: 0x7f_d_win32k!AllocCallbackMessage+3

Followup: MachineOwner
---------