KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80585490, The address that the exception occurred at
Arg3: f78fabd0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Инструкция по адресу "0x%08lx" обратилась к памяти по адресу "0x%08lx". Память не может быть "%s".

FAULTING_IP:
nt!CmpDereferenceNameControlBlockWithLock+40
80585490 8b08 mov ecx,dword ptr [eax]

TRAP_FRAME: f78fabd0 -- (.trap 0xfffffffff78fabd0)
ErrCode = 00000000
eax=00000004 ebx=00000000 ecx=00000000 edx=000007fa esi=e1997494 edi=e1997490
eip=80585490 esp=f78fac44 ebp=f78fac4c iopl=0 nv up ei pl nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010217
nt!CmpDereferenceNameControlBlockWithLock+0x40:
80585490 8b08 mov ecx,dword ptr [eax] ds:0023:00000004=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: EXPLORER.EXE

LAST_CONTROL_TRANSFER: from 80585377 to 80585490

STACK_TEXT:
f78fac4c 80585377 e1997490 e1853dd0 e10106f0 nt!CmpDereferenceNameControlBlockWithLock+0x40
f78fac60 805836c7 e1884758 e1330008 80568682 nt!CmpCleanUpKcbCacheWithLock+0x22
f78fac6c 80568682 f78fac80 80568639 e1853dd0 nt!CmpGetDelayedCloseIndex+0x16
f78fac74 80568639 e1853dd0 f78fac8c 805684c7 nt!CmpAddToDelayedClose+0xa
f78fac80 805684c7 e1853dd0 f78faca4 8056c0df nt!CmpDereferenceKeyControlBlockWithLock+0x38
f78fac8c 8056c0df e1853dd0 00000000 e1833b88 nt!CmpDereferenceKeyControlBlock+0x12
f78faca4 80563ff6 e1833ba0 e1833b88 00000000 nt!CmpDeleteKeyObject+0x92
f78facc0 804e3c55 e1833ba0 00000000 00000650 nt!ObpRemoveObjectRoutine+0xdf
f78face4 80567543 81d9e578 e15903a8 81e55cb0 nt!ObfDereferenceObject+0x5f
f78facfc 805675ac e15903a8 e1833ba0 00000650 nt!ObpCloseHandleTableEntry+0x155
f78fad44 805675f6 00000650 00000001 00000000 nt!ObpCloseHandle+0x87
f78fad58 804df06b 00000650 0120f7e8 7c90eb94 nt!NtClose+0x1d
f78fad58 7c90eb94 00000650 0120f7e8 7c90eb94 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0120f7e8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!CmpDereferenceNameControlBlockWithLock+40
80585490 8b08 mov ecx,dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!CmpDereferenceNameControlBlockWithLock+40

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41108004

FAILURE_BUCKET_ID: 0x8E_nt!CmpDereferenceNameControlBlockWithLock+40

BUCKET_ID: 0x8E_nt!CmpDereferenceNameControlBlockWithLock+40

Followup: MachineOwner
---------